Age | Commit message (Collapse) | Author |
|
This commit allows management of system images with either new or legacy
tools: 'add/delete/rename system image' and 'set default' are translated
appropriately on booting between images with the old and new tools.
Consequently, the warning of the initial commit of T4516 is dropped.
(cherry picked from commit 96b65e90fbfa1fe63d97929ac86fc910abb0caa9)
|
|
(cherry picked from commit 7d6c262976eba624b935c96a7495cc392158b8ff)
|
|
This commit adds the whole set of system image tools written from the scratch in
Python that allows performing all the operations on images:
* check information
* perform installation and deletion
* versions management
Also, it contains a new service that will update the GRUB menu and keep tracking
its version in the future.
WARNING: The commit contains non-reversible changes. Because of boot menu
changes, it will not be possible to manage images from older VyOS versions after
an update.
(cherry picked from commit 8f94262e8fa2477700c50303ea6e2c6ddad72adb)
|
|
This fixes sending packets to uacctd using a socket.
(cherry picked from commit 7a0af0d00bae9179c89155e4b2e6ce94abb29c05)
|
|
pmacct daemons have one very important specific - they handle control signals in
the same loop as packets. And packets waiting is blocking operation.
Because of this, when systemctl sends SIGTERM to uacctd, this signal has no
effect until uacct receives at least one packet via nflog. In some cases, this
leads to a 90-second timeout, sending SIGKILL, and improperly finished tasks.
As a result, a working folder is not cleaned properly.
This commit contains several changes to fix service issues:
- add a new nftables table for pmacct with a single rule to get the ability to
send a packet to nflog and unlock uacctd
- remove PID file options from the uacctd and a systemd service file. Systemd
can detect proper PID, and PIDfile is created by uacctd too late, which leads
to extra errors in systemd logs
- KillMode changed to mixed. Without this, SIGTERM is sent to all plugins and
the core process exits with status 1 because it loses connection to plugins too
early. As a result, we have errors in logs, and the systemd service is in a
failed state.
- added logging to uacctd
- systemctl service modified to send packets to specific address during a service
stop which unlocks uacctd and allows systemctl to finish its work properly
(cherry picked from commit e364e9813b6833f6b108e7177ef7ea2d9e7bac33)
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
Added a new service that starts before Cloud-init, waits for all network
interfaces initialization, and if requested by config, checks which interfaces
can get configuration via DHCP server and creates a corresponding Cloud-init
network configuration.
This protects from two situations:
* when Cloud-init tries to get meta-data via eth0 (default and fallback variant
for any data source which depends on network), but the real network is connected
to another interface
* when Cloud-init starts simultaneously with udev and initializes the first
interface to get meta-data before it is renamed to eth0 by udev
|
|
progress
|
|
Ability to autocheck available new images
Parse remote URL JSON image-version.json file and compare version
VyOS with a local current version, if find diff sent wall
message that the new image is available
Also, add op-mode command to check images "show system image"
With option "auto-check" check will be once per 12 hours
set system update-check auto-check
set system update-check url 'http://example.com/image-version.json'
If new version is available shows it per login (MOTD)
|
|
keepalived-fifo.py cannot load the VyOS config because the
script is started before the commit is completely finished.
This change makes sure the script waits for the commit
to be completed. It retries every 0.5 seconds. If the commit
is still not completed it will continue as did the original
implementation.
|
|
Fixed usage of environment variables - made an individual environment variable
for an event a true copy, instead of a reference to a single environ dictionary.
Also, reorganized imports according to PEP8.
|
|
In dictionary we get "syslog-identifier" with dash
But we try to parse option with underscore "syslog_identifier"
Fix it
|
|
* Added the ability to filter by a syslog identifier
* Added the ability to pass arguments to a script
* Added the ability to pass preconfigured environment variables to a script
* A message that triggered a script is now passed in the `message` variable and
can be used in a script
* Replaced `call()` to `run()`, since stdout are not need to be printed
|
|
* Removed dynamic generating for systemd unit
* Optimized configuration file deleting process
* Added exceptions handlers to event-handler script to protect service
from most obvious potential troubles
* Improved logging
* Moved pattern compilation outside a messages loop to avoid extra operations
* Added signal handlers for proper systemd integration
|
|
|
|
in __init__"
This reverts commit bcfe967f607a83192d75c01e7f414655891eec60.
|
|
... thus we simply read the configuration the first time it really becomes
necessary and a message requireing the data needs it actually.
|
|
While mangling the config dict retrieved via get_config_dict() into a private
representation of a configuration dictionary sync-groups were never accounted
for. Instead everything always ended up in the regular vrrp transition-script
section.
The implementation has been changed to directly work on the content of
get_config_dict() to stop any confusion and making redundant data copies
obsolete.
|
|
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
|
|
Executing iproute2 commands as unprivileged member of the openvpn group is now
handled via a sudoers file.
|
|
|
|
|
|
- remove already existing entry check in /etc/hosts as vyos-hostsd will handle it
- vyos-hostsd-client syntax changed
- change tag "DHCP-$client_ip" to "dhcp-server-$client_ip" to make it more
distinct from dhcp client tag "dhcp-$intf"
|
|
|
|
|
|
There have been a number of complaints about DHCP not getting inserted into the `/etc/hosts` file. This should correct that problem.
|
|
After migrating PowerDNS to systemd and also its configuration files to a
volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration
files to volatile /run directory") the path for the control file has not
been altered and pushed to the client rec_control binary"
|
|
|
|
|
|
In old implementation, all notify scripts are configured directly inside a keepalived.conf. This way is not recommended even by keepalived as scripts execution is not tracked and they may be running not in order and killed before the actual work will be finished. We have observed such situations in very rare cases during tests.
New implementation use FIFO pipe, to which keepalived send any state changes. And these notifications are read by a daemon, saved in a queue and processed one by one, which eliminates the situation when the scripts creating inconsistent config or environment.
|
|
transaction-script 'stop'
|
|
|
|
|
|
|
|
|
|
|
|
safely passed to iproute2.
|
|
case GIDs change.
|
|
This commit changes in addtion the DHCP server config syntax as defined
in "T782: Cleanup dhcp-server configuration".
Replace boolean parameter from the folowing nodes and make it valueless.
This requires a migration script which is tracked with this task
* set service dhcp-server shared-network-name <xyz> subnet 172.31.0.0/24
ip-forwarding enable (true|false)
* set service dhcp-server shared-network-name <xyz> authoritative (true|false)
* set service dhcp-server disabled (true|false)
* set service dhcp-server dynamic-dns-update enable (true|fals)
* set service dhcp-server hostfile-update (enable|disable)
Replace the nested start/stop ip address from "subnet 172.31.0.0/24 start
172.31.0.101 stop 172.31.0.149" to "subnet 172.31.0.0/24 range <foo> start" and
"subnet 172.31.0.0/24 range <foo> stop" where foo can be any character or number.
In addition the vyatta-cfg-dhcp-server package used it's own init/config file
for service startup. This has been migrated to the vanilla Debian files.
Copy 'on-dhcp-event.sh' from vyatta-cfg-shcp-server package commit 4749e648bca6.
|
|
Since it does not understand escaped quotes inside notify_* options,
until we fix that, we have to put the script and its arguments
in positional arguments and join inside the transition script runner.
|
|
https://phabricator.vyos.net/T772
|
|
|