summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2020-02-15bond: T2041: add missing consitency check on member interface existenceChristian Poessinger
2020-02-15snmp: T2042: stricter validation when deleting SNMP in combination with LLDPChristian Poessinger
A consistency check was missing to prevent deleting the SNMP configuration but still setting "service lldp snmp enable".
2020-02-14http api: T2040: reload Config in route definitionJohn Estabrook
2020-02-13systemd: T2033: add overrides for keepalivedChristian Poessinger
Without this override the keepalived stop transaction script won't work as systemd will just wipe the process.
2020-02-13Merge pull request #218 from zdc/T1987Christian Poessinger
dhclient-script: T1987: Multiple fixes in dhclient-script
2020-02-13macvlan: T1635: migrate pseudo-ethernet interface definition to XML/PythonChristian Poessinger
2020-02-13ddclient: T1908: CloudFlares zone option can now also be specified manuallyChristian Poessinger
If there is no zone option given it will be "guessed" as in the past. This means (hostname -> resulting zone entry) domain.com -> com foo.domain.com -> domain.com bar.foo.domain.com -> foo.domain.com I have zero experience in the CloudFlare zone option what it is and what it does. SO maybe we still have a chance to auto render this setting.
2020-02-12dhclient-script: T1987: Multiple fixes in dhclient-scriptzsdc
This changeset contains multiple changes in structure, logic, and bugfixes for dhclient-script. It should provide better compatibility with new Debian versions and flexibility in controlling and changing VyOS-related functions. 1. Structure change: * All VyOS-related functionality was moved from dhclient-script itself to separated hook files. * Old vyatta-dhclient-hook was moved from vyatta-cfg to vyos-1x. * This change allows discard dhclient-script replacing and use the original one from Debian without any changes. So, we do not need to track all changes in upstream so carefully. * To provide compatibility between original dhclient-script and VyOS, two internal commands/functions are repaced in hooks: ip and make_resolv_conf. So, in all places where used ${ip} or make_resolv_conf, actually using VyOS-tuned functions instead original. * `ip` function is a wrapper, which automatically chooses what to use: transparently pass a command to /usr/sbin/ip, change a route in kernel table or FRRouting config via vtysh. * `make_resolv_conf` function main logic was copied from current VyOS implementation and use vyos-hostsd-client for making changes 2. Added: * Logging. Now is possible to log all changes, what is doing by dhclient-script. Logs can be saved to the journal and displayed in stderr (for debugging purposes). By default, logging to the journal is enabled (at least for some time) to provide a way to collect enough information in case if some bug in this new implementation will be found. This can be changed in the 01-vyos-logging file. 3. Fixed/Changed: * If DHCP lease was expired, released or dhclient was stopped, dhclient-script will try to delete default route from this lease. * Instead of blindly killing all dhclients in case if FRRouting daemon is not running, now used more intelligent logic: * dhclients are stopping natively (with all triggers processing), instead of killing; * dhclient-script will not kill parent dhclient process. This allows to fix the problem when systemd inform about failing to rise up interfaces at early boot stages (used in Cloud-init images); * dhclient-script will not touch dhclients, which are not related to the current interface or IP protocol version. * For getting FRRouting daemon status used native way via watchfrr.sh, instead of the previous trick with vtysh accessibility. * before adding a new route to FRRouting configuration, this route will be deleted from the kernel (if it is presented there). This allows to properly replace routes, added at early boot stages, when FRR not available. * Routes in FRRouting are adding with "tag 210". This allows protecting static routes, added via CLI, from deletion when old routes are deleting by DHCP. * DNS servers will be reconfigured only when $new_domain_name_servers are not the same as $old_domain_name_servers. Previously, this was done during each RENEW procedure. * Replacing MTU for preconfigured one was changed to Python (via vyos.config). The previous version with vyatta-interfaces.pl was obsoleted and seems to be broken.
2020-02-10banner: T2024: remove additional newline when resotring default motdChristian Poessinger
2020-02-10banner: T2024: migrate "system login banner" to XML/Python representationChristian Poessinger
2020-02-10service https: T1585: add missing check in verify()John Estabrook
2020-02-09snmp: T1931: instead of searching a pseudo marker find real marker in configChristian Poessinger
As we need to operate with usmUser, we can search for it directly if its present or not. There is always one usmUser entry for the system user.
