Age | Commit message (Collapse) | Author |
|
The systemd unit for atop service is changed, so the log file name and
location will be always the same. It also adds the logrotate
configuration to conditionally rotate a log file.
Hardcoded values:
- maximum log file size: 10 MB
- maximum count of files: 10
These values can be easily changed within the
`/etc/logrotate.d/vyos-atop`, no additional configuration is required.
Rotation will be done hourly, if necessary, according to
`/etc/cron.hourly/vyos-logrotate-hourly`.
This change has two benefits:
- rotation strategy control can be done via logrotate, and can be
exposed to CLI now;
- the total size of all logs is now controlled more aggressively, so
the chance to get a situation when atop logs took all the space on a
drive is significantly lower. Also, if this will be necessary, rotation
may be done even each minute what reduces risks related to logs size
even more.
|
|
|
|
We can no longer use bash veriable string code vor string manipulation. Move to
a more robust "cut" implementation.
|
|
When `dhclient` with the `-x` option is used to stop running DHCP client
with a lease file that is not the same as in the new `dhclient` process,
it requires a `-lf` argument with a path to the old lease file to find
information about old/active leases and process them according to
instructions and config.
This commit adds the option to the `02-vyos-stopdhclient` hook, which
allows to properly process `dhclient` instances started in different
ways.
|
|
(cherry picked from commit 67b3dd6b4715fef266eb47e68623944f8be617e0)
|
|
|
|
Custom OpenVPN options moved back to the command line from a
configuration file. This should keep full compatibility with the
`crux` branch, and allows to avoid mistakes with parsing options
that contain `--` in the middle.
The only smart part of this - handling a `push` option. Because
of internal changes in OpenVPN, previously it did not require an
argument in the double-quotes, but after version update in
`equuleus` and `sagitta` old syntax became invalid. So, all the
`push` options are processed to add quotes. The solution is still
not complete, because if a single config line contains `push` with
other options, it will not work, but it is better than nothing.
|
|
|
|
|
|
|
|
write_file()
|
|
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
|
|
|
|
|
|
|
|
|
|
Now that MSS clamping is done on the "per-interface" level the entire PPPoE
stuff would have needed to get a full copy in GNU BASH for this or, participate
in the common library.
Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the
vyos.ifconfig.PPPoEIf.update() function to configure everything as done with
all other interfaces. This removes duplicated code for VRF assignment and route
installation when a PPPoE interface is brought up or down.
|
|
|
|
|
|
|
|
For more information see:
* https://programmersought.com/article/62242485344/
* https://www.spinics.net/lists/netdev/msg332453.html
* https://github.com/FRRouting/frr/blob/master/doc/user/Useful_Sysctl_Settings.md
|
|
Recommended by FRR best deafults
https://github.com/FRRouting/frr/blob/master/doc/user/Useful_Sysctl_Settings.md
|
|
dhclient is already handled by netplug so it's removed to avoid double
renewing of dhcp leases.
|
|
|
|
|
|
This reverts commit 95bbbb8bed92a60a320ff255c8b8656145f3c540.
|
|
This is the completion of commit 50a742b5 ("IPSec: T3643: Fix path for
swanctl.conf file") that moves the generated swanctl file from non-volatile to
a volatile (tmpfs backed) storage like we do for all out configuration files.
Thus it is ensured after a reboot or service deprecation there are no accidential
leftovers from previous configurations stored on the system.
|
|
Debian Bullseye ships an upstream version of lcdproc.service which infact will
start LCDd instead of the lcdproc client.
Divert the Debian Upstream service file and use the ones provided by vyos-1x.
|
|
The variable ConditionPathExists is now set in the upstream systemd unit file,
thus the VyOS generated unit file is located under /run/radvd/radvd.conf and
the condition won't match.
This can be solved by first clearing the upstream value for ConditionPathExists
and the set the new path.
|
|
This reverts commit b776edb38a4755be76e965ca719e9428bcc570e6.
|
|
|
|
|
|
|
|
selectors, and selectors with VTI.
|
|
|
|
dhcp-interface
|
|
|
|
dhclient fails to execute the script without the extension.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Commit dce67433 ("util: T2226: rewrite resume-vm to use run") changed the way
in which the script executed system binaries in a way which could not be
processes by the underlayin infrastructure (lists are not supported, only
strings).
|
|
|
|
|
|
Some software starts dhclient without IP protocol flag (`-4`, `-6`),
this commit adds the ability to find such processes as well as with a
protocol flag.
Additionally, to handle rare situations when PID file may not exists
(most likely, when multiple dhclient processes started with the same
PID file path), added last-resort action to kill such dhclients.
|
|
There were two problems with VRF support inside dhclient-script:
- VRF check inside the `01-vyos-cleanup` hook was needless because it will be done inside the `03-vyos-ipwrapper` anyway;
- VRF was ignored for in-kernel routes in `03-vyos-ipwrapper`. Theoretically, there must be no situation now when this can leads to a real problem, but better will be to keep both kernel and FRR backends in sync.
Also, the way to get and use a VRF name was changed to an easier one.
|