Skip to content

Releases: kernelkit/infix

Infix v24.11.1

29 Nov 09:43
fbe18a4
Compare
Choose a tag to compare

Changes

  • Upgrade Frr to 9.1.2, fixes an OSPF issue where Zebra lost netlink
    messages and drifted out of sync with the kernel's view of addresses
    and interfaces available in the system
  • Allow setting IP address directly on VLAN filtering bridges. This
    only works when the bridge is an untagged member of a (single) VLAN.
  • cli: usability -- showing log files now automatically jump to the end
    of the file, where the latest events are
  • cli: usability -- showing container status, or other status that
    overflows the terminal horizontally, now wrap the lines and exit the
    pager immediately if the contents fit on the first screen
  • The default log level of the mDNS responder, avahi-daemon, has been
    adjusted to make it less verbose. Now only LOG_NOTICE and higher
    severity is logged -- making it very quiet

Fixes

  • Fix #685: DSA conduit interface not always detected. Previous
    attempt at a fix (v24.10.2) mitigated the issue, but did not
    completely solve it.
  • Fix #835: redesign how the system creates/deletes containers from the
    running-config. Prior to this change, all removal and creation was
    handled by a separate queue that ran asynchronously from the confd
    process. This could lead to situations where new configurations are
    applied before the queue had been fully processed. After this change
    containers are deleted synchronously and new containers are created
    in the same flow as during normal runtime operation (start/upgrade)
  • Fix start of containers with manual=True option should now work
    again, regression in v24.11.0
  • Fix loss of writable volumes when temporarily disabling a container
    in the configuration, now the container remains dormant with all its
    volumes still available
  • Fix presentation bug in CLI show interfaces where all line-drawing
    characters showed up as hexadecimal values. Regression in v24.11.0
  • Fix missing log messages from Frr Zebra daemon
  • Stop the zeroconf (IPv4LL) agent, avahi-autoipd, when removing an
    interface, e.g., br0
  • Creating more than one container trigger restarts of previously set
    up containers. Which in some cases may cause these earlier ones to
    end up in an inconsistent state
  • Prevent traffic assigned to locally terminated VLANs from being
    forwarded, when the underlying ports are simultaneously attached to
    a VLAN filtering bridge.

Infix v24.11.1-rc1

29 Nov 07:58
fbe18a4
Compare
Choose a tag to compare
Infix v24.11.1-rc1 Pre-release
Pre-release

Changes

  • Upgrade Frr to 9.1.2, fixes an OSPF issue where Zebra lost netlink
    messages and drifted out of sync with the kernel's view of addresses
    and interfaces available in the system
  • Allow setting IP address directly on VLAN filtering bridges. This
    only works when the bridge is an untagged member of a (single) VLAN.
  • cli: usability -- showing log files now automatically jump to the end
    of the file, where the latest events are
  • cli: usability -- showing container status, or other status that
    overflows the terminal horizontally, now wrap the lines and exit the
    pager immediately if the contents fit on the first screen
  • The default log level of the mDNS responder, avahi-daemon, has been
    adjusted to make it less verbose. Now only LOG_NOTICE and higher
    severity is logged -- making it very quiet

Fixes

  • Fix #685: DSA conduit interface not always detected. Previous
    attempt at a fix (v24.10.2) mitigated the issue, but did not
    completely solve it.
  • Fix #835: redesign how the system creates/deletes containers from the
    running-config. Prior to this change, all removal and creation was
    handled by a separate queue that ran asynchronously from the confd
    process. This could lead to situations where new configurations are
    applied before the queue had been fully processed. After this change
    containers are deleted synchronously and new containers are created
    in the same flow as during normal runtime operation (start/upgrade)
  • Fix start of containers with manual=True option should now work
    again, regression in v24.11.0
  • Fix loss of writable volumes when temporarily disabling a container
    in the configuration, now the container remains dormant with all its
    volumes still available
  • Fix presentation bug in CLI show interfaces where all line-drawing
    characters showed up as hexadecimal values. Regression in v24.11.0
  • Fix missing log messages from Frr Zebra daemon
  • Stop the zeroconf (IPv4LL) agent, avahi-autoipd, when removing an
    interface, e.g., br0
  • Creating more than one container trigger restarts of previously set
    up containers. Which in some cases may cause these earlier ones to
    end up in an inconsistent state
  • Prevent traffic assigned to locally terminated VLANs from being
    forwarded, when the underlying ports are simultaneously attached to
    a VLAN filtering bridge.

