summaryrefslogtreecommitdiff
path: root/src/system
AgeCommit message (Collapse)Author
2023-12-16image: T4516: support for interoperability of legacy/new image toolsJohn Estabrook
This commit allows management of system images with either new or legacy tools: 'add/delete/rename system image' and 'set default' are translated appropriately on booting between images with the old and new tools. Consequently, the warning of the initial commit of T4516 is dropped. (cherry picked from commit 96b65e90fbfa1fe63d97929ac86fc910abb0caa9)
2023-12-16image: T4516: service vyos-grub-update should exit on live bootJohn Estabrook
(cherry picked from commit 7d6c262976eba624b935c96a7495cc392158b8ff)
2023-12-16image: T4516: Added system image toolszsdc
This commit adds the whole set of system image tools written from the scratch in Python that allows performing all the operations on images: * check information * perform installation and deletion * versions management Also, it contains a new service that will update the GRUB menu and keep tracking its version in the future. WARNING: The commit contains non-reversible changes. Because of boot menu changes, it will not be possible to manage images from older VyOS versions after an update. (cherry picked from commit 8f94262e8fa2477700c50303ea6e2c6ddad72adb)
2023-10-18pmacct: T5232: Fixed socket parameters for trigger-packetszsdc
This fixes sending packets to uacctd using a socket. (cherry picked from commit 7a0af0d00bae9179c89155e4b2e6ce94abb29c05)
2023-10-14pmacct: T5232: Fixed pmacct service control via systemctlzsdc
pmacct daemons have one very important specific - they handle control signals in the same loop as packets. And packets waiting is blocking operation. Because of this, when systemctl sends SIGTERM to uacctd, this signal has no effect until uacct receives at least one packet via nflog. In some cases, this leads to a 90-second timeout, sending SIGKILL, and improperly finished tasks. As a result, a working folder is not cleaned properly. This commit contains several changes to fix service issues: - add a new nftables table for pmacct with a single rule to get the ability to send a packet to nflog and unlock uacctd - remove PID file options from the uacctd and a systemd service file. Systemd can detect proper PID, and PIDfile is created by uacctd too late, which leads to extra errors in systemd logs - KillMode changed to mixed. Without this, SIGTERM is sent to all plugins and the core process exits with status 1 because it loses connection to plugins too early. As a result, we have errors in logs, and the systemd service is in a failed state. - added logging to uacctd - systemctl service modified to send packets to specific address during a service stop which unlocks uacctd and allows systemctl to finish its work properly (cherry picked from commit e364e9813b6833f6b108e7177ef7ea2d9e7bac33)
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-05-04cloud-init: T5190: Added Cloud-init pre-configuratorzsdc
Added a new service that starts before Cloud-init, waits for all network interfaces initialization, and if requested by config, checks which interfaces can get configuration via DHCP server and creates a corresponding Cloud-init network configuration. This protects from two situations: * when Cloud-init tries to get meta-data via eth0 (default and fallback variant for any data source which depends on network), but the real network is connected to another interface * when Cloud-init starts simultaneously with udev and initializes the first interface to get meta-data before it is renamed to eth0 by udev
2022-10-31T4526: use informative error messages for keepalived-fifo with commit in ↵Daniil Baturin
progress
2022-09-07update-check: T3476: Allow update-check for VyOS imagesViacheslav Hletenko
Ability to autocheck available new images Parse remote URL JSON image-version.json file and compare version VyOS with a local current version, if find diff sent wall message that the new image is available Also, add op-mode command to check images "show system image" With option "auto-check" check will be once per 12 hours set system update-check auto-check set system update-check url 'http://example.com/image-version.json' If new version is available shows it per login (MOTD)
2022-08-22keepalived: T4526: keepalived-fifo.py unable to load configSander Klein
keepalived-fifo.py cannot load the VyOS config because the script is started before the commit is completely finished. This change makes sure the script waits for the commit to be completed. It retries every 0.5 seconds. If the commit is still not completed it will continue as did the original implementation.
2022-07-04event-handler: T4508: Fixed environment variableszsdc
Fixed usage of environment variables - made an individual environment variable for an event a true copy, instead of a reference to a single environ dictionary. Also, reorganized imports according to PEP8.
2022-07-01event-handler: T4501: Fix for syslog-identifierViacheslav Hletenko
In dictionary we get "syslog-identifier" with dash But we try to parse option with underscore "syslog_identifier" Fix it
2022-06-07event-handler: T3083: Extended event-handler featureszsdc
* Added the ability to filter by a syslog identifier * Added the ability to pass arguments to a script * Added the ability to pass preconfigured environment variables to a script * A message that triggered a script is now passed in the `message` variable and can be used in a script * Replaced `call()` to `run()`, since stdout are not need to be printed
2022-06-06event-handler: T3083: Optimized event-handlerzsdc
* Removed dynamic generating for systemd unit * Optimized configuration file deleting process * Added exceptions handlers to event-handler script to protect service from most obvious potential troubles * Improved logging * Moved pattern compilation outside a messages loop to avoid extra operations * Added signal handlers for proper systemd integration
2022-02-05vrrp: T4226: transition-script does not work for groups containing a hypen (-)Christian Poessinger
2021-12-09Revert "vrrp: T4059: do "late" read of the CLI configuration as this fails ↵Christian Poessinger
in __init__" This reverts commit bcfe967f607a83192d75c01e7f414655891eec60.
