summaryrefslogtreecommitdiff
path: root/src/migration-scripts
AgeCommit message (Collapse)Author
2022-09-26Merge pull request #1545 from sever-sever/T4557Christian Poessinger
ids: T4557: Migrate threshold and add new threshold types
2022-09-26ids: T4557: Migrate threshold and add new threshold typesViacheslav Hletenko
Migrate "service ids ddos-protection threshold xxx" to "service ids ddos-protection general threshold xxx" Add new threshold types: set service ids ddos-protection threshold tcp xxx set service ids ddos-protection threshold udp xxx set service ids ddos-protection threshold icmp xxx
2022-09-22ipoe: T4703: fix migration of vlan node for loca authenticated usersChristian Poessinger
2022-09-21ipoe: T4678: T4703: rewrite to get_config_dict()Christian Poessinger
In addition to the rewrite to make use of get_config_dict() the CLI is slightly adjusted as specified in T4703. * Rename vlan-id and vlan-range to simply vlan * Rename network-mode to simply mode * Re-use existing common Jinja2 template for Accel-PPP which are shared with PPPoE and SSTP server. * Retrieve default values via defaultValue XML node
2022-09-20ipsec: T4118: bugfix migration of IKEv2 road-warrior "id" CLI optionChristian Poessinger
The "authentication id" option for road-warriors did not get migrated to the new local-id CLI node. This has been fixed.
2022-09-19ipsec: T4118: bugfix config migrator 9-to-10Christian Poessinger
When a CLI node is set with a migrator and is not a valueLess node, we need to specify the "value" using the value= operation in config.set(). This fixes the config load error: vyos.configsession.ConfigSessionError: Invalid config file (syntax error): error at line 353
2022-09-17pppoe-server: T4703: combine vlan-id and vlan-range into single CLI nodeChristian Poessinger
The initial Accel-PPP PPPoE implementation used: set service pppoe-server interface <name> vlan-id <id> set service pppoe-server interface <name> vlan-range <start-stop> This is actually a duplicated CLI node.
2022-09-16Merge pull request #1463 from sever-sever/T4118Daniil Baturin
ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer
2022-09-16ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peerViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script
2022-09-13zone-policy: T2199: Migrate zone-policy to firewall nodesarthurdev
2022-09-13firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵sarthurdev
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
2022-07-30bgp: T4257: Changing BGP "local-as" to "system-as"Cheeze_It
bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. bgp: T4257: Changing BGP "local-as" to "system-as" bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor.
2022-07-07monitoring: T4411: Migrate influxdb options to influxdb nodeViacheslav Hletenko
As we have specific configuration for each plugin: set service monitoring telegraf xxx - azure-data-explorer - prometheus-client - splunk We should to move configuration that related to influxdb under influxdb node Replace: set service monitoring telegraf - authentication xxx - bucket xxx - port xxx - url To: set service monitoring telegraf influxdb xxx
2022-07-07syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotatesarthurdev
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override
2022-07-05firewall: T2199: Fix migration when `icmpv6 type` is an integersarthurdev
2022-06-29openvpn: T4485: Update PKI migrator to handle full CA chain migrationsarthurdev
* Also determines and maps to correct CA for migrated CRL
2022-06-08arp: T4397: bugfix on address iteration - ARP is IPv4 onlyChristian Poessinger
2022-05-31policy: T3976: fix SyntaxError: invalid non-printable characterChristian Poessinger
2022-05-31IPv6: T3976: add prefix-list and access-list option from ipv6 route-mapfett0
2022-05-25configtest: T4382: missing block in migration script vrf/0-to-1John Estabrook
The config vrf-basic reveals a missing block in the migration script vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in vrf-ospf.
2022-05-25configtest: T4382: fix missing delete of 'ipsec-interfaces' nodeJohn Estabrook
Migration of bgp-azure-ipsec-gateway and bgp_dmvpn_hub reveals that migration script ipsec/5-to-6 leaves the empty node 'ipsec-interfaces' after moving the interface; fix the migration script, as it is not yet in 1.3.
