diff options
author | rebortg <github@ghlr.de> | 2024-01-13 23:12:29 +0100 |
---|---|---|
committer | rebortg <github@ghlr.de> | 2024-01-14 21:11:10 +0100 |
commit | 14c94be155255524d4e05c1f5308233f8b67be03 (patch) | |
tree | d742ee314656029270aa8e7e315b2c2abf3e13e8 /docs | |
parent | 0740593f13225ad72a127e99aaa49d5a32ba5325 (diff) | |
parent | ad280ba6493a76a73b25ca4472365720b10bd412 (diff) | |
download | vyos-documentation-14c94be155255524d4e05c1f5308233f8b67be03.tar.gz vyos-documentation-14c94be155255524d4e05c1f5308233f8b67be03.zip |
Merge branch 'master' of github.com:vyos/vyos-documentation
Diffstat (limited to 'docs')
60 files changed, 3764 insertions, 2088 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 11d531ece3e06dc68349d8ea1fd3bf39d5d857f +Subproject 9753fafbfed02a3b6ebe7b6ddf51783c5dcbcf6 diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index 6641dd72..df607936 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -19468,8 +19468,8 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" +msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" #: ../../configuration/vpn/ipsec.rst:125 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" diff --git a/docs/_locale/es/configuration.pot b/docs/_locale/es/configuration.pot index 88324a87..0f90f6ac 100644 --- a/docs/_locale/es/configuration.pot +++ b/docs/_locale/es/configuration.pot @@ -19468,7 +19468,7 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: un perfil de servidor centrado en reducir la latencia de la red. Este perfil favorece el rendimiento sobre el ahorro de energía configurando ``intel_pstate`` y ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" msgstr "``least-connection`` Distribuye las solicitudes al servidor con la menor cantidad de conexiones activas" #: ../../configuration/vpn/ipsec.rst:125 diff --git a/docs/_locale/ja/configuration.pot b/docs/_locale/ja/configuration.pot index b76eeeb0..7a5f67f1 100644 --- a/docs/_locale/ja/configuration.pot +++ b/docs/_locale/ja/configuration.pot @@ -19468,8 +19468,8 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" +msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" #: ../../configuration/vpn/ipsec.rst:125 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" diff --git a/docs/_locale/pt/configuration.pot b/docs/_locale/pt/configuration.pot index dbe8970c..8b7aff49 100644 --- a/docs/_locale/pt/configuration.pot +++ b/docs/_locale/pt/configuration.pot @@ -19468,8 +19468,8 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" +msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" #: ../../configuration/vpn/ipsec.rst:125 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" diff --git a/docs/_locale/uk/configuration.pot b/docs/_locale/uk/configuration.pot index a3a1a512..1a912c61 100644 --- a/docs/_locale/uk/configuration.pot +++ b/docs/_locale/uk/configuration.pot @@ -19468,8 +19468,8 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" +msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" #: ../../configuration/vpn/ipsec.rst:125 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" diff --git a/docs/_static/images/firewall-bridge-packet-flow.png b/docs/_static/images/firewall-bridge-packet-flow.png Binary files differindex 9e32315e..0d73ebbf 100644 --- a/docs/_static/images/firewall-bridge-packet-flow.png +++ b/docs/_static/images/firewall-bridge-packet-flow.png diff --git a/docs/_static/images/firewall-gral-packet-flow.png b/docs/_static/images/firewall-gral-packet-flow.png Binary files differindex ee4e7b70..3c2611b3 100644 --- a/docs/_static/images/firewall-gral-packet-flow.png +++ b/docs/_static/images/firewall-gral-packet-flow.png diff --git a/docs/_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png b/docs/_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png Binary files differnew file mode 100644 index 00000000..297fdd11 --- /dev/null +++ b/docs/_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png diff --git a/docs/automation/index.rst b/docs/automation/index.rst index dd7b596a..ee8282ac 100644 --- a/docs/automation/index.rst +++ b/docs/automation/index.rst @@ -17,3 +17,5 @@ VyOS Automation vyos-salt command-scripting cloud-init + vyos-pyvyos + diff --git a/docs/automation/vyos-pyvyos.rst b/docs/automation/vyos-pyvyos.rst new file mode 100644 index 00000000..fba9b8b7 --- /dev/null +++ b/docs/automation/vyos-pyvyos.rst @@ -0,0 +1,148 @@ +:lastproofread: 2023-12-15 + +.. _vyos-pyvyos: + +PyVyOS +====== + +PyVyOS is a Python library for interacting with VyOS devices via their API. +This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. +The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), +and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) +and [PyPI](https://pypi.org/project/pyvyos/). + +Installation +------------ + +You can install PyVyOS using pip: + +.. code-block:: bash + + pip install pyvyos + +Getting Started +--------------- + +Importing and Disabling Warnings for verify=False +------------------------------------------------- + +.. code-block:: none + + import urllib3 + urllib3.disable_warnings() + +Using API Response Class +------------------------ + +.. code-block:: none + + @dataclass + class ApiResponse: + status: int + request: dict + result: dict + error: str + +Initializing a VyDevice Object +------------------------------ + +.. code-block:: none + + from dotenv import load_dotenv + load_dotenv() + + hostname = os.getenv('VYDEVICE_HOSTNAME') + apikey = os.getenv('VYDEVICE_APIKEY') + port = os.getenv('VYDEVICE_PORT') + protocol = os.getenv('VYDEVICE_PROTOCOL') + verify_ssl = os.getenv('VYDEVICE_VERIFY_SSL') + + verify = verify_ssl.lower() == "true" if verify_ssl else True + + device = VyDevice(hostname=hostname, apikey=apikey, port=port, protocol=protocol, verify=verify) + +Using PyVyOS +------------ + +Configure, then Set +^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.configure_set(path=["interfaces", "ethernet", "eth0", "address", "192.168.1.1/24"]) + if not response.error: + print(response.result) + +Configure, then Show a Single Object Value +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.retrieve_return_values(path=["interfaces", "dummy", "dum1", "address"]) + print(response.result) + +Configure, then Show Object +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.retrieve_show_config(path=[]) + if not response.error: + print(response.result) + +Configure, then Delete Object +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.configure_delete(path=["interfaces", "dummy", "dum1"]) + +Configure, then Save +^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.config_file_save() + +Configure, then Save File +------------------------- + +.. code-block:: none + + response = device.config_file_save(file="/config/test300.config") + +Show Object +^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.show(path=["system", "image"]) + print(response.result) + +Generate Object +^^^^^^^^^^^^^^^^ + +.. code-block:: none + + randstring = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(20)) + keyrand = f'/tmp/key_{randstring}' + response = device.generate(path=["ssh", "client-key", keyrand]) + +Reset Object +^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.reset(path=["conntrack-sync", "internal-cache"]) + if not response.error: + print(response.result) + +Configure, then Load File +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.config_file_load(file="/config/test300.config") + + +.. _pyvyos: https://github.com/robertoberto/pyvyos
\ No newline at end of file diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 05adb0c5..d0d71d55 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,71 @@ _ext/releasenotes.py +2023-12-29 +========== + +* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface`` + + +2023-12-22 +========== + +* :vytask:`T4760` ``(bug): VyOS does not support running multiple instances of DHCPv6 clients`` + + +2023-12-21 +========== + +* :vytask:`T5714` ``(bug): IPSec VPN: op-mode: "show log vpn" does not show results`` +* :vytask:`T3039` ``(feature): Resize a root partition and filesystem automatically during deployment in virtual environments`` +* :vytask:`T2404` ``(bug): Cannot change MTU`` +* :vytask:`T2353` ``(bug): Interface [conf_mode] errors parent task`` +* :vytask:`T5796` ``(bug): Openconnect - HTTPS security headers are missing`` + + +2023-12-19 +========== + +* :vytask:`T2116` ``(feature): Processing configuration via Cloud-init User-Data`` + + +2023-12-18 +========== + +* :vytask:`T2191` ``(feature): Using tallow to block sshd probes`` + + +2023-12-15 +========== + +* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` + + +2023-12-12 +========== + +* :vytask:`T5817` ``(bug): Show openvpn server fails in some cases`` +* :vytask:`T5413` ``(default): Deny the opportunity to use one public/private key pair on both wireguard peers.`` + + +2023-11-30 +========== + +* :vytask:`T4601` ``(bug): dhcp : relay agent IP address issue.`` + + +2023-11-28 +========== + +* :vytask:`T5777` ``(bug): frr: backport and upstream recent bgpd daemon crashes`` + + +2023-11-27 +========== + +* :vytask:`T5763` ``(bug): Fix imprecise check for remote file name in vyos-load-config.py`` + + 2023-11-25 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index d22cfb7a..7a4c96c0 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,235 @@ _ext/releasenotes.py +2024-01-07 +========== + +* :vytask:`T5891` ``(bug): OpenVPN IPv6 config issue with 1.4-rc1`` +* :vytask:`T5887` ``(feature): Upgrade Linux Kernel to 6.6.y (2023 LTS edition)`` + + +2024-01-06 +========== + +* :vytask:`T3670` ``(feature): Option to disable HTTP port 80 redirect`` + + +2024-01-05 +========== + +* :vytask:`T3642` ``(feature): PKI configuration`` +* :vytask:`T5894` ``(feature): Extend get_config_dict() with additional parameter with_pki that defaults to False`` + + +2024-01-04 +========== + +* :vytask:`T4072` ``(feature): Feature Request: Firewall on bridge interfaces`` +* :vytask:`T3459` ``(default): Inform the user when unable to install outdated image`` + + +2024-01-03 +========== + +* :vytask:`T5880` ``(bug): verify_source_interface should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces`` +* :vytask:`T5879` ``(bug): tunnel: sourceing from dynamic pppoe0 interface will fail on reboots`` +* :vytask:`T4500` ``(bug): Missing firewall logs`` + + +2024-01-02 +========== + +* :vytask:`T5885` ``(default): image-tools: relax restriction on image-name length from 32 to 64`` + + +2024-01-01 +========== + +* :vytask:`T5883` ``(bug): Preserve file ownership in /config subdirs on add system image`` +* :vytask:`T5474` ``(feature): Establish common file name pattern for XML conf mode commands`` + + +2023-12-30 +========== + +* :vytask:`T5875` ``(bug): login: removing and re-adding a user keeps the home directory but UID will change, thus SSH keys no longer work`` +* :vytask:`T5653` ``(feature): Command to display fingerprint`` + + +2023-12-29 +========== + +* :vytask:`T5829` ``(bug): Can't Add IPv6 Address to Containers`` +* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface`` +* :vytask:`T5869` ``(bug): vyos.template.first_host_address() does not honor RFC4291 section 2.6.1`` + + +2023-12-28 +========== + +* :vytask:`T4163` ``(feature): [BMP-BGP] Routing monitoring feature`` +* :vytask:`T5867` ``(feature): Upgrade podman to Debian Trixie version 4.7.x`` +* :vytask:`T5866` ``(feature): Add op-mode command to restart IPv6 RA daemon`` +* :vytask:`T5861` ``(bug): Flavor build system fails with third-party packages`` +* :vytask:`T5854` ``(feature): Extend override-default script to allow embedded defaultValue settings`` +* :vytask:`T5566` ``(feature): Be able to disable 802.3az/EEE (energy efficient ethernet) for a particular interface`` +* :vytask:`T5792` ``(default): Upgrade ddclient 3.11.2 release`` + + +2023-12-25 +========== + +* :vytask:`T5855` ``(feature): Migrate "set service lldp snmp enable" -> `set service lldp snmp"`` +* :vytask:`T5837` ``(bug): vyos.configdict.node_changed does not return keys per adding`` +* :vytask:`T5856` ``(bug): SNMP service removal fails`` + + +2023-12-24 +========== + +* :vytask:`T5853` ``(default): Typo interfaces-virtual-ethernet.xml.in`` + + +2023-12-22 +========== + +* :vytask:`T5811` ``(bug): static dhcp-interface routes not installed`` +* :vytask:`T5804` ``(bug): SNAT "any" interface error`` +* :vytask:`T4760` ``(bug): VyOS does not support running multiple instances of DHCPv6 clients`` + + +2023-12-21 +========== + +* :vytask:`T5778` ``(bug): The show dhcp server leases operation mode command does not work as expected`` +* :vytask:`T5775` ``(default): Migrated Firewall Global State Policy ineffective on latest firewall zone config`` +* :vytask:`T5637` ``(bug): Firewall default-action log`` +* :vytask:`T5796` ``(bug): Openconnect - HTTPS security headers are missing`` +* :vytask:`T3580` ``(feature): Refactoring firewall ipv6 rule icmpv6`` +* :vytask:`T2898` ``(feature): Support NDP proxy`` +* :vytask:`T2229` ``(feature): PPPOE Default Queue type selection`` + + +2023-12-20 +========== + +* :vytask:`T5823` ``(feature): Protocol BGP add default values for config dictionary`` +* :vytask:`T5798` ``(enhancment): reverse-proxy load-balancing service should support multiple certificates for frontend`` + + +2023-12-19 +========== + +* :vytask:`T5828` ``(default): Fix GRUB installation on arm64`` + + +2023-12-18 +========== + +* :vytask:`T5751` ``(feature): Adjust new image tools for non-interactive use`` +* :vytask:`T5831` ``(feature): show system image should reverse order by addition date`` +* :vytask:`T5825` ``(bug): image-tools: restore authentication on 'add system image'`` +* :vytask:`T5821` ``(bug): image-tools: restore vrf-aware 'add system image'`` +* :vytask:`T5819` ``(bug): Don't echo password on install image`` +* :vytask:`T5806` ``(bug): Clear old raid data on new install image`` +* :vytask:`T5789` ``(bug): image-tools should copy ssh host keys on image update`` +* :vytask:`T5758` ``(default): Restore scanning configs when live installing`` + + +2023-12-15 +========== + +* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` +* :vytask:`T5803` ``(default): git/github: Adjust configuration for safe and baseline defaults`` + + +2023-12-14 +========== + +* :vytask:`T5773` ``(bug): Unable to load config via HTTP`` +* :vytask:`T5816` ``(bug): BGP Large Community List Validation Broken`` +* :vytask:`T5812` ``(bug): rollback check max revision number does not work`` +* :vytask:`T5749` ``(feature): Show MAC address VRF and MTU by default for "show interfaces"`` +* :vytask:`T5774` ``(bug): commit-archive to FTP server broken after update (VyOS 1.5-rolling)`` +* :vytask:`T5826` ``(default): Add dmicode as an explicit dependency`` +* :vytask:`T5793` ``(default): mdns-repeater: Cleanup avahi-daemon configuration in /etc`` + + +2023-12-13 +========== + +* :vytask:`T591` ``(feature): Support SRv6`` + + +2023-12-12 +========== + +* :vytask:`T4704` ``(feature): Allow to set metric (MED) to rtt with rtt,+rtt or -rtt`` +* :vytask:`T5815` ``(enhancment): Add load_config module`` +* :vytask:`T5413` ``(default): Deny the opportunity to use one public/private key pair on both wireguard peers.`` + + +2023-12-11 +========== + +* :vytask:`T5741` ``(bug): WAN Load Balancing failover route tables aren't created`` + + +2023-12-10 +========== + +* :vytask:`T5658` ``(default): Add VRF support for mtr`` + + +2023-12-09 +========== + +* :vytask:`T5808` ``(bug): op-mode: ipv6 ospfv3 graceful-restart description contains incorrect info`` +* :vytask:`T5802` ``(bug): ping (ip or hostname) interface <tab> produces error`` +* :vytask:`T5747` ``(feature): op-mode add MAC VRF and MTU for show interfaces summary`` +* :vytask:`T3983` ``(bug): show pki certificate Doesnt show x509 certificates`` + + +2023-12-08 +========== + +* :vytask:`T5782` ``(enhancment): Use a single config mode script for https and http-api`` +* :vytask:`T5768` ``(enhancment): Remove auxiliary http-api.conf for simplification of http-api config mode script`` +* :vytask:`T5809` ``(default): Enable GRUB support for gzip compressed kernels`` + + +2023-12-04 +========== + +* :vytask:`T5769` ``(bug): VTI tunnels lose their v6 Link Local addresses when set down/up`` + + +2023-12-03 +========== + +* :vytask:`T5753` ``(feature): Add VXLAN vnifilter support`` +* :vytask:`T5759` ``(feature): Change VXLAN default MTU to 1500 bytes`` + + +2023-11-30 +========== + +* :vytask:`T4601` ``(bug): dhcp : relay agent IP address issue.`` + + +2023-11-28 +========== + +* :vytask:`T4276` ``(bug): IPsec peers dh-group negotiation issue with pfs enabled and multiple proposals configured with IKEv1`` + + +2023-11-27 +========== + +* :vytask:`T5763` ``(bug): Fix imprecise check for remote file name in vyos-load-config.py`` +* :vytask:`T5783` ``(feature): frr: smoketests must notice any daemon crash`` + + 2023-11-26 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index e24aca9a..631ccf91 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,210 @@ _ext/releasenotes.py +2024-01-07 +========== + +* :vytask:`T5899` ``(feature): VyOS vm images use bookworm repo`` +* :vytask:`T5887` ``(feature): Upgrade Linux Kernel to 6.6.y (2023 LTS edition)`` + + +2024-01-06 +========== + +* :vytask:`T3214` ``(bug): OpenVPN IPv6 fixes`` + + +2024-01-05 +========== + +* :vytask:`T5894` ``(feature): Extend get_config_dict() with additional parameter with_pki that defaults to False`` + + +2024-01-03 +========== + +* :vytask:`T5880` ``(bug): verify_source_interface should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces`` +* :vytask:`T5879` ``(bug): tunnel: sourceing from dynamic pppoe0 interface will fail on reboots`` + + +2024-01-02 +========== + +* :vytask:`T5885` ``(default): image-tools: relax restriction on image-name length from 32 to 64`` + + +2024-01-01 +========== + +* :vytask:`T5883` ``(bug): Preserve file ownership in /config subdirs on add system image`` +* :vytask:`T5474` ``(feature): Establish common file name pattern for XML conf mode commands`` + + +2023-12-30 +========== + +* :vytask:`T5875` ``(bug): login: removing and re-adding a user keeps the home directory but UID will change, thus SSH keys no longer work`` +* :vytask:`T5653` ``(feature): Command to display fingerprint`` + + +2023-12-29 +========== + +* :vytask:`T5829` ``(bug): Can't Add IPv6 Address to Containers`` +* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface`` +* :vytask:`T5869` ``(bug): vyos.template.first_host_address() does not honor RFC4291 section 2.6.1`` + + +2023-12-28 +========== + +* :vytask:`T5827` ``(bug): image-tools: 'show system image' Command Not in Order`` +* :vytask:`T4163` ``(feature): [BMP-BGP] Routing monitoring feature`` +* :vytask:`T5867` ``(feature): Upgrade podman to Debian Trixie version 4.7.x`` +* :vytask:`T5866` ``(feature): Add op-mode command to restart IPv6 RA daemon`` +* :vytask:`T5861` ``(bug): Flavor build system fails with third-party packages`` +* :vytask:`T5854` ``(feature): Extend override-default script to allow embedded defaultValue settings`` +* :vytask:`T5566` ``(feature): Be able to disable 802.3az/EEE (energy efficient ethernet) for a particular interface`` +* :vytask:`T5792` ``(default): Upgrade ddclient 3.11.2 release`` + + +2023-12-25 +========== + +* :vytask:`T5855` ``(feature): Migrate "set service lldp snmp enable" -> `set service lldp snmp"`` +* :vytask:`T5837` ``(bug): vyos.configdict.node_changed does not return keys per adding`` +* :vytask:`T5856` ``(bug): SNMP service removal fails`` + + +2023-12-23 +========== + +* :vytask:`T5678` ``(feature): Improvements in PPPoE configuration`` + + +2023-12-22 +========== + +* :vytask:`T5804` ``(bug): SNAT "any" interface error`` + + +2023-12-21 +========== + +* :vytask:`T5807` ``(bug): NAT66 op-mode bugs`` +* :vytask:`T5778` ``(bug): The show dhcp server leases operation mode command does not work as expected`` +* :vytask:`T5775` ``(default): Migrated Firewall Global State Policy ineffective on latest firewall zone config`` +* :vytask:`T5676` ``(bug): NAT66 source rule with negation source/destination prefix causes TypeError`` +* :vytask:`T5637` ``(bug): Firewall default-action log`` +* :vytask:`T5796` ``(bug): Openconnect - HTTPS security headers are missing`` + + +2023-12-20 +========== + +* :vytask:`T5823` ``(feature): Protocol BGP add default values for config dictionary`` +* :vytask:`T5798` ``(enhancment): reverse-proxy load-balancing service should support multiple certificates for frontend`` + + +2023-12-19 +========== + +* :vytask:`T5828` ``(default): Fix GRUB installation on arm64`` + + +2023-12-18 +========== + +* :vytask:`T5751` ``(feature): Adjust new image tools for non-interactive use`` +* :vytask:`T5831` ``(feature): show system image should reverse order by addition date`` +* :vytask:`T5825` ``(bug): image-tools: restore authentication on 'add system image'`` +* :vytask:`T5821` ``(bug): image-tools: restore vrf-aware 'add system image'`` +* :vytask:`T5819` ``(bug): Don't echo password on install image`` +* :vytask:`T5806` ``(bug): Clear old raid data on new install image`` +* :vytask:`T5789` ``(bug): image-tools should copy ssh host keys on image update`` +* :vytask:`T5758` ``(default): Restore scanning configs when live installing`` + + +2023-12-15 +========== + +* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` +* :vytask:`T5770` ``(bug): MACsec not encrypting`` +* :vytask:`T5803` ``(default): git/github: Adjust configuration for safe and baseline defaults`` + + +2023-12-14 +========== + +* :vytask:`T5773` ``(bug): Unable to load config via HTTP`` +* :vytask:`T5816` ``(bug): BGP Large Community List Validation Broken`` +* :vytask:`T5812` ``(bug): rollback check max revision number does not work`` +* :vytask:`T5749` ``(feature): Show MAC address VRF and MTU by default for "show interfaces"`` +* :vytask:`T5774` ``(bug): commit-archive to FTP server broken after update (VyOS 1.5-rolling)`` +* :vytask:`T5826` ``(default): Add dmicode as an explicit dependency`` +* :vytask:`T5793` ``(default): mdns-repeater: Cleanup avahi-daemon configuration in /etc`` + + +2023-12-13 +========== + +* :vytask:`T591` ``(feature): Support SRv6`` + + +2023-12-12 +========== + +* :vytask:`T5815` ``(enhancment): Add load_config module`` + + +2023-12-11 +========== + +* :vytask:`T5741` ``(bug): WAN Load Balancing failover route tables aren't created`` + + +2023-12-10 +========== + +* :vytask:`T5658` ``(default): Add VRF support for mtr`` + + +2023-12-09 +========== + +* :vytask:`T5808` ``(bug): op-mode: ipv6 ospfv3 graceful-restart description contains incorrect info`` +* :vytask:`T5802` ``(bug): ping (ip or hostname) interface <tab> produces error`` +* :vytask:`T5747` ``(feature): op-mode add MAC VRF and MTU for show interfaces summary`` +* :vytask:`T3983` ``(bug): show pki certificate Doesnt show x509 certificates`` + + +2023-12-08 +========== + +* :vytask:`T5782` ``(enhancment): Use a single config mode script for https and http-api`` +* :vytask:`T5768` ``(enhancment): Remove auxiliary http-api.conf for simplification of http-api config mode script`` + + +2023-12-04 +========== + +* :vytask:`T5769` ``(bug): VTI tunnels lose their v6 Link Local addresses when set down/up`` + + +2023-12-03 +========== + +* :vytask:`T5753` ``(feature): Add VXLAN vnifilter support`` +* :vytask:`T5759` ``(feature): Change VXLAN default MTU to 1500 bytes`` + + +2023-11-27 +========== + +* :vytask:`T5763` ``(bug): Fix imprecise check for remote file name in vyos-load-config.py`` +* :vytask:`T5783` ``(feature): frr: smoketests must notice any daemon crash`` + + 2023-11-26 ========== diff --git a/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf b/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf index 9c4b612a..20c8dd10 100644 --- a/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf +++ b/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf @@ -8,6 +8,7 @@ set protocols static route 10.0.10.0/24 next-hop 10.0.20.254 set protocols static route 192.168.0.0/24 next-hop 127.16.0.2 set service dhcp-server listen-address '172.16.0.1' set service dhcp-server shared-network-name DHCPTun100 authoritative -set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 default-router '192.168.0.254' +set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 option default-router '192.168.0.254' set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 range 0 start '192.168.0.30' -set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 range 0 stop '192.168.0.30'
\ No newline at end of file +set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 range 0 stop '192.168.0.30' +set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 subnet-id '1'
\ No newline at end of file diff --git a/docs/configexamples/autotest/Wireguard/Wireguard.log b/docs/configexamples/autotest/Wireguard/Wireguard.log index 25bde79c..483b0e86 100644 --- a/docs/configexamples/autotest/Wireguard/Wireguard.log +++ b/docs/configexamples/autotest/Wireguard/Wireguard.log @@ -1,752 +1,767 @@ -2023-08-31 21:36:47,446 p=71926 u=rob n=ansible | PLAY [Automatic VyOS Lab test] ********************************************************************************************************************************************************************* -2023-08-31 21:36:47,487 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: fail if node_template_iso is empty] ************************************************************************************************************************** -2023-08-31 21:36:47,501 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:36:47,507 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:47,508 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:47,512 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:47,515 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: fail if node_template_version is empty] ********************************************************************************************************************** -2023-08-31 21:36:47,528 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:36:47,535 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:47,537 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:47,542 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:47,545 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: install requirements] **************************************************************************************************************************************** -2023-08-31 21:36:47,563 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:47,566 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:47,570 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:55,614 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:36:55,628 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:36:55,658 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:55,662 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:55,668 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:56,520 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:36:56,528 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: get template facts] ****************************************************************************************************************************************** -2023-08-31 21:36:56,555 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:56,558 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:56,563 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:57,042 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:36:57,050 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Register path status] **************************************************************************************************************************************** -2023-08-31 21:36:57,080 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:57,081 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:57,087 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:57,290 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:36:57,294 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create path] ************************************************************************************************************************************************* -2023-08-31 21:36:57,316 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:57,317 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:57,322 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:57,559 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:36:57,564 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Upload iso to eve-ng] **************************************************************************************************************************************** -2023-08-31 21:36:57,587 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:57,590 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:57,597 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:45,806 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:37:45,818 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create virtioa.qcow2 file] *********************************************************************************************************************************** -2023-08-31 21:37:45,849 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:45,852 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:45,857 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:46,082 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:37:46,087 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:37:46,113 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:46,113 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:46,119 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:46,825 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:46,834 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create lab for node install] ********************************************************************************************************************************* -2023-08-31 21:37:46,868 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:46,871 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:46,876 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:47,520 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:47,529 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: open lab] **************************************************************************************************************************************************** -2023-08-31 21:37:47,558 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:47,562 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:47,567 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:48,030 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:48,039 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] *************************************************************************************************************************************************************** -2023-08-31 21:37:48,070 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:48,073 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:48,073 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:48,078 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:48,082 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: add node to lab] ********************************************************************************************************************************************* -2023-08-31 21:37:48,103 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:48,106 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:48,110 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:48,677 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:48,686 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: start node] ************************************************************************************************************************************************** -2023-08-31 21:37:48,717 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:48,721 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:48,726 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:50,314 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:50,323 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : debug] ****************************************************************************************************************************************************************** -2023-08-31 21:37:50,356 p=71926 u=rob n=ansible | ok: [eveng] => { - "msg": { - "cache_control": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0", - "changed": false, - "connection": "close", - "content": "{\"code\":200,\"status\":\"success\",\"message\":\"Node started (80049).