FreeNAS/freenas a301234gui/middleware notifier.py, src/middlewared/middlewared/plugins disk.py

Merge pull request #3098 from freenas/NAS-101854

NAS-101854 / 11.2 / fix(gui): avoid syncing disk table on every disk format

FreeNAS/freenas e912097gui/freeadmin site.py, gui/templates/freeadmin index.html

Point to System version documentation

This commit introduces changes which make sure that we always point to the current 
system's documentation and not load the latest documentation. For nightlies we point to 
11.VERSION-RELEASE docs.
Ticket: #NAS-101244

(cherry picked from commit c822851c112bbc8fee513c7c6b7ad942f65a4ca3)

FreeNAS/freenas 546394a

Empty commit to create PR on github.

You should reset it
DeltaFile
+0-00 files

FreeNAS/freenas a44b9dfgui/freeadmin site.py, gui/templates/freeadmin index.html

Merge pull request #3099 from freenas/NAS-101244

NAS-101244 / 11.2 / Point to System version documentation

FreeNAS/freenas c822851gui/freeadmin site.py, gui/templates/freeadmin index.html

Point to System version documentation

This commit introduces changes which make sure that we always point to the current 
system's documentation and not load the latest documentation. For nightlies we point to 
11.VERSION-RELEASE docs.
Ticket: #NAS-101244

FreeNAS/freenas 49e21b9src/middlewared/middlewared/etc_files/local/openvpn/client openvpn_client.conf, src/middlewared/middlewared/etc_files/local/openvpn/server openvpn_server.conf

Generate inline OpenVPN static key in configurations

This commit introduces changes so that we add the generated OpenVPN static key inline in 
the respective server/client conf file.

FreeNAS/freenas 658a6cdsrc/middlewared/middlewared/plugins vpn.py

Generate client configuration for OpenVPN Server

This commit adds a helper method which helps generate a client configuration file to be 
used with configuring another machine for using OpenVPN to connect to FN/TN machine 
running OpenVPN Server.

FreeNAS/freenas 16e45a9src/middlewared/middlewared/plugins crypto.py

Retrieve extensions when querying certs/csr/ca's

This commit adds the ability to retrieve extensions when we query for ca/certs/csr's.

FreeNAS/freenas c21ee91src/middlewared/middlewared/plugins vpn.py

Validate Server Certificate extensions

This commit validates server certificate extensions for OpenVPN.

FreeNAS/freenas acbdf62src/middlewared/middlewared/plugins crypto.py

Expose ExtendedKeyUsage choices

This commit exposes ExtendedKeyUsage x509 extension choices which can be specified while 
creating a new cert/ca.

FreeNAS/freenas 97bdd68src/middlewared/middlewared/etc_files/local/openvpn/server openvpn_server.conf, src/middlewared/middlewared/plugins service.py

Generate openvpn-server config file on ca revocation

This commit introduces a change where we generate openvpn-server file again each time 
changes are introduced to crypto services. This is necessary because it ensures that crl 
file for ca which openvpn server is using always remains up to date. It is however not 
necessary to reload/restart openvpn server when we generate the config file again because 
it automatically picks up that change for crl.

FreeNAS/freenas 4820887src/middlewared/middlewared/alert/source certificates.py

Add Revoked Certificate Alerts

This commit adds alerts for revoked certificates and covers all services which use certs 
and can have revoked certs.

FreeNAS/freenas 58d6b41src/middlewared/middlewared/plugins crypto.py

Generate CRL

This commit adds a method to cryptokey service which enables us to generate a CRL for a 
list of certs using provided ca. There's a tricky situation here as to what happens if the 
root CA is compromised ? In normal world scenarios, that CA is removed from app's trust 
store and any subsequent certs it had issues wouldn't be validated by the app then. Making 
a CRL for a revoked root CA in normal cases doesn't make sense as the thief can sign a 
counter CRL saying that everything is fine. As our environment is controlled, i think we 
are safe to create a crl for root CA as well which we can publish for services which make 
use of it i.e openvpn and they'll know that the certs/ca's have been compromised.

FreeNAS/freenas b2f7bc8gui/system models.py, gui/system/migrations 0044_revoked_field.py

Migrations for revoked field

This commit adds migrations for fields which will help us revoke certificates and generate 
Certificate Revocation Lists.