Infix v24.11.0

20 Nov 16:05
131d9e9
Compare
Choose a tag to compare

Caution

This release contains breaking changes for container users! As of v24.11.0, all persistent1 containers always run in read-only mode and the setting itself is deprecated (kept only for compatibility reasons). The main reason for this change is to better serve users with embedded container images in their builds of Infix. I.e., they can now upgrade the OCI image in their build and rely on the container being automatically upgraded when Infix is upgraded, issue #823. For other users, the benefit is that all container configuration changes take when activated, issue #822, without having to perform any tricks.

Changes

  • Add validation of interface name lengths, (1..15), Linux limit
  • Add support for ftp/http/https URI:s in container image, with a new checksum setting for MD5/SHA256/SHA512 verification, issue #801
  • Add a retry timer to the background container create service. This will ensure failing docker pull operations from remote images are retrying after 60 seconds, or quicker
  • CLI base component, klish, has been updated with better support for raw terminal mode and alternate quotes (' in addition to ")
  • Log silenced from container activation messages, only the very bare necessities are now logged, e.g., podman create command + status
  • Factory reset no longer calls shred to "securely erase" any files from writable data partitions. This will speed up the next boot considerably

Fixes

  • Fix #659: paged output in CLI accessed via console port sometimes causes lost lines, e.g. missing interfaces. With updated klish and the terminal in raw mode, the pager (less) can now control both the horizontal and vertical
  • Fix #822: adding, or changing, an environment variable to a running container does not take without the container upgrade NAME trick
  • Fix #823: with an OCI image embedded in the Infix image, an existing container in the configuration is not upgraded to the new OCI image with the Infix upgrade.
  • Frr leaves log files in /var/tmp/frr on unclean shutdowns. This has now been fixed with a "tmpfiles" cleanup of that path at boot
  1. I.e., set up in the configuration, as opposed to temporary ones started with container run from the CLI admin-exec context.

Infix v24.11.0-rc1

20 Nov 15:31
131d9e9
Compare
Choose a tag to compare
Infix v24.11.0-rc1 Pre-release
Pre-release

Caution

This release contains breaking changes for container users! As of
v24.11.0, all persistent1 containers always run in read-only mode
and the setting itself is deprecated (kept only for compatibility
reasons). The main reason for this change is to better serve users
with embedded container images in their builds of Infix. I.e., they
can now upgrade the OCI image in their build and rely on the container
being automatically upgraded when Infix is upgraded, issue #823. For
other users, the benefit is that all container configuration changes
take when activated, issue #822, without having to perform any tricks.

Changes

  • Add validation of interface name lengths, (1..15), Linux limit
  • Add support for ftp/http/https URI:s in container image, with a new
    checksum setting for MD5/SHA256/SHA512 verification, issue #801
  • Add a retry timer to the background container create service. This
    will ensure failing docker pull operations from remote images are
    retrying after 60 seconds, or quicker
  • CLI base component, klish, has been updated with better support for
    raw terminal mode and alternate quotes (' in addition to ")
  • Log silenced from container activation messages, only the very bare
    necessities are now logged, e.g., podman create command + status
  • Factory reset no longer calls shred to "securely erase" any files
    from writable data partitions. This will speed up the next boot
    considerably

Fixes

  • Fix #659: paged output in CLI accessed via console port sometimes
    causes lost lines, e.g. missing interfaces. With updated klish
    and the terminal in raw mode, the pager (less) can now control both
    the horizontal and vertical
  • Fix #822: adding, or changing, an environment variable to a running
    container does not take without the container upgrade NAME trick
  • Fix #823: with an OCI image embedded in the Infix image, an existing
    container in the configuration is not upgraded to the new OCI image
    with the Infix upgrade.
  • Frr leaves log files in /var/tmp/frr on unclean shutdowns. This
    has now been fixed with a "tmpfiles" cleanup of that path at boot
  1. I.e., set up in the configuration, as opposed to temporary ones
    started with container run from the CLI admin-exec context.

