Pull request: https://github.com/vyos/vyos-1x/pull/330

True, it doesn't currently work; that patch has various problems.

fingerprint = cmd(fingerprint_cmd, shell=True, stderr=DEVNULL)

I have converted this to

fingerprint = cmd(fingerprint_cmd,  stderr=DEVNULL, input=input=host_key)

ok will add the feature once the current set of patch waiting approval are in to not have to deal with rebasing etc :-)

The works also include the migration of template to separate files as per T2230

Yes, that would be useful, for example conf_mode scripts could print warnings that would go to the syslog when the config is applied on boot. Other scripts output is seen by the user anyway so I don't see a use elsewhere.

It will not intercept what is printed by executed programs. I could add an option for the functions to have stderr intercepted and printed by VyOS (causing program errors to go to logs)

Oh, nice!

Everything sent to stderr will both go to the screen and syslog.
If you raise it auto-magically format the raised exception to the user (the traceback is sent to stderr and thefore goes to syslog)

How do we use this new "airbag.py" for on-demand logging from scripts? For example if I want to print a warning when executing a conf_mode script that should go both to stderr and to a file, but is not a fatal exception?

This naive patch fixes the issue but I am not sure it is correct and will let @jestabro decide how to handle it (as git gives him as the author of the file)

diff --git a/python/vyos/remote.py b/python/vyos/remote.py
index f8a21f0..a69537e 100644
--- a/python/vyos/remote.py
+++ b/python/vyos/remote.py
@@ -140,10 +140,18 @@ def get_remote_config(remote_file):
                 print('HTTP error: {0} {1}'.format(*val))
                 sys.exit(1)

Yes, it is missing, nothing to do with me but the fact the code does not yet find what is what from the interface data as we discussed.
https://github.com/vyos/vyos-1x/commit/bbea850ea5f8ff0402cd276ab63963ece7e0c763#diff-667867449bff9faf1ac285125ceada77

PR https://github.com/vyos/vyos-1x/pull/328

PR https://github.com/vyos/vyos-1x/pull/327

no link-local IPv6 address for eth0

IIRC vyos doesn't support setting link-local addresses on interfaces
through the CLI, though a IPv6 interface should get one by default by the
kernel (I may be mistaken, what does "ip addr" say?)

https://github.com/vyos/vyos-1x/pull/326

Change description since last update:

Change description since original update.
versioning of 1.3dev-3-g1234567 will count as newer then 1.3dev3-3-g1234567 this means that all dev releases needs to have a initial index. i've added it indexed from zero.
for a full version list see here

Original order               Sorted order                Upstream Version
1.3dev-0-g1234567          - 1.3.1-2-g1234567          : 1.3.1-2
1.3dev0-0-g1234567         - 1.3.1                     : 1.3.1
1.3.1-2-g1234567           - 1.3.0-7-g1234567          : 1.3.0-7
1.3.1                      - 1.3.0-3-g1234567          : 1.3.0-3
1.3dev2-8-g12345671.3.0    - 1.3dev-4-g1234567         : 1.3dev-4
1.3.0-7-g1234567           - 1.3dev-0-g1234567         : 1.3dev-0
1.3dev                     - 1.3dev2-8-g12345671.3.0   : 1.3dev2-8
1.3dev-4-g1234567          - 1.3dev2                   : 1.3dev2
1.3dev1                    - 1.3dev1-4-g1234567        : 1.3dev1-4
1.3dev2                    - 1.3dev1                   : 1.3dev1
1.3dev1-4-g1234567         - 1.3dev0-1-g1234567        : 1.3dev0-1
1.3.0-3-g1234567           - 1.3dev0-0-g1234567        : 1.3dev0-0
1.3dev0-1-g1234567         - 1.3dev                    : 1.3dev

I did dive a bit deeper in this issue and found another workaround.
It seems to only occur when a sftp or scp host is specified with a different port than the default port.
The command "ssh-keyscan" is provided with the host in form of "hostname:port" which it doesn't resolve to an ssh-rsa key.
ssh-keyscan needs apparently the option "-p PORT" in order to write the host key of the remote sftp/scp server to the known hosts file.
To add a host to the known hosts file I ran the following command:

WIP: https://github.com/vyos/vyos-1x/pull/325
We won't do strict exclusion of client IPs from the server pool, but just print a warning if they overlap. This way old configs won't require migration and will still work, and new configurations will be able to manually set a smaller pool.

PR https://github.com/vyos/vyos-1x/pull/324

https://github.com/vyos/vyos-1x/pull/323
Bridged mode still doesn't work until T2064 is fixed, but at least the validation should be fixed.

It's best if we just use packages targeted for buster, not another debian release. I suggest you create PRs for all pathches needed (in addition to the one you already submitted) in Debian's PTS for buster's conntrack-tools, and then ask them to make a new release with those patches included.

The new conntract package depend in newer libnetfilter. but you dont need to rebuild the package, just download the debs.