I verified that with the new CLI (run monitor traffic interface ... filter ...) it works.

The basic commands are working now, I suppose subsequent additions need their own tasks.

We can make a script that checks if service is configured and reload it if it's not then.

https://github.com/vyos/vyos-1x/commit/a79b6babd9fc897799eb14fbfcaaf1e8f6cb94d5

I've updated pdns to 4.0, enabled non-local bind, and added a "listen-address" option that takes address rather than interface. I've also added a huge warning about listen-on to encourage people to migrate to the new listen-address option.

Seems to work now.

I think we should implement a package persistence mechanism at some point. Frankly, APT is notorious for offering conflict resolutions that equal self-destruct, for a network admin who is not an experienced Debian user, installing third-party packages the normal way will create more problems than it solves.

I think it is. In any case, it's irrelevant by now since there's no dnsmasq anymore, and pdns doesn't have this problem.

The dnsmasq equivalent is already in place I suppose.

Seems to be fine now.

Tested and appears to work.

Yes, since we let quagga manage static routes (and for a good reason — the kernel does not even try to restore routes if the interface they use flaps), we can only do what quagga allow now, or add something to quagga.

Already in use by now.

ALready packaged and actively used.

The AMI builds and boots now.

@aopdal I agree VRRPv3 supports both IPv4 and IPv6 at the protocols level, but keepalived wants groups to use either IPv4 or IPv6 addresses, but not both at the same time, so you need different groups for them in the config.

Works and already in use.

@syncer Sort of. Root doesn't get the full vyos environment so using vyos commands is inconvenient, though not impossible.

@Asteroza Our tcpdump comes straight from Debian, so the update should be picked automatically when they update theirs.

Seems to work.

Appears to work as expected now.

Seems to be working now.

@higebu and @UnicronNL agreed to the change, so I'm going to proceed with it.

I'm pretty sure there is a commit error when you try to use that no longer existing option. It only works because we (sadly) allow partial commits and our commits at this time are not real, transactional commits.

@c-po I think the spirit of it is to keep programs that are not useful for end users separate from programs that are, out of their $PATH, which would only pollute the completion and enable accidental execution of programs that may have strange effect when used in an unintended way outside of their normal workflow.

Turns out updating the hosts entry is more important than I thought: if it's missing, sudo constantly complains that it cannot resolve the hostname. While it appears to have no ill effect, it's still quite a nuisance.

Those commands are now "monitor bandwidth interface $intf".

This task is decidedly *not* complete until we have a migration script for it.

Should be working now.

They are now vyos.version.get_version*

It gets worse: there are also handwritten bmon command templates for some interfaces (those before VC6.6 it seems).

Sorry it took me so long to react to!

Looks like pdns doesn't have a working command to reset all cache, but it has a command for clearing cache for individual domains.

Just tested it on hvinfo and it seems to work as expected. The change is in the jenkins script,

The peer-address option doesn't work quite well in keepalived 1.2.x from jessie. VRRP transition works, but then it goes into an endless loop of sending an ARP who-has request for checking availability of the virtual address.

I've added the Mellanox OFED drivers to the image. Need to check the userspace packages.

@c-po Looks like Debian has it for all platforms that support KVM, including ARM (though, oddly, not Aarch64). Perhaps we should move it from the x86 package list to vyos-world or another platform-independent place at some later point.

Please make sure to read the guideline: http://blog.vyos.net/vyos-2-dot-0-development-digest-number-5-doing-1-dot-2-x-and-2-dot-0-development-in-parallel
You can use the cron script as an example, too.

Closing the task then.

@alainlamar @c-po Multi-nodes should indeed be used whenever possible instead of making the user enter comma-separated values and the like.

Done for all practical purposes. Everything else will deserve its own task.

It's done for OpenVPN. We can later add IPsec as a sub-task.

It will have to be refactored for the new vyos-1x approach, but then the entire package will, so we'll better have the .ac support now, and refactor later.

1. A nicer version of os.system('iw reg get')

This makes me think we should make a shared nicer version that returns a tuple of exit code and combined stdout/stderr and put it somewhere in a utility module.

@tic226 If we continue the chemical theme, since 1.1.x is helium, 1.2.x will be lithium, and 1.3.x will be beryllium.

The downloads.vyos.io is now using mandatory HTTPS. On the dev.packages.vyos.net, HTTPS is optional. To declare this closed, we need someone to independently verify that ISO build works with HTTPS for them.