| Age | Commit message (Collapse) | Author |
|---|
|
With T3008 we moved from ntpd to chrony. This came with a restructuring of the
CLI (mainly moving ntp out of system to services). In addition the definition
of a server was made mandatory.
The bug itself manifests at a more crucial point - config migration
vyos-router[1265]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/ntp/1-to-2:
[Errno 1] failed to run command: ['/opt/vyatta/etc/config-migrate/migrate/ntp/1-to-2',
'/opt/vyatta/etc/config/config.boot']
vyos-router[1265]: returned: - op: copy old_path: ['system', 'ntp'] new_path: ['service', 'ntp']
vyos-router[1265]: - op: delete path: ['system', 'ntp']
The fix is that we will no longer migrate an empty ntp CLI node from the old
syntax to the new.
|
|
|
|
dhcp: T7052: Refactor kea dhcp op-mode functions to vyos.kea
|
|
dhcp: T5840: Merge systemd service overrides for kea-ctrl-agent
|
|
Fixed network-id migration.
Every tunnel should have its own nhrp network-id.
|
|
|
|
|
|
Relocate the kea dhcp op-mode functions to kea helper
functions in vyos.kea. This allows the functions to
be reused by other scripts, not just op-mode wrappers.
This moves the source of truth for the op-mode
commands to the actual running kea instance,
rather than VyOS config path.
Also, apply some minor code cleanup and make some
of the mappings consistent across the functions.
|
|
|
|
Default systemd service for kea-ctrl-agent expects
`/etc/kea/kea-api-password` which is not used in
VyOS.
The systemd unit override to remove the condition
does not need to be in a separate (templated and
dynamic) override file and can be merged into the
existing static override file.
|
|
kea: T7041: Check lease hostname string is not empty
|
|
nhrp: T2326: NHRP migration to FRR
|
|
|
|
This avoids importing the config mode script as a module, with requisite
dependencies, which may be inconvenient.
|
|
NHRP migration to FRR
|
|
|
|
Deprecated as per https://docs.python.org/3/library/datetime.html#datetime.datetime.utcfromtimestamp
Fixes: TypeError: can't subtract offset-naive and offset-aware datetimes
Co-authored-by: Erkki Eilonen <erkki@bearmetal.eu>
|
|
* smoketest: T6747: call wait after commit() only for FRR related tests
Commit 702a60a8de28 ("smoketest: T6746: wait after commit() until frr-reload
is no longer running") added a guard timeout for every commit executed via CLI
smoketests. This commit changes the bahavior to only add the guard timeout
for FRR related testscases.
This improves the overall smoketest time.
* configd: T6747: use one long-lived instance of FRRender
Previously there was one FRRender() instance per config session. This resulted
in re-rendering the FRR configuration every time a new config session was
created.
Example:
vyos@vyos:~$ configure
vyos@vyos# set interfaces dummy dum0 description foo
vyos@vyos# commit
vyos@vyos# exit
vyos@vyos:~$ configure
vyos@vyos# set interfaces dummy dum0 description bar
vyos@vyos# commit
vyos@vyos# exit
In the past this caused a re-render of the FRR configuration as the delta check
added in commit ec80c75d6776 ("frrender: T6746: only re-render FRR config if
config_dict did change") evaluated to false, as it operated on a new instance
of the FRRender class.
With this change there is no FRR re-render, as there is nothing to update
in FRR.
|
|
VRF support was introduced in VyOS 1.4.0. If a VRF is added as an interface in
the zone based firewall, it will be migrated to the new syntax.
OLD:
set firewall zone FOO interface RED
set firewall zone FOO interface eth0
NEW:
set firewall zone FOO member vrf RED
set firewall zone FOO member interface eth0
|
|
Improve config parsing for ZBF when using VRFs and interfaces attached to VRFs
|
|
interfaces attached to VRFs
|
|
|
|
* T6949: adds blackbox exporter
* T6949: adds basic config generation
* T6949: extract shared module config options
* T6949: switch to ipv4/6 literals
* T6949: moves config file to /run
* T6949: adds dns query name option
* T6949: adds dns query type values
* T6949: adds blackbox exporter to debian/control
|
|
Do not restart service when changed only CRL.
Service still restart when cert revoke first time
|
|
* smoketest: T6746: add substring search in getFRRconfig()
Some daemons (e.g. bgpd) have several nested substrings/sections like
router bgp 100
address-family ipv4 unicast
..
exit-address-family
exit
We can now use getFRRconfig() with the substring option to extract only
address-family ipv4 unicast
..
exit-address-family
Making config validation more granular
* frrender: T6746: only re-render FRR config if config_dict did change
* frrender: T6746: fix naming glitch isis/eigrp
* frrender: T6746: add --stdout option when running with debug flags
* smoketest: T6746: remove unneeded commit_guard time
It was an invalid workarround as the underlaying issue seems to be a race
condition in CStore.
The commit process is not finished until all pending files from
VYATTA_CHANGES_ONLY_DIR are copied to VYATTA_ACTIVE_CONFIGURATION_DIR. This is
done inside libvyatta-cfg1 and the FUSE UnionFS part. On large non-interactive
commits FUSE UnionFS might not replicate the real state in time, leading to
errors when querying the working and effective configuration.
TO BE DELETED AFTER SWITCH TO IN MEMORY CONFIG
|
|
* op-mode: T6983: add "show log" and "monitor log" commands for vyos-domain-resolver
* firewall: T6983: drop unused variable domain_resolver_usage_nat
* T6983: introduce Python logging module in vyos-domain-resolver
* T6983: treat vyos-domain-resolver as a real service
|
|
directories
|
|
|
|
|
|
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
|
|
|
|
local and remote CA keys
|
|
|
|
T6953: merges node and frr exporter under prometheus section
|
|
|
|
frrender: T6746: runtime improvements
|
|
|
|
|
|
Keep all FRRender stuff in one place.
|
|
T6934: Add preshared key for zabbix-agent monitoring service
|
|
op_mode: T6767: Check latest image version in VRF context for "add system image latest vrf <name>"
|
|
T6874: [QoS] Add class filter by ether
|
|
Previously the FRR configuration was rendered via Jinja2 on every call to
get_frrendet_dict() - but it was used/applied only once.
We save the CPU cycles and render the FRR configuration only once prior to
applying it in FRR.
|
|
* frr-10:
op-mode: T6746: add "show log frr" and "monitor log frr" commands
frrender: T6746: do not render candidate FRR config to running FRR config file path
frrender: T6746: ensure there are no empty lines in the rendered FRR configuration
bgp: T6746: remove debug code
|
|
Implement a command to configure QoS policy filters by ether properties.
The supported match types include:
- Destination: Specify the Ethernet destination address.
- Protocol: Define the Ethernet protocol.
- Source: Set the Ethernet source address.
`set qos policy <type> <name> class <id> match <match-id> ether <destination|protocol|source> <val>`
|
|
|
|
|
|
|
|
Consolidate "multicast interface-route" and "multicast route" under common
"mroute <x.x.x.x/y>" CLI node.
|
|
|