\"}", - "content_length": "65", - "content_type": "application/json", - "cookies": {}, - "cookies_string": "", - "date": "Thu, 31 Aug 2023 19:37:49 GMT", - "elapsed": 1, - "expires": "Thu, 19 Nov 1981 08:52:00 GMT", - "failed": false, - "json": { - "code": 200, - "message": "Node started (80049).", - "status": "success" - }, - "msg": "OK (65 bytes)", - "pragma": "no-cache, no-cache", - "redirected": false, - "server": "Apache/2.4.41 (Ubuntu)", - "status": 200, - "url": "https://127.0.0.1/api/labs/node_create_lab_name.unl/nodes/1/start", - "x_powered_by": "Unified Networking Lab API" - } -} -2023-08-31 21:37:50,357 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:50,357 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:50,363 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:50,366 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: get node infos] ********************************************************************************************************************************************** -2023-08-31 21:37:50,385 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:50,388 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:50,393 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:50,931 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:50,938 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] *************************************************************************************************************************************************************** -2023-08-31 21:37:50,970 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:50,972 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:50,972 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:50,978 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:50,982 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: copy file] *************************************************************************************************************************************************** -2023-08-31 21:37:51,001 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:51,003 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:51,008 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:51,541 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:37:51,547 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: run expect script] ******************************************************************************************************************************************* -2023-08-31 21:37:51,569 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:51,571 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:51,576 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:38:52,093 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:38:52,096 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie (due timeout)] **************************************************************************************************************** -2023-08-31 21:38:52,115 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:38:52,118 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:38:52,123 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:38:52,887 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:38:52,895 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: stop node] *************************************************************************************************************************************************** -2023-08-31 21:38:52,927 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:38:52,930 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:38:52,936 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:38:54,029 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:38:54,039 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Pause to wait node is shutdown] ****************************************************************************************************************************** -2023-08-31 21:38:54,065 p=71926 u=rob n=ansible | Pausing for 10 seconds -2023-08-31 21:38:54,065 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:39:04,082 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:04,093 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: delete iso] ************************************************************************************************************************************************** -2023-08-31 21:39:04,120 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:04,124 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:04,130 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:04,361 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:39:04,373 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: commit virtioa.qcow2] **************************************************************************************************************************************** -2023-08-31 21:39:04,408 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:04,411 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:04,417 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:05,745 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:39:05,757 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: delete lab for node install] ********************************************************************************************************************************* -2023-08-31 21:39:05,789 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:05,792 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:05,798 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:06,467 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:06,486 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Get env file content] ****************************************************************************************************************************************************** -2023-08-31 21:39:06,735 p=71926 u=rob n=ansible | ok: [vyos-oobm -> localhost] -2023-08-31 21:39:06,735 p=71926 u=rob n=ansible | ok: [branch -> localhost] -2023-08-31 21:39:06,735 p=71926 u=rob n=ansible | ok: [central -> localhost] -2023-08-31 21:39:06,735 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:39:06,738 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Load facts] ***************************************************************************************************************************************************** -2023-08-31 21:39:06,760 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:07,757 p=71926 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:39:07,763 p=71926 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko +2024-01-13 13:43:51,001 p=4891 u=rob n=ansible | PLAY [Automatic VyOS Lab test] ******************************************************************************************* +2024-01-13 13:43:51,019 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: fail if node_template_iso is empty] ************************************************ +2024-01-13 13:43:51,032 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:51,033 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:51,033 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:51,036 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:51,038 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: fail if node_template_version is empty] ******************************************** +2024-01-13 13:43:51,046 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:51,050 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:51,052 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:51,055 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:51,056 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: install requirements] ************************************************************** +2024-01-13 13:43:51,068 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:51,068 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:51,071 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:54,278 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:54,280 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:43:54,290 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:54,292 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:54,295 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:55,292 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:55,294 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: get template facts] **************************************************************** +2024-01-13 13:43:55,305 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:55,307 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:55,309 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:55,857 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:55,859 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Register path status] ************************************************************** +2024-01-13 13:43:55,870 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:55,871 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:55,874 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,154 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:56,156 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create path] *********************************************************************** +2024-01-13 13:43:56,168 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,168 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,169 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,172 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,174 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Upload iso to eve-ng] ************************************************************** +2024-01-13 13:43:56,184 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,185 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,186 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,188 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,190 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create virtioa.qcow2 file] ********************************************************* +2024-01-13 13:43:56,201 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,202 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,202 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,206 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,208 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:43:56,218 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,218 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,219 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,223 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,224 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create lab for node install] ******************************************************* +2024-01-13 13:43:56,236 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,236 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,238 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,240 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,242 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: open lab] ************************************************************************** +2024-01-13 13:43:56,252 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,252 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,254 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,256 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,257 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] ************************************************************************************* +2024-01-13 13:43:56,267 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,268 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,269 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,272 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,273 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: add node to lab] ******************************************************************* +2024-01-13 13:43:56,284 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,284 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,285 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,288 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,290 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: start node] ************************************************************************ +2024-01-13 13:43:56,301 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,302 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,302 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,305 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,306 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : debug] **************************************************************************************** +2024-01-13 13:43:56,316 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,317 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,318 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,321 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,323 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: get node infos] ******************************************************************** +2024-01-13 13:43:56,333 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,334 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,335 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,338 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,339 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] ************************************************************************************* +2024-01-13 13:43:56,349 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,349 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,351 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,353 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,356 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: copy file] ************************************************************************* +2024-01-13 13:43:56,367 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,368 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,368 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,370 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,372 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: run expect script] ***************************************************************** +2024-01-13 13:43:56,382 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,382 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,383 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,386 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,387 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie (due timeout)] ************************************** +2024-01-13 13:43:56,397 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,398 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,398 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,401 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,403 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: stop node] ************************************************************************* +2024-01-13 13:43:56,413 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,413 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,414 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,417 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,419 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Pause to wait node is shutdown] **************************************************** +2024-01-13 13:43:56,425 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,426 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: delete iso] ************************************************************************ +2024-01-13 13:43:56,437 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,437 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,438 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,441 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,443 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: commit virtioa.qcow2] ************************************************************** +2024-01-13 13:43:56,454 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,454 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,455 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,458 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,460 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: delete lab for node install] ******************************************************* +2024-01-13 13:43:56,470 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,470 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,471 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,474 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,477 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Get env file content] **************************************************************************** +2024-01-13 13:43:56,693 p=4891 u=rob n=ansible | ok: [central -> localhost] +2024-01-13 13:43:56,693 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:43:56,693 p=4891 u=rob n=ansible | ok: [branch -> localhost] +2024-01-13 13:43:56,693 p=4891 u=rob n=ansible | ok: [oobm-xcnelw -> localhost] +2024-01-13 13:43:56,695 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Load facts] *************************************************************************** +2024-01-13 13:43:56,709 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:56,729 p=4891 u=rob n=ansible | ok: [oobm-xcnelw] +2024-01-13 13:43:56,731 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:43:56,734 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:43:56,735 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : decode oobm default startupconfig] *************************************************************** +2024-01-13 13:43:56,746 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,748 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,751 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,752 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:56,754 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: fail if node_template_version is empty] *********************************************** +2024-01-13 13:43:56,762 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,766 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,767 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,770 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,771 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:43:56,784 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,784 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,787 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:57,729 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:57,731 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: get running lab list] ***************************************************************** +2024-01-13 13:43:57,742 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:57,743 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:57,746 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:58,334 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:58,336 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: kill running lab] ********************************************************************* +2024-01-13 13:43:58,344 p=4891 u=rob n=ansible | [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: +(response.json.message != "No nodes running (60071).") and (item.labname == "{{ eve_ng_folder_name }}/{{ lab }}") -2023-08-31 21:39:07,763 p=71926 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:39:07,777 p=71926 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko +2024-01-13 13:43:58,346 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:58,347 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': '118775ba-26f6-434a-8dd5-62b0edaa4cd1', 'size': 0.0726, 'sat': '0', 'sat_name': 'master', 'labid': '2', 'labname': '/labtest/DHCPRelay_through_GRE', 'cpu': 0.5, 'mem': 3.01}) +2024-01-13 13:43:58,348 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '588b9164-a3b7-4522-8058-0f6ff6286564', 'size': 0.1878, 'sat': '0', 'sat_name': 'master', 'labid': 1002, 'labname': '/Common\n', 'cpu': 0, 'mem': 0}) +2024-01-13 13:43:58,348 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:58,350 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '61cc6cd0-78f4-4302-830b-482b642a5e74', 'size': 0.534, 'sat': '0', 'sat_name': 'master', 'labid': 1003, 'labname': '/MSS-Clambing\n', 'cpu': 0, 'mem': 0}) +2024-01-13 13:43:58,352 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': 'a0e4e4ed-9da3-4c84-9947-144e76edaa6b', 'size': 0.0791, 'sat': '0', 'sat_name': 'master', 'labid': '1', 'labname': '/labtest/L3VPN_EVPN', 'cpu': 2.33, 'mem': 0.02}) +2024-01-13 13:43:58,352 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:58,354 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': 'd5888368-28aa-4e0a-91b0-e4a068bce911', 'size': 0.322, 'sat': '0', 'sat_name': 'master', 'labid': '3', 'labname': '/labtest/OpenVPN_with_LDAP', 'cpu': 22.33, 'mem': 10.75}) +2024-01-13 13:43:58,355 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:58,357 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: delete existing lab] ****************************************************************** +2024-01-13 13:43:58,368 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:58,368 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:58,371 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:58,948 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:58,950 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Ensure labtest is present] ************************************************************ +2024-01-13 13:43:58,961 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:58,963 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:58,966 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:59,245 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:59,247 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Create Wireguard Lab] ***************************************************************** +2024-01-13 13:43:59,258 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:59,259 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:59,262 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:44:00,058 p=4891 u=rob n=ansible | changed: [eveng] +2024-01-13 13:44:00,060 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:44:00,075 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:44:00,076 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:44:00,079 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:44:00,911 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:44:00,914 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start vyos-oobm] ********************************************************************** +2024-01-13 13:44:00,927 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:44:00,928 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:44:00,933 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:44:02,451 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:44:02,453 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos-oobm] ******************************************************************* +2024-01-13 13:44:02,465 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:44:02,466 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:44:02,470 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:44:03,354 p=4891 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:44:03,355 p=4891 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko -2023-08-31 21:39:07,777 p=71926 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:39:07,779 p=71926 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko - -2023-08-31 21:39:07,779 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:39:07,781 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:39:07,781 p=71926 u=rob n=ansible | ok: [vyos-oobm] -2023-08-31 21:39:07,785 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : debug] ********************************************************************************************************************************************************************* -2023-08-31 21:39:07,814 p=71926 u=rob n=ansible | ok: [eveng] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:39:08,761 p=71926 u=rob n=ansible | ok: [branch] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:39:08,761 p=71926 u=rob n=ansible | ok: [central] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:39:08,762 p=71926 u=rob n=ansible | ok: [vyos-oobm] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:39:08,769 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: fail if node_template_version is empty] ************************************************************************************************************************* -2023-08-31 21:39:08,794 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:39:08,804 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:08,807 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:08,811 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:08,815 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:39:08,833 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:08,836 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:08,841 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:09,569 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:09,579 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: get running lab list] ******************************************************************************************************************************************* -2023-08-31 21:39:09,611 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:09,612 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:09,618 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:10,083 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:10,093 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: kill running lab] *********************************************************************************************************************************************** -2023-08-31 21:39:10,126 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:10,127 p=71926 u=rob n=ansible | [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item.labname == "{{ eve_ng_folder_name }}/{{ lab }}" - -2023-08-31 21:39:10,130 p=71926 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '0fc5edef-8cf2-4400-9a1c-0c4c41a1a881', 'size': 0.1996, 'sat': '0', 'sat_name': 'master', 'labid': 1001, 'labname': '/ecmp wireguard\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:39:10,132 p=71926 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '588b9164-a3b7-4522-8058-0f6ff6286564', 'size': 1.0595, 'sat': '0', 'sat_name': 'master', 'labid': 1002, 'labname': '/Common\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:39:10,134 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:10,134 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:10,137 p=71926 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '9785926c-63ec-42c0-a1ca-a386b9013151', 'size': 0.4469, 'sat': '0', 'sat_name': 'master', 'labid': 1003, 'labname': '/layer2 via IPSec\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:39:10,139 p=71926 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': 'aa98095e-3b64-45aa-b883-e2b7fdfac08c', 'size': 0.5229, 'sat': '0', 'sat_name': 'master', 'labid': 1004, 'labname': '/ospf\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:39:10,140 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:39:10,144 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: delete existing lab] ******************************************************************************************************************************************** -2023-08-31 21:39:10,162 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:10,164 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:10,170 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:10,600 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:10,611 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Ensure labtest is present] ************************************************************************************************************************************** -2023-08-31 21:39:10,640 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:10,643 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:10,650 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:10,798 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:10,807 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Create Wireguard Lab] ******************************************************************************************************************************************* -2023-08-31 21:39:10,837 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:10,840 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:10,846 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:11,322 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:39:11,331 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:39:11,362 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:11,365 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:11,370 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:12,042 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:12,049 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start vyos-oobm] ************************************************************************************************************************************************ -2023-08-31 21:39:12,079 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:12,082 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:12,091 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:13,161 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:13,172 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos-oobm] ********************************************************************************************************************************************* -2023-08-31 21:39:13,201 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:39:13,204 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:13,210 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:14,088 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:39:44,102 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:39:44,107 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:39:44,107 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:39:44,107 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:39:44,107 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:39:44,110 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:39:44,110 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:15,137 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:40:15,138 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:40:15,138 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:40:15,141 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:40:15,141 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:40:15,141 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:40:15,141 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:46,155 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:40:46,156 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:47,928 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:40:48,182 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Authentication (publickey) successful! -2023-08-31 21:40:49,243 p=71926 u=rob n=ansible | ok: [vyos-oobm] -2023-08-31 21:40:49,246 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:40:49,266 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:40:49,269 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:40:49,275 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:40:50,220 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:40:50,224 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: get lab status] ************************************************************************************************************************************************* -2023-08-31 21:40:50,252 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:40:50,255 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:40:50,261 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:40:50,772 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:40:50,776 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start all nodes] ************************************************************************************************************************************************ -2023-08-31 21:40:50,795 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:40:50,799 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:40:50,803 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:40:51,376 p=71926 u=rob n=ansible | ok: [eveng] => (item=1) -2023-08-31 21:40:52,420 p=71926 u=rob n=ansible | ok: [eveng] => (item=4) -2023-08-31 21:40:53,681 p=71926 u=rob n=ansible | ok: [eveng] => (item=6) -2023-08-31 21:40:54,642 p=71926 u=rob n=ansible | ok: [eveng] => (item=2) -2023-08-31 21:40:55,580 p=71926 u=rob n=ansible | ok: [eveng] => (item=3) -2023-08-31 21:40:55,598 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ******************************************************************************************************************************************** -2023-08-31 21:40:55,628 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:40:55,628 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:40:56,551 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:40:56,552 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:41:13,459 p=72315 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs. +2024-01-13 13:44:03,357 p=4891 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This +feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in +ansible.cfg. +2024-01-13 13:46:02,775 p=5217 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs. See the timeout setting options in the Network Debug and Troubleshooting Guide. -2023-08-31 21:41:13,567 p=72315 u=rob n=ansible | shutdown complete -2023-08-31 21:41:26,577 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:41:26,583 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:41:26,583 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:41:26,583 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf += self._read_timeout(timeout) -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise socket.timeout() -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | socket.timeout -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: -2023-08-31 21:41:26,584 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | self._check_banner() -2023-08-31 21:41:26,586 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:41:26,586 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise SSHException( -2023-08-31 21:41:26,586 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:41:26,586 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:26,588 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:41:26,588 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:41:26,588 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise socket.timeout() -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | socket.timeout -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | self._check_banner() -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:41:26,591 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise SSHException( -2023-08-31 21:41:26,591 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:41:26,591 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:57,640 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:41:57,641 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:41:57,641 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise socket.timeout() -2023-08-31 21:41:57,642 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | socket.timeout -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf += self._read_timeout(timeout) -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | self._check_banner() -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise socket.timeout() -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise SSHException( -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | socket.timeout -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | self._check_banner() -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise SSHException( -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:41:57,646 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:42:28,697 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:42:28,697 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:42:28,698 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:42:28,698 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf += self._read_timeout(timeout) -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise socket.timeout() -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise socket.timeout() -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | socket.timeout -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | socket.timeout -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | self._check_banner() -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | self._check_banner() -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise SSHException( -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise SSHException( -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:42:28,702 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:42:28,702 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:42:30,750 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:42:30,753 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:42:31,019 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Authentication (publickey) successful! -2023-08-31 21:42:31,024 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Authentication (publickey) successful! -2023-08-31 21:42:32,367 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:42:32,367 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:42:32,369 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : generate pki wireguard key-pair] ******************************************************************************************************************************************* -2023-08-31 21:42:32,386 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:32,393 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:33,327 p=72314 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use +2024-01-13 13:46:02,887 p=5217 u=rob n=ansible | shutdown complete +2024-01-13 13:46:38,493 p=5211 u=rob n=p=5211 u=rob | paramiko [oobm-xcnelw] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:46:38,800 p=5211 u=rob n=p=5211 u=rob | paramiko [oobm-xcnelw] | Authentication (publickey) successful! +2024-01-13 13:46:40,108 p=4891 u=rob n=ansible | ok: [oobm-xcnelw] +2024-01-13 13:46:40,110 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:46:40,121 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:46:40,121 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:46:40,124 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:46:41,244 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:46:41,249 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: get lab status] *********************************************************************** +2024-01-13 13:46:41,267 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:46:41,269 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:46:41,273 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:46:41,842 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:46:41,847 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start all nodes] ********************************************************************** +2024-01-13 13:46:41,867 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:46:41,869 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:46:41,872 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:46:42,373 p=4891 u=rob n=ansible | ok: [eveng] => (item=1) +2024-01-13 13:46:43,474 p=4891 u=rob n=ansible | ok: [eveng] => (item=4) +2024-01-13 13:46:44,793 p=4891 u=rob n=ansible | ok: [eveng] => (item=6) +2024-01-13 13:46:45,990 p=4891 u=rob n=ansible | ok: [eveng] => (item=2) +2024-01-13 13:46:46,917 p=4891 u=rob n=ansible | ok: [eveng] => (item=3) +2024-01-13 13:46:46,924 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ****************************************************************** +2024-01-13 13:46:46,940 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:46:46,944 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:46:47,861 p=4891 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:46:47,861 p=4891 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:47:17,890 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:17,892 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:17,893 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:17,893 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:17,894 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:17,894 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:17,894 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:47:17,895 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:17,895 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:17,895 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:17,895 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:47:17,895 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:47:17,896 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:17,896 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:17,896 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:17,896 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:17,896 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:17,897 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:17,897 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:17,897 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:17,897 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:47:17,898 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:17,898 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:17,898 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:17,898 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:17,898 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:47:17,898 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:47:17,899 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:17,899 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:17,899 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:17,899 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:17,900 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:17,900 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:47:17,900 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:17,901 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:47:17,901 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:17,901 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:29,000 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:29,001 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:29,001 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:29,002 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:29,002 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:29,002 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:29,002 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:47:29,003 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:29,004 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:29,004 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:29,004 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:29,004 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:29,004 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:29,004 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:29,005 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:29,005 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:47:29,005 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:29,005 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:29,005 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:29,006 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:47:29,006 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:47:29,006 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:29,006 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:29,006 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:29,006 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:29,007 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:47:29,007 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:47:29,007 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:47:29,009 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:29,009 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:47:29,009 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:29,009 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:40,094 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:40,095 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:40,095 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:40,095 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:40,096 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:40,096 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:40,096 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:47:40,097 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:40,097 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:40,097 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:47:40,097 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:47:40,098 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:40,098 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:40,098 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:40,098 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:40,099 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:40,099 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:47:40,099 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:40,099 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:47:40,100 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:40,100 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:40,106 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:40,107 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:40,107 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:40,107 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:40,107 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:47:40,109 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:47:40,109 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:40,109 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:40,110 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:40,110 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:40,110 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:40,110 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:47:40,111 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:40,111 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:47:40,111 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:40,111 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:51,194 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:51,195 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:51,196 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:51,196 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:51,196 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:51,196 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:51,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:47:51,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:51,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:51,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:47:51,198 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:47:51,198 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:51,198 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:51,199 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:51,199 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:51,199 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:51,199 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:47:51,200 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:51,200 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:47:51,200 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:51,200 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:51,203 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:51,204 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:51,204 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:51,204 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:51,205 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:51,205 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:51,205 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:47:51,205 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:51,206 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:51,206 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:47:51,206 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:47:51,206 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:51,207 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:51,207 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:51,207 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:51,207 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:48:02,304 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:48:02,306 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:48:02,306 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:48:02,306 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:48:02,307 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:02,307 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:48:02,307 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:48:02,307 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:02,308 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:48:02,308 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:48:02,308 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:48:02,308 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:02,309 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:48:02,309 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:02,309 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:48:02,309 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:02,315 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:48:02,316 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:48:02,316 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:48:02,316 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:48:02,317 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:02,317 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:48:02,317 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:48:02,318 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:02,318 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:48:02,318 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:48:02,318 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:48:02,320 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:48:02,320 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:48:02,320 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:48:02,320 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:48:02,321 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:48:06,492 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:48:06,763 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Authentication (publickey) successful! +2024-01-13 13:48:08,056 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:48:13,399 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:48:13,399 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:48:13,400 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:48:13,400 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:48:13,400 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:13,400 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:17,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:48:17,452 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Authentication (publickey) successful! +2024-01-13 13:48:18,609 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:48:18,611 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : generate pki wireguard key-pair] ***************************************************************** +2024-01-13 13:48:18,619 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:18,624 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:19,490 p=5484 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:42:33,328 p=72313 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use +2024-01-13 13:48:19,490 p=5483 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:42:33,985 p=72314 u=rob n=p=72314 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:42:33,991 p=72313 u=rob n=p=72313 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:42:34,239 p=72313 u=rob n=p=72313 u=rob | paramiko [branch] | Authentication (publickey) successful! -2023-08-31 21:42:34,241 p=72314 u=rob n=p=72314 u=rob | paramiko [central] | Authentication (publickey) successful! -2023-08-31 21:42:36,595 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:42:36,596 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:42:36,603 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : set pub and private key] *************************************************************************************************************************************************** -2023-08-31 21:42:36,638 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:36,639 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:37,566 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:42:37,567 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:42:37,575 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : setup nodes] *************************************************************************************************************************************************************** -2023-08-31 21:42:37,609 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:37,610 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:47,693 p=71926 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation +2024-01-13 13:48:20,262 p=5483 u=rob n=p=5483 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:48:20,285 p=5484 u=rob n=p=5484 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:48:20,531 p=5483 u=rob n=p=5483 u=rob | paramiko [central] | Authentication (publickey) successful! +2024-01-13 13:48:20,577 p=5484 u=rob n=p=5484 u=rob | paramiko [branch] | Authentication (publickey) successful! +2024-01-13 13:48:22,964 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:48:23,374 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:48:23,377 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : set pub and private key] ************************************************************************* +2024-01-13 13:48:23,385 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:23,388 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:23,414 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:48:23,415 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:48:23,416 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : setup nodes] ************************************************************************************* +2024-01-13 13:48:23,427 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:23,427 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:36,229 p=4891 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if +present in the running configuration on device including the indentation -2023-08-31 21:42:47,693 p=71926 u=rob n=ansible | changed: [central] -2023-08-31 21:42:47,694 p=71926 u=rob n=ansible | changed: [branch] -2023-08-31 21:42:47,704 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:42:47,736 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:47,739 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:42:47,746 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:42:48,806 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:42:48,816 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************************************************************************************** -2023-08-31 21:42:48,848 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:48,852 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:48,857 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:42:48,863 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:42:48,866 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ************************************************************************************************************************************************ -2023-08-31 21:42:48,880 p=71926 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:42:48,880 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:42:53,894 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:42:53,910 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] ************************************************************************************************************************************************* -2023-08-31 21:42:53,948 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:53,950 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:53,957 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:42:53,959 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:42:53,963 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] *********************************************************************************************************************************************** -2023-08-31 21:42:53,974 p=71926 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:42:53,975 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:42:58,992 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:42:59,006 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ********************************************************************************************************** -2023-08-31 21:42:59,028 p=71926 u=rob n=ansible | Pausing for 30 seconds -2023-08-31 21:42:59,029 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:43:29,046 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:43:29,060 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] *************************************************************************************************************************************************** -2023-08-31 21:43:29,094 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:29,094 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:34,654 p=71926 u=rob n=ansible | ok: [central] => (item=10.0.2.100) -2023-08-31 21:43:34,672 p=71926 u=rob n=ansible | ok: [branch] => (item=10.0.1.100) -2023-08-31 21:43:34,679 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] ****************************************************************************************************************************************** -2023-08-31 21:43:34,700 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:34,711 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:35,790 p=71926 u=rob n=ansible | ok: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) -2023-08-31 21:43:36,170 p=71926 u=rob n=ansible | ok: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) -2023-08-31 21:43:37,255 p=71926 u=rob n=ansible | ok: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) -2023-08-31 21:43:37,274 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] *************************************************************************************************************************************** -2023-08-31 21:43:37,310 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:37,315 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:38,670 p=71926 u=rob n=ansible | ok: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:43:38,677 p=71926 u=rob n=ansible | ok: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:43:42,942 p=71926 u=rob n=ansible | ok: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) -2023-08-31 21:43:42,963 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************************************************************************************** -2023-08-31 21:43:42,994 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:42,997 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:43,921 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:43:43,922 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:43:43,931 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Reboot vyos] **************************************************************************************************************************************************** -2023-08-31 21:43:43,965 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:43,966 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:45,100 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:43:45,100 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:43:45,105 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait while shutdown] ******************************************************************************************************************************************** -2023-08-31 21:43:45,120 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:45,123 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ******************************************************************************************************************************************** -2023-08-31 21:43:45,141 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:45,151 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:46,074 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:43:46,076 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:43:46,892 p=72849 u=rob n=p=72849 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:43:46,895 p=72848 u=rob n=p=72848 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:43:47,166 p=72848 u=rob n=p=72848 u=rob | paramiko [central] | Authentication (publickey) successful! -2023-08-31 21:43:47,173 p=72849 u=rob n=p=72849 u=rob | paramiko [branch] | Authentication (publickey) successful! -2023-08-31 21:43:48,250 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:43:48,250 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:43:48,254 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:43:48,277 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:48,277 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:43:48,282 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:43:50,659 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:43:50,668 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************************************************************************************** -2023-08-31 21:43:50,700 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:50,705 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:50,709 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:43:50,715 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:43:50,718 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ************************************************************************************************************************************************ -2023-08-31 21:43:50,732 p=71926 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:43:50,732 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:43:55,754 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:43:55,764 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] ************************************************************************************************************************************************* -2023-08-31 21:43:55,807 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:55,811 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:55,817 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:43:55,822 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:43:55,826 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] *********************************************************************************************************************************************** -2023-08-31 21:43:55,839 p=71926 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:43:55,839 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:44:00,859 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:44:00,872 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ********************************************************************************************************** -2023-08-31 21:44:00,894 p=71926 u=rob n=ansible | Pausing for 30 seconds -2023-08-31 21:44:00,894 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:44:30,910 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:44:30,924 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] *************************************************************************************************************************************************** -2023-08-31 21:44:30,961 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:30,962 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:36,294 p=71926 u=rob n=ansible | ok: [central] => (item=10.0.2.100) -2023-08-31 21:44:36,301 p=71926 u=rob n=ansible | ok: [branch] => (item=10.0.1.100) -2023-08-31 21:44:36,310 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] ****************************************************************************************************************************************** -2023-08-31 21:44:36,339 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:36,343 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:37,426 p=71926 u=rob n=ansible | ok: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) -2023-08-31 21:44:37,644 p=71926 u=rob n=ansible | ok: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) -2023-08-31 21:44:38,706 p=71926 u=rob n=ansible | ok: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) -2023-08-31 21:44:38,731 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] *************************************************************************************************************************************** -2023-08-31 21:44:38,771 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,775 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,783 p=71926 u=rob n=ansible | skipping: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:44:38,788 p=71926 u=rob n=ansible | skipping: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:44:38,791 p=71926 u=rob n=ansible | skipping: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) -2023-08-31 21:44:38,792 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,792 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,796 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************************************************************************************** -2023-08-31 21:44:38,817 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,819 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,824 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,828 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,833 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: ake sure tmp dir exist] ***************************************************************************************************************************************** -2023-08-31 21:44:38,849 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,857 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,859 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,864 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,867 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register status of tmp/] **************************************************************************************************************************************** -2023-08-31 21:44:38,881 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,889 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,891 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,896 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,900 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: ownload upgrade_iso] ******************************************************************************************************************************************** -2023-08-31 21:44:38,916 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,925 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,925 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,932 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,937 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Copy iso to host] *********************************************************************************************************************************************** -2023-08-31 21:44:38,959 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,960 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,961 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,966 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,969 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: upgrade vyos] *************************************************************************************************************************************************** -2023-08-31 21:44:38,983 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,991 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,993 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,998 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,001 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Reboot vyos] **************************************************************************************************************************************************** -2023-08-31 21:44:39,014 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,021 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,024 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,028 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,031 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait while shutdown] ******************************************************************************************************************************************** -2023-08-31 21:44:39,043 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,046 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ******************************************************************************************************************************************** -2023-08-31 21:44:39,067 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,067 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,069 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,074 