Thanks for that heads-up @Viacheslav - My bigger concern with this task was the failure-mode of the configuration problem being so unexpected and hard to troubleshoot.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Dec 20 2023
Dec 20 2023
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXa3e059e7e8d3: T5798: load-balancing revese-proxy add multiple SSL certificates (authored by Viacheslav).
Dec 19 2023
Dec 19 2023
jamcole added a comment to T5799: vyos unbootable after 1.4-rolling-202308240020 to 1.5-rolling-202312010026 upgrade.
jamcole added a comment to T5798: reverse-proxy load-balancing service should support multiple certificates for frontend.
@Viacheslav I upgraded to the latest rolling release and this seems to work perfectly.
jestabro updated the task description for T5839: Remove trivial redundancies in calls to config dependency scripts.
So, I tested the version 1.5-rolling-202312191154
Restricted Repository Identity closed T5828: Fix GRUB installation on arm64 as Resolved by committing rVYOSONEXac170ee4bb0a: Merge pull request #2643 from mcbridematt/t5828-grub-arm64-fix.
GitHub <noreply@github.com> committed rVYOSONEXac170ee4bb0a: Merge pull request #2643 from mcbridematt/t5828-grub-arm64-fix (authored by dmbaturin).
jestabro added a comment to T5839: Remove trivial redundancies in calls to config dependency scripts.
GitHub <noreply@github.com> committed rVYOSONEX01fd13f8e15f: Merge pull request #2657 from c-po/backports (authored by dmbaturin).
jestabro triaged T5839: Remove trivial redundancies in calls to config dependency scripts as Normal priority.
Firstly, this bug should be fixed T5837
GitHub <noreply@github.com> committed rVYOSONEXb9cdf8a710c8: Merge pull request #2656 from vyos/mergify/bp/sagitta/pr-2637 (authored by c-po).
Viacheslav changed the status of T5823: Protocol BGP add default values for config dictionary from Open to In progress.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX810008107185: T5823: Add recursive_defaults for BGP get_config dictionary (authored by Viacheslav).
jestabro closed T5836: Add boolean check for whether config-mode script was called as a dependency, a subtask of T4820: Support for inter-config-mode script dependencies, as Unknown Status.
jestabro closed T5836: Add boolean check for whether config-mode script was called as a dependency as Unknown Status.
Viacheslav changed the status of T5249: Add rollback-soft feature to rollback without a reboot from Open to Needs testing.
@zsdc Can we close it?
Viacheslav closed T2045: Can't commit due to with the same name, but different firewall groups types, a subtask of T2199: Rewrite firewall in new XML/Python style, as Wontfix.
Viacheslav closed T2045: Can't commit due to with the same name, but different firewall groups types as Wontfix.
It won't fix due the old backend
Fixed in 1.4/1.5
Viacheslav closed T1434: Add support for global-parameters, shared-network-parameters, subnet-parameters and static-mapping-parameters in dhcpv6-server as already implemented in (v4) dhcp-server as Wontfix.
We agree not to use raw options anymore.
If some options are required, it should be a separate PR per configured option.
Viacheslav added a comment to T1810: Commit to add new l2tp local user shouldn't disconnect all current l2tp sessions.
Most of the changes are not supported by reload accel-cmd/systemctl unit.
Accel-ppp cannot apply some features/changes without the daemon restarting. In other words, there are only several features that could be applied by reload.
The current FRR 7.5
There are no reports with this bug.
Close it. Re-open if you still have issues or create a new bug report.
GitHub <noreply@github.com> committed rVYOSONEX36adc4672684: Merge pull request #2655 from jestabro/called_as_dependent (authored by c-po).
jestabro triaged T5836: Add boolean check for whether config-mode script was called as a dependency as Normal priority.
Dec 18 2023
Dec 18 2023
Unknown Object (User) added a comment to T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config.
In T5775#168092, @marvin wrote:Excellent; thanks @GurliGebis! I built 1.4 today and confirmed it's working as expected.
As far as I'm concerned, this issue is now resolved and the ticket can now be closed.
marvin added a comment to T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config.
Excellent; thanks @GurliGebis! I built 1.4 today and confirmed it's working as expected.
Yes it should trigger to recreate container but it doesn’t get a dictionary key for recreating
jestabro changed the status of T5751: Adjust new image tools for non-interactive use, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5751: Adjust new image tools for non-interactive use from Unknown Status to Resolved.
jestabro changed the status of T5758: Restore scanning configs when live installing, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5758: Restore scanning configs when live installing from Unknown Status to Resolved.
jestabro changed the status of T5789: image-tools should copy ssh host keys on image update, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5789: image-tools should copy ssh host keys on image update from Unknown Status to Resolved.
jestabro changed the status of T5806: Clear old raid data on new install image, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5806: Clear old raid data on new install image from Unknown Status to Resolved.
jestabro moved T5821: image-tools: restore vrf-aware 'add system image' from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro closed T5821: image-tools: restore vrf-aware 'add system image', a subtask of T4516: Rewrite system image manipulation tools in Python, as Resolved.
jestabro changed the status of T5819: Don't echo password on install image, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5819: Don't echo password on install image from Unknown Status to Resolved.
jestabro moved T5825: image-tools: restore authentication on 'add system image' from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro closed T5825: image-tools: restore authentication on 'add system image', a subtask of T5821: image-tools: restore vrf-aware 'add system image', as Resolved.
jestabro moved T5831: show system image should reverse order by addition date from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro closed T5831: show system image should reverse order by addition date, a subtask of T5827: image-tools: 'show system image' Command Not in Order, as Resolved.