2021-12-08vrrp: T4059: do "late" read of the CLI configuration as this fails in __init__Christian Poessinger
... thus we simply read the configuration the first time it really becomes necessary and a message requireing the data needs it actually.
2021-12-05vrrp: T4041: bugfix sync-group transition-scripts not executedChristian Poessinger
While mangling the config dict retrieved via get_config_dict() into a private representation of a configuration dictionary sync-groups were never accounted for. Instead everything always ended up in the regular vrrp transition-script section. The implementation has been changed to directly work on the content of get_config_dict() to stop any confusion and making redundant data copies obsolete.
2021-09-21vrrp: keepalived: T3847: migrate to get_config_dict()Christian Poessinger
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived.
2021-06-24openvpn: T3641: remove deprecated iproute optionChristian Poessinger
Executing iproute2 commands as unprivileged member of the openvpn group is now handled via a sudoers file.
2021-06-19mdns: vrrp: T3635: Add ability to use mDNS repeater with VRRPsarthurdev
2021-02-23dhcp-server: T2927: Add empty args if does not possible to determine variablesDmitriyEshenko
2020-06-11on-dhcp-event.sh: T2486: modify for new vyos-hostsd syntaxJernej Jakob
- remove already existing entry check in /etc/hosts as vyos-hostsd will handle it - vyos-hostsd-client syntax changed - change tag "DHCP-$client_ip" to "dhcp-server-$client_ip" to make it more distinct from dhcp client tag "dhcp-$intf"
2020-05-28dhcp: T2465: T2483: fix DNS resolution (pdns restatt)kroy-the-rabbit
2020-05-19Revert "T2465: vyos-hostsd-client needs sudo"kroy-the-rabbit
2020-05-19T2465: vyos-hostsd-client needs sudokroy-the-rabbit
There have been a number of complaints about DHCP not getting inserted into the `/etc/hosts` file. This should correct that problem.
2020-04-15dns-forwarding: T2298: fix path to control fileChristian Poessinger
After migrating PowerDNS to systemd and also its configuration files to a volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration files to volatile /run directory") the path for the control file has not been altered and pushed to the client rec_control binary"
2020-04-11util: T2226: do not use universal_newlinesThomas Mangin
2020-04-06util: T2226: rewrite keepalived to use cmdThomas Mangin
2020-04-01keepalived: T1350: Replaced transition scripts logiczsdc
In old implementation, all notify scripts are configured directly inside a keepalived.conf. This way is not recommended even by keepalived as scripts execution is not tracked and they may be running not in order and killed before the actual work will be finished. We have observed such situations in very rare cases during tests. New implementation use FIFO pipe, to which keepalived send any state changes. And these notifications are read by a daemon, saved in a queue and processed one by one, which eliminates the situation when the scripts creating inconsistent config or environment.
2020-01-14vrrp: T1884: Keep transition-script native behaviour and implement ↵DmitriyEshenko
transaction-script 'stop'
2019-11-19vyos-hostsd: T1812: run increment firstEshenko Dmitriy
2019-11-18[vyos-hostsd] T1812: Reload pdns on dhcp client updatekroy
2019-09-24[dhcp hostfile-update] T1678 migrate to vyos-hostsd-clientDmitriyEshenko
2019-09-06openvpn: T1630: support adding routes as unpriviledged userChristian Poessinger
2019-02-21[dhcp] T1211: avoid blank DHCP hostnames taking down DNSChristian Poessinger
2018-11-05T288: add a script for normalizing IP(v6) addresses so that they can be ↵Daniil Baturin
safely passed to iproute2.
2018-10-02T866: add a post-upgrade script for setting correct /config ownership in ↵Daniil Baturin
case GIDs change.
2018-08-27T778: T782: dhcp-server: XML and Python rewriteChristian Poessinger
This commit changes in addtion the DHCP server config syntax as defined in "T782: Cleanup dhcp-server configuration". Replace boolean parameter from the folowing nodes and make it valueless. This requires a migration script which is tracked with this task * set service dhcp-server shared-network-name <xyz> subnet 172.31.0.0/24 ip-forwarding enable (true|false) * set service dhcp-server shared-network-name <xyz> authoritative (true|false) * set service dhcp-server disabled (true|false) * set service dhcp-server dynamic-dns-update enable (true|fals) * set service dhcp-server hostfile-update (enable|disable) Replace the nested start/stop ip address from "subnet 172.31.0.0/24 start 172.31.0.101 stop 172.31.0.149" to "subnet 172.31.0.0/24 range <foo> start" and "subnet 172.31.0.0/24 range <foo> stop" where foo can be any character or number. In addition the vyatta-cfg-dhcp-server package used it's own init/config file for service startup. This has been migrated to the vanilla Debian files. Copy 'on-dhcp-event.sh' from vyatta-cfg-shcp-server package commit 4749e648bca6.
2018-08-12T772: fixup for keepalived not understanding escaped quotes.Daniil Baturin
Since it does not understand escaped quotes inside notify_* options, until we fix that, we have to put the script and its arguments in positional arguments and join inside the transition script runner.
2018-08-11T772 allow stow-away arguments in the script name field ↵Peri Diane Jones
https://phabricator.vyos.net/T772
2018-07-27T666, T616: new implementation of the VRRP CLI.Daniil Baturin