summaryrefslogtreecommitdiff
path: root/src/migration-scripts
AgeCommit message (Collapse)Author
2024-09-18OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphersmergify/bp/circinus/pr-3823srividya0208
(cherry picked from commit b62b2f5f8a9c4f0a7dc26bce1f15843651119256)
2024-09-11migration: T6007: convert all migration scripts to load as moduleJohn Estabrook
(cherry picked from commit 26740a8d583f64dc0a27b59dd4ae303056972c0b)
2024-08-23wireless: T6318: move country-code to a system wide configurationmergify/bp/circinus/pr-3656Christian Breunig
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code" (cherry picked from commit 9e22ab6b2aee48029d3455f65880e45c558cf1da)
2024-08-16T6649: Accel-ppp separate vlan-mon from listen interfacesmergify/bp/circinus/pr-3987Nataliia Solomko
(cherry picked from commit 663e468de2b431f771534b4e3a2d00a5924b98fe)
2024-07-18openvpn: T6591: deprecate OpenVPN server net30 topology (#3825)mergify/bp/circinus/pr-3825Daniil Baturin
(cherry picked from commit e2b05343b30d2f989968532106e792cbaf75ecf6)
2024-07-03T6536: change wildcard character from + to * - extend fix to interfaces ↵Nicolas Fort
defined in zone policy. (cherry picked from commit 66ec278393dbabe71f320c543816f27797d51140)
2024-07-03T6536: nat: add migration script that replaces wildcard charater supported ↵Nicolas Fort
in 1.3 <+> with character supported in latest version <*> (cherry picked from commit 148af29b68416a5b8d0e025a16aef252fdf31e67) # Conflicts: # src/migration-scripts/nat/6-to-7
2024-06-26interfaces: T6519: harden config migration if ethernet interface is missingChristian Breunig
During a corner case where the configuration is migrated to a different system with fewer ethernet interfaces, migration will fail during an image upgrade. vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an exception that kills the migrator (cherry picked from commit e47d4fd385631236da6882233b09f6364cbb077b)
2024-06-15openvpn: T5487: make migration script executableChristian Breunig
Migration script introduced in commit 0f669a226 ("openvpn: T5487: Remove eprecated option --cipher for server and client mode") lacked executable permission.
2024-06-13Merge pull request #3639 from natali-rs1985/T5487-currentDaniil Baturin
openvpn: T5487: Remove deprecated option --cipher for server and client mode
2024-06-11openvpn: T5487: Remove eprecated option --cipher for server and client modeNataliia Solomko
2024-06-11firewall: T3900: fix migration and smoketestsChristian Breunig
Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall") changed the position in the CLI for conntrack timeout. This lead to failing smoketests because of a regression in the migrator.
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-05-30reverse-proxy: T6409: unindent migration script code pathChristian Breunig
2024-05-27reverse-proxy: T6409: Remove unused backend parametersAlex W
2024-05-22nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
2024-05-01pppoe-server: T6234: fix permissions on migration scriptJohn Estabrook
2024-05-01Merge pull request #3364 from natali-rs1985/T6234-currentDaniil Baturin
pppoe-server: T6234: PPPoE-server pado-delay refactoring
2024-04-29openconnect: T4982: Support defining minimum TLS version in openconnect VPNAlex W
2024-04-25pppoe-server: T6234: PPPoE-server pado-delay refactoringNataliia Solomko
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos
2024-04-12Merge pull request #3291 from aapostoliuk/T6100-circinusChristian Breunig
T6100: Added NAT migration from IP/Netmask to Network/Netmask
2024-04-12T6100: Added NAT migration from IP/Netmask to Network/Netmaskaapostoliuk
Added NAT migration from IP/Netmask to Network/Netmask. In 1.3 allowed using IP/Netmask in Nat rules. In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask.
2024-04-11T6216: firewall: add patch while migrating from 1.3 to 1.4 in order to avoid ↵Nicolas Fort
errors when using character <+> in 1.3 in firewall groups and custom firewall chains.
2024-04-07ipoe: T6205: fix conditional branch error in config migratorChristian Breunig
Commit a5ccc06c0 ("ipoe: T6205: error in migration script logic while renaming mac-address to mac node") added a conditional path into the config which could result in the migrated config not beeing written if precondition was not met.
2024-04-06container: T6208: rename "cap-add" CLI node to "capability"Christian Breunig
Containers have the ability to add Linux system capabilities to them, this is done using the "set container name <name> cap-add" command. The CLI node sounds off and rather should be "set container name <name> capability" instead as we use and pass a capability to a container and not add/invent new ones.
2024-04-06ipoe: T6205: error in migration script logic while renaming mac-address to ↵Christian Breunig
mac node The problem was introduced in [1] but the config migrator part unfortunately was added to the wrong version [2]. As IPoE config version 0 was only active during the 1.3 development cycle and VyOS 1.3.0 was already released with config version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to properly support upgrades from VyOS 1.3 -> 1.4 or newer. 1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168 2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46
2024-04-06T6199: remove unused Python imports from migration scriptsChristian Breunig
2024-04-04ospf: T6089: fix invalid "ospf passive-interface default"Christian Breunig
The option "passive-interface default" was set even if it was not present in the previous version we are migrating from. Fix migration script to handle this with a conditional path.
2024-03-25T6171: migrate <set service dhcp-server failover> to <set service ↵Nicolas Fort
dhcp-server high-availability>.
2024-03-19policy: T6130: Revert commit 960caceaapostoliuk
This reverts commit 960cace189d7ace2bea0968646b1348b415e0363. All community rules syntax was changed. T5357 is invalid bug report. VyOS cannot use new configuration syntax in the previous versions.
2024-03-15T6090: fix policy route migration script. Ensure that tcp flags migration ↵Nicolas Fort
occurs also if only <policy route> is defined.
2024-03-10T6114: fix broken migration dhcpv6-server 4-to-5Lucas Christian
2024-03-10firewall: T6071: truncate rule description field to 255 charactersChristian Breunig
2024-03-01smoketest: T6079: probe for duplicate IP address static-mappingChristian Breunig
2024-02-29dhcp-server: T6079: Disable duplicate static-mappings on migrationsarthurdev
2024-02-28dhcp-server: T6079: Increment Kea migrator versionssarthurdev
2024-02-15Merge pull request #3012 from sarthurdev/T5993Christian Breunig
dhcpv6-server: T5993: Extend interface migrator to check VLAN/QinQ
2024-02-15Merge pull request #3004 from aapostoliuk/T6029-circinusDaniil Baturin
T6029: Rewritten Accel-PPP services to an identical feature set
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code.
2024-02-14dhcpv6-server: T5993: Extend interface migrator to check VLAN/QinQsarthurdev
Updates smoketest config to test migrator change
2024-02-13Merge pull request #2988 from c-po/pki-rpki-t6034Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
2024-02-13Merge pull request #2997 from sarthurdev/T5993Christian Breunig
dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally connected interfaces
2024-02-13dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally ↵sarthurdev
connected interfaces Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
2024-02-12rpki: T6024: add migration scripts from file based keys to PKI subsystemChristian Breunig
2024-02-12ipsec: T5981: Strip '@' from migrated peer namesarthurdev
2024-02-09Merge pull request #2975 from c-po/migrator-t5902Christian Breunig
https: T5902: fix migration of virtual-host port
2024-02-09https: T5902: fix migration of virtual-host portChristian Breunig
CLI source node is port and not listen-port.
2024-02-08Merge pull request #2950 from aapostoliuk/T5960-circinusDaniil Baturin
T5960: Rewritten authentication node in PPTP to a single view