| Age | Commit message (Collapse) | Author |
|---|
|
ipsec: T7545: Fix show vpn debug peer
|
|
|
|
Fix re for searching of peers in /etc/swanctl/swanctl.conf
```
search = rf'^[\s]*(peer_{peer}_(tunnel_[\d]+|vti)).*'
```
Changed to
```
search = rf'^[\s]*({peer}-(tunnel-[\d]+|vti))[\s]*{{'
```
Added message
```
print(f'\n### {command} ###')
```
so that output is not empty when `/usr/sbin/ipsec statusall`
shows nothing
|
|
The legal team says years are not necessary so we can go ahead with it, since
it will simplify backporting.
Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \
's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g'
In addition we will error-out during "make" if someone re-adds a legacy
copyright notice
|
|
Write the health-status on the very first run of the script,
without waiting for any change in status, to show the current
state to the show command. In show command use the same api
to get the now timestamp as used in state change timestamp.
|
|
Certbot renewal command in op-mode "renew certbot" only works if any of the
certificates is up for renewal. There is no CLI option to forcefully renew a
certificate. This is about adding a force option to the CLI and with this
addition move the entire certbot renew handling to new-style op-mode commands.
vyos@vyos:~$ renew certbot force
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /config/auth/letsencrypt/renewal/vyos.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for vyos.io
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
/config/auth/letsencrypt/live/vyos/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' ran with output:
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
|
|
|
|
journald
|
|
|
|
If any part of the system boot fails, we set overall_status=1 in the vyos-router
startup script. When an error during the image upgrade is detected, the system
will automatically revert the default boot image to the previously used version,
if the CLI option "system option reboot-on-upgrade-failure" is set.
The user is informed via console messages:
Booting failed, reverting to previous image
Automatic reboot in 5 minutes
Use "reboot cancel" to cancel
The user has time to log in and run reboot cancel to remain in the faulty image
for troubleshooting. Reboot timeout is defined by CLI: "system option
reboot-on-upgrade-failure"
Once the system boots into the previous image, the MOTD will display a
persistent warning message - cleared during next reboot.
WARNING: Image update to "VyOS 1.5.xxxx" failed
Please check the logs:
/usr/lib/live/mount/persistence/boot/NAME/rw/var/log
Message is cleared on next reboot!
Upgrade failure can be synthetically injected by booting with Kernel command
line option: vyos-fail-migration
|
|
When performing an image upgrade we will create a file named /config/first_boot
with JSON data inside the new images persistent storage. The content of the file
will look like: {"previous_image": "1.5-stream-2025-Q3"}
The previous image name can be easily queried using "jq -r '.previous_image'".
This is the base work required for an adjusted version of the vyos-router init
script to support an automatic rollback to a previous image if things go
sideways.
|
|
large output
|
|
remote groups
|
|
interfaces: T7268: Add op-mode command for show all interfaces on system
|
|
installer: T7049: Fix GRUB boot with RAID1
|
|
rather than in the command line
|
|
tech-support: T7410: handle possible errors when executing lsusb
|
|
Commiting suggestions from dmbaturin
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
T7397: add "system kernel option quiet" to suppress boot messages
|
|
because it exits with a non-zero code on machines
without USB controllers
|
|
Add option to limit the number of messages that are displayed on the console
during the boot process and to persist this setting with image upgrades.
set system option kernel quiet
|
|
'NoneType' is not iterable"
|
|
|
|
lo address was an edge case and needed to be handled.
|
|
Created op-mode script per request
Commands added:
show interfaces kernel
show interfaces kernel detail
show interfaces kernel json
show interfaces kernel <interface>
show interfaces kernel <interface> detail
show interfaces kernel <interface> json
|
|
When performing an image upgrade and Linux Kernel command-line option that
should be passed via GRUB to the Linux Kernel are missing on the first boot.
This is because when generating the GRUB command-line via the op-mode scripts
the CLI nodes defining the options are not honored.
This commit re-implements the code-path in op-mode which generates the strings
passed via GRUB to the Linux Kernel command-line.
NOTE: If (for a yet unknown reason) a Kernel command-line option string changes
during a major - or minor - upgrade of the Linux Kernel, we will need to adapt
that logic and possibly call a helper from within the NEW updated image rootfs.
Thus we can ship future information back into the past like the "Grays Sports
Almanac" from Back to the Future Part II.
|
|
An attempt to reuse the name of an existing installed image should
prompt the user to re-enter a name, rather than allowing the
installation to fail.
|
|
T7254: op-mode: Add spanning-tree op-mode commands
|
|
group members
|
|
|
|
Updated language of "VLANs are enabled/disabled" to "VLANs enabled/disabled"
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
Updated language of amRoot to " (This bridge is the root)"
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
The service certbot expects symbolic links for
/config/auth/letsencrypt/live/<cert_name>/*.pem
however, the default behavior of copytree copies the linked files during
image upgrade. Set copytree argument to preserve symlinks.
|
|
Created stp.py to create output for spanning-tree info
Modified show-bridge.xml.in to add:
show bridge spanning-tree
show bridge spanning-tree detail
show bridge <interface> spanning-tree
show bridge <interface> spanning-tree detail
|
|
T7278: Remove cracklib hack from postconfig script template
|
|
firewall: T5493: Implement remote-group
|
|
|
|
|
|
T7138: Fix show qos
|
|
|
|
This change corrects a behavior witnessed in T7138. If a policy name had a `-` in it, the command would fail, returning nothing.
|
|
Rename directory in EFI system partition from:
From: \EFI\VyOS (RAID disk 1)
To: \EFI\VyOS
This prevents GRUB dropping to a grub prompt rather than showing the VyOS boot menu, after installing with the RAID1 option.
Refer bug: https://vyos.dev/T7049
|
|
T6948: Keep DHCP server leases in sync with hostd records
|
|
The formatter methods are mostly `family` agnostic now.
|
|
|
|
filesystem
|
|
|
|
|
|
|
|
|