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,079 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: clear tmp dir] ************************************************************************************************************************************************** -2023-08-31 21:44:39,090 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,094 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:44:39,114 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,115 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,117 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,121 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,124 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************************************************************************************** -2023-08-31 21:44:39,145 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,148 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,153 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,158 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,161 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ************************************************************************************************************************************************ -2023-08-31 21:44:39,173 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,175 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] ************************************************************************************************************************************************* -2023-08-31 21:44:39,195 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,199 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,203 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,209 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,212 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] *********************************************************************************************************************************************** -2023-08-31 21:44:39,224 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,227 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ********************************************************************************************************** -2023-08-31 21:44:39,237 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,239 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] *************************************************************************************************************************************************** -2023-08-31 21:44:39,259 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,259 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,262 p=71926 u=rob n=ansible | skipping: [central] => (item=10.0.2.100) -2023-08-31 21:44:39,264 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,269 p=71926 u=rob n=ansible | skipping: [branch] => (item=10.0.1.100) -2023-08-31 21:44:39,270 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,273 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] ****************************************************************************************************************************************** -2023-08-31 21:44:39,287 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,295 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,301 p=71926 u=rob n=ansible | skipping: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) -2023-08-31 21:44:39,303 p=71926 u=rob n=ansible | skipping: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) -2023-08-31 21:44:39,304 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,305 p=71926 u=rob n=ansible | skipping: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) -2023-08-31 21:44:39,307 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,310 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] *************************************************************************************************************************************** -2023-08-31 21:44:39,324 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,332 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,338 p=71926 u=rob n=ansible | skipping: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:44:39,340 p=71926 u=rob n=ansible | skipping: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) -2023-08-31 21:44:39,341 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,343 p=71926 u=rob n=ansible | skipping: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:44:39,344 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,347 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************************************************************************************** -2023-08-31 21:44:39,361 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,369 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,372 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,377 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,381 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: make sure output dir exist] ************************************************************************************************************************************* -2023-08-31 21:44:39,404 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,406 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,411 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,531 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:39,535 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: make sure output include dir exist] ***************************************************************************************************************************** -2023-08-31 21:44:39,558 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,561 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,567 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,688 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:39,691 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Get timestamp from the system] ********************************************************************************************************************************** -2023-08-31 21:44:39,710 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,712 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,717 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,855 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:44:39,862 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************************************************************************************** -2023-08-31 21:44:39,889 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:44:39,892 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,892 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,897 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,901 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: generate lab rst file] ****************************************************************************************************************************************** -2023-08-31 21:44:39,925 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,927 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,933 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:40,186 p=71926 u=rob n=ansible | changed: [eveng -> localhost] -2023-08-31 21:44:40,190 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.conf files in Lab] *********************************************************************************************************************************** -2023-08-31 21:44:40,213 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:40,216 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:40,221 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:40,413 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:40,420 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.conf files] ****************************************************************************************************************************************** -2023-08-31 21:44:40,445 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:40,447 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:40,455 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:40,700 p=71926 u=rob n=ansible | changed: [eveng -> localhost] => (item={'path': 'labs/Wireguard/branch.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 736, 'inode': 11076329, 'dev': 16777229, 'nlink': 1, 'atime': 1686132323.93998, 'mtime': 1686132322.6753035, 'ctime': 1686132322.6753035, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:44:40,952 p=71926 u=rob n=ansible | changed: [eveng -> localhost] => (item={'path': 'labs/Wireguard/central.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 730, 'inode': 11076330, 'dev': 16777229, 'nlink': 1, 'atime': 1686132323.972668, 'mtime': 1686132322.6754813, 'ctime': 1686132322.6754813, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:44:40,957 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.config files in Lab] ********************************************************************************************************************************* -2023-08-31 21:44:40,980 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:40,982 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:40,988 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:41,104 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:41,108 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.config files] **************************************************************************************************************************************** -2023-08-31 21:44:41,126 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:41,135 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:41,137 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:41,142 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:41,146 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.png files in Lab] ************************************************************************************************************************************ -2023-08-31 21:44:41,169 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:41,172 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:41,178 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:41,296 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:41,301 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.png files] ******************************************************************************************************************************************* -2023-08-31 21:44:41,326 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:41,329 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:41,336 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:41,560 p=71926 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/Wireguard/topology.png', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 158227, 'inode': 362576, 'dev': 16777229, 'nlink': 1, 'atime': 1676403697.132659, 'mtime': 1648155110.0, 'ctime': 1675368464.81138, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:44:41,566 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy ansible log files] ***************************************************************************************************************************************** -2023-08-31 21:44:41,588 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:41,590 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:41,595 p=71926 u=rob n=ansible | skipping: [branch] +2024-01-13 13:48:36,229 p=4891 u=rob n=ansible | changed: [central] +2024-01-13 13:48:36,610 p=4891 u=rob n=ansible | changed: [branch] +2024-01-13 13:48:36,615 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:48:36,629 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:36,631 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:48:36,633 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:48:37,835 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:48:37,837 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************ +2024-01-13 13:48:37,851 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:37,852 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:37,854 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:48:37,857 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:48:37,859 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ********************************************************************** +2024-01-13 13:48:37,867 p=4891 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:48:37,867 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:48:42,871 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:48:42,875 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] *********************************************************************** +2024-01-13 13:48:42,887 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:42,888 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:42,891 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:48:42,894 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:48:42,896 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] ********************************************************************* +2024-01-13 13:48:42,904 p=4891 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:48:42,904 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:48:47,909 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:48:47,913 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ******************************** +2024-01-13 13:48:47,922 p=4891 u=rob n=ansible | Pausing for 30 seconds +2024-01-13 13:48:47,922 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:49:17,926 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:49:17,938 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] ************************************************************************* +2024-01-13 13:49:17,971 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:17,985 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:23,418 p=4891 u=rob n=ansible | ok: [branch] => (item=10.0.1.100) +2024-01-13 13:49:23,450 p=4891 u=rob n=ansible | ok: [central] => (item=10.0.2.100) +2024-01-13 13:49:23,455 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] **************************************************************** +2024-01-13 13:49:23,474 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:23,475 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:24,499 p=4891 u=rob n=ansible | ok: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) +2024-01-13 13:49:24,939 p=4891 u=rob n=ansible | ok: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) +2024-01-13 13:49:25,888 p=4891 u=rob n=ansible | ok: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) +2024-01-13 13:49:25,895 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] ************************************************************* +2024-01-13 13:49:25,915 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:25,918 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:27,311 p=4891 u=rob n=ansible | ok: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:49:27,321 p=4891 u=rob n=ansible | ok: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:49:31,485 p=4891 u=rob n=ansible | ok: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) +2024-01-13 13:49:31,492 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************ +2024-01-13 13:49:31,513 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:31,513 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:31,538 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:49:31,539 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:49:31,541 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Reboot vyos] ************************************************************************** +2024-01-13 13:49:31,551 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:31,552 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:32,676 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:49:32,677 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:49:32,681 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait while shutdown] ****************************************************************** +2024-01-13 13:49:32,690 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:32,692 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ****************************************************************** +2024-01-13 13:49:32,705 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:32,706 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:34,320 p=5647 u=rob n=p=5647 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:49:34,321 p=5646 u=rob n=p=5646 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:49:34,562 p=5647 u=rob n=p=5647 u=rob | paramiko [branch] | Authentication (publickey) successful! +2024-01-13 13:49:34,562 p=5646 u=rob n=p=5646 u=rob | paramiko [central] | Authentication (publickey) successful! +2024-01-13 13:49:35,798 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:49:35,798 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:49:35,800 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:49:35,811 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:35,811 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:49:35,815 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:49:36,531 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:49:36,535 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************ +2024-01-13 13:49:36,554 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:36,555 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:36,558 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:49:36,562 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:49:36,564 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ********************************************************************** +2024-01-13 13:49:36,572 p=4891 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:49:36,573 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:49:41,582 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:49:41,587 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] *********************************************************************** +2024-01-13 13:49:41,609 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:41,612 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:41,615 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:49:41,619 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:49:41,621 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] ********************************************************************* +2024-01-13 13:49:41,630 p=4891 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:49:41,631 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:49:46,638 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:49:46,643 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ******************************** +2024-01-13 13:49:46,655 p=4891 u=rob n=ansible | Pausing for 30 seconds +2024-01-13 13:49:46,655 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:50:16,661 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:50:16,665 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] ************************************************************************* +2024-01-13 13:50:16,683 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:16,684 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:22,047 p=4891 u=rob n=ansible | ok: [branch] => (item=10.0.1.100) +2024-01-13 13:50:22,070 p=4891 u=rob n=ansible | ok: [central] => (item=10.0.2.100) +2024-01-13 13:50:22,076 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] **************************************************************** +2024-01-13 13:50:22,097 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:22,098 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:23,111 p=4891 u=rob n=ansible | ok: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) +2024-01-13 13:50:23,453 p=4891 u=rob n=ansible | ok: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) +2024-01-13 13:50:24,378 p=4891 u=rob n=ansible | ok: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) +2024-01-13 13:50:24,393 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] ************************************************************* +2024-01-13 13:50:24,428 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,438 p=4891 u=rob n=ansible | skipping: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:50:24,445 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,446 p=4891 u=rob n=ansible | skipping: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) +2024-01-13 13:50:24,448 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,454 p=4891 u=rob n=ansible | skipping: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:50:24,455 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,466 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************ +2024-01-13 13:50:24,488 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,504 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,518 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,528 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,541 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: ake sure tmp dir exist] *************************************************************** +2024-01-13 13:50:24,562 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,575 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,590 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,595 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,610 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register status of tmp/] ************************************************************** +2024-01-13 13:50:24,632 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,651 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,668 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,672 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,684 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: download upgrade_iso] ***************************************************************** +2024-01-13 13:50:24,706 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,721 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,736 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,745 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,771 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Copy iso to host] ********************************************************************* +2024-01-13 13:50:24,793 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,804 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,809 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,812 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,814 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: upgrade vyos] ************************************************************************* +2024-01-13 13:50:24,825 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,826 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,827 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,830 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,831 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Reboot vyos] ************************************************************************** +2024-01-13 13:50:24,839 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,844 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,844 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,848 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,850 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait while shutdown] ****************************************************************** +2024-01-13 13:50:24,855 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,857 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ****************************************************************** +2024-01-13 13:50:24,865 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,869 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,871 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,875 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,876 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: clear tmp dir] ************************************************************************ +2024-01-13 13:50:24,883 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,884 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:50:24,895 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,895 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,897 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,899 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,901 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************ +2024-01-13 13:50:24,913 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,914 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,917 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,921 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,922 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ********************************************************************** +2024-01-13 13:50:24,929 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,931 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] *********************************************************************** +2024-01-13 13:50:24,943 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,944 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,948 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,951 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,953 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] ********************************************************************* +2024-01-13 13:50:24,958 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,960 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ******************************** +2024-01-13 13:50:24,966 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,968 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] ************************************************************************* +2024-01-13 13:50:24,982 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,982 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,985 p=4891 u=rob n=ansible | skipping: [central] => (item=10.0.2.100) +2024-01-13 13:50:24,985 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,988 p=4891 u=rob n=ansible | skipping: [branch] => (item=10.0.1.100) +2024-01-13 13:50:24,988 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,990 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] **************************************************************** +2024-01-13 13:50:25,002 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:25,003 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,005 p=4891 u=rob n=ansible | skipping: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) +2024-01-13 13:50:25,005 p=4891 u=rob n=ansible | skipping: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) +2024-01-13 13:50:25,006 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,008 p=4891 u=rob n=ansible | skipping: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) +2024-01-13 13:50:25,009 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,011 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] ************************************************************* +2024-01-13 13:50:25,022 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:25,023 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,024 p=4891 u=rob n=ansible | skipping: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:50:25,025 p=4891 u=rob n=ansible | skipping: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) +2024-01-13 13:50:25,025 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,028 p=4891 u=rob n=ansible | skipping: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:50:25,028 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,030 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************ +2024-01-13 13:50:25,041 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:25,041 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,043 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,045 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,047 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: make sure output dir exist] *********************************************************** +2024-01-13 13:50:25,058 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,059 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,064 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,205 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:25,207 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: make sure output include dir exist] *************************************************** +2024-01-13 13:50:25,219 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,221 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,223 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,380 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:25,397 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Get timestamp from the system] ******************************************************** +2024-01-13 13:50:25,435 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,454 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,462 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,694 p=4891 u=rob n=ansible | changed: [eveng] +2024-01-13 13:50:25,697 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************ +2024-01-13 13:50:25,709 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:50:25,709 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,711 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,715 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,717 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: generate lab rst file] **************************************************************** +2024-01-13 13:50:25,729 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,731 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,734 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,007 p=4891 u=rob n=ansible | changed: [eveng -> localhost] +2024-01-13 13:50:26,009 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.conf files in Lab] ********************************************************* +2024-01-13 13:50:26,020 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,021 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,025 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,209 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:26,210 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.conf files] **************************************************************** +2024-01-13 13:50:26,222 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,224 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,226 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,505 p=4891 u=rob n=ansible | changed: [eveng -> localhost] => (item={'path': 'labs/master/Wireguard/branch.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 736, 'inode': 22902870, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4573534, 'mtime': 1701342323.3212438, 'ctime': 1701346520.0276117, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:50:26,776 p=4891 u=rob n=ansible | changed: [eveng -> localhost] => (item={'path': 'labs/master/Wireguard/central.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 730, 'inode': 22902871, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4573667, 'mtime': 1701342323.3214147, 'ctime': 1701346520.0279238, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:50:26,779 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.config files in Lab] ******************************************************* +2024-01-13 13:50:26,791 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,792 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,795 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,929 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:26,931 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.config files] ************************************************************** +2024-01-13 13:50:26,942 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:26,943 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,944 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,948 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,950 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.png files in Lab] ********************************************************** +2024-01-13 13:50:26,960 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,962 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,966 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:27,103 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:27,105 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.png files] ***************************************************************** +2024-01-13 13:50:27,116 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:27,117 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:27,120 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:27,377 p=4891 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/Wireguard/topology.png', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 158227, 'inode': 22902868, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4574172, 'mtime': 1648155110.0, 'ctime': 1701346520.0270474, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:50:27,380 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy ansible log files] *************************************************************** +2024-01-13 13:50:27,391 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:27,393 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:27,395 p=4891 u=rob n=ansible | skipping: [branch] diff --git a/docs/configexamples/autotest/Wireguard/Wireguard.rst b/docs/configexamples/autotest/Wireguard/Wireguard.rst index 7e287bcf..1feb03e8 100644 --- a/docs/configexamples/autotest/Wireguard/Wireguard.rst +++ b/docs/configexamples/autotest/Wireguard/Wireguard.rst @@ -3,8 +3,8 @@ Wireguard ######### -| Testdate: 2023-08-31 -| Version: 1.4-rolling-202308240020 +| Testdate: 2024-01-13 +| Version: 1.5-rolling-202401121239 This simple structure show how to connect two offices. One remote branch and the @@ -44,9 +44,9 @@ After this, the public key can be displayed, to save for later. .. code-block:: none - vyos@central:~$ generate pki wireguard key-pair - Private key: cMNGHtb5dW92ORG3HS8JJlvQF8pmVGt2Ydny8hTBLnY= - Public key: WyfLCTXi31gL+YbYOwoAHCl2RgS+y56cYHEK6pQsTQ8= + vyos@central:~$ generate pki wireguard + Private key: wHQS+ib3eMIp2DxRiAeXfFVaSCMMP1YHBaKfSR1xfV8= + Public key: RCMy6BAER0uEcPvspUb3K38MHyHJpK5kiV5IOX943HI= After you have each public key. The wireguard interfaces can be setup. @@ -102,11 +102,11 @@ And ping the Branch PC from your central router to check the response. vyos@central:~$ ping 10.0.2.100 count 4 PING 10.0.2.100 (10.0.2.100) 56(84) bytes of data. - 64 bytes from 10.0.2.100: icmp_seq=1 ttl=63 time=0.641 ms - 64 bytes from 10.0.2.100: icmp_seq=2 ttl=63 time=0.836 ms - 64 bytes from 10.0.2.100: icmp_seq=3 ttl=63 time=0.792 ms - 64 bytes from 10.0.2.100: icmp_seq=4 ttl=63 time=1.09 ms + 64 bytes from 10.0.2.100: icmp_seq=1 ttl=63 time=0.894 ms + 64 bytes from 10.0.2.100: icmp_seq=2 ttl=63 time=0.869 ms + 64 bytes from 10.0.2.100: icmp_seq=3 ttl=63 time=0.966 ms + 64 bytes from 10.0.2.100: icmp_seq=4 ttl=63 time=0.998 ms --- 10.0.2.100 ping statistics --- - 4 packets transmitted, 4 received, 0% packet loss, time 3013ms - rtt min/avg/max/mdev = 0.641/0.838/1.086/0.160 ms + 4 packets transmitted, 4 received, 0% packet loss, time 3004ms + rtt min/avg/max/mdev = 0.869/0.931/0.998/0.052 ms diff --git a/docs/configexamples/autotest/Wireguard/_include/branch.conf b/docs/configexamples/autotest/Wireguard/_include/branch.conf index b995ad04..f66c3687 100644 --- a/docs/configexamples/autotest/Wireguard/_include/branch.conf +++ b/docs/configexamples/autotest/Wireguard/_include/branch.conf @@ -1,14 +1,14 @@ set interface ethernet eth2 address 10.0.2.254/24 set interface ethernet eth1 address 198.51.100.2/24 -set interfaces wireguard wg01 private-key 'oDZ2S/4S6UEuhOyk0MvNSQTebugihX5RKCrI3exmHV8=' +set interfaces wireguard wg01 private-key 'QM3ZtmaxstxIDoz00AVLE/F/UVjmdcrOvfKYW/TVw18=' set interfaces wireguard wg01 address 192.168.0.2/24 set interfaces wireguard wg01 description 'VPN-to-central' set interfaces wireguard wg01 peer central allowed-ips 10.0.1.0/24 set interfaces wireguard wg01 peer central allowed-ips 192.168.0.0/24 set interfaces wireguard wg01 peer central address 198.51.100.1 set interfaces wireguard wg01 peer central port 51820 -set interfaces wireguard wg01 peer central public-key 'WyfLCTXi31gL+YbYOwoAHCl2RgS+y56cYHEK6pQsTQ8=' +set interfaces wireguard wg01 peer central public-key 'RCMy6BAER0uEcPvspUb3K38MHyHJpK5kiV5IOX943HI=' set interfaces wireguard wg01 port 51820 set protocols static route 10.0.1.0/24 interface wg01