FreeNAS/freenas 0c59a2fsrc/middlewared/middlewared/plugins vpn.py

Validate Client Certificate extensions

This commit validates client certificate extensions for OpenVPN.

FreeNAS/freenas 58d6b2asrc/middlewared/middlewared/etc_files/local/openvpn/server openvpn_server.conf, src/middlewared/middlewared/plugins vpn.py

IPv6 support

This commit adds ipv6 support for running OpenVPN Server.

FreeNAS/freenas fdd0c22src/middlewared/middlewared/plugins crypto.py

Revoke CA chain

When a CA is marked as revoked, we revoke the complete chain which starts off from that 
CA.

FreeNAS/freenas 0cce563src/middlewared/middlewared/plugins crypto.py

Revoke Certificate

This commit makes sure we are able to mark a certificate as revoked.

FreeNAS/freenas dea7070src/middlewared/middlewared/etc_files generate_ssl_certs.py, src/middlewared/middlewared/plugins crypto.py

Write CRL to file

This commit makes sure that each time changes are introduced to a cert/ca wrt revocation 
status, we make a CRL for each ca and write it out respectively so that the services 
making use of it have an updated version.

FreeNAS/freenas 71bb5ddsrc/middlewared/middlewared/plugins vpn.py

Validate Client Config

This commit adds a method which can be called before we start OpenVPN client making sure 
that OpenVPN Client does not run with a misconfigured file resulting in further woes for 
the user. This will raise a CallError if the settings are not as they should be for 
OpenVPN client and we can skip generating the openvpn client file which will result in 
failure to start for the service.

FreeNAS/freenas b35fad9src/middlewared/middlewared/plugins crypto.py

Add reasonable defaults for CA extensions

This commit adds reasonable defaults for CA extensions saving the end user the trouble to 
specify right extensions each time or query them before with profiles and then set them.

FreeNAS/freenas 33981c7src/middlewared/middlewared/plugins crypto.py

Periodically keep ssl up to date

This commit makes sure that we keep ssl related changes up to date by making sure that we 
generate all the ssl related files after a 24 hour window.

FreeNAS/freenas 30666e7src/middlewared/middlewared/plugins vpn.py crypto.py

Add documentation for cert extensions and vpn plugin

This commit adds documentation for certificate extensions, pki management and vpn plugin.

FreeNAS/freenas ac9e84esrc/middlewared/middlewared/plugins vpn.py

Validate root CA extensions

This commit adds validations for root CA extensions making sure that we conform to a basic 
set of standards for the Root CA.

FreeNAS/freenas 3e92be3src/middlewared/middlewared/plugins vpn.py

Validate cert chain for OpenVPN Server/Client

This commit validates that the root CA provided indeed has signed the end server/client 
certificates and we can safely use them for server/client.

FreeNAS/freenas 85c75fesrc/middlewared/middlewared/pytest/unit test_schema.py

Add tests for list schema

This commit adds tests for list schema being able to specify multiple schema's in items.

FreeNAS/freenas 2e51608src/middlewared/middlewared/plugins vpn.py

Validate client cert for client config generation

This commit makes sure that only a valid certificate id is used to generate client 
configuration for server settings.

FreeNAS/freenas e1ecd51src/middlewared/middlewared/plugins vpn.py

Generate OpenVPN Static Key

This commit adds ability for the end user to authenticate/encrypt all control channel 
packets with a static key which OpenVPN generates.

FreeNAS/freenas 911c46esrc/middlewared/middlewared/etc_files/local/openvpn/client openvpn_client.conf, src/middlewared/middlewared/plugins etc.py

Generate OpenVPN Client config file

This commit adds changes which give us the ability to generate openvpn client 
configuration file.

FreeNAS/freenas 47cc76asrc/middlewared/middlewared/plugins crypto.py

Add validation to verify chain of certs

This commit adds validation to crypto plugin which enables us to verify chain of 
certificates.

FreeNAS/freenas f36478dsrc/middlewared/middlewared/plugins crypto.py

Retrieve CA chain

This commit adds a generic method which will be used internally to gather ca chain.

FreeNAS/freenas 9f9211csrc/middlewared/middlewared/plugins etc.py

Create etc plugin's group directory

In case the parent directories where the group's conf file is to be written, do not exist, 
we create them automatically.

