Age | Commit message (Collapse) | Author |
|
Preparation before using get_config_dict() and common Jinja2 templates.
|
|
|
|
In order to reuse as much as possible before migrationg to get_config_dict()
and re-use Jinja2 snippets the name-server node must be moved one level up to
'set vpn sstp name-server'.
|
|
|
|
Status file directory for show command was wrong, resulting in no
output.
Now points to '/var/run/openvpn/{}.status'
|
|
|
|
|
|
|
|
Commit ba050937 ("accel-ppp: T2953: drop redundant CLI definitions ") dropped
the defaultValue of 'prefer' for MPPE making the smoketests fail. This has been
corrected.
|
|
|
|
|
|
|
|
|
|
With commit 38ae3032 ("pppoe-server: T2936: move to get_config_dict()") there
are now RADIUS default values present in the XML definitions - those must be
proberly mangled for the WiFi interface.
|
|
|
|
The config path is altered in get_interface_dict() to the base of the interface
in question, e.g. 'interfaces macsec macsec1' - this must be reflected when
calling othe methods of Config().
|
|
For easier configuration read in (CLI) validation and also template rendering
it makes sense to drop the old, single implementation and move to the new,
generic get_config_dict() approach.
Recurring configuration parts like ip-pool, ipv6-pool and nameservers have
also been split our into individual templates which will be included through
Jinja2 - leading to a single-source of the template sections, too.
|
|
When individual peers that have been removed got determined they have been
added to the config dict as list instead of string - which broke the system
plumbing commands as they can not handle a Python list.
|
|
If for whatever reason the macsec interface dropped out of the Kernel - only
call .remove() when it still exists to avoid any exceptions at all.
|
|
|
|
|
|
accel-ppp: T2918: Add accounting interim jitter option
|
|
|
|
Introduced in commit 818a75c024e ("ifconfig: T2653: get_mtu() should return
int() for easier comparison") where the variable used in the formatted string
has not been adjusted.
|
|
|
|
|
|
|
|
Using an MTU less then the required 1280 bytes (as per RFC) on an interface
where IPv6 is not explicitly disabled by:
- set interfaces ethernet eth1 ipv6 address no-default-link-local
- not having any other IPv6 address configured
Will now trigger a commit error via verify() instead of raising
FileNotFoundError!
|
|
|
|
Check the hardware if MTU value is supported at all.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
As we already check that a bond/bridge member interface is not a member of any
other bridge or bond, the check must be extended. We also need to ensure that
the bond member interface is not used as a source-interface to pppoe, macsec,
tunnel, pseudo-ethernet, vxlan interfaces.
|
|
|
|
Add verify() step to ensure the macsec source-interface is not already part
of a bridge interface. This should probably also be checked for bond interfaces.
|
|
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for
802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not
make the user juggle with the MTU bytes if he enables VLAN support later on,
which is yet to come.
|
|
A lot of derived classes from Interface implemented their own get_config()
method which more or less was the same everywhere. We also hat different
qualifiers like @staticmethod or @classmethod.
This is now changed to only have the @classmethod in Interface base class which
will return the necessary dictionary keys for the required interfaces. This
change is a mid reduction in lines of code which is always a very nice thing!
|
|
Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use
different CLI nodes for the same functionality. PPPoE has "connect-on-demand"
to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose.
Rename WWAN "ondemand" node to "connect-on-demand".
|
|
In the past we had to provide the ethertype value used for the VLAN
protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q).
This should be changed to a more user friendly CLI node (protocol over
ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in
presenting RAW information from the ethernet header to the user. Also iproute2
calls it protocol which makes way more sense over the "raw" value.
|
|
Despite the fact that running verify on Config() is "bad" and "not as intended"
the level of the configuration must match the keys that are checked by exits().
Re-set proper Config() level before querying the system nodes.
|
|
... an error would be presented: jinja2.exceptions.TemplateSyntaxError:
expected token 'end of statement block', got 'mhz_incapable', thus we simply
rename the key before rendering the template.
|
|
|
|
|
|
Removing a member from a bond/LACP will turn the physical interface always in
admin-down state. This is invalid, the interface should be placed into the state
configured on the VyOS CLI.
Smoketest on bond interfaces is extended to check this behavior.
|
|
|