Inserting FQDN seems reasonable, but we need to think carefully when FQDN should come from, and if we use the "system domain-name" option, what should we do if it's not present.

Needs to be re-tested in recent images.

Needs to be tested in 1.2.0

I suppose it's clear enough by now.

It does work now.

It's already in use.

I'm not sure if HTML encoding is really the best thing to do, but I agree the problem exists.

This is a bit of ubunt's bug #1 by now. ;)

@EwaldvanGeffen Good point. Do you have ideas how to implement it?

Curiously, the rewrite introduced exactly the problem @UnicronNL warned against. Entering an invalid interface at set time is only one part of the story — the worst case no set-time or commit-time check can protect against is when a once valid interface is removed, e.g. by pulling a physical or virtual NIC out of the router. Then that validation becomes a time bomb because the config will stop loading.

I did test NTP in 1.2.0 and it works now.

I verified that with the new CLI (run monitor traffic interface ... filter ...) it works.

The basic commands are working now, I suppose subsequent additions need their own tasks.

We can make a script that checks if service is configured and reload it if it's not then.

https://github.com/vyos/vyos-1x/commit/a79b6babd9fc897799eb14fbfcaaf1e8f6cb94d5

I've updated pdns to 4.0, enabled non-local bind, and added a "listen-address" option that takes address rather than interface. I've also added a huge warning about listen-on to encourage people to migrate to the new listen-address option.

Seems to work now.

I think we should implement a package persistence mechanism at some point. Frankly, APT is notorious for offering conflict resolutions that equal self-destruct, for a network admin who is not an experienced Debian user, installing third-party packages the normal way will create more problems than it solves.

I think it is. In any case, it's irrelevant by now since there's no dnsmasq anymore, and pdns doesn't have this problem.

The dnsmasq equivalent is already in place I suppose.

Seems to be fine now.

Tested and appears to work.

Yes, since we let quagga manage static routes (and for a good reason — the kernel does not even try to restore routes if the interface they use flaps), we can only do what quagga allow now, or add something to quagga.

Already in use by now.

ALready packaged and actively used.

The AMI builds and boots now.

@aopdal I agree VRRPv3 supports both IPv4 and IPv6 at the protocols level, but keepalived wants groups to use either IPv4 or IPv6 addresses, but not both at the same time, so you need different groups for them in the config.

Works and already in use.

@syncer Sort of. Root doesn't get the full vyos environment so using vyos commands is inconvenient, though not impossible.

@Asteroza Our tcpdump comes straight from Debian, so the update should be picked automatically when they update theirs.

Seems to work.

Appears to work as expected now.

Seems to be working now.

@higebu and @UnicronNL agreed to the change, so I'm going to proceed with it.

I'm pretty sure there is a commit error when you try to use that no longer existing option. It only works because we (sadly) allow partial commits and our commits at this time are not real, transactional commits.

@c-po I think the spirit of it is to keep programs that are not useful for end users separate from programs that are, out of their $PATH, which would only pollute the completion and enable accidental execution of programs that may have strange effect when used in an unintended way outside of their normal workflow.

Turns out updating the hosts entry is more important than I thought: if it's missing, sudo constantly complains that it cannot resolve the hostname. While it appears to have no ill effect, it's still quite a nuisance.

Those commands are now "monitor bandwidth interface $intf".

This task is decidedly *not* complete until we have a migration script for it.