| Age | Commit message (Collapse) | Author |
|---|
|
The legal team says years are not necessary so we can go ahead with it, since
it will simplify backporting.
Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \
's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g'
In addition we will error-out during "make" if someone re-adds a legacy
copyright notice
|
|
Certbot renewal command in op-mode "renew certbot" only works if any of the
certificates is up for renewal. There is no CLI option to forcefully renew a
certificate. This is about adding a force option to the CLI and with this
addition move the entire certbot renew handling to new-style op-mode commands.
vyos@vyos:~$ renew certbot force
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /config/auth/letsencrypt/renewal/vyos.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for vyos.io
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
/config/auth/letsencrypt/live/vyos/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' ran with output:
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
|
|
|
|
Removed unused opennhrp files and configurations
|
|
|
|
dhclient: T6253: Respect `no-default-route`
|
|
interface: T7375: cleanup SLAAC assigned address and default route after removing SLAAC CLI configuration
|
|
|
|
|
|
|
|
kea: T7281: Add ping-check, use built-in option for classless static routes
|
|
ids: T7241: remove Fastnetmon from the base system
|
|
When an interface goes down - e.g. cable unplugged - the DHCPv6 assigned IPv6
address is not removed from said interface. We should provide the same behavior
as with IPv4. IPv6 address should be removed and dhcpv6 client restarted once
the interface goes operational up again.
|
|
The initial rewrite of vyos-netplug-dhcp-client by me tried to outsmart the
DHCP client implementation by re-using vyos.ifconfig.Interface(). This added
a regression where an interface loosing it's carrier no longer deconfigured
it's IP address. This was a change in behavior form VyOS 1.3.
In addition a bug is fixed as when a VLANs interface parent looses it's carrier
we now also stop the DHCP client process.
This script is now back to simply starting/stopping the DHCP client process.
|
|
It will eventually be moved to an addon
|
|
|
|
When an interface is removed from the system also netplug is triggered. It
makes no sense to call vyos.ifconfig.Interface() and update it's configuration
when the interface was just recently removed.
This would in fact re-add an interface temporarily in it's worst case.
|
|
T6948: Keep DHCP server leases in sync with hostd records
|
|
|
|
|
|
The helper script updates VyOS hostd records from
DHCP server leases. This ensures that hostd records
with the DHCP server leases are kept in sync with
VyOS hostd records right after the DHCP server is
started.
Note that `Restart` directive needs to be updated to
`on-failure` so that the service is restarted in case
of failure/timeout in interaction with hostd service.
|
|
|
|
Helper scripts should only work on physical interfaces not on individual
sub-interfaces. Moving e.g. a VLAN interface in/out a VRF will also trigger
this script which should be prohibited - bail out early
|
|
|
|
Default systemd service for kea-ctrl-agent expects
`/etc/kea/kea-api-password` which is not used in
VyOS.
The systemd unit override to remove the condition
does not need to be in a separate (templated and
dynamic) override file and can be merged into the
existing static override file.
|
|
|
|
|
|
Right now every command that's executed via op-mode/conf-mode is logged with a
session entry/exit and command execution into syslog.
sudo[1082396]: vyos : TTY=pts/1 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/mv /tmp/config.boot.1082388 /opt/vyatta/etc/config/archive/config.boot
sudo[1082396]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
sudo[1082396]: pam_unix(sudo:session): session closed for user root
sudo[1082399]: vyos : TTY=pts/1 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/sbin/logrotate -f -s /opt/vyatta/etc/config/archive/lr.state /opt/vyatta/etc/config/archive/lr.conf
sudo[1082399]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
sudo[1082399]: pam_unix(sudo:session): session closed for user root
This heavily bloats remote logging services - remove the log entries
|
|
vyos@vyos:~$ show ver
...
Architecture: x86_64
Boot via: installed image
System type: KVM guest
Secure Boot: enabled
...
|
|
To increase the chance for dhclient to configure routes in FRR, added a
workaround. Now 10 attempts are performed with 1 second delay and only after
this dhclient gives up.
|
|
enabling/disabling sending traffic from bridge layer to ipvX layer
|
|
|
|
|
|
|
|
This fix for bug when `sudo` commands were not send to the remote
syslog server. They stop before the directive that includes all
configurations `$IncludeConfig /etc/rsyslog.d/*.conf`
|
|
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
|
|
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which
was present to update /etc/resolv.conf with the DHCP specified nameservers and
also the search domain list was no longer present.
This commit adds a per interface rendered script to inform vyos-hostsd about
the received IPv6 nameservers and search domains.
|
|
T5872: ipsec remote access VPN: support dhcp-interface.
|
|
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
|
|
|
|
|
|
|
|
Always enable VRF strict_mode
|
|
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
|
|
|
|
Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
`dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
generated override files in /run. This ensures that the override files
are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
path (viz., `/run/pdns-recursor` is fine)
|
|
T4856: Fix IPsec DHCP-client exit hook
|
|
We should create dhclient base_path dir `/run/dhclient` during the
first boot.
It fixes cloud-init boot issues
```
/etc/dhcp/dhclient-exit-hooks.d/03-vyos-dhclient-hook: line 33: /run/dhclient/dhclient_eth0.lease: No such file or directory
```
|
|
The script acually does not have the variable `secrets_lines` and
secret lines itself does not have the marker `# dhcp:{interface}`
in `to_find`
Needs to rewrite this script in the future if it is required
This commit fixes DHCP-client exit hook:
```
dhclient[6800]: NameError: name 'secrets_lines' is not defined
root[6801]: /etc/dhcp/dhclient-exit-hooks.d/99-ipsec-dhclient-hook returned non-zero exit status 1
```
|
