| Age | Commit message (Collapse) | Author |
|---|
|
VRF support was introduced in VyOS 1.4.0. If a VRF is added as an interface in
the zone based firewall, it will be migrated to the new syntax.
OLD:
set firewall zone FOO interface RED
set firewall zone FOO interface eth0
NEW:
set firewall zone FOO member vrf RED
set firewall zone FOO member interface eth0
|
|
Improve config parsing for ZBF when using VRFs and interfaces attached to VRFs
|
|
interfaces attached to VRFs
|
|
|
|
* T6949: adds blackbox exporter
* T6949: adds basic config generation
* T6949: extract shared module config options
* T6949: switch to ipv4/6 literals
* T6949: moves config file to /run
* T6949: adds dns query name option
* T6949: adds dns query type values
* T6949: adds blackbox exporter to debian/control
|
|
Do not restart service when changed only CRL.
Service still restart when cert revoke first time
|
|
* smoketest: T6746: add substring search in getFRRconfig()
Some daemons (e.g. bgpd) have several nested substrings/sections like
router bgp 100
address-family ipv4 unicast
..
exit-address-family
exit
We can now use getFRRconfig() with the substring option to extract only
address-family ipv4 unicast
..
exit-address-family
Making config validation more granular
* frrender: T6746: only re-render FRR config if config_dict did change
* frrender: T6746: fix naming glitch isis/eigrp
* frrender: T6746: add --stdout option when running with debug flags
* smoketest: T6746: remove unneeded commit_guard time
It was an invalid workarround as the underlaying issue seems to be a race
condition in CStore.
The commit process is not finished until all pending files from
VYATTA_CHANGES_ONLY_DIR are copied to VYATTA_ACTIVE_CONFIGURATION_DIR. This is
done inside libvyatta-cfg1 and the FUSE UnionFS part. On large non-interactive
commits FUSE UnionFS might not replicate the real state in time, leading to
errors when querying the working and effective configuration.
TO BE DELETED AFTER SWITCH TO IN MEMORY CONFIG
|
|
* op-mode: T6983: add "show log" and "monitor log" commands for vyos-domain-resolver
* firewall: T6983: drop unused variable domain_resolver_usage_nat
* T6983: introduce Python logging module in vyos-domain-resolver
* T6983: treat vyos-domain-resolver as a real service
|
|
directories
|
|
|
|
|
|
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
|
|
|
|
local and remote CA keys
|
|
|
|
T6953: merges node and frr exporter under prometheus section
|
|
|
|
frrender: T6746: runtime improvements
|
|
|
|
|
|
Keep all FRRender stuff in one place.
|
|
T6934: Add preshared key for zabbix-agent monitoring service
|
|
op_mode: T6767: Check latest image version in VRF context for "add system image latest vrf <name>"
|
|
T6874: [QoS] Add class filter by ether
|
|
Previously the FRR configuration was rendered via Jinja2 on every call to
get_frrendet_dict() - but it was used/applied only once.
We save the CPU cycles and render the FRR configuration only once prior to
applying it in FRR.
|
|
* frr-10:
op-mode: T6746: add "show log frr" and "monitor log frr" commands
frrender: T6746: do not render candidate FRR config to running FRR config file path
frrender: T6746: ensure there are no empty lines in the rendered FRR configuration
bgp: T6746: remove debug code
|
|
Implement a command to configure QoS policy filters by ether properties.
The supported match types include:
- Destination: Specify the Ethernet destination address.
- Protocol: Define the Ethernet protocol.
- Source: Set the Ethernet source address.
`set qos policy <type> <name> class <id> match <match-id> ether <destination|protocol|source> <val>`
|
|
|
|
|
|
|
|
Consolidate "multicast interface-route" and "multicast route" under common
"mroute <x.x.x.x/y>" CLI node.
|
|
|
|
VNI was always retrieved via effective configuration and not active
configuration.
|
|
Migrate "set protocols static route <x.x.x.x/x> next-hop <y.y.y.y> bfd multi-hop
source <z.z.z.z> profile <NAME>" to: "set protocols static route <x.x.x.x/x>
next-hop <y.y.y.y> bfd profile bar"
FRR supports only one source IP address per BFD multi-hop session. VyOS
had CLI cupport for multiple source addresses which made no sense.
|
|
FRR 10.2 will use "[no] ip forwarding" and "[no] ipv6 forwarding" to enable or
disable IP(v6) forwarding. We no longer rely on sysctl as this was overridden
by FRR later on.
Remove code path for sysctl setting and solely rely on FRR.
|
|
|
|
When running under vyos-configd only a single apply() is done as last step in
the commit algorithm. FRRender class address is provided via an attribute from
vyos-configd process.
|
|
A lot of services have dynamic debug capabilities which will be turned on by
creating a file in /tmp. These scripts have the path hardcoded and sometimes
accross multiple places (bad).
This commit introduces vyos.defaults.frr_debug_enable to get the path for the
debug file from a single location.
|
|
tagNode
This will save an entire level for the configuration and there is no need for a
parent "multicast" node, as it will only have "route" as tagNode below.
Move set protocols static multicast route <x.x.x.x/y> to:
* set protocols static mroute <x.x.x.x/y>
|
|
With FRR 10.0 daemons started to be migrated to integrated FRR mgmtd and a
northbound interface. This led to some drawbacks in the current state how
changes to FRR are handled. The current implementation will use frr-reload.py
and specifies excatly WHICH daemon needs a config update and will only replace
this part inside FRR.
With FRR10 and mgmtd when a partial configuration is sent to mgmtd, it will
remove configuration parts from other daemons like bgpd or ospfd which have
not yet been migrated to mgmtd.
It's not possible to call frr-reload.py with daemon mgmtd - it will error out.
This commit will also change the CLI for static routes:
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1" will be split into:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd source-address 1.1.1.1
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
To make the XML blocks reusable, and comply with the FRR CLI - this was actually
a wrong implementation from the beginning as you can not have multiple BFD
source addresses.
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1 profile bar" is changed to:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd profile bar
CLI commands "set protocols static multicast interface-route" is moved to:
* set protocols static multicast route <x.x.x.x/x> interface
To have an identical look and feel with regular static routes.
|
|
|
|
|
|
|
|
|
|
- Allow configure preshared key for zabbix-agent
- Added op mode command for generatre random psk secret
- Removed duplicate xml definition for psk settings
Configure authentication mode:
```
# set service monitoring zabbix-agent authentication mode
Possible completions:
pre-shared-secret Use a pre-shared secret key
```
Configure PSK Settings:
```
# set service monitoring zabbix-agent authentication psk
Possible completions:
id ID for authentication
secret pre-shared secret key
```
Generate Random PSK:
```
$ generate psk random
Possible completions:
<Enter> Execute the current command
size Key size in bytes
```
|
|
There is no need to send local base OS accounts like root or daemon to the
tacacs server. This will only make the CLI experience sluggish.
Build up a dynamic list of user accounts to exclude from TACACS lookup.
|
|
T6718: use the vyconf daemon for validation of set commands
|
|
image latest vrf <name>"
|
|
|
|
|