2020-02-09radius: T2022: support both local and radius login at the same timeChristian Poessinger
2020-02-09snmp: T1931: change calling order when setting marker flagChristian Poessinger
2020-02-09snmp: T1931: delete obsolete reading of oldEngineIDChristian Poessinger
2020-02-09snmp: T1931: harden logic when re-reading config fpr encrypted keysChristian Poessinger
2020-02-09snmp: T1931: shorten file read timeout to 10msChristian Poessinger
2020-02-09service lldp: T2019: modify handling of interface 'all'agh
Modify lldpd config template in './src/conf_mode/lldp.py'. conf_mode uses 'all' to specify all interfaces. lldpd config file uses '*' to specify all interfaces. Both use an exclamation mark ('!') as prefix to disable lldp on an interface, eg. '!eth1' or '!all'. Add jinja2 template filters to create and merge following sub-lists a) take list of conf_mode lldp interfaces, remove every interface except 'all', replace 'all' with '*' -> support interface all b) take list of conf_mode lldp interfaces, remove every interface except '!all', replace '!all' with '!*' -> support interface all disabled c) take list of conf_mode lldp interfaces, remove every interface named 'all' or '!all' -> support any other interface
2020-02-06migrator: system: add missing if when checking user level in 9-to-10Christian Poessinger
2020-02-06migrator: system: use base_level in 9-to-10Christian Poessinger
2020-02-06migrator: system: indent by 4 spacesChristian Poessinger
2020-02-05radius: T1990: fix sed command when removing radius serviceChristian Poessinger
2020-02-05radius: T1990: raise ConfigError in os exception handlerChristian Poessinger
2020-02-05user: T1990: encrypted password must be supplied in ''Christian Poessinger
2020-02-05user: T1948: logout user when he is deletedChristian Poessinger
2020-02-05user: T1948: raise ConfigError in os exception handlerChristian Poessinger
2020-02-05user: T1948: one can not delete his own user accountChristian Poessinger
2020-02-05Merge branch 't1948-system-login' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 't1948-system-login' of github.com:c-po/vyos-1x: radius: T1948: add libnss-mapname support radius: T1948: rename server dictionary radius: T1948: supply PAM configuration template user: T1948: fix system user creation ogin: user: radius: T1948: use discrete configuration for each system login: T1948: remove obsolete config nodes "group" and "level" login: T1948: SSH keys can only be added after user has been created login: T1948: initial support for RADIUS configuration login: T1948: support for SSH keys login: T1948: add/remove local users login: T1948: initial rewrite in XML/Python options: T1919: remove broken comment
2020-02-05radius: T1948: add libnss-mapname supportChristian Poessinger
2020-02-05radius: T1948: rename server dictionaryChristian Poessinger
2020-02-05radius: T1948: supply PAM configuration templateChristian Poessinger
2020-02-05user: T1948: fix system user creationChristian Poessinger
2020-02-05ogin: user: radius: T1948: use discrete configuration for each systemChristian Poessinger
Split combined XML/Python code to individual code for local user accounts and RADIUS authenticated accounts.
2020-02-05service https: T1585: add support for letsencrypt certificatesJohn Estabrook
2020-02-04http api T2013: remove default key if user api_keys are setJohn Estabrook
2020-02-02login: T1948: remove obsolete config nodes "group" and "level"Christian Poessinger
2020-02-02login: T1948: SSH keys can only be added after user has been createdChristian Poessinger
2020-02-02login: T1948: initial support for RADIUS configurationChristian Poessinger
2020-02-02login: T1948: support for SSH keysChristian Poessinger
2020-02-02login: T1948: add/remove local usersChristian Poessinger
2020-02-02login: T1948: initial rewrite in XML/PythonChristian Poessinger
2020-02-02options: T1919: remove broken commentChristian Poessinger
2020-01-31bond: T1992: only tear down interface if it's really requiredChristian Poessinger
Without this change the bond interface is always torn down prior changing it's parameters. This will also reset BGP sessions on other VLAN interfaces which is more then bad. This change will only tear down the interface when it is really required, indicated by bond['shutdown_required'], which is required by certain operations as e.g. changing the operating mode.
2020-01-30vpn-pptp: pep8 formattedhagbard
2020-01-30vpn-pptp: adjusting name schemeshagbard
2020-01-30vpn-pptp: T1768 vyos.config rewritehagbard
2020-01-30lldp: T1896: bugfix SyntaxError: invalid syntaxChristian Poessinger
Commit 66f8be0 ("lldp: T1896: remove MED civic based location information") removed MED civic location support, but there was an error in an if/elif statement. This has been fixes. File "/usr/libexec/vyos/conf_mode/lldp.py", line 191 elif len(location['coordinate_based']) > 0: ^ SyntaxError: invalid syntax
2020-01-30snmp: T1575: Fix typoJohn Estabrook
2020-01-30Merge branch 't1896-remove-lldp-civic' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 't1896-remove-lldp-civic' of github.com:c-po/vyos-1x: lldp: T1896: remove MED civic based location information
2020-01-29lldp: T1994: fix jinja template to listen on specified interfacesbbs2web
Signed-off-by: bbs2web <bbs2web@hotmail.com>