| Age | Commit message (Collapse) | Author |
|---|
|
does not terminate"
This reverts commit dda1b02932a5108ef257f59323dcfcf82582b805.
|
|
not terminate
|
|
|
|
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c.
|
|
* Removed `/var/log/auth.log` and `/var/log/messages` from
`/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled
items what leads to service error.
* Removed generation config file for `/var/log/messages` from
`system-syslog.py` - this should be done from `syslom logs` now.
* Generate each logfile from `system syslog file` to a dedicated
logrotate config file.
* Fixed logrotate config file names in
`/etc/rsyslog.d/vyos-rsyslog.conf`.
* Added default logrotate settins for `/var/log/messages`
|
|
|
|
It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.
set system flow-accounting vrf <name>
|
|
|
|
Input filter for firewall allows to get bytes/counters from
nftables in format, required for InfluxDB2
|
|
This reverts commit 78b247b724f74bdabab0706aaa7f5b00e5809bc1.
|
|
|
|
Rewrite and improve the custom input filter telegraf script
"show_interfaces_input_filter.py" to more readable and clear format
Fix bug when it failed with configured tunnel "tunX" interfaces
|
|
|
|
Without this option systemd startup will hit a timeout and the kill keepalived
again.
|
|
monitoring: T3872: Add a new feature service monitoring
|
|
|
|
In case if a CLI configuration is not available, dhclient cannot add
nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that
an interface be listed in the `set system name-server` option.
This commit introduces two changes:
* `vyos-hostsd` service will not be started before Cloud-Init fetch all
remote data. This is required because all meta-data should be available
for Cloud-Init before any of VyOS-related services start since it is
used for configuration generation.
* the `vyos-hostsd-client` in the `dhclient-script` will be used only if
the `vyos-hostsd` is running. In other words - if VyOS services already
started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other
cases - does this directly.
These changes should protect us from problems with DHCP during system
boot if DHCP is required by third-party utils.
|
|
|
|
(cherry picked from commit eb6247e4b464c36fa7441627b221d0db39429251)
|
|
|
|
atop: T3774: Atop log file rotation fix
|
|
|
|
The systemd unit for atop service is changed, so the log file name and
location will be always the same. It also adds the logrotate
configuration to conditionally rotate a log file.
Hardcoded values:
- maximum log file size: 10 MB
- maximum count of files: 10
These values can be easily changed within the
`/etc/logrotate.d/vyos-atop`, no additional configuration is required.
Rotation will be done hourly, if necessary, according to
`/etc/cron.hourly/vyos-logrotate-hourly`.
This change has two benefits:
- rotation strategy control can be done via logrotate, and can be
exposed to CLI now;
- the total size of all logs is now controlled more aggressively, so
the chance to get a situation when atop logs took all the space on a
drive is significantly lower. Also, if this will be necessary, rotation
may be done even each minute what reduces risks related to logs size
even more.
|
|
|
|
We can no longer use bash veriable string code vor string manipulation. Move to
a more robust "cut" implementation.
|
|
When `dhclient` with the `-x` option is used to stop running DHCP client
with a lease file that is not the same as in the new `dhclient` process,
it requires a `-lf` argument with a path to the old lease file to find
information about old/active leases and process them according to
instructions and config.
This commit adds the option to the `02-vyos-stopdhclient` hook, which
allows to properly process `dhclient` instances started in different
ways.
|
|
(cherry picked from commit 67b3dd6b4715fef266eb47e68623944f8be617e0)
|
|
|
|
Custom OpenVPN options moved back to the command line from a
configuration file. This should keep full compatibility with the
`crux` branch, and allows to avoid mistakes with parsing options
that contain `--` in the middle.
The only smart part of this - handling a `push` option. Because
of internal changes in OpenVPN, previously it did not require an
argument in the double-quotes, but after version update in
`equuleus` and `sagitta` old syntax became invalid. So, all the
`push` options are processed to add quotes. The solution is still
not complete, because if a single config line contains `push` with
other options, it will not work, but it is better than nothing.
|
|
|
|
|
|
|
|
write_file()
|
|
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
|
|
|
|
|
|
|
|
|
|
Now that MSS clamping is done on the "per-interface" level the entire PPPoE
stuff would have needed to get a full copy in GNU BASH for this or, participate
in the common library.
Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the
vyos.ifconfig.PPPoEIf.update() function to configure everything as done with
all other interfaces. This removes duplicated code for VRF assignment and route
installation when a PPPoE interface is brought up or down.
|
|
|
|
|
|
|
|
For more information see:
* https://programmersought.com/article/62242485344/
* https://www.spinics.net/lists/netdev/msg332453.html
* https://github.com/FRRouting/frr/blob/master/doc/user/Useful_Sysctl_Settings.md
|
|
Recommended by FRR best deafults
https://github.com/FRRouting/frr/blob/master/doc/user/Useful_Sysctl_Settings.md
|
|
dhclient is already handled by netplug so it's removed to avoid double
renewing of dhcp leases.
|
|
|
|
|
|
This reverts commit 95bbbb8bed92a60a320ff255c8b8656145f3c540.
|
|
This is the completion of commit 50a742b5 ("IPSec: T3643: Fix path for
swanctl.conf file") that moves the generated swanctl file from non-volatile to
a volatile (tmpfs backed) storage like we do for all out configuration files.
Thus it is ensured after a reboot or service deprecation there are no accidential
leftovers from previous configurations stored on the system.
|