Infix v24.10.2

08 Nov 19:20
deee48d
Compare
Choose a tag to compare

Changes

  • Support for showing interfaces owned by running containers in the CLI command show interfaces. This also adds support for showing the peer interface of VETH pairs. Issue #626
  • Reboot system on kernel "oops", on "oops" the kernel now panics and reboots after 20 seconds. Issue #740
  • Update static factory-config for NanoPi R2S: enable NACM, securing all passwords, and enabling iburst for the NTP client. Issue #750
  • Updated QoS documentation with pictures and more information on VLAN interface ingress/egress priority handling, issue #759
  • Disable RTC device in Styx device tree, issue #794
  • Support for saving and restoring system clock from a disk file. This allows restoring the system clock to a sane date in case the RTC is disabled or does not have a valid time, issue #794
  • Update device discovery chapter with information on infix.local mDNS alias, netbrowse support to discover all local units, and command examples for disabling LLDP and mDNS services, issue #786
  • Updated OSPF documentation to include information on global OSPF settings (redistribution, explicit-router-id, etc.), issue #812
  • Added information on forwarding of IEEE reserved group addresses to bridge section of networking documentation, issue #788
  • Add support for bootstrap conditions and early init product overrides
  • Styx: enable second Ethernet port LED in device tree, again, rename it: yellow -> aux, and make sure it is turned off at boot
  • Styx: disable second port LED for the 4xSFP slots, does not work
  • Styx: override iitod (LED daemon) with a product specific LED script

Fixes

  • Fix #685: DSA conduit interface not always detected, randomly causing major issues configuring systems with multiple switch cores
  • Fix #778: reactivate OpenSSL backend for libssh/libssh2 for NanoPI R2S. This fixes a regression in v24.10.0 causing loss of NETCONF support
  • Fix #809: enable syslog logging for RAUC
  • Fix harmless bootstrap log error message on systems without USB ports: jq: error (at <stdin>:0): Cannot iterate over null (null)
  • Change confusing tc log error message: Error: does not support hardware offload to Skipping $iface, hardware offload not supported.

Infix v24.10.2-rc2

08 Nov 14:55
2910d8b
Compare
Choose a tag to compare
Infix v24.10.2-rc2 Pre-release
Pre-release

Changes

  • Support for showing interfaces owned by running containers in the CLI
    command show interfaces. This also adds support for showing the
    peer interface of VETH pairs. Issue #626
  • Reboot system on kernel "oops", on "oops" the kernel now panics and
    reboots after 20 seconds. Issue #740
  • Update static factory-config for NanoPi R2S: enable NACM, securing all
    passwords, and enabling iburst for the NTP client. Issue #750
  • Updated QoS documentation with pictures and more information on VLAN
    interface ingress/egress priority handling, issue #759
  • Disable RTC device in Styx device tree, issue #794
  • Support for saving and restoring system clock from a disk file. This
    allows restoring the system clock to a sane date in case the RTC is
    disabled or does not have a valid time, issue #794
  • Update device discovery chapter with information on infix.local mDNS
    alias, netbrowse support to discover all local units, and command
    examples for disabling LLDP and mDNS services, issue #786
  • Updated OSPF documentation to include information on global OSPF
    settings
    (redistribution, explicit-router-id, etc.), issue #812
  • Added information on forwarding of IEEE reserved group addresses
    to bridge section of networking documentation, issue #788
  • Add support for bootstrap conditions and early init product overrides
  • Styx: enable second Ethernet port LED in device tree, again, rename
    it: yellow -> aux, and make sure it is turned off at boot
  • Styx: disable second port LED for the 4xSFP slots, does not work
  • Styx: override iitod (LED daemon) with a product specific LED script

Fixes

  • Fix #685: DSA conduit interface not always detected, randomly causing
    major issues configuring systems with multiple switch cores
  • Fix #778: reactivate OpenSSL backend for libssh/libssh2 for NanoPI R2S.
    This fixes a regression in v24.10.0 causing loss of NETCONF support
  • Fix #809: enable syslog logging for RAUC
  • Fix harmless bootstrap log error message on systems without USB ports:
    jq: error (at <stdin>:0): Cannot iterate over null (null)
  • Change confusing tc log error message: Error: does not support hardware offload to Skipping $iface, hardware offload not supported.