GitHub <noreply@github.com> committed rVYOSONEX33225eebde7e: Merge pull request #2654 from vyos/mergify/bp/sagitta/pr-2649 (authored by jestabro).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX6763c844977d: image-tools: T5831: show system image reverse ordered by date (authored by jestabro).
GitHub <noreply@github.com> committed rVYOSONEXd3f0d65c54e9: Merge pull request #2653 from vyos/mergify/bp/sagitta/pr-2596 (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEXf2cd94167433: Merge pull request #2649 from jestabro/image-version-order (authored by dmbaturin).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXaf7b233a7a10: T5249: Add rollback-soft feature (authored by Viacheslav).
In my case, the container is created and running using IPv4 only. The network it is in has a defined prefix for IPv4 and IPv6. Then, the only thing I try to do is add an IPv6 address to the container. The network it is connected to already has the IPv6 prefix defined. That is when it dies.
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
The mentioned file that missing is located upstream in https://github.com/miniupnp/miniupnp/tree/miniupnpd_2_3_1/miniupnpd/netfilter_nft/scripts
and the upstream configuration options that we think are missing to match vyos chains is https://github.com/miniupnp/miniupnp/blob/miniupnpd_2_3_1/miniupnpd/miniupnpd.conf#L77
Could you point out some documentation/examples on which scripts are missing?
It seems it has never been tested since @jack9603301 implemented it in task T3420. It seems he also didn't test it.
GitHub <noreply@github.com> committed rVYOSONEXceec796a3d3d: Merge pull request #2652 from vyos/mergify/bp/sagitta/pr-2627 (authored by c-po).
Unknown Object (User) created T5835: UPnP port mapping / rule installation fails.
Adding a new container with both addresses and networks in one commit works fine.
set container name alp01 image 'alpine' set container name alp01 network NET01 address '10.0.0.12' set container name alp01 network NET01 address '2001:db8::12' set container network NET01 prefix '10.0.0.0/24' set container network NET01 prefix '2001:db8::/64'
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX8a17966ed7ed: T4163: Add BGP Monitoring Protocol BMP feature (authored by Viacheslav).
Viacheslav changed the status of T5829: Can't Add IPv6 Address to Containers from Open to In progress.
We don't use /usr/libexec/vyos/validate-value.py anymore
There should be a separates tasks if required.
Viacheslav closed T2234: Controlling whitespace in Jinja templates (template cleanup parent task) as Not Applicable.
There is nothing to do there, all checks for linter Jinja included to vyos-build.
Close it.
Viacheslav closed T2215: Make “default no-ipv4-unicast” the default setting, a subtask of T1148: epa2 BGP peers initiate before config is fully loaded, routes leak., as Wontfix.
It was changed for 1.4/1.5 and won't be changed for 1.3 LTS (old backend)
If someone wants it for 1.3
set protocols bgp 65001 parameters default no-ipv4-unicast
We are using sshguard
set service ssh dynamic-protection
@thomas-mangin Do you have a PoC?
Comparing boot time for now 1.3 and 1.1.8 is not actual
There are 2 different systems :)
Also, some validators were rewritten on 1.2 to Python and for 1.3 to sh, OCAML and so on (python validators could be cause of the issue)
In my internal test VM loads ~40 sec tested in VyOS 1.3.5
We always can improve something, but lets find what we can improve in separate tasks.
Viacheslav added a comment to T1317: OpenVPN configuration fails if it depends on another interface..
@mb300sd could you re-check?
The main issue is synchronization between all routing daemons and zebra, especially with "policy".
So you are getting strange things like a policy configured for zebra but the same policy not exists/applied for other daemons.
It is impossible to integrate it the correct way.
Reopen for 1.5, 2.0 if required and if it will be possible in the future with correct syncing between all daemons.
Viacheslav edited projects for T1253: Feature Request: FRR Flowspec, added: VyOS 1.5 Circinus; removed VyOS 1.3 Equuleus (1.3.6), vyos-frr.
We can't do more due to old backend on the 1.3
If there will be a specific options to improve it should be a separate task
Close it.
Refactored in 1.4/1.5
Let's avoid the firewall migrations for the stable branch.
Viacheslav removed a project from T970: Support matching domain name in firewall rules: VyOS 1.3 Equuleus (1.3.6).
It won't be implemented for 1.3
Configs weren't provided, so closed the task as invalid. Works with internal tetts.
Re-open it or add steps to reproduce.