FreeNAS/freenas 7ffb9f2src/freenas/etc/ix.rc.d ix-etc, src/middlewared/middlewared/etc_files/local/nginx nginx.conf

Get dhparams path and cover usages

This commit introduces changes so crypto plugin returns the path for dhparam.pem file and 
covers it's usages to make sure we don't hardcode the value and use the new method.

FreeNAS/freenas 1c1a914src/middlewared/middlewared/etc_files/local/openvpn/server openvpn_server.conf, src/middlewared/middlewared/plugins etc.py

Generate OpenVPN Server config file

This commit adds changes which give us the ability to generate openvpn server 
configuration file.

FreeNAS/freenas bb244c3src/middlewared/middlewared/etc_files rc.conf.py, src/middlewared/middlewared/plugins service.py

Setup OpenVPN Client as a service

This commit introduces changes where we add the capability of starting openvpn client from 
middlewared as a service and also generating relevant rc.conf bits.

FreeNAS/freenas 7613d9fgui/middleware notifier.py, src/middlewared/middlewared/plugins disk.py

fix(gui): avoid syncing disk table on every disk format

Instead of a full sync at the end.

Ticket: NAS-101854

FreeNAS/freenas 00bfd75src/freenas/etc/ix.rc.d ix-apache

Make sure webdav conf files are generated

This commit makes sure that webdav configuration files are always generated irrespective 
of it's setting to start at boot as the user can still use the service without setting 
that option.
Ticket: #NAS-101879

FreeNAS/freenas cdb55c5src/middlewared/middlewared/etc_files rc.conf.py

Remove nut_upsshut from rc.conf

This commit removes nut_upsshut rc var from rc.conf as it is no longer needed and upstream 
has fixed it by adding a reasonable default to nut rc script which wasn't there before.
Ticket: #NAS-101887

FreeNAS/freenas 97f9eedsrc/middlewared/middlewared/etc_files rc.conf.py

Enable nut_upsshut

This commit adds changes to add nut_upsshut to rc.conf even if ups service is not enabled 
to start at boot to suppress nut warnings when the ups service is started.
Ticket: #NAS-101887

FreeNAS/freenas 95f3d1esrc/freenas/etc rc.conf.local

Add nut_upsshut regardless of ups service status

This commit adds changes to add nut_upsshut to rc.conf even if ups service is not enabled 
to start at boot to suppress nut warnings when the ups service is started.

FreeNAS/freenas 720896asrc/middlewared/middlewared/plugins usage.py

Longer it is!

Signed-off-by: Brandon Schneider <brandon at ixsystems.com>

FreeNAS/freenas f1ad578src/middlewared/middlewared/plugins usage.py

Travis

Signed-off-by: Brandon Schneider <brandon at ixsystems.com>

FreeNAS/freenas 17579f9src/middlewared/middlewared/plugins usage.py

Address reviews

Signed-off-by: Brandon Schneider <brandon at ixsystems.com>

FreeNAS/freenas 888830asrc/freenas/usr/local/bin custom-upssched-cmd

Merge pull request #3094 from freenas/NAS-101873

NAS-101873 / 11.2 / Bug fix for upssched

FreeNAS/freenas a8454dbsrc/middlewared/middlewared/plugins vpn.py

Validate Server Certificate extensions

This commit validates server certificate extensions for OpenVPN.

FreeNAS/freenas 07ad294src/middlewared/middlewared/plugins vpn.py crypto.py

Add documentation for cert extensions and vpn plugin

This commit adds documentation for certificate extensions, pki management and vpn plugin.

FreeNAS/freenas 765898esrc/middlewared/middlewared/alert/source certificates.py

Add Revoked Certificate Alerts

This commit adds alerts for revoked certificates and covers all services which use certs 
and can have revoked certs.

FreeNAS/freenas 348375esrc/middlewared/middlewared/plugins crypto.py

Add validation to verify chain of certs

This commit adds validation to crypto plugin which enables us to verify chain of 
certificates.

FreeNAS/freenas 66abe4esrc/middlewared/middlewared/plugins vpn.py

Validate cert chain for OpenVPN Server/Client

This commit validates that the root CA provided indeed has signed the end server/client 
certificates and we can safely use them for server/client.

FreeNAS/freenas 054ed92src/middlewared/middlewared/plugins vpn.py

Generate client configuration for OpenVPN Server

This commit adds a helper method which helps generate a client configuration file to be 
used with configuring another machine for using OpenVPN to connect to FN/TN machine 
running OpenVPN Server.