Infix v24.10.2-rc1

05 Nov 13:42
c81b03e
Compare
Choose a tag to compare
Infix v24.10.2-rc1 Pre-release
Pre-release

Changes

  • Support for showing interfaces owned by running containers in the CLI
    command show interfaces. This also adds support for showing the
    peer interface of VETH pairs. Issue #626
  • Reboot system on kernel "oops", on "oops" the kernel now panics and
    reboots after 20 seconds. Issue #740
  • Update static factory-config for NanoPi R2S: enable NACM, securing all
    passwords, and enabling iburst for the NTP client. Issue #750
  • Updated QoS documentation with pictures and more information on VLAN
    interface ingress/egress priority handling, issue #759
  • Disable RTC device in Styx device tree, issue #794
  • Support for saving and restoring system clock from a disk file. This
    allows restoring the system clock to a sane date in case the RTC is
    disabled or does not have a valid time, issue #794

Fixes

  • Fix #685: DSA conduit interface not always detected, randomly causing
    major issues configuring systems with multiple switch cores
  • Fix #778: reactivate OpenSSL backend for libssh/libssh2 for NanoPI R2S.
    This fixes a regression in v24.10.0 causing loss of NETCONF supprt

Infix v24.10.1

18 Oct 14:02
Compare
Choose a tag to compare

News: this release contains breaking YANG changes in custom MAC addresses for interfaces! For details, see below issue #680.
Also, heads-up to all downstream users of Infix. YANG models have been renamed to ease maintenance, more info below.

Changes

  • Software control of port LEDs on the Styx platform has been disabled. Default driver behavior, green link and green traffic blink, is kept as-is, which should mitigate issues reported in #670
  • Correcting documentation on QoS. For packets containing both a VLAN tag and an IP header, PCP priority takes precedence over DSCP priority (not vice versa).
  • Update CONTRIBUTING.md for scaling core team and helping external contributors understand the development process, issue #672
  • Updated branding documentation with more information on how dynamic and static factory-config work, including examples
  • Updated container documentation, improved images, detail how to set interface name inside the container, and some syntax fixes
  • Updated networking documentation, new General settings section, and more details added to initial section on network building blocks
  • As of this release, all Infix YANG models have dropped the @DATE suffix from the name, this type of versioning is not handled using symlinks instead.
  • Update Infix provision script, used to install Infix on eMMC, add example of how to erase partition table to be able to re-run the script on already provisioned devices, issue #671
  • OSPF: Add limitation to allow an interface to be in one area only
  • Add support for "dummy" interfaces, mostly useful for testing
  • Add support for container hostname format specifiers, just like it already works for the host's hostname setting
  • Hide all status obsolete YANG nodes in CLI
  • Add YANG units, if available, to CLI help text (default value)
  • The CLI commands copy and erase are now available also from Bash
  • Greatly reduced size of bundled curiOS httpd OCI container image, reduced from 1.8 MiB to 281 KiB
  • Add deviation to ietf-interfaces.yang, link-up-down-trap-enable is not supported (yet) in Infix, issue #709
  • The default builds now include the curiOS nftables container image, which can be used for advanced firewall setups. For an introduction see https://kernelkit.org/posts/firewall-container/

Fixes

  • Fix #499: add an NACM rule to factory-config, which by default deny everyone to read user password hash(es)
  • Fix #663: internal Ethernet interfaces shown in CLI tab completion
  • Fix #674: CLI show interfaces display internal Ethernet interfaces, regression introduced late in v24.09 release cycle
  • Fix #676: port dropped from bridge when changing its VLAN membership from tagged to untagged
  • Fix #680: replace deviation for phys-address in ietf-interfaces.yang with custom-phys-address to allow for constructing more free-form MAC addresses based on the chassis MAC (a.k.a., base MAC) address. For more information, see the YANG model, a few examples are listed in the updated documentation. The syntax will be automatically updated in the startup-config and factory-config -- make sure to verify the changes and update any static factory-config used for your products
  • Fix #690: CLI show ip route command stops working after 24 hours, this includes all operational data in ietf-routing:/routing/ribs.
  • Fix #697: password is not always set for new users, bug introduced in v24.06.0 when replacing Augeas with native user handling
  • Fix #700: add missing admin-status to interface operational data
  • Fix #701: make sure CLI (and Bash) copy command use same sysrepo timeout as other operations that load sysrepo. Was 10 second timeout, which caused some (really big) configurations not to apply from the CLI, but worked at boot, for instance. New timeout is 60 seconds
  • Fix #708: allow all container networks to set interface name inside container, not just auto-generated veth-pair ends for docker0 bridge
  • Fix show interfaces on platforms like the NanoPi R2S, which does not support reading RMON counters in JSON format using ethtool
  • Fix #730: CLI command show ntp [sources] stopped working in v24.08. Missing access rights after massive CLI lock-down
  • Fix #735: copy and erase commands missing from CLI, regression in Infix v24.10.0 defconfigs, now added as dep. in klish package
  • Fix BFD in OSPF, previously you could not enable BFD on a single interface without enabling it on all interfaces

