From 23e35e77feca41b5ef0efee80832c7106d7862ab Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 1 Jan 2019 16:36:19 +0100 Subject: T1131: disable vmtoolsd polling for now to avoid high CPU load. In the future it may be made a CLI option. --- .../hooks/live/30-openvmtools-configs.chroot | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100755 data/live-build-config/hooks/live/30-openvmtools-configs.chroot (limited to 'data') diff --git a/data/live-build-config/hooks/live/30-openvmtools-configs.chroot b/data/live-build-config/hooks/live/30-openvmtools-configs.chroot new file mode 100755 index 00000000..545f40db --- /dev/null +++ b/data/live-build-config/hooks/live/30-openvmtools-configs.chroot @@ -0,0 +1,19 @@ +#!/usr/bin/env python + +# The Cisco Unity plugin, that implements a proprietary extension +# for IPsec split tunneling, interfers with DMVPN +# +# Since we do not do remote access IPsec, the simplest solution +# is to disable it entirely from the start. + +import re + +vmtools_config = """ +[guestinfo] + poll-interval=0 + +""" + +# Disable the 'cisco_unity' option in charon.conf +with open('/etc/vmware-tools/tools.conf', 'w') as f: + f.write(vmtools_config) -- cgit v1.2.3 From 32ac33cd318e1d30e20f8cd10f396a88640753ee Mon Sep 17 00:00:00 2001 From: danhusan Date: Wed, 2 Jan 2019 13:56:03 +0100 Subject: T1120: Add rootdelay=5 by default in grub.cfg Let disks settle to workaround issue with MD array not being detected. --- .../includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'data') diff --git a/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry index 4107e459..ae34e4ee 100644 --- a/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry +++ b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry @@ -1,20 +1,20 @@ menuentry "VyOS (KVM console)" { - linux /boot//vmlinuz boot=live quiet vyos-union=/boot/ console=ttyS0,9600 console=tty0 + linux /boot//vmlinuz boot=live quiet rootdelay=5 vyos-union=/boot/ console=ttyS0,9600 console=tty0 initrd /boot//initrd.img } menuentry "VyOS (Serial console)" { - linux /boot//vmlinuz boot=live quiet vyos-union=/boot/ console=tty0 console=ttyS0,9600 + linux /boot//vmlinuz boot=live quiet rootdelay=5 vyos-union=/boot/ console=tty0 console=ttyS0,9600 initrd /boot//initrd.img } menuentry "Lost password change (KVM console)" { - linux /boot//vmlinuz boot=live quiet vyos-union=/boot/ console=ttyS0,9600 console=tty0 init=/opt/vyatta/sbin/standalone_root_pw_reset + linux /boot//vmlinuz boot=live quiet rootdelay=5 vyos-union=/boot/ console=ttyS0,9600 console=tty0 init=/opt/vyatta/sbin/standalone_root_pw_reset initrd /boot//initrd.img } menuentry "Lost password change (Serial console)" { - linux /boot//vmlinuz boot=live quiet vyos-union=/boot/ console=tty0 console=ttyS0,9600 init=/opt/vyatta/sbin/standalone_root_pw_reset + linux /boot//vmlinuz boot=live quiet rootdelay=5 vyos-union=/boot/ console=tty0 console=ttyS0,9600 init=/opt/vyatta/sbin/standalone_root_pw_reset initrd /boot//initrd.img } -- cgit v1.2.3 From 394bee00f7473c3d397b3d47930999fd9f1f93d1 Mon Sep 17 00:00:00 2001 From: hagbard Date: Tue, 8 Jan 2019 13:24:48 -0800 Subject: T1135: "firewall send-redirects enable" works only after switching from disabled state on running system - disable send-redirects per default --- data/live-build-config/hooks/live/08-sysconf.chroot | 2 ++ 1 file changed, 2 insertions(+) (limited to 'data') diff --git a/data/live-build-config/hooks/live/08-sysconf.chroot b/data/live-build-config/hooks/live/08-sysconf.chroot index 8d1616c0..f6607410 100755 --- a/data/live-build-config/hooks/live/08-sysconf.chroot +++ b/data/live-build-config/hooks/live/08-sysconf.chroot @@ -38,6 +38,8 @@ update_sysctl_conf net.ipv4.ip_forward 1 \ # "enable ipv6 forwarding" update_sysctl_conf net.core.rmem_max 223232 \ "maximize netlink buffers" +update_sysctl_conf net.ipv4.conf.all.send_redirects 0 + "disable IPv4 