\ No newline at end of file diff --git a/docs/configexamples/autotest/Wireguard/_include/central.conf b/docs/configexamples/autotest/Wireguard/_include/central.conf index 7bfd9fb0..df6e4002 100644 --- a/docs/configexamples/autotest/Wireguard/_include/central.conf +++ b/docs/configexamples/autotest/Wireguard/_include/central.conf @@ -1,14 +1,14 @@ set interface ethernet eth2 address 10.0.1.254/24 set interface ethernet eth1 address 198.51.100.1/24 -set interfaces wireguard wg01 private-key 'cMNGHtb5dW92ORG3HS8JJlvQF8pmVGt2Ydny8hTBLnY=' +set interfaces wireguard wg01 private-key 'wHQS+ib3eMIp2DxRiAeXfFVaSCMMP1YHBaKfSR1xfV8=' set interfaces wireguard wg01 address 192.168.0.1/24 set interfaces wireguard wg01 description 'VPN-to-Branch' set interfaces wireguard wg01 peer branch allowed-ips 10.0.2.0/24 set interfaces wireguard wg01 peer branch allowed-ips 192.168.0.0/24 set interfaces wireguard wg01 peer branch address 198.51.100.2 set interfaces wireguard wg01 peer branch port 51820 -set interfaces wireguard wg01 peer branch public-key '9ySVcjER2cY1tG/L7598zHg8g1xyggjxALqzeCxLgw4=' +set interfaces wireguard wg01 peer branch public-key 'nWhMTjGQbQiJwaNqHpZ/p8+iAH29HaJDNsdfsRdW9As=' set interfaces wireguard wg01 port 51820 set protocols static route 10.0.2.0/24 interface wg01
\ No newline at end of file diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log index e67e82cb..c1496e16 100644 --- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log +++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log @@ -1,728 +1,750 @@ -2023-08-31 21:48:26,936 p=73753 u=rob n=ansible | PLAY [Automatic VyOS Lab test] ********************************************************************************************************************************************************************* -2023-08-31 21:48:26,975 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: fail if node_template_iso is empty] *********************************************************************************************************************** -2023-08-31 21:48:26,993 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:26,994 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:26,995 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:26,999 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:27,002 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: fail if node_template_version is empty] ******************************************************************************************************************* -2023-08-31 21:48:27,015 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:27,023 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:27,025 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:27,030 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:27,033 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: install requirements] ************************************************************************************************************************************* -2023-08-31 21:48:27,052 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:27,055 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:27,060 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:28,942 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:28,960 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie] *************************************************************************************************************************** -2023-08-31 21:48:28,994 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:28,996 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:29,000 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:29,700 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:29,704 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: get template facts] *************************************************************************************************************************************** -2023-08-31 21:48:29,722 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:29,725 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:29,734 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,220 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:30,225 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Register path status] ************************************************************************************************************************************* -2023-08-31 21:48:30,250 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,253 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,260 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,472 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:30,477 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create path] ********************************************************************************************************************************************** -2023-08-31 21:48:30,498 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,500 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,501 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,505 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,508 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Upload iso to eve-ng] ************************************************************************************************************************************* -2023-08-31 21:48:30,520 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,527 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,530 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,535 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,538 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create virtioa.qcow2 file] ******************************************************************************************************************************** -2023-08-31 21:48:30,557 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,557 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,559 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,563 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,566 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie] *************************************************************************************************************************** -2023-08-31 21:48:30,579 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,585 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,587 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,591 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,594 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create lab for node install] ****************************************************************************************************************************** -2023-08-31 21:48:30,612 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,613 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,615 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,619 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,622 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: open lab] ************************************************************************************************************************************************* -2023-08-31 21:48:30,636 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,642 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,645 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,649 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,652 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] *************************************************************************************************************************************************************** -2023-08-31 21:48:30,664 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,671 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,673 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,678 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,681 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: add node to lab] ****************************************************************************************************************************************** -2023-08-31 21:48:30,694 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,701 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,703 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,707 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,710 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: start node] *********************************************************************************************************************************************** -2023-08-31 21:48:30,728 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,728 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,730 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,734 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,737 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : debug] ****************************************************************************************************************************************************************** -2023-08-31 21:48:30,755 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,756 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,758 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,761 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,764 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: get node infos] ******************************************************************************************************************************************* -2023-08-31 21:48:30,777 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,783 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,785 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,789 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,791 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] *************************************************************************************************************************************************************** -2023-08-31 21:48:30,809 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,811 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,811 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,815 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,818 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: copy file] ************************************************************************************************************************************************ -2023-08-31 21:48:30,836 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,837 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,838 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,842 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,846 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: run expect script] **************************************************************************************************************************************** -2023-08-31 21:48:30,866 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,866 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,868 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,872 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,875 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie (due timeout)] ************************************************************************************************************* -2023-08-31 21:48:30,893 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,893 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,895 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,899 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,902 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: stop node] ************************************************************************************************************************************************ -2023-08-31 21:48:30,915 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,921 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,923 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,927 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,930 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Pause to wait node is shutdown] *************************************************************************************************************************** -2023-08-31 21:48:30,940 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,943 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: delete iso] *********************************************************************************************************************************************** -2023-08-31 21:48:30,962 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,962 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,964 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,968 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,971 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: commit virtioa.qcow2] ************************************************************************************************************************************* -2023-08-31 21:48:30,990 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,991 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,992 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,996 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,999 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: delete lab for node install] ****************************************************************************************************************************** -2023-08-31 21:48:31,017 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:31,018 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:31,019 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:31,023 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:31,031 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : Get env file content] ****************************************************************************************************************************************************** -2023-08-31 21:48:31,258 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:48:31,259 p=73753 u=rob n=ansible | ok: [vyos-oobm -> localhost] -2023-08-31 21:48:31,259 p=73753 u=rob n=ansible | ok: [vyos-wan -> localhost] -2023-08-31 21:48:31,259 p=73753 u=rob n=ansible | ok: [client -> localhost] -2023-08-31 21:48:31,262 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Load facts] ************************************************************************************************************************************************** -2023-08-31 21:48:31,281 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:32,232 p=73753 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:48:32,233 p=73753 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:48:32,234 p=73753 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko +2024-01-13 13:34:01,981 p=3127 u=rob n=ansible | PLAY [Automatic VyOS Lab test] ******************************************************************************************* +2024-01-13 13:34:01,999 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: fail if node_template_iso is empty] ********************************************* +2024-01-13 13:34:02,011 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:02,012 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:02,012 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:02,015 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:02,016 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: fail if node_template_version is empty] ***************************************** +2024-01-13 13:34:02,027 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:02,027 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:02,028 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:02,031 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:02,033 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: install requirements] *********************************************************** +2024-01-13 13:34:02,044 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:02,046 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:02,049 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:04,434 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:04,440 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie] ************************************************* +2024-01-13 13:34:04,467 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:04,468 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:04,471 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,222 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:05,227 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: get template facts] ************************************************************* +2024-01-13 13:34:05,247 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:05,249 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:05,253 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,690 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:05,693 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Register path status] *********************************************************** +2024-01-13 13:34:05,704 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:05,706 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:05,709 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,904 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:05,906 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create path] ******************************************************************** +2024-01-13 13:34:05,923 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:05,925 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:05,928 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:05,933 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,936 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Upload iso to eve-ng] *********************************************************** +2024-01-13 13:34:05,961 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:05,962 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:05,964 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:05,970 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,974 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create virtioa.qcow2 file] ****************************************************** +2024-01-13 13:34:05,998 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:05,999 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,001 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,007 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,011 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie] ************************************************* +2024-01-13 13:34:06,035 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,036 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,038 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,046 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,048 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create lab for node install] **************************************************** +2024-01-13 13:34:06,074 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,075 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,076 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,082 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,084 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: open lab] *********************************************************************** +2024-01-13 13:34:06,111 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,112 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,115 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,120 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,123 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] ************************************************************************************* +2024-01-13 13:34:06,147 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,148 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,151 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,156 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,158 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: add node to lab] **************************************************************** +2024-01-13 13:34:06,182 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,183 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,187 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,190 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,192 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: start node] ********************************************************************* +2024-01-13 13:34:06,222 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,223 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,225 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,231 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,234 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : debug] **************************************************************************************** +2024-01-13 13:34:06,251 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,259 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,264 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,271 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,274 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: get node infos] ***************************************************************** +2024-01-13 13:34:06,298 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,299 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,302 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,306 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,308 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] ************************************************************************************* +2024-01-13 13:34:06,331 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,332 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,335 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,339 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,342 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: copy file] ********************************************************************** +2024-01-13 13:34:06,367 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,370 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,371 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,378 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,380 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: run expect script] ************************************************************** +2024-01-13 13:34:06,391 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,392 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,393 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,397 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,399 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie (due timeout)] *********************************** +2024-01-13 13:34:06,410 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,410 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,411 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,414 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,416 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: stop node] ********************************************************************** +2024-01-13 13:34:06,427 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,428 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,428 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,432 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,434 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Pause to wait node is shutdown] ************************************************* +2024-01-13 13:34:06,441 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,443 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: delete iso] ********************************************************************* +2024-01-13 13:34:06,453 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,454 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,455 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,458 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,459 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: commit virtioa.qcow2] *********************************************************** +2024-01-13 13:34:06,471 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,472 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,473 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,476 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,477 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: delete lab for node install] **************************************************** +2024-01-13 13:34:06,488 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,488 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,489 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,492 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,495 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : Get env file content] **************************************************************************** +2024-01-13 13:34:06,715 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:34:06,715 p=3127 u=rob n=ansible | ok: [vyos-wan -> localhost] +2024-01-13 13:34:06,715 p=3127 u=rob n=ansible | ok: [client -> localhost] +2024-01-13 13:34:06,716 p=3127 u=rob n=ansible | ok: [oobm-z65ole -> localhost] +2024-01-13 13:34:06,718 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Load facts] ************************************************************************ +2024-01-13 13:34:06,734 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:06,752 p=3127 u=rob n=ansible | ok: [oobm-z65ole] +2024-01-13 13:34:06,755 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:34:06,759 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:34:06,760 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : decode oobm default startupconfig] *************************************************************** +2024-01-13 13:34:06,771 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,772 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,775 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,776 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:06,778 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: fail if node_template_version is empty] ******************************************** +2024-01-13 13:34:06,786 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,790 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,791 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,794 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,796 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:34:06,806 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,808 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,811 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:07,416 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:07,421 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: get running lab list] ************************************************************** +2024-01-13 13:34:07,433 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:07,434 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:07,436 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:07,842 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:07,844 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: kill running lab] ****************************************************************** +2024-01-13 13:34:07,852 p=3127 u=rob n=ansible | [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: +(response.json.message != "No nodes running (60071).") and (item.labname == "{{ eve_ng_folder_name }}/{{ lab }}") -2023-08-31 21:48:32,234 p=73753 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko +2024-01-13 13:34:07,854 p=3127 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': '118775ba-26f6-434a-8dd5-62b0edaa4cd1', 'size': 0.0709, 'sat': '0', 'sat_name': 'master', 'labid': '2', 'labname': '/labtest/DHCPRelay_through_GRE', 'cpu': 0.5, 'mem': 4.51}) +2024-01-13 13:34:07,855 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:07,857 p=3127 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '588b9164-a3b7-4522-8058-0f6ff6286564', 'size': 0.1878, 'sat': '0', 'sat_name': 'master', 'labid': 1002, 'labname': '/Common\n', 'cpu': 0, 'mem': 0}) +2024-01-13 13:34:07,858 p=3127 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '61cc6cd0-78f4-4302-830b-482b642a5e74', 'size': 0.534, 'sat': '0', 'sat_name': 'master', 'labid': 1003, 'labname': '/MSS-Clambing\n', 'cpu': 0, 'mem': 0}) +2024-01-13 13:34:07,858 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:07,860 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:07,860 p=3127 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': 'a0e4e4ed-9da3-4c84-9947-144e76edaa6b', 'size': 0.0755, 'sat': '0', 'sat_name': 'master', 'labid': '1', 'labname': '/labtest/L3VPN_EVPN', 'cpu': 1.5, 'mem': 5.21}) +2024-01-13 13:34:07,861 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:07,863 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: delete existing lab] *************************************************************** +2024-01-13 13:34:07,875 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:07,875 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:07,878 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:08,287 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:08,290 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Ensure labtest is present] ********************************************************* +2024-01-13 13:34:08,302 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:08,303 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:08,306 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:08,518 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:08,520 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Create tunnelbroker Lab] *********************************************************** +2024-01-13 13:34:08,531 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:08,531 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:08,534 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:09,028 p=3127 u=rob n=ansible | changed: [eveng] +2024-01-13 13:34:09,032 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:34:09,060 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:09,067 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:09,076 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:09,725 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:09,730 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start vyos-oobm] ******************************************************************* +2024-01-13 13:34:09,742 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:09,744 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:09,746 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:10,872 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:10,874 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos-oobm] **************************************************************** +2024-01-13 13:34:10,885 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:10,886 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:10,890 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:11,770 p=3127 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:34:11,771 p=3127 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko -2023-08-31 21:48:32,244 p=73753 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:48:32,248 p=73753 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko - -2023-08-31 21:48:32,254 p=73753 u=rob n=ansible | ok: [vyos-oobm] -2023-08-31 21:48:32,255 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:48:32,257 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:48:32,265 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : debug] ********************************************************************************************************************************************************************* -2023-08-31 21:48:32,295 p=73753 u=rob n=ansible | ok: [eveng] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:48:33,243 p=73753 u=rob n=ansible | ok: [vyos-wan] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:48:33,243 p=73753 u=rob n=ansible | ok: [client] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:48:33,244 p=73753 u=rob n=ansible | ok: [vyos-oobm] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:48:33,252 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: fail if node_template_version is empty] ********************************************************************************************************************** -2023-08-31 21:48:33,276 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:33,284 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:33,287 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:33,293 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:33,297 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:48:33,317 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:33,319 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:33,326 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:33,956 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:33,966 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: get running lab list] **************************************************************************************************************************************** -2023-08-31 21:48:34,000 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:34,001 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:34,005 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:34,447 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:34,455 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: kill running lab] ******************************************************************************************************************************************** -2023-08-31 21:48:34,481 p=73753 u=rob n=ansible | [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item.labname == "{{ eve_ng_folder_name }}/{{ lab }}" - -2023-08-31 21:48:34,482 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:34,486 p=73753 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '0fc5edef-8cf2-4400-9a1c-0c4c41a1a881', 'size': 0.1996, 'sat': '0', 'sat_name': 'master', 'labid': 1001, 'labname': '/ecmp wireguard\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:48:34,487 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:34,489 p=73753 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '588b9164-a3b7-4522-8058-0f6ff6286564', 'size': 1.0595, 'sat': '0', 'sat_name': 'master', 'labid': 1002, 'labname': '/Common\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:48:34,491 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:34,494 p=73753 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '9785926c-63ec-42c0-a1ca-a386b9013151', 'size': 0.4469, 'sat': '0', 'sat_name': 'master', 'labid': 1003, 'labname': '/layer2 via IPSec\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:48:34,496 p=73753 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': 'aa98095e-3b64-45aa-b883-e2b7fdfac08c', 'size': 0.5229, 'sat': '0', 'sat_name': 'master', 'labid': 1004, 'labname': '/ospf\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:48:34,498 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:34,501 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: delete existing lab] ***************************************************************************************************************************************** -2023-08-31 21:48:34,519 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:34,522 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:34,527 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:34,959 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:34,970 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Ensure labtest is present] *********************************************************************************************************************************** -2023-08-31 21:48:35,001 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:35,002 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:35,006 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:35,208 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:35,213 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Create tunnelbroker Lab] ************************************************************************************************************************************* -2023-08-31 21:48:35,234 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:35,236 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:35,243 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:35,753 p=73753 u=rob n=ansible | changed: [eveng] -2023-08-31 21:48:35,758 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:48:35,778 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:35,781 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:35,785 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:36,447 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:36,456 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start vyos-oobm] ********************************************************************************************************************************************* -2023-08-31 21:48:36,486 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:36,487 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:36,491 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:37,502 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:37,513 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos-oobm] ****************************************************************************************************************************************** -2023-08-31 21:48:37,536 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:37,547 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:37,553 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:38,430 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:49:08,523 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:49:08,539 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:49:08,540 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:49:08,541 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:49:08,541 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:49:08,542 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:49:08,543 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:49:08,543 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:49:08,544 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:49:08,545 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:08,545 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:49:08,546 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:08,547 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:49:08,547 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:49:08,548 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:49:08,548 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:49:08,549 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:49:08,549 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:49:08,550 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:39,569 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:49:39,571 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:49:39,571 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:49:39,574 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:49:39,574 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:49:39,574 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:49:39,574 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:50:10,677 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:50:10,681 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:50:10,682 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:50:10,684 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:50:10,685 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:50:10,686 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:50:10,687 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:50:10,688 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:50:10,688 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:50:10,689 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:50:10,690 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:50:10,691 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:50:10,691 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:50:10,692 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:50:10,692 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:50:10,693 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:50:10,694 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:50:10,694 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:50:10,695 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:50:12,568 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:50:12,825 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Authentication (publickey) successful! -2023-08-31 21:50:13,908 p=73753 u=rob n=ansible | ok: [vyos-oobm] -2023-08-31 21:50:13,910 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:50:13,929 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:50:13,932 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:50:13,939 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:50:14,868 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:50:14,877 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: get lab status] ********************************************************************************************************************************************** -2023-08-31 21:50:14,908 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:50:14,910 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:50:14,916 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:50:15,380 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:50:15,389 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start all nodes] ********************************************************************************************************************************************* -2023-08-31 21:50:15,417 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:50:15,420 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:50:15,427 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:50:16,519 p=73753 u=rob n=ansible | ok: [eveng] => (item=4) -2023-08-31 21:50:17,120 p=73753 u=rob n=ansible | ok: [eveng] => (item=1) -2023-08-31 21:50:18,354 p=73753 u=rob n=ansible | ok: [eveng] => (item=2) -2023-08-31 21:50:18,367 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] ***************************************************************************************************************************************** -2023-08-31 21:50:18,390 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:50:18,399 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:50:19,313 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:50:19,317 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:50:37,800 p=73997 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs. +2024-01-13 13:34:11,773 p=3127 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This +feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in +ansible.cfg. +2024-01-13 13:35:27,263 p=3449 u=rob n=p=3449 u=rob | paramiko [oobm-z65ole] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:35:27,563 p=3449 u=rob n=p=3449 u=rob | paramiko [oobm-z65ole] | Authentication (publickey) successful! +2024-01-13 13:35:28,840 p=3127 u=rob n=ansible | ok: [oobm-z65ole] +2024-01-13 13:35:28,842 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:35:28,854 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:35:28,854 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:35:28,857 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:35:30,040 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:35:30,046 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: get lab status] ******************************************************************** +2024-01-13 13:35:30,064 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:35:30,064 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:35:30,067 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:35:30,516 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:35:30,520 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start all nodes] ******************************************************************* +2024-01-13 13:35:30,531 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:35:30,533 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:35:30,535 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:35:31,563 p=3127 u=rob n=ansible | ok: [eveng] => (item=4) +2024-01-13 13:35:32,108 p=3127 u=rob n=ansible | ok: [eveng] => (item=1) +2024-01-13 13:35:33,376 p=3127 u=rob n=ansible | ok: [eveng] => (item=2) +2024-01-13 13:35:33,381 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] *************************************************************** +2024-01-13 13:35:33,388 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:35:33,392 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:35:34,286 p=3127 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:35:34,286 p=3127 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:36:04,323 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:04,325 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:04,325 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:04,326 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:04,326 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:04,326 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:04,326 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:04,327 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:04,327 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:04,327 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:04,328 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:04,328 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:04,328 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:04,328 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:04,328 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:04,328 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:04,329 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:04,329 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:04,329 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:04,329 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:04,329 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:04,329 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:04,330 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:04,330 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:04,330 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:04,330 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:04,330 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:04,331 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:04,331 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:04,331 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:04,331 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:04,331 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:04,331 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:04,332 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:04,332 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:04,332 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:04,332 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:04,333 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:04,333 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:04,333 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:04,334 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:04,334 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:11,143 p=3455 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs. See the timeout setting options in the Network Debug and Troubleshooting Guide. -2023-08-31 21:50:37,906 p=73997 u=rob n=ansible | shutdown complete -2023-08-31 21:50:49,351 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:50:49,353 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:50:49,357 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:50:49,357 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:50:49,358 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) -2023-08-31 21:50:49,358 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:50:49,358 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise socket.timeout() -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | socket.timeout -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf += self._read_timeout(timeout) -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise socket.timeout() -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | socket.timeout -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | self._check_banner() -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise SSHException( -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | self._check_banner() -2023-08-31 21:50:49,361 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise SSHException( -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:20,413 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf += self._read_timeout(timeout) -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise socket.timeout() -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | socket.timeout -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | self._check_banner() -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise SSHException( -2023-08-31 21:51:20,417 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:51:20,417 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:20,420 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:51:20,421 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:51:20,421 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:51:20,421 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) -2023-08-31 21:51:20,421 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise socket.timeout() -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | socket.timeout -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | self._check_banner() -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise SSHException( -2023-08-31 21:51:20,424 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:51:20,424 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:51,470 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) -2023-08-31 21:51:51,471 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf += self._read_timeout(timeout) -2023-08-31 21:51:51,471 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise socket.timeout() -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | socket.timeout -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise socket.timeout() -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | socket.timeout -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | self._check_banner() -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise SSHException( -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:51:51,474 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:51:51,474 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | self._check_banner() -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise SSHException( -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:51:51,475 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:53,546 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:51:53,564 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:51:53,817 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Authentication (publickey) successful! -2023-08-31 21:51:53,836 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! -2023-08-31 21:51:55,165 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:51:55,165 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:51:55,168 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : setup nodes] *************************************************************************************************************************************************************** -2023-08-31 21:51:55,190 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:51:55,190 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:51:56,125 p=74000 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use +2024-01-13 13:36:11,246 p=3455 u=rob n=ansible | shutdown complete +2024-01-13 13:36:15,421 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:15,422 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:15,423 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:15,423 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:15,423 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:15,423 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:15,424 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:15,424 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:15,424 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:15,425 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:15,425 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:15,425 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:15,425 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:15,426 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:15,426 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:15,426 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:15,427 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:15,427 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:15,427 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:15,427 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:15,428 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:15,433 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:15,433 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:15,434 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:15,434 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:15,434 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:15,434 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:15,435 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:15,435 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:15,435 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:15,436 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:15,436 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:15,436 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:15,436 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:15,437 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:15,437 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:15,437 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:15,438 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:15,438 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:15,438 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:15,438 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:15,439 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:26,523 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:26,524 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:26,524 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:26,525 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:26,525 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:26,525 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:26,526 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:26,526 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:26,526 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:26,526 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:26,527 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:26,527 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:26,527 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:26,528 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:26,528 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:26,528 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:26,528 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:26,528 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:26,528 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:26,528 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:26,528 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:26,529 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:26,529 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:26,529 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:26,529 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:26,529 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:26,529 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:26,529 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:26,530 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:26,530 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:26,530 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:26,530 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:26,531 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:26,531 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:26,531 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:26,531 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:26,532 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:37,625 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:37,627 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:37,629 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:37,630 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:37,630 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:37,631 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:37,631 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:37,632 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:37,632 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:37,632 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:37,633 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:37,634 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:37,634 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:37,634 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:37,635 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:37,635 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:37,635 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:37,636 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:37,636 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:37,636 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:37,637 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:37,637 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:37,637 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:37,638 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:37,638 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:37,639 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:37,639 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:37,639 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:37,639 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:37,640 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:37,640 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:37,641 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:37,641 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:37,642 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:37,642 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:37,642 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:37,643 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:37,643 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:37,644 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:37,644 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:37,644 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:37,644 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:48,770 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:48,773 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:48,777 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:48,777 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:48,778 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:48,778 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:48,779 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:48,780 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:48,780 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:48,782 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:48,783 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:48,783 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:48,785 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:48,785 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:48,786 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:48,786 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:48,787 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:48,787 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:48,788 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:48,788 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:48,789 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:48,789 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:48,789 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:48,789 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:48,790 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:48,790 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:48,791 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:48,791 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:48,791 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:48,792 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:48,792 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:48,793 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:48,793 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:48,794 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:48,794 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:48,794 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:48,795 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:48,796 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:48,796 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:48,798 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:48,798 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:48,798 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:52,514 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:36:52,577 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:36:53,797 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! +2024-01-13 13:36:53,923 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Authentication (publickey) successful! +2024-01-13 13:36:55,449 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:36:55,665 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:36:55,669 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : setup nodes] ************************************************************************************* +2024-01-13 13:36:55,706 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:36:55,707 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:36:57,437 p=3549 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:51:56,125 p=74001 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use +2024-01-13 13:36:57,440 p=3550 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:51:57,018 p=74000 u=rob n=p=74000 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:51:57,025 p=74001 u=rob n=p=74001 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:51:57,267 p=74000 u=rob n=p=74000 u=rob | paramiko [client] | Authentication (publickey) successful! -2023-08-31 21:51:57,271 p=74001 u=rob n=p=74001 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! -2023-08-31 21:52:03,730 p=73753 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation +2024-01-13 13:36:58,058 p=3550 u=rob n=p=3550 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:36:58,072 p=3549 u=rob n=p=3549 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:36:58,735 p=3550 u=rob n=p=3550 u=rob | paramiko [client] | Authentication (publickey) successful! +2024-01-13 13:36:58,770 p=3549 u=rob n=p=3549 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! +2024-01-13 13:37:07,037 p=3127 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if +present in the running configuration on device including the indentation -2023-08-31 21:52:03,731 p=73753 u=rob n=ansible | changed: [client] -2023-08-31 21:52:04,862 p=73753 u=rob n=ansible | changed: [vyos-wan] -2023-08-31 21:52:04,879 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : Register external IP in Tunnelbroker] ************************************************************************************************************************************** -2023-08-31 21:52:04,905 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:04,913 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:04,923 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:17,562 p=73753 u=rob n=ansible | ok: [vyos-wan -> eveng(eve-ng)] -2023-08-31 21:52:17,569 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : get ipv4 address of vyos-wan (eth1)] *************************************************************************************************************************************** -2023-08-31 21:52:17,597 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:17,606 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:17,617 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:18,676 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:52:18,688 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : Set variables] ************************************************************************************************************************************************************* -2023-08-31 21:52:18,717 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:18,727 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:18,738 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:19,628 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:52:19,641 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : setup vyos-wan] ************************************************************************************************************************************************************ -2023-08-31 