Infix v24.10.0

18 Oct 11:54
Compare
Choose a tag to compare
Infix v24.10.0 Pre-release
Pre-release

PLEASE NOTE, THIS RELEASE HAS BEEN PULLED BECAUSE OF ISSUE #735


News: this release contains breaking YANG changes in custom MAC addresses for interfaces! For details, see below issue #680.
Also, heads-up to all downstream users of Infix. YANG models have been renamed to ease maintenance, more info below.

Changes

  • Software control of port LEDs on the Styx platform has been disabled. Default driver behavior, green link and green traffic blink, is kept as-is, which should mitigate issues reported in #670
  • Correcting documentation on QoS. For packets containing both a VLAN tag and an IP header, PCP priority takes precedence over DSCP priority (not vice versa).
  • Update CONTRIBUTING.md for scaling core team and helping external contributors understand the development process, issue #672
  • Updated branding documentation with more information on how dynamic and static factory-config work, including examples
  • Updated container documentation, improved images, detail how to set interface name inside the container, and some syntax fixes
  • Updated networking documentation, new General settings section, and more details added to initial section on network building blocks
  • As of this release, all Infix YANG models have dropped the @DATE suffix from the name, this type of versioning is not handled using symlinks instead.
  • Update Infix provision script, used to install Infix on eMMC, add example of how to erase partition table to be able to re-run the script on already provisioned devices, issue #671
  • OSPF: Add limitation to allow an interface to be in one area only
  • Add support for "dummy" interfaces, mostly useful for testing
  • Add support for container hostname format specifiers, just like it already works for the host's hostname setting
  • Hide all status obsolete YANG nodes in CLI
  • Add YANG units, if available, to CLI help text (default value)
  • The CLI commands copy and erase are now available also from Bash
  • Greatly reduced size of bundled curiOS httpd OCI container image, reduced from 1.8 MiB to 281 KiB
  • Add deviation to ietf-interfaces.yang, link-up-down-trap-enable is not supported (yet) in Infix, issue #709
  • The default builds now include the curiOS nftables container image, which can be used for advanced firewall setups. For an introduction see https://kernelkit.org/posts/firewall-container/

Fixes

  • Fix #499: add an NACM rule to factory-config, which by default deny everyone to read user password hash(es)
  • Fix #663: internal Ethernet interfaces shown in CLI tab completion
  • Fix #674: CLI show interfaces display internal Ethernet interfaces, regression introduced late in v24.09 release cycle
  • Fix #676: port dropped from bridge when changing its VLAN membership from tagged to untagged
  • Fix #680: replace deviation for phys-address in ietf-interfaces.yang with custom-phys-address to allow for constructing more free-form MAC addresses based on the chassis MAC (a.k.a., base MAC) address. For more information, see the YANG model, a few examples are listed in the updated documentation. The syntax will be automatically updated in the startup-config and factory-config -- make sure to verify the changes and update any static factory-config used for your products
  • Fix #690: CLI show ip route command stops working after 24 hours, this includes all operational data in ietf-routing:/routing/ribs.
  • Fix #697: password is not always set for new users, bug introduced in v24.06.0 when replacing Augeas with native user handling
  • Fix #700: add missing admin-status to interface operational data
  • Fix #701: make sure CLI (and Bash) copy command use same sysrepo timeout as other operations that load sysrepo. Was 10 second timeout, which caused some (really big) configurations not to apply from the CLI, but worked at boot, for instance. New timeout is 60 seconds
  • Fix #708: allow all container networks to set interface name inside container, not just auto-generated veth-pair ends for docker0 bridge
  • Fix show interfaces on platforms like the NanoPi R2S, which does not support reading RMON counters in JSON format using ethtool
  • Fix #730: CLI command show ntp [sources] stopped working in v24.08. Missing access rights after massive CLI lock-down
  • Fix BFD in OSPF, previously you could not enable BFD on a single interface without enabling it on all interfaces

