summaryrefslogtreecommitdiff
path: root/src/migration-scripts
AgeCommit message (Collapse)Author
2023-09-04conntrack: T4309: T4903: Refactor `system conntrack ignore` rule generation, ↵sarthurdev
add IPv6 support and firewall groups
2023-08-11Merge pull request #2016 from nicolas-fort/T5160Christian Breunig
T5160: Firewall refactor
2023-08-11interface: T5465: adjust-mss: config migration fails if applied to a VLAN or ↵Christian Breunig
Q-in-Q interface When migration from 1.3 to 1.4 and a user hat the following configured: options { interface eth0.10{ adjust-mss 1452 adjust-mss6 1432 } } The configuration was wrongly migrated to: interfaces { ethernet eth0.10 { ipv6 { adjust-mss "1432" } ip { adjust-mss "1452" } } Instead of interfaces { ethernet eth0 { vif 10 { ipv6 { adjust-mss "1432" } ip { adjust-mss "1452" } } }
2023-08-11T5460: remove config-trap from firewallNicolas Fort
2023-08-11T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵Nicolas Fort
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
2023-08-11T5160: firewall refactor: fix firewall template for correct rule parsing ↵Nicolas Fort
that contains fqnd and/or geo-ip in base chains. Fix mig script
2023-08-11T5160: firewall refactor: change firewall ip to firewall ipv4Nicolas Fort
2023-08-11T5160: firewall refactor: new cli structure. Add migration script and update ↵Nicolas Fort
smoketest
2023-08-06T5195: move helpers from vyos.validate to vyos.utils packageChristian Breunig
2023-08-02Merge pull request #2129 from sever-sever/T5427Christian Breunig
T5427: Fix migration script arguments len expects 2 args
2023-08-02wireguard: T5413: Blocked adding the peer with the router's public keyaapostoliuk
Disabeled adding the peer with the same public key as the router has. Added smoketest
2023-08-02T5427: Fix migration script arguments len expects 2 argsViacheslav Hletenko
The script's name is always provided as the first argument sys.argv[0] Expected length for argv is 2 (script itself + config file) Change: 'if (len(argv) < 1)' to 'if len(argv) < 2'
2023-07-26Merge pull request #2078 from nicolas-fort/T5154Viacheslav Hletenko
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet…
2023-07-25container: T5365: ensure container mogration systemd steps are run with sudoChristian Breunig
2023-07-25T5154: NTP: allow maximum of one ipv4 and one ipv6 address on parameter ↵Nicolas Fort
<listen-address>. Also allow only one single value <interface>.
2023-07-15Merge pull request #2091 from jvoss/policy_bgp_communitiesChristian Breunig
policy: T5357: only delete migrated BGP community rules
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-07-13policy: T5357: only delete migrated BGP community rulesJonathan Voss
2023-07-11T5341: HA migrate virtual-server tag to node addressViacheslav Hletenko
Migrate: high-availability virtual-server 203.0.113.1 to: high-availability virtual-server <name> address 203.0.113.1
2023-07-03isis: T5335: fix invalid isis config base in migration scriptJonathan Voss
2023-06-12T5286: drop XDP support for ethernet and bonding interfacesChristian Breunig
... this is a step towards a new and better implementation that will utilize VPP.
2023-06-05Merge pull request #2005 from indrajitr/ddclient-improvement-round-2Christian Breunig
dns: T5144: Modernize dynamic dns operation (round 2)
2023-06-05openconnect: T5259: fix migration logic in delete_value radius|localJohn Estabrook
Incorrect logic of node deletion now raises error, after T5251.
2023-06-04dns: T5144: Apply migration for dynamic dns path updateIndrajit Raychaudhuri
Create migration and bump package version from 0 -> 1 for dynamic dns
2023-05-31migration: T5251: fix incorrect logic in calling configtree.deleteJohn Estabrook
The node was already deleted in the 'if path exists' branch; attempt to delete in 'else' branch will now raise an error.
2023-05-08syslog: T2778: migrate to get_config_dict()Christian Breunig
2023-04-13T5150: migrate CLI configs to new Kernel/Zebra route-map supportChristian Breunig
2023-03-28dns: T5115: Support custom port for name servers for forwarding zones.Indrajit Raychaudhuri
This would allow using custom ports in name server operating on non- default port for forwarding zones. This is a follow-up to T5113 for sake of completeness and having consistent treatment of all name servers configured in PowerDNS recursor. Additionally, migrate `service dns forwarding domain example.com server` to `service dns forwarding domain foo3.com name-server` for consistency and reusability.