21:52:19,671 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:19,682 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:19,691 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:27,796 p=73753 u=rob n=ansible | changed: [vyos-wan] -2023-08-31 21:52:27,813 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:52:27,842 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:27,845 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:52:27,851 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:28,511 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:52:28,521 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] *********************************************************************************************************************************************** -2023-08-31 21:52:28,553 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:28,556 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:28,560 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:52:28,566 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:28,570 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ********************************************************************************************************************************************* -2023-08-31 21:52:28,583 p=73753 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:52:28,584 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:52:33,601 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:52:33,618 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ********************************************************************************************************************************************** -2023-08-31 21:52:33,650 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:33,652 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:33,659 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:52:33,666 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:33,670 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ******************************************************************************************************************************************** -2023-08-31 21:52:33,682 p=73753 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:52:33,683 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:52:38,701 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:52:38,719 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ******************************************************************************************************* -2023-08-31 21:52:38,736 p=73753 u=rob n=ansible | Pausing for 30 seconds -2023-08-31 21:52:38,736 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:53:08,754 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:53:08,768 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ************************************************************************************************************************************************ -2023-08-31 21:53:08,802 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:08,805 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:14,549 p=73753 u=rob n=ansible | ok: [vyos-wan] => (item=tunnelbroker.net) -2023-08-31 21:53:15,162 p=73753 u=rob n=ansible | ok: [client] => (item=2001:470:20::2) -2023-08-31 21:53:15,177 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] *************************************************************************************************************************************** -2023-08-31 21:53:15,210 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:15,211 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:15,216 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:53:15,222 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:53:15,226 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ************************************************************************************************************************************ -2023-08-31 21:53:15,248 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:15,251 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:19,509 p=73753 u=rob n=ansible | ok: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:53:19,515 p=73753 u=rob n=ansible | ok: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:53:24,065 p=73753 u=rob n=ansible | ok: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) -2023-08-31 21:53:24,080 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] *********************************************************************************************************************************************** -2023-08-31 21:53:24,110 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:24,113 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:25,039 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:53:25,040 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:53:25,049 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Reboot vyos] ************************************************************************************************************************************************* -2023-08-31 21:53:25,079 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:25,080 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:26,212 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:53:26,212 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:53:26,223 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait while shutdown] ***************************************************************************************************************************************** -2023-08-31 21:53:26,246 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:26,251 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] ***************************************************************************************************************************************** -2023-08-31 21:53:26,268 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:26,277 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:27,200 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:53:27,200 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:53:28,164 p=74415 u=rob n=p=74415 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:53:28,164 p=74414 u=rob n=p=74414 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:53:28,454 p=74415 u=rob n=p=74415 u=rob | paramiko [client] | Authentication (publickey) successful! -2023-08-31 21:53:28,489 p=74414 u=rob n=p=74414 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! -2023-08-31 21:53:29,492 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:53:29,493 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:53:29,496 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:53:29,516 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:29,519 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:53:29,525 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:53:30,437 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:53:30,443 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] *********************************************************************************************************************************************** -2023-08-31 21:53:30,474 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:30,479 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:30,485 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:53:30,491 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:53:30,495 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ********************************************************************************************************************************************* -2023-08-31 21:53:30,510 p=73753 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:53:30,510 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:53:35,527 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:53:35,546 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ********************************************************************************************************************************************** -2023-08-31 21:53:35,573 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:35,577 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:35,584 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:53:35,590 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:53:35,594 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ******************************************************************************************************************************************** -2023-08-31 21:53:35,608 p=73753 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:53:35,609 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:53:40,634 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:53:40,643 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ******************************************************************************************************* -2023-08-31 21:53:40,664 p=73753 u=rob n=ansible | Pausing for 30 seconds -2023-08-31 21:53:40,665 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
-2023-08-31 21:54:10,684 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:54:10,700 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ************************************************************************************************************************************************ -2023-08-31 21:54:10,738 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:10,741 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,091 p=73753 u=rob n=ansible | ok: [client] => (item=2001:470:20::2) -2023-08-31 21:54:16,273 p=73753 u=rob n=ansible | ok: [vyos-wan] => (item=tunnelbroker.net) -2023-08-31 21:54:16,283 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] *************************************************************************************************************************************** -2023-08-31 21:54:16,316 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,318 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,325 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,330 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,335 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ************************************************************************************************************************************ -2023-08-31 21:54:16,358 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,361 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,367 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:54:16,370 p=73753 u=rob n=ansible | skipping: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:54:16,373 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) -2023-08-31 21:54:16,374 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,374 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,378 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] *********************************************************************************************************************************************** -2023-08-31 21:54:16,398 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,401 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,405 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,409 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,413 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: ake sure tmp dir exist] ************************************************************************************************************************************** -2023-08-31 21:54:16,430 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,439 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,439 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,446 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,449 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register status of tmp/] ************************************************************************************************************************************* -2023-08-31 21:54:16,463 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,472 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,474 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,479 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,483 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: ownload upgrade_iso] ***************************************************************************************************************************************** -2023-08-31 21:54:16,500 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,508 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,510 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,515 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,519 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Copy iso to host] ******************************************************************************************************************************************** -2023-08-31 21:54:16,533 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,541 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,544 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,549 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,553 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: upgrade vyos] ************************************************************************************************************************************************ -2023-08-31 21:54:16,574 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,575 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,577 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,582 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,585 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Reboot vyos] ************************************************************************************************************************************************* -2023-08-31 21:54:16,607 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,607 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,609 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,613 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,616 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait while shutdown] ***************************************************************************************************************************************** -2023-08-31 21:54:16,627 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,630 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] ***************************************************************************************************************************************** -2023-08-31 21:54:16,652 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,652 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,654 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,659 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,663 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: clear tmp dir] *********************************************************************************************************************************************** -2023-08-31 21:54:16,673 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,676 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:54:16,696 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,697 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,699 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,704 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,707 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] *********************************************************************************************************************************************** -2023-08-31 21:54:16,727 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,730 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,735 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,740 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,744 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ********************************************************************************************************************************************* -2023-08-31 21:54:16,754 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,757 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ********************************************************************************************************************************************** -2023-08-31 21:54:16,777 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,780 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,785 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,790 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,793 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ******************************************************************************************************************************************** -2023-08-31 21:54:16,806 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,809 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ******************************************************************************************************* -2023-08-31 21:54:16,819 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,822 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ************************************************************************************************************************************************ -2023-08-31 21:54:16,842 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,842 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,845 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item=tunnelbroker.net) -2023-08-31 21:54:16,847 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,852 p=73753 u=rob n=ansible | skipping: [client] => (item=2001:470:20::2) -2023-08-31 21:54:16,854 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,857 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] *************************************************************************************************************************************** -2023-08-31 21:54:16,878 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,880 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,880 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,885 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,888 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ************************************************************************************************************************************ -2023-08-31 21:54:16,908 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,908 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,915 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:54:16,917 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) -2023-08-31 21:54:16,919 p=73753 u=rob n=ansible | skipping: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:54:16,920 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,920 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,924 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] *********************************************************************************************************************************************** -2023-08-31 21:54:16,943 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,944 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,946 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,952 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,956 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: make sure output dir exist] ********************************************************************************************************************************** -2023-08-31 21:54:16,979 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,981 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,987 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,109 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:17,114 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: make sure output include dir exist] ************************************************************************************************************************** -2023-08-31 21:54:17,136 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,139 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,145 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,270 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:17,272 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Get timestamp from the system] ******************************************************************************************************************************* -2023-08-31 21:54:17,291 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,294 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,300 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,489 p=73753 u=rob n=ansible | changed: [eveng] -2023-08-31 21:54:17,495 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] *********************************************************************************************************************************************** -2023-08-31 21:54:17,520 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:54:17,523 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,523 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,529 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,533 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: generate lab rst file] *************************************************************************************************************************************** -2023-08-31 21:54:17,555 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,557 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,563 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,814 p=73753 u=rob n=ansible | changed: [eveng -> localhost] -2023-08-31 21:54:17,819 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.conf files in Lab] ******************************************************************************************************************************** -2023-08-31 21:54:17,841 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,843 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,849 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:18,021 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:18,027 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.conf files] *************************************************************************************************************************************** -2023-08-31 21:54:18,055 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:18,055 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:18,062 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:18,307 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/vyos-wan_tun0.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 931, 'inode': 11076333, 'dev': 16777229, 'nlink': 1, 'atime': 1686132323.9467034, 'mtime': 1686132322.67604, 'ctime': 1686132322.67604, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:18,553 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/client.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 50, 'inode': 362570, 'dev': 16777229, 'nlink': 1, 'atime': 1675370047.0673313, 'mtime': 1648155110.0, 'ctime': 1675368464.8110585, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:18,810 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/vyos-wan.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 42, 'inode': 362571, 'dev': 16777229, 'nlink': 1, 'atime': 1675370047.0698297, 'mtime': 1648155110.0, 'ctime': 1675368464.8110874, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:19,050 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/transport.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 107, 'inode': 362574, 'dev': 16777229, 'nlink': 1, 'atime': 1675370047.104907, 'mtime': 1648155110.0, 'ctime': 1675368464.8111699, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:19,056 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.config files in Lab] ****************************************************************************************************************************** -2023-08-31 21:54:19,079 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,081 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,087 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:19,204 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:19,207 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.config files] ************************************************************************************************************************************* -2023-08-31 21:54:19,226 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:19,235 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,237 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,243 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:19,247 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.png files in Lab] ********************************************************************************************************************************* -2023-08-31 21:54:19,270 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,272 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,279 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:19,400 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:19,406 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.png files] **************************************************************************************************************************************** -2023-08-31 21:54:19,431 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,434 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,440 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:19,671 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/topology.png', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 34614, 'inode': 362567, 'dev': 16777229, 'nlink': 1, 'atime': 1676403697.1329076, 'mtime': 1648155110.0, 'ctime': 1675368464.8109767, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:19,676 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy ansible log files] ************************************************************************************************************************************** -2023-08-31 21:54:19,698 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,701 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,708 p=73753 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:07,038 p=3127 u=rob n=ansible | changed: [client] +2024-01-13 13:37:07,164 p=3127 u=rob n=ansible | changed: [vyos-wan] +2024-01-13 13:37:07,169 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : Register external IP in Tunnelbroker] ************************************************************ +2024-01-13 13:37:07,209 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:07,210 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:07,228 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:09,588 p=3127 u=rob n=ansible | ok: [vyos-wan -> eveng(eve-ng)] +2024-01-13 13:37:09,593 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : get ipv4 address of vyos-wan (eth1)] ************************************************************* +2024-01-13 13:37:09,608 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:09,608 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:09,612 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:10,606 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:37:10,607 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : Set variables] *********************************************************************************** +2024-01-13 13:37:10,620 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:10,620 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:10,624 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:10,642 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:37:10,644 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : setup vyos-wan] ********************************************************************************** +2024-01-13 13:37:10,656 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:10,656 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:10,661 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:19,755 p=3127 u=rob n=ansible | changed: [vyos-wan] +2024-01-13 13:37:19,760 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:37:19,782 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:19,783 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:37:19,787 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:20,518 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:37:20,521 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] ********************************************************************* +2024-01-13 13:37:20,536 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:20,536 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:20,541 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:37:20,545 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:20,547 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ******************************************************************* +2024-01-13 13:37:20,555 p=3127 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:37:20,556 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:37:25,561 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:37:25,566 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ******************************************************************** +2024-01-13 13:37:25,600 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:25,606 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:25,611 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:37:25,619 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:25,624 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ****************************************************************** +2024-01-13 13:37:25,640 p=3127 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:37:25,641 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:37:30,650 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:37:30,658 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ***************************** +2024-01-13 13:37:30,676 p=3127 u=rob n=ansible | Pausing for 30 seconds +2024-01-13 13:37:30,677 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:38:00,688 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:38:00,701 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ********************************************************************** +2024-01-13 13:38:00,727 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:00,729 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:06,158 p=3127 u=rob n=ansible | ok: [client] => (item=2001:470:20::2) +2024-01-13 13:38:06,448 p=3127 u=rob n=ansible | ok: [vyos-wan] => (item=tunnelbroker.net) +2024-01-13 13:38:06,456 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] ************************************************************* +2024-01-13 13:38:06,480 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:06,482 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:06,486 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:38:06,489 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:38:06,491 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ********************************************************** +2024-01-13 13:38:06,505 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:06,507 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:10,858 p=3127 u=rob n=ansible | ok: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:38:10,869 p=3127 u=rob n=ansible | ok: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:38:15,465 p=3127 u=rob n=ansible | ok: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) +2024-01-13 13:38:15,476 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] ********************************************************************* +2024-01-13 13:38:15,491 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:15,493 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:15,516 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:38:15,520 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:38:15,522 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Reboot vyos] *********************************************************************** +2024-01-13 13:38:15,534 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:15,534 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:16,652 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:38:16,656 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:38:16,662 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait while shutdown] *************************************************************** +2024-01-13 13:38:16,674 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:16,676 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] *************************************************************** +2024-01-13 13:38:16,688 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:16,688 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:18,405 p=3721 u=rob n=p=3721 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:38:18,450 p=3722 u=rob n=p=3722 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:38:18,742 p=3722 u=rob n=p=3722 u=rob | paramiko [client] | Authentication (publickey) successful! +2024-01-13 13:38:18,745 p=3721 u=rob n=p=3721 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! +2024-01-13 13:38:20,109 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:38:20,111 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:38:20,112 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:38:20,124 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:20,124 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:38:20,129 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:38:21,472 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:38:21,474 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] ********************************************************************* +2024-01-13 13:38:21,487 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:21,488 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:21,491 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:38:21,495 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:38:21,497 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ******************************************************************* +2024-01-13 13:38:21,505 p=3127 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:38:21,506 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:38:26,515 