Age | Commit message (Collapse) | Author |
|
Apply next round of configuration tree updates to 'service dns dynamic'
with the following changes:
- Migrate `service dns dynamic interface <interface> [use-web]`
to `service dns dynamic address <interface>`
or `service dns dynamic address web [web-options]`
This communicates the intent that dynamic dns IP address is detected
in only one way - using the `<interface>` or using an external web
request, not both.
- When using external web request, (`service dns dynamic address web`),
external url is optional (`web-options url`). Ddclient defaults are
used when unspecified,
- Rename all config `login` to `username` for consistency and also to
align better with alternative ddclient backends in consideration.
- Apply global 'ipv6-enable' to per service 'ip-version: ipv6'. Selecting
usage of IPv4 or IPv6 (or both simultaneously) is now at per service
(protocol) level instead of global level. This allows more control on
the ability to select IPv4 in some cases and IPv6 in some other cases
wherever supported by the underlying ddclient protocol.
- While the IP address (and by extension, the detection mechanism) is
global, the way it is applied to a particular ddclient protocol depends
on whether it supports IPv4 or IPv6 or both.
- Related to the above, this also prevents generating incorrect config
file (`ddclient.conf`) with multiple global sections leading to an
unpredictable behavior of ddclient.
- Implement provider (protocol) specific custom tweaks whenever possible
(e.g., `zone`, `username`, `server` are not necessary in all cases).
- Move service name from a combination of 'protocol' (with protocol
config autodetected) and custom (with protocol config specified) to a
single 'service' key. This allows for consisent setup of multiple
config for the same ddclient protocol (with different options and
credentials). This also avoid ambiguity with usual networking term
'protocol' and ddclient specific term 'protocol' (and can change with
a move to a different backend).
- Apply upfront XML constraints and validations consistently wherever
applicable.
- RFC2136 specific change: Rename rfc2136 config `record` to `host-name`
for consistency.
- Cloudflare specific change: While ddclient still supports authenticating
with email and global auth key, skipping `username` in config will
indicate the intent to use API token authentication (with special
'token' literal as `username`).
|
|
|
|
|
|
|
|
configtree: T5251: catch/raise errors in functions delete and delete_value
|
|
The node was already deleted in the 'if path exists' branch; attempt to
delete in 'else' branch will now raise an error.
|
|
T5210:VPN:Fix typo in Warning
|
|
|
|
|
|
|
|
|
|
Connection ID Username Protocol State Uptime Tunnel IP
--------------- ---------- ---------- ------- -------- -----------------
27 cpo IKEv2 UP 11s ['172.16.222.17']
"Tunnel IP" should be a string over list.
|
|
This is a radvd limitation.
|
|
|
|
|
|
To accept a Proxy Protocol header on incoming TCP connections,
add an accept-proxy parameter to the bind line in a frontend section.
This parameter detects both Proxy Protocol version 1 (text format)
and Proxy Protocol version 2 (binary format).
set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
|
|
Improve and refactoring "load-balancing reverse-proxy"
- replace 'reverse-proxy server <tag>'
=> 'reverse-proxy service <tag>'
- replace 'reverse-proxy global-parameters tls <xxx>'
=> 'reverse-proxy global-parameters tls-version-min xxx'
=> 'reverse-proxy global-parameters ssl-bind-ciphers xxx'
- replace 'reverse-proxy service https rule <tag> set server 'xxx'
=> 'reverse-proxy service https rule <tag> set backend 'xxx'
'service https rule <tag> domain-name xxx' set as multinode
|
|
T5222: Add load-balancing for web traffic
|
|
|
|
Avoids the following warning, and any external service from
re-activating syslog via systemd socket activation:
frebib@vyos# commit
[ system syslog ]
DEBUG/COMMAND returned (err):
Warning: Stopping syslog.service, but it can still be activated by:
syslog.socket
DEBUG/COMMAND cmd 'systemctl stop syslog.service'
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
os.unlink() is the correct function:
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 146, in <module>
generate(c)
File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 114, in generate
os.path.unlink(rsyslog_conf)
^^^^^^^^^^^^^^
AttributeError: module 'posixpath' has no attribute 'unlink'
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
There is no need for the backend code to call ethtool and try to change speed or
duplex settings every time there is a change in the interface configuration,
but no change for the speed/duplex subnodes. This also makes the commit itself
faster when working with ethernet interfaces.
Bonus: no repeating CLI messages that the driver does not support speed/duplex
changes, as we do not change anything here.
Extension to commit f2ecc9710 ("ethernet: T3891: honor auto-negotiation support
per NIC")
|
|
When enabling identity-based-config, users can add arbitrary config keys
that are processed by ocserv. The user "must know" what he is been doing, as
invalid config option will make the ocserv daemon go ... whoop!
Thus add a warning and inform the user about this setting.
|
|
ocserv: T3896: add CLI options to configure ocserv config-per-user/group
|
|
T5219: ddclient: Allow not set login for Cloudflare API token
|
|
|
|
vrrp: T5215: fix the commit error when health check is not configured
|
|
|
|
that was replaced with Humps in all sciprts
|
|
T5158: Refactoring the commad sh interfaces counters
|
|
For more detailed information it's necessary to add information about drops and error counters.
|
|
T5215: add a built-in ping check for VRRP groups
|
|
|
|
Add RADIUS accounting-interim-interval option for PPTP-server
Specifies interval in seconds to send accounting information
(may be overridden by radius Acct-Interim-Interval attribute)
set vpn pptp remote-access authentication radius accounting-interim-interval '52'
|
|
Add RADIUS accounting-interim-interval option for L2TP-server
Specifies interval in seconds to send accounting information
(may be overridden by radius Acct-Interim-Interval attribute)
set vpn l2tp remote-access authentication radius accounting-interim-interval '120'
|
|
cloud-init: T5190: Added Cloud-init pre-configurator
|
|
T5060: Add disable option for high-availability
|
|
syslog: T2778: T2769: refactoring and VRF support
|
|
|
|
Allow syslog messages to be sent through a VRF (e.g. management).
|
|
|
|
Add 'maintenance mode' (option disable) for high-availability
set high-availability disable
|
|
dns: T5144: Improve dynamic DNS validations and completions
|
|
Use 'vyos-wan-load-balance.service' for load-balancing instead of
old start and stop 'vyatta-wanloadbalance.init' script
|
|
Add 'vyos-wan-load-balance.service' systemd unit for
'loadbalancing wan' instead of old vyatta-wanloadbalance.init script
|
|
|
|
|
|
|
|
Added a new service that starts before Cloud-init, waits for all network
interfaces initialization, and if requested by config, checks which interfaces
can get configuration via DHCP server and creates a corresponding Cloud-init
network configuration.
This protects from two situations:
* when Cloud-init tries to get meta-data via eth0 (default and fallback variant
for any data source which depends on network), but the real network is connected
to another interface
* when Cloud-init starts simultaneously with udev and initializes the first
interface to get meta-data before it is renamed to eth0 by udev
|
|
T5171: Use XML for loadbalancing wan instead of old templates
|