2022-05-05policy: T4414: add support for route-map "as-path prepend last-as x"Christian Poessinger
2022-04-28arp: T4397: change CLI syntax to support interface and VRF bound ARP entriesChristian Poessinger
* set protocols static arp interface eth0 address 192.0.2.1 mac 01:23:45:67:89:01
2022-04-21pppoe: T4384: replace default-route CLI option with common CLI nodes already ↵Christian Poessinger
present for DHCP VyOS 1.4 still leverages PPPd internals on the CLI. pppd supports three options for a default route, none, auto, force. * none: No default route is installed on interface up * auto: Default route is only installed if there is yet no default route * force: overwrite any default route There are several drawbacks in this design for VyOS and the users. If auto is specified, this only counted for static default routes - but what about dynamic ones? Same for force, only a static default route got replaced but dynamic ones did not got taken into account. The CLI is changed and we now re-use already existing nodes from the DHCP interface configuration: * no-default-route: On link up no default route is installed, same as the previous default-route none * default-route-distance: We can now specify the distance of this route for the routing table on the system. This defaults to 210 as we have for DHCP interfaces. All this will be migrated using a CLI migration script.
2022-04-09Merge pull request #1242 from goodNETnick/ocserv_local_otpChristian Poessinger
ocserv: T4231: Added OTP support for Openconnect 2FA
2022-04-09ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2022-04-07ipv6: T4346: delete (migrate) CLI command to disable IPv6 address familyChristian Poessinger
2022-03-31Merge branch 'vyos:current' into ocserv_local_otpgoodNETnick
2022-03-24ipsec: T4288: drop leading empty line to detect runtime environmentChristian Poessinger
2022-03-24Merge pull request #1251 from srividya0208/T4288aChristian Poessinger
ike-group: T4288 : close-action is missing in swanctl.conf
2022-03-24ike-group: T4288 : close-action is missing in swanctl.confsrividya0208
close-action parameter is missing in the swanctl.conf file
2022-03-23bgp: T4314: add missing check to migration scriptJohn Estabrook
2022-03-16ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2022-02-28ssh: T4273: bugfix cipher and key-exchange multi nodesChristian Poessinger
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility
2022-02-04firewall: T4209: Fix support for rule `recent` matchessarthurdev
2022-01-28firewall: T4217: install protocol tcp_udp if port group does not use a protocolChristian Poessinger
2022-01-21firewall: T4186: ICMP/v6 migrationssarthurdev
2022-01-17bgp: T3741: bugfix migrator - exit() was called without savingChristian Poessinger
2022-01-17Merge pull request #1174 from sarthurdev/firewallChristian Poessinger
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
2022-01-17firewall: policy: T4178: Migrate and refactor tcp flagssarthurdev
* Add support for ECN and CWR flags
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 29efbf51efea559773f61703f11a77a8aee6de36.
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 391ce22b76190309f81e048ebffab778b0fdee1d.
2022-01-16dns-forwarding: T1595: remove unnecessary nesting in migration script 1 -> 2Christian Poessinger
2022-01-16bgp: T3741: remove unnecessary exit() in migration script 1 -> 2Christian Poessinger
2022-01-11migrator: interfaces: T4171: bugfix ConfigTreeErrorChristian Poessinger
2022-01-11Merge pull request #1158 from sarthurdev/firewallChristian Poessinger
firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor
2022-01-11policy: T2199: Refactor policy route script for better error handlingsarthurdev
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
2022-01-11migrator: interfaces: T4171: bugfix ConfigTreeErrorChristian Poessinger
Migrating 1.2.8 -> 1.4-rolling-202201110811 vyos-router[970]: Waiting for NICs to settle down: settled in 0sec.. vyos-router[1085]: Started watchfrr. vyos-router[970]: Mounting VyOS Config...done. vyos-router[970]: Starting VyOS router: migrate vyos-router[1490]: Traceback (most recent call last): vyos-router[1490]: File "/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6", line 112, in <module> vyos-router[1490]: for if_type in config.list_nodes(['interfaces']): vyos-router[1490]: File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 236, in list_nodes vyos-router[1490]: raise ConfigTreeError("Path [{}] doesn't exist".format(path_str)) vyos-router[1490]: vyos.configtree.ConfigTreeError: Path [b'interfaces'] doesn't exist vyos-router[1455]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6: Command '['/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6', '/opt/vyatta/etc/config/config.boot']' returned non-zero exit status 1.. vyos-router[970]: configure. vyos-config[979]: Configuration success
2022-01-11policy: T4170: rename "policy ipv6-route" -> "policy route6"Christian Poessinger
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes)
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python