PR for Equuleus: https://github.com/vyos/vyos-1x/pull/2776
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jan 9 2024
Jan 9 2024
GitHub <noreply@github.com> committed rVYOSONEXe8d57b5f9cae: Merge pull request #2776 from nicolas-fort/T1297 (authored by dmbaturin).
Viacheslav moved T1297: Add GARP settings to VRRP/keepalived from Backport Candidates to Finished on the VyOS 1.4 Sagitta board.
a.apostoliuk edited projects for T5914: CVE-2023-48795 - Terrapin vulnerability, added: VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus.
Hi, If it helps
Viacheslav changed the status of T5909: Container registry with authentication prevents config load (section container) after reboot from Open to In progress.
adestis added a comment to T5909: Container registry with authentication prevents config load (section container) after reboot.
Warning would be much better because it would solve the problem.
When you have the image already loaded and the system was rebooted, the image should still exist and therefore the user/pass is not required (for the moment).
Viacheslav added a comment to T5909: Container registry with authentication prevents config load (section container) after reboot.
There could be another bug related T5407
I guess we should not Raise config but use the Warning here https://github.com/vyos/vyos-1x/blob/864524ba86b0a4d57ab64d6e9398c3fd5eb2fce4/src/conf_mode/container.py#L405-L408
adestis added a comment to T5909: Container registry with authentication prevents config load (section container) after reboot.
Viacheslav suggested the following change which worked for me:
c-po moved T5911: pki: service update ignored if certificate name contains a hyphen (-) from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T5902: http: remove virtual-host configuration in webserver from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T5886: Add support for ACME protocol (LetsEncrypt) from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T5886: Add support for ACME protocol (LetsEncrypt) from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5766: http: rewrite conf-mode script to get_config_dict() from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5766: http: rewrite conf-mode script to get_config_dict() from Open to Finished on the VyOS 1.5 Circinus board.
c-po closed T5905: pki: IPsec and VTI interface priority inversion when using x509 site-to-site peer, a subtask of T5886: Add support for ACME protocol (LetsEncrypt), as Resolved.
c-po added a comment to T5905: pki: IPsec and VTI interface priority inversion when using x509 site-to-site peer.
PR for 1.5 https://github.com/vyos/vyos-1x/pull/2768
PR for 1.4 https://github.com/vyos/vyos-1x/pull/2774
Can you please paste the output of ls -ld /config/dhcp and ls -l /config/dhcp. It is possible you might have installed a version _before_ 1.5-rolling-202401030023 and the instance is carrying forward the misconfigured directory/file persmissions.
I replied to jestabro via email a couple of hours back, but noticed that it didn't show up here. For the benefit of anybody else interested in this bug I'm cutting and pasting the email below:
Jan 8 2024
Jan 8 2024
GitHub <noreply@github.com> committed rVYOSONEXa9ed12de9342: Merge pull request #2774 from vyos/mergify/bp/sagitta/pr-2758 (authored by c-po).
PR for VyOS 1.4 https://github.com/vyos/vyos-1x/pull/2774
Well, the webserver is for an API - if you wan't to server files you can either use the default document root, or spawn a container. We should focus on packet pushing and administration.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXb93786b8c855: https: T5886: migrate https certbot to new "pki certificate" CLI tree (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXfa61e4076a47: pki: T5886: add op-mode commands for log and renewal (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX8edc78dcbc01: pki: T5886: add support for ACME protocol (LetsEncrypt) (authored by c-po).
c-po added a parent task for T5911: pki: service update ignored if certificate name contains a hyphen (-): T3642: PKI configuration.
c-po added a comment to T5911: pki: service update ignored if certificate name contains a hyphen (-).
jestabro closed T3980: vrrp transition-script validator makes warning fatal and also causes a python NameError exception as Resolved.
The errors here were fixed in:
https://vyos.dev/T4052
https://vyos.dev/T4053
in equuleus and subsequent.
dmbaturin triaged T3450: Make libvyosconfig avoid quoting values that don't need quoting as Low priority.
dmbaturin edited projects for T4193: Add support for transparent firewall, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.6).
The new firewall implementation by Nicholas et al. supports bridge firewalls.
I suppose with the new firewall implementation, this is no longer relevant.
With the migration to nftables, I suppose this is not relevant anymore.
With the current smoke test infrastructure, I'm inclined to call the original task resolved.
Neither 1.1.8 nor Crux are supported anymore.
dmbaturin closed T3484: Kernel panic when QAT uses, a subtask of T3587: Intel QAT support is broken on VyOS 1.4 due to a Kernel Crash, as Not Applicable.
I presume the issue is no longer relevant since people do successfully use QAT now, but feel free to reopen if anything.
If the issue is still relevant, feel free to reopen.
Jan 8 2024, 7:21 PM · Restricted Project
dmbaturin renamed T985: New cluster implementation with corosync+pacemaker from Migrated clustering from heartbeat to corosync+pacemaker to New cluster implementation with corosync+pacemaker.
I suppose the current PKI CLI does fulfill the requirements of this task.
Just to clarify the issue: note that one can specify the choice of serial console during the 'install image' process; are you not seeing the boot messages with this setting ? or are you unable to set it during installation ? Thanks.
I don't think anyone saw this issue lately, but if it resurfaces, feel free to reopen the task.
dmbaturin triaged T2503: IPv6 Firewall configuration error: Cannot delete rule set "GUEST-WAN-6" (still in use) as Low priority.
Now that 1.4 is about to be released and 1.3 going into maintenance mode, we definitely will not include it in 1.3.6.
n.fort changed the status of T5896: Config Error on Boot with Podman and Firewall from In progress to Needs testing.
User creation works fine now.
Yes.
Yes I tested again upgrading with today's latest rolling release no ip address is served to clients so issue persists no changes
dmbaturin closed T2371: custom dyndns configuration lost after upgrade from 1.2.4-epa1 to 1.2.5 as Not Applicable.
The dynamic DNS system has been revamped since then, so I assume this is no longer an issue, but feel free to reopen if it manifests again.
I'm closing this since no new details surfaced. If it's still relevant, feel free to reopen.
GitHub <noreply@github.com> committed rVYOSONEX3f64c00c892b: Merge pull request #2772 from vyos/mergify/bp/sagitta/pr-2760 (authored by c-po).
dmbaturin closed T3469: Upgrading from 1.2.6-S1 to 1.2.7 changes order of NICs on second reboot as Wontfix.
1.2 is now EOL, so no new changes will be made there.
dmbaturin removed a project from T2419: Cannot change udp-fragmentation-offload: VyOS 1.3 Equuleus (1.3.6).
Multiple people report both working UDP offload and firewall configurations, so I presume this issue is no longer relevant. Feel free to reopen if new details surface.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXaa5c0e666851: image: T5898: fix kernel-level partition rescan (authored by mec).
GitHub <noreply@github.com> committed rVYOSONEX54c7a301b9da: Merge pull request #2771 from nicolas-fort/T5896 (authored by c-po).