ICMP redirects" # Local Variables: # mode: shell-script -- cgit v1.2.3 From f8f6c5d391017796242bb9feb010ba980e280c58 Mon Sep 17 00:00:00 2001 From: hagbard Date: Tue, 8 Jan 2019 13:54:25 -0800 Subject: Type fixed. --- data/live-build-config/hooks/live/08-sysconf.chroot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'data') diff --git a/data/live-build-config/hooks/live/08-sysconf.chroot b/data/live-build-config/hooks/live/08-sysconf.chroot index f6607410..b7b2f831 100755 --- a/data/live-build-config/hooks/live/08-sysconf.chroot +++ b/data/live-build-config/hooks/live/08-sysconf.chroot @@ -38,7 +38,7 @@ update_sysctl_conf net.ipv4.ip_forward 1 \ # "enable ipv6 forwarding" update_sysctl_conf net.core.rmem_max 223232 \ "maximize netlink buffers" -update_sysctl_conf net.ipv4.conf.all.send_redirects 0 +update_sysctl_conf net.ipv4.conf.all.send_redirects 0 \ "disable IPv4 ICMP redirects" # Local Variables: -- cgit v1.2.3 From 4f7117243a0dfb78c5af8c82a445d41186726aeb Mon Sep 17 00:00:00 2001 From: hagbard Date: Tue, 8 Jan 2019 14:26:16 -0800 Subject: T1135: "firewall send-redirects enable" works only after switching from disabled state on running system - set default to disable too due to the fact that set firewall did expect that at one point. Primarily, IPSec could leak data once a tunnel is established. --- data/live-build-config/hooks/live/08-sysconf.chroot | 2 ++ 1 file changed, 2 insertions(+) (limited to 'data') diff --git a/data/live-build-config/hooks/live/08-sysconf.chroot b/data/live-build-config/hooks/live/08-sysconf.chroot index b7b2f831..d403d04b 100755 --- a/data/live-build-config/hooks/live/08-sysconf.chroot +++ b/data/live-build-config/hooks/live/08-sysconf.chroot @@ -40,6 +40,8 @@ update_sysctl_conf net.core.rmem_max 223232 \ "maximize netlink buffers" update_sysctl_conf net.ipv4.conf.all.send_redirects 0 \ "disable IPv4 ICMP redirects" +update_sysctl_conf net.ipv4.conf.default.send_redirects 0 \ + "disable IPv4 ICMP redirects" # Local Variables: # mode: shell-script -- cgit v1.2.3 From ccfcfe0d8e4d0969fd72fa65a4e14fc227544506 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 16 Jan 2019 19:50:15 +0100 Subject: developer: add linux-perf package to vyos-dev apt packages --- data/package-lists/vyos-dev.list.chroot | 1 + 1 file changed, 1 insertion(+) (limited to 'data') diff --git a/data/package-lists/vyos-dev.list.chroot b/data/package-lists/vyos-dev.list.chroot index b2bf0cfe..63e7cc2c 100644 --- a/data/package-lists/vyos-dev.list.chroot +++ b/data/package-lists/vyos-dev.list.chroot @@ -2,3 +2,4 @@ gdb strace aptitude apt-rdepends +linux-perf -- cgit v1.2.3 From 52688f9132c9c1ca821d1da821a40747c30aeee7 Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 17 Jan 2019 11:30:15 -0800 Subject: adding vyos-xe-guest-utilities since it was removed from vyos-world pointing to that spot here. --- data/package-lists/vyos-x86.list.chroot | 1 + 1 file changed, 1 insertion(+) (limited to 'data') diff --git a/data/package-lists/vyos-x86.list.chroot b/data/package-lists/vyos-x86.list.chroot index a852e5fb..6bce00e3 100644 --- a/data/package-lists/vyos-x86.list.chroot +++ b/data/package-lists/vyos-x86.list.chroot @@ -3,3 +3,4 @@ grub-pc open-vm-tools qemu-guest-agent hyperv-daemons +vyos-xe-guest-utilities -- cgit v1.2.3 From 4191ec70b6cc6eb6e87364725aae356acd199356 Mon Sep 17 00:00:00 2001 From: hagbard Date: Fri, 18 Jan 2019 10:21:45 -0800 Subject: Adding vyos-netplug to installation package list --- data/package-lists/vyos-x86.list.chroot | 1 + 1 file changed, 1 insertion(+) (limited to 'data') diff --git a/data/package-lists/vyos-x86.list.chroot b/data/package-lists/vyos-x86.list.chroot index 6bce00e3..5bb0dbd7 100644 --- a/data/package-lists/vyos-x86.list.chroot +++ b/data/package-lists/vyos-x86.list.chroot @@ -4,3 +4,4 @@ open-vm-tools qemu-guest-agent hyperv-daemons vyos-xe-guest-utilities +vyos-netplug -- cgit v1.2.3