Age | Commit message (Collapse) | Author |
|
|
|
|
|
To accept a Proxy Protocol header on incoming TCP connections,
add an accept-proxy parameter to the bind line in a frontend section.
This parameter detects both Proxy Protocol version 1 (text format)
and Proxy Protocol version 2 (binary format).
set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
|
|
Improve and refactoring "load-balancing reverse-proxy"
- replace 'reverse-proxy server <tag>'
=> 'reverse-proxy service <tag>'
- replace 'reverse-proxy global-parameters tls <xxx>'
=> 'reverse-proxy global-parameters tls-version-min xxx'
=> 'reverse-proxy global-parameters ssl-bind-ciphers xxx'
- replace 'reverse-proxy service https rule <tag> set server 'xxx'
=> 'reverse-proxy service https rule <tag> set backend 'xxx'
'service https rule <tag> domain-name xxx' set as multinode
|
|
T5222: Add load-balancing for web traffic
|
|
|
|
Avoids the following warning, and any external service from
re-activating syslog via systemd socket activation:
frebib@vyos# commit
[ system syslog ]
DEBUG/COMMAND returned (err):
Warning: Stopping syslog.service, but it can still be activated by:
syslog.socket
DEBUG/COMMAND cmd 'systemctl stop syslog.service'
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
os.unlink() is the correct function:
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 146, in <module>
generate(c)
File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 114, in generate
os.path.unlink(rsyslog_conf)
^^^^^^^^^^^^^^
AttributeError: module 'posixpath' has no attribute 'unlink'
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
There is no need for the backend code to call ethtool and try to change speed or
duplex settings every time there is a change in the interface configuration,
but no change for the speed/duplex subnodes. This also makes the commit itself
faster when working with ethernet interfaces.
Bonus: no repeating CLI messages that the driver does not support speed/duplex
changes, as we do not change anything here.
Extension to commit f2ecc9710 ("ethernet: T3891: honor auto-negotiation support
per NIC")
|
|
When enabling identity-based-config, users can add arbitrary config keys
that are processed by ocserv. The user "must know" what he is been doing, as
invalid config option will make the ocserv daemon go ... whoop!
Thus add a warning and inform the user about this setting.
|
|
ocserv: T3896: add CLI options to configure ocserv config-per-user/group
|
|
T5219: ddclient: Allow not set login for Cloudflare API token
|
|
|
|
vrrp: T5215: fix the commit error when health check is not configured
|
|
|
|
that was replaced with Humps in all sciprts
|
|
T5158: Refactoring the commad sh interfaces counters
|
|
For more detailed information it's necessary to add information about drops and error counters.
|
|
T5215: add a built-in ping check for VRRP groups
|
|
|
|
Add RADIUS accounting-interim-interval option for PPTP-server
Specifies interval in seconds to send accounting information
(may be overridden by radius Acct-Interim-Interval attribute)
set vpn pptp remote-access authentication radius accounting-interim-interval '52'
|
|
Add RADIUS accounting-interim-interval option for L2TP-server
Specifies interval in seconds to send accounting information
(may be overridden by radius Acct-Interim-Interval attribute)
set vpn l2tp remote-access authentication radius accounting-interim-interval '120'
|
|
cloud-init: T5190: Added Cloud-init pre-configurator
|
|
T5060: Add disable option for high-availability
|
|
syslog: T2778: T2769: refactoring and VRF support
|
|
|
|
Allow syslog messages to be sent through a VRF (e.g. management).
|
|
|
|
Add 'maintenance mode' (option disable) for high-availability
set high-availability disable
|
|
dns: T5144: Improve dynamic DNS validations and completions
|
|
Use 'vyos-wan-load-balance.service' for load-balancing instead of
old start and stop 'vyatta-wanloadbalance.init' script
|
|
Add 'vyos-wan-load-balance.service' systemd unit for
'loadbalancing wan' instead of old vyatta-wanloadbalance.init script
|
|
|
|
|
|
|
|
Added a new service that starts before Cloud-init, waits for all network
interfaces initialization, and if requested by config, checks which interfaces
can get configuration via DHCP server and creates a corresponding Cloud-init
network configuration.
This protects from two situations:
* when Cloud-init tries to get meta-data via eth0 (default and fallback variant
for any data source which depends on network), but the real network is connected
to another interface
* when Cloud-init starts simultaneously with udev and initializes the first
interface to get meta-data before it is renamed to eth0 by udev
|
|
T5171: Use XML for loadbalancing wan instead of old templates
|
|
|
|
Use XML and python3 for 'load-balancing wan'
Use Jinja2 templates instead of old vyatta-wanloadbalance.pl to
generate configuration '/run/load-balance/wlb.conf' wich used by
/opt/vyatta/sbin/wan_lb
|
|
|
|
Without the change users might get confused as the setting is specified
on the VyOS CLI but never makes it to FRR due to an internal FRR check.
|
|
When we delete vrf vni there is a dictionary
{'only_vrf': 'red', 'new_frr_config': '!\n'}
|
|
conntrack-sync: T4888: rewrite the op mode script in the new format
|
|
Add verify() section to check if l3vni was removed in addition to the BGP
process under any given VRF.
|
|
|
|
|
|
|
|
FastAPI v0.92.0 (starlette v0.24.0) sets default attribute
Request._form; check for value == None instead of existence when
overriding Request class.
|
|
|
|
T1237: Failover route add policy for targets checking
|