Infix v24.09.0

30 Sep 10:24
Compare
Choose a tag to compare

News: this release enhances the integration of all types of static routes with FRRouting (Frr), including all routes that can be set by DHCP and IPvLL (ZeroConf) clients. Due to this fundamental change, the system routing table is now primarily read from Frr, which increases the amount of relevant routing information available to the user. E.g., in the CLI exec command show ip route and show ipv6 route. Support for adjusting the administrative distance of all types of static routes has also been added to facilitate site specific adaptations. Please see the documentation for details.

Known Issues

  • The CLI command show interfaces may for some terminal resolutions not display all interfaces (on systems with >20 interfaces). This problem is limited to the console port and only occurs for smaller terminals (30-50 rows height). Calling show ifaces from the shell, dumping /ietf-interfaces:interfaces XPath using sysrepocfg, or using the CLI from an SSH session, is not affected. Issue #659

Changes

  • Upgrade Buildroot to 2024.02.6 (LTS)
  • Upgrade Linux kernel to 6.6.52 (LTS)
  • Upgrade libyang to 3.4.2
  • Upgrade sysrepo to 2.11.7
  • Upgrade netopeer2 (NETCONF) to 2.2.31
  • Updated infix-routing.yang to declare deviations for unsupported OSPF RPCs and Notifications in ietf-ospf.yang
  • The CLI admin-exec command show dns now also shows any configured name servers, not just ones acquired via DHCP. Issue #510
  • Add support for IPv4 (autoconf) request-address. This instructs the ZeroConf client to start with the requested address. If this is not successful the client falls back to its default behavior. Issue #628
  • Major speedup (10x) in operational data, in particular when querying interface status. Very noticeable in the CLI show interfaces command on devices with large port counts. Issue #651
  • Silence yanger log warnings for failing mctl command. Caused by mctl reporting no multicast filtering enabled on bridge

Fixes

  • Fix #357: EUI-64 based IPv6 autoconf address on bridges seem to be randomized. Problem caused by kernel setting a random MAC before any bridge port is added. Fixed by using the device's base MAC address on bridge interfaces. Possible to override using phys-address option
  • Fix #601: CLI regression in show ospf family of commands causing authorized users, like admin, to not being able to query status of OSPF or BFD. Workaround by using the UNIX shell sudo vtysh. Regression introduced in v24.08.0
  • Fix #603: regression in GNS3 image, starts in test mode by default. Introduced in v24.08.
  • Fix #613: CLI regression in tab completion of container commands, e.g., container shell <TAB>. Regression introduced in v24.08.0
  • Fix #616: Silent failure when selecting bash as login shell for non-admin user, this silent lock has been removed
  • Fix #618: CLI command show interfaces does not show bridges and bridge ports, regression introduced in v24.08.0 -- only affects bridges without multicast snooping
  • Fix #623: CLI command container upgrade NAME does not work, regression introduced in v24.06.0
  • Fix #625: initialize sysrepo startup datastore at boot. Improves usability when working directly against the sysrepo datastores from the shell with sysrepocfg and sysrepoctl tools
  • Fix #635: OSPF: all router neighbors reported as neighbor on every interface
  • Fix #638: Disabling IPv4LL (autoconf) on an interface does not clean up 169.254/16 addresses
  • Fix #640: unable to set static default route due to priority inversion from DHCP or IPv4LL (ZeroConf) clients setting their routes directly in the kernel. This has resulted in a complete overhaul of route management, using FRRouting for all routes, including DHCP and IPv4LL routes, presentation in the CLI, and also support for custom route preference for static routes
  • Fix #658: deleting VETH pairs does not work unless rebooting first. Creating a VETH pair, followed by at least one other reconfiguration before removing the pair, causes confd to fail when applying the interface changes (tries to delete both ends of the pair)
  • Spellcheck path to /var/lib/containers when unpacking OCI archives on container upgrade
  • cli: restore tcpdump permissions for administrator level users, regression introduced in v24.08.0
  • The timeout before giving up on loading the startup-config at boot is now 1 minute, just like operations via other front-ends (NETCONF and RESTCONF). This was previously (incorrectly) set to 10 seconds