2023-03-21T5050: Firewall: Add log optionsNicolas Fort
2023-03-03ipsec: T4916: Fixed migrations scriptjbordongit
* removed unused `re` from imports * replaced `return_value()` to `return_values()` for `remote-address` because this is a multi-value configuration node
2023-02-25tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
Tunnel interface multicast settings can be "enabled or disabled". As we prefer valueless nodes, and the linux kernel default is "disabled" we should add a set interfaces tunnel tunXX enable-multicast command
2023-02-15ipsec: T4593: Migrate and remove legacy `include-ipsec` nodessarthurdev
Not supported with swanctl
2023-02-12T5001: Replace links to the phabricator siteChristian Breunig
Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev
2023-02-11qos: T4284: migration script must ensure bandwidth is converted to lower caseChristian Breunig
tc acccepts the bandwidth value/unit pairs as lowercase - so does the VyOS CLI validator work, too.
2023-02-10interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵Christian Breunig
sstp-client
2023-01-30Merge pull request #1761 from sever-sever/T4916-currViacheslav Hletenko
T4916: Rewrite IPsec peer authentication and psk migration
2023-01-26ntp: T4961: create path ['service'] if it doesn't existJohn Estabrook
config.copy does not recursively create nodes of the path. On install image, the path ['service'] is not present in config.boot.default, so must be created before config.copy['service', 'ntp'].
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-19Merge pull request #1697 from nicolas-fort/snmp_reworkChristian Breunig
T4857: SNMP: Implement FRR SNMP Recomendations
2023-01-18T4857: Cleaning prNicolas Fort
2023-01-15ntp: T3008: TypeError bugfix when calling rename()Christian Breunig
2023-01-14ntp: T3008: migrate from ntpd to chronyChristian Breunig
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony
2023-01-04qos: T4284: add bandwidth percentage valueChristian Poessinger
2023-01-01qos: T4284: migrate percentaged bandwidth to absolute value in bit/sChristian Poessinger
2023-01-01qos: T4284: first implementation introducing a new vyos.qos moduleChristian Poessinger
2022-12-24container: T4870: remove manual user interaction during storage migrationChristian Poessinger
Commit 60c80df4 ("container: T4870: bump package version 0 -> 1 for filesystem change") introduced a fundamental change in the container storage driver that required a manual migration step from the user to not loose any data. This commit removes the manual user interaction and temporary exports the container images and re-imports them after the filesystem got changed. The only things that get lost are orphaned container images no longer referenced by the CLI - thats an adequate trade-off as those images can always be re-added to the system.
2022-12-23container: T4870: bump package version 0 -> 1 for filesystem changeChristian Poessinger
move from vfs to overlay driver The following pre iage upgrade script must be executed to have containers after the reboot: for pod in $(cli-shell-api listActiveNodes container name); do systemctl stop vyos-container-${pod//\'}.service done sed -i 's/vfs/overlay/g' /etc/containers/storage.conf /usr/share/vyos/templates/container/storage.conf.j2 rm -rf /usr/lib/live/mount/persistence/container/storage/libpod for pod in $(cli-shell-api listActiveNodes container name); do image=$(cli-shell-api returnActiveValue container name ${pod//\'} image) podman image pull $image systemctl start vyos-container-${pod//\'}.service done for dir in vfs vfs-containers vfs-images vfs-layers; do rm -rf /usr/lib/live/mount/persistence/container/storage/$dir done
2022-12-19T4879: IPsec migration script remote-id for peer name eq addressViacheslav Hletenko
Migration for "remote-id" where peer is IPv4 or IPv6 address was missed It was only migration if peer starts with "@" It cause that you must manualy set 'remote-id' to get it working correctly replace 'vpn ipsec site-to-site peer 192.0.2.2' => 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
2022-12-17Merge pull request #1626 from nicolas-fort/fwall_group_interfaceChristian Poessinger
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
2022-11-19T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵Nicolas Fort
so this new group can be used in inbound and outbound matcher