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:38:26,526 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ******************************************************************** +2024-01-13 13:38:26,549 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:26,551 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:26,556 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:38:26,560 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:38:26,562 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ****************************************************************** +2024-01-13 13:38:26,573 p=3127 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:38:26,573 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:38:31,582 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:38:31,588 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ***************************** +2024-01-13 13:38:31,605 p=3127 u=rob n=ansible | Pausing for 30 seconds +2024-01-13 13:38:31,605 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2024-01-13 13:39:01,610 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:39:01,615 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ********************************************************************** +2024-01-13 13:39:01,630 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:01,634 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:06,919 p=3127 u=rob n=ansible | ok: [client] => (item=2001:470:20::2) +2024-01-13 13:39:07,332 p=3127 u=rob n=ansible | ok: [vyos-wan] => (item=tunnelbroker.net) +2024-01-13 13:39:07,335 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] ************************************************************* +2024-01-13 13:39:07,348 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,348 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,352 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,355 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,357 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ********************************************************** +2024-01-13 13:39:07,371 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,372 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,376 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:39:07,377 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) +2024-01-13 13:39:07,378 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,380 p=3127 u=rob n=ansible | skipping: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:39:07,382 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,383 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] ********************************************************************* +2024-01-13 13:39:07,395 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,397 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,398 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,402 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,404 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: ake sure tmp dir exist] ************************************************************ +2024-01-13 13:39:07,416 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,416 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,417 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,421 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,423 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register status of tmp/] *********************************************************** +2024-01-13 13:39:07,432 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,436 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,438 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,440 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,442 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: download upgrade_iso] ************************************************************** +2024-01-13 13:39:07,450 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,454 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,456 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,459 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,463 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Copy iso to host] ****************************************************************** +2024-01-13 13:39:07,472 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,477 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,477 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,481 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,483 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: upgrade vyos] ********************************************************************** +2024-01-13 13:39:07,491 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,495 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,496 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,500 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,501 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Reboot vyos] *********************************************************************** +2024-01-13 13:39:07,513 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,514 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,515 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,518 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,519 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait while shutdown] *************************************************************** +2024-01-13 13:39:07,525 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,527 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] *************************************************************** +2024-01-13 13:39:07,534 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,538 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,540 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,543 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,544 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: clear tmp dir] ********************************************************************* +2024-01-13 13:39:07,551 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,553 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:39:07,564 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,565 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,565 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,569 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,571 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] ********************************************************************* +2024-01-13 13:39:07,583 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,585 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,587 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,591 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,593 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ******************************************************************* +2024-01-13 13:39:07,600 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,601 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ******************************************************************** +2024-01-13 13:39:07,613 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,615 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,618 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,621 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,622 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ****************************************************************** +2024-01-13 13:39:07,629 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,631 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ***************************** +2024-01-13 13:39:07,638 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,639 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ********************************************************************** +2024-01-13 13:39:07,648 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,652 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,654 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item=tunnelbroker.net) +2024-01-13 13:39:07,655 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,658 p=3127 u=rob n=ansible | skipping: [client] => (item=2001:470:20::2) +2024-01-13 13:39:07,659 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,661 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] ************************************************************* +2024-01-13 13:39:07,669 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,673 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,675 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,677 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,679 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ********************************************************** +2024-01-13 13:39:07,692 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,692 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,694 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:39:07,695 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) +2024-01-13 13:39:07,696 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,698 p=3127 u=rob n=ansible | skipping: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:39:07,698 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,700 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] ********************************************************************* +2024-01-13 13:39:07,712 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,713 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,713 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,717 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,720 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: make sure output dir exist] ******************************************************** +2024-01-13 13:39:07,731 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,732 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,735 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,883 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:07,885 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: make sure output include dir exist] ************************************************ +2024-01-13 13:39:07,898 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,898 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,901 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,048 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:08,050 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Get timestamp from the system] ***************************************************** +2024-01-13 13:39:08,061 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,063 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,066 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,320 p=3127 u=rob n=ansible | changed: [eveng] +2024-01-13 13:39:08,322 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] ********************************************************************* +2024-01-13 13:39:08,334 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:39:08,334 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,336 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,339 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,341 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: generate lab rst file] ************************************************************* +2024-01-13 13:39:08,354 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,355 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,359 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,652 p=3127 u=rob n=ansible | changed: [eveng -> localhost] +2024-01-13 13:39:08,654 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.conf files in Lab] ****************************************************** +2024-01-13 13:39:08,666 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,667 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,670 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,866 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:08,868 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.conf files] ************************************************************* +2024-01-13 13:39:08,880 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,881 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,884 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:09,164 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/vyos-wan_tun0.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 931, 'inode': 22902859, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4576929, 'mtime': 1701342323.3234093, 'ctime': 1701346519.9683046, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:09,444 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/client.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 50, 'inode': 22902860, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4575586, 'mtime': 1648155110.0, 'ctime': 1701346519.9686172, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:09,723 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/vyos-wan.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 42, 'inode': 22902861, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4576807, 'mtime': 1648155110.0, 'ctime': 1701346519.9688697, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:10,002 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/transport.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 107, 'inode': 22902864, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4576118, 'mtime': 1648155110.0, 'ctime': 1701346519.9698136, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:10,005 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.config files in Lab] **************************************************** +2024-01-13 13:39:10,017 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,018 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,021 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:10,164 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:10,166 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.config files] *********************************************************** +2024-01-13 13:39:10,177 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:10,178 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,179 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,182 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:10,184 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.png files in Lab] ******************************************************* +2024-01-13 13:39:10,196 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,198 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,202 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:10,346 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:10,348 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.png files] ************************************************************** +2024-01-13 13:39:10,360 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,361 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,364 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:10,637 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/topology.png', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 34614, 'inode': 22902857, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4576008, 'mtime': 1648155110.0, 'ctime': 1701346519.9677274, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:10,640 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy ansible log files] ************************************************************ +2024-01-13 13:39:10,653 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,653 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,656 p=3127 u=rob n=ansible | skipping: [client] diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst index 4a822b04..96c2e1af 100644 --- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst +++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst @@ -4,8 +4,8 @@ Tunnelbroker.net (IPv6) ####################### -| Testdate: 2023-08-31 -| Version: 1.4-rolling-202308240020 +| Testdate: 2024-01-13 +| Version: 1.5-rolling-202401121239 This guide walks through the setup of https://www.tunnelbroker.net/ for an IPv6 Tunnel. @@ -61,14 +61,14 @@ Now you should be able to ping a public IPv6 Address vyos@vyos-wan:~$ ping 2001:470:20::2 count 4 PING 2001:470:20::2(2001:470:20::2) 56 data bytes - 64 bytes from 2001:470:20::2: icmp_seq=1 ttl=64 time=39.4 ms - 64 bytes from 2001:470:20::2: icmp_seq=2 ttl=64 time=29.9 ms - 64 bytes from 2001:470:20::2: icmp_seq=3 ttl=64 time=30.0 ms - 64 bytes from 2001:470:20::2: icmp_seq=4 ttl=64 time=29.9 ms + 64 bytes from 2001:470:20::2: icmp_seq=1 ttl=64 time=33.8 ms + 64 bytes from 2001:470:20::2: icmp_seq=2 ttl=64 time=43.9 ms + 64 bytes from 2001:470:20::2: icmp_seq=3 ttl=64 time=43.4 ms + 64 bytes from 2001:470:20::2: icmp_seq=4 ttl=64 time=42.5 ms --- 2001:470:20::2 ping statistics --- - 4 packets transmitted, 4 received, 0% packet loss, time 3005ms - rtt min/avg/max/mdev = 29.885/32.293/39.371/4.086 ms + 4 packets transmitted, 4 received, 0% packet loss, time 2999ms + rtt min/avg/max/mdev = 33.802/40.920/43.924/4.139 ms Assuming the pings are successful, you need to add some DNS servers. @@ -85,14 +85,14 @@ You should now be able to ping something by IPv6 DNS name: vyos@vyos-wan:~$ ping tunnelbroker.net count 4 PING tunnelbroker.net(tunnelbroker.net (2001:470:0:63::2)) 56 data bytes - 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=1 ttl=46 time=200 ms - 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=2 ttl=46 time=176 ms - 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=3 ttl=46 time=244 ms - 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=4 ttl=46 time=176 ms + 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=1 ttl=48 time=285 ms + 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=2 ttl=48 time=186 ms + 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=3 ttl=48 time=178 ms + 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=4 ttl=48 time=177 ms --- tunnelbroker.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3002ms - rtt min/avg/max/mdev = 175.737/198.653/243.621/27.714 ms + rtt min/avg/max/mdev = 176.707/206.638/285.128/45.457 ms ***************** @@ -148,14 +148,14 @@ Now the Client is able to ping a public IPv6 address vyos@client:~$ ping 2001:470:20::2 count 4 PING 2001:470:20::2(2001:470:20::2) 56 data bytes - 64 bytes from 2001:470:20::2: icmp_seq=1 ttl=63 time=30.5 ms - 64 bytes from 2001:470:20::2: icmp_seq=2 ttl=63 time=29.6 ms - 64 bytes from 2001:470:20::2: icmp_seq=3 ttl=63 time=29.9 ms - 64 bytes from 2001:470:20::2: icmp_seq=4 ttl=63 time=29.8 ms + 64 bytes from 2001:470:20::2: icmp_seq=1 ttl=63 time=32.1 ms + 64 bytes from 2001:470:20::2: icmp_seq=2 ttl=63 time=41.8 ms + 64 bytes from 2001:470:20::2: icmp_seq=3 ttl=63 time=41.7 ms + 64 bytes from 2001:470:20::2: icmp_seq=4 ttl=63 time=47.1 ms --- 2001:470:20::2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3005ms - rtt min/avg/max/mdev = 29.578/29.959/30.490/0.333 ms + rtt min/avg/max/mdev = 32.128/40.688/47.107/5.403 ms Multiple LAN/DMZ Setup diff --git a/docs/configexamples/pppoe-ipv6-basic.rst b/docs/configexamples/pppoe-ipv6-basic.rst index f569d9c3..ad588def 100644 --- a/docs/configexamples/pppoe-ipv6-basic.rst +++ b/docs/configexamples/pppoe-ipv6-basic.rst @@ -89,24 +89,28 @@ To have basic protection while keeping IPv6 network functional, we need to: .. code-block:: none - set firewall ipv6-name WAN_IN default-action 'drop' - set firewall ipv6-name WAN_IN rule 10 action 'accept' - set firewall ipv6-name WAN_IN rule 10 state established 'enable' - set firewall ipv6-name WAN_IN rule 10 state related 'enable' - set firewall ipv6-name WAN_IN rule 20 action 'accept' - set firewall ipv6-name WAN_IN rule 20 protocol 'icmpv6' - set firewall ipv6-name WAN_LOCAL default-action 'drop' - set firewall ipv6-name WAN_LOCAL rule 10 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 10 state established 'enable' - set firewall ipv6-name WAN_LOCAL rule 10 state related 'enable' - set firewall ipv6-name WAN_LOCAL rule 20 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 20 protocol 'icmpv6' - set firewall ipv6-name WAN_LOCAL rule 30 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 30 destination port '546' - set firewall ipv6-name WAN_LOCAL rule 30 protocol 'udp' - set firewall ipv6-name WAN_LOCAL rule 30 source port '547' - set interfaces pppoe pppoe0 firewall in ipv6-name 'WAN_IN' - set interfaces pppoe pppoe0 firewall local ipv6-name 'WAN_LOCAL' + set firewall ipv6 name WAN_IN default-action 'drop' + set firewall ipv6 name WAN_IN rule 10 action 'accept' + set firewall ipv6 name WAN_IN rule 10 state established 'enable' + set firewall ipv6 name WAN_IN rule 10 state related 'enable' + set firewall ipv6 name WAN_IN rule 20 action 'accept' + set firewall ipv6 name WAN_IN rule 20 protocol 'icmpv6' + set firewall ipv6 name WAN_LOCAL default-action 'drop' + set firewall ipv6 name WAN_LOCAL rule 10 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 10 state established 'enable' + set firewall ipv6 name WAN_LOCAL rule 10 state related 'enable' + set firewall ipv6 name WAN_LOCAL rule 20 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 20 protocol 'icmpv6' + set firewall ipv6 name WAN_LOCAL rule 30 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 30 destination port '546' + set firewall ipv6 name WAN_LOCAL rule 30 protocol 'udp' + set firewall ipv6 name WAN_LOCAL rule 30 source port '547' + set firewall ipv6 forward filter rule 10 action jump + set firewall ipv6 forward filter rule 10 jump-target 'WAN_IN' + set firewall ipv6 forward filter rule 10 inbound-interface name 'pppoe0' + set firewall ipv6 input filter rule 10 action jump + set firewall ipv6 input filter rule 10 jump-target 'WAN_LOCAL' + set firewall ipv6 input filter rule 10 inbound-interface name 'pppoe0' Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client). diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index c23a6184..0487f863 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -182,11 +182,11 @@ Example Configuration .. code-block:: none - set container network zabbix-net prefix 172.20.0.0/16 - set container network zabbix-net description 'Network for Zabbix component containers' + set container network zabbix prefix 172.20.0.0/16 + set container network zabbix description 'Network for Zabbix component containers' set container name mysql-server image mysql:8.0 - set container name mysql-server network zabbix-net + set container name mysql-server network zabbix set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix' set container name mysql-server environment 'MYSQL_USER' value 'zabbix' @@ -194,10 +194,10 @@ Example Configuration set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' set container name zabbix-java-gateway image zabbix/zabbix-java-gateway:alpine-5.2-latest - set container name zabbix-java-gateway network zabbix-net + set container name zabbix-java-gateway network zabbix set container name zabbix-server-mysql image zabbix/zabbix-server-mysql:alpine-5.2-latest - set container name zabbix-server-mysql network zabbix-net + set container name zabbix-server-mysql network zabbix set container name zabbix-server-mysql environment 'DB_SERVER_HOST' value 'mysql-server' set container name zabbix-server-mysql environment 'MYSQL_DATABASE' value 'zabbix' @@ -210,7 +210,7 @@ Example Configuration set container name zabbix-server-mysql port zabbix destination 10051 set container name zabbix-web-nginx-mysql image zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest - set container name zabbix-web-nginx-mysql network zabbix-net + set container name zabbix-web-nginx-mysql network zabbix set container name zabbix-web-nginx-mysql environment 'MYSQL_DATABASE' value 'zabbix' set container name zabbix-web-nginx-mysql environment 'ZBX_SERVER_HOST' value 'zabbix-server-mysql' diff --git a/docs/configuration/firewall/bridge.rst b/docs/configuration/firewall/bridge.rst index 4a0dc3bb..9fb019c5 100644 --- a/docs/configuration/firewall/bridge.rst +++ b/docs/configuration/firewall/bridge.rst @@ -39,4 +39,363 @@ for this layer is shown next: For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge -forward filter ...`` +forward filter ...``, which happens in stage 4, highlightened with red color. + +Custom bridge firewall chains can be create with command ``set firewall bridge +name <name> ...``. In order to use such custom chain, a rule with action jump, +and the appropiate target should be defined in a base chain. + +.. note:: **Layer 3 bridge**: + When an IP address is assigned to the bridge interface, and if traffic + is sent to the router to this IP (for example using such IP as + default gateway), then rules defined for **bridge firewall** won't + match, and firewall analysis continues at **IP layer**. + +************ +Bridge Rules +************ + +For firewall filtering, firewall rules needs to be created. Each rule is +numbered, has an action to apply if the rule is matched, and the ability +to specify multiple criteria matchers. Data packets go through the rules +from 1 - 999999, so order is crucial. At the first match the action of the +rule will be executed. + +Actions +======= + +If a rule is defined, then an action must be defined for it. This tells the +firewall what to do if all criteria matchers defined for such rule do match. + +In firewall bridge rules, the action can be: + + * ``accept``: accept the packet. + + * ``continue``: continue parsing next rule. + + * ``drop``: drop the packet. + + * ``jump``: jump to another custom chain. + + * ``return``: Return from the current chain and continue at the next rule + of the last chain. + + * ``queue``: Enqueue packet to userspace. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> action + [accept | continue | drop | jump | queue | return] +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> action + [accept | continue | drop | jump | queue | return] + + This required setting defines the action of the current rule. If action is + set to jump, then jump-target is also needed. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + jump-target <text> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + jump-target <text> + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + queue <0-65535> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + queue <0-65535> + + To be used only when action is set to ``queue``. Use this command to specify + queue target to use. Queue range is also supported. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + queue-options bypass +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + queue-options bypass + + To be used only when action is set to ``queue``. Use this command to let + packet go through firewall when no userspace software is connected to the + queue. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + queue-options fanout +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + queue-options fanout + + To be used only when action is set to ``queue``. Use this command to + distribute packets between several queues. + +Also, **default-action** is an action that takes place whenever a packet does +not match any rule in it's chain. For base chains, possible options for +**default-action** are **accept** or **drop**. + +.. cfgcmd:: set firewall bridge forward filter default-action + [accept | drop] +.. cfgcmd:: set firewall bridge name <name> default-action + [accept | continue | drop | jump | queue | return] + + This set the default action of the rule-set if no rule matched a packet + criteria. If default-action is set to ``jump``, then + ``default-jump-target`` is also needed. Note that for base chains, default + action can only be set to ``accept`` or ``drop``, while on custom chain, + more actions are available. + +.. cfgcmd:: set firewall bridge name <name> default-jump-target <text> + + To be used only when ``defult-action`` is set to ``jump``. Use this + command to specify jump target for default rule. + +.. note:: **Important note about default-actions:** + If default action for any base chain is not defined, then the default + action is set to **accept** for that chain. For custom chains, if default + action is not defined, then the default-action is set to **drop**. + +Firewall Logs +============= + +Logging can be enable for every single firewall rule. If enabled, other +log options can be defined. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> log +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> log + + Enable logging for the matched packet. If this configuration command is not + present, then log is not enabled. + +.. cfgcmd:: set firewall bridge forward filter enable-default-log +.. cfgcmd:: set firewall bridge name <name> enable-default-log + + Use this command to enable the logging of the default action on + the specified chain. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + log-options level [emerg | alert | crit | err | warn | notice + | info | debug] +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + log-options level [emerg | alert | crit | err | warn | notice + | info | debug] + + Define log-level. Only applicable if rule log is enable. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + log-options group <0-65535> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + log-options group <0-65535> + + Define log group to send message to. Only applicable if rule log is enable. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + log-options snapshot-length <0-9000> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + log-options snapshot-length <0-9000> + + Define length of packet payload to include in netlink message. Only + applicable if rule log is enable and log group is defined. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + log-options queue-threshold <0-65535> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + log-options queue-threshold <0-65535> + + Define number of packets to queue inside the kernel before sending them to + userspace. Only applicable if rule log is enable and log group is defined. + +Firewall Description +==================== + +For reference, a description can be defined for every defined custom chain. + +.. cfgcmd:: set firewall bridge name <name> description <text> + + Provide a rule-set description to a custom firewall chain. + +Rule Status +=========== + +When defining a rule, it is enable by default. In some cases, it is useful to +just disable the rule, rather than removing it. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> disable +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> disable + + Command for disabling a rule but keep it in the configuration. + +Matching criteria +================= + +There are a lot of matching criteria against which the packet can be tested. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + destination mac-address <mac-address> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + destination mac-address <mac-address> +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + source mac-address <mac-address> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + source mac-address <mac-address> + + Match criteria based on source and/or destination mac-address. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + inbound-interface name <iface> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + inbound-interface name <iface> + + Match based on inbound interface. Wilcard ``*`` can be used. + For example: ``eth2*``. Prepending character ``!`` for inverted matching + criteria is also supportd. For example ``!eth2`` + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + inbound-interface group <iface_group> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + inbound-interface group <iface_group> + + Match based on inbound interface group. Prepending character ``!`` for + inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + outbound-interface name <iface> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + outbound-interface name <iface> + + Match based on outbound interface. Wilcard ``*`` can be used. + For example: ``eth2*``. Prepending character ``!`` for inverted matching + criteria is also supportd. For example ``!eth2`` + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + outbound-interface group <iface_group> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + outbound-interface group <iface_group> + + Match based on outbound interface group. Prepending character ``!`` for + inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + vlan id <0-4096> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + vlan id <0-4096> + + Match based on vlan ID. Range is also supported. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> + vlan priority <0-7> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> + vlan priority <0-7> + + Match based on vlan priority(pcp). Range is also supported. + +*********************** +Operation-mode Firewall +*********************** + +Rule-set overview +================= + +In this section you can find all useful firewall op-mode commands. + +General commands for firewall configuration, counter and statiscits: + +.. opcmd:: show firewall +.. opcmd:: show firewall summary +.. opcmd:: show firewall statistics + +And, to print only bridge firewall information: + +.. opcmd:: show firewall bridge +.. opcmd:: show firewall bridge forward filter +.. opcmd:: show firewall bridge forward filter rule <rule> +.. opcmd:: show firewall bridge name <name> +.. opcmd:: show firewall bridge name <name> rule <rule> + +Show Firewall log +================= + +.. opcmd:: show log firewall +.. opcmd:: show log firewall bridge +.. opcmd:: show log firewall bridge forward +.. opcmd:: show log firewall bridge forward filter +.. opcmd:: show log firewall bridge name <name> +.. opcmd:: show log firewall bridge forward filter rule <rule> +.. opcmd:: show log firewall bridge name <name> rule <rule> + + Show the logs of all firewall; show all bridge firewall logs; show all logs + for forward hook; show all logs for forward hook and priority filter; show + all logs for particular custom chain; show logs for specific Rule-Set. + +Example +======= + +Configuration example: + +.. code-block:: none + + set firewall bridge forward filter default-action 'drop' + set firewall bridge forward filter enable-default-log + set firewall bridge forward filter rule 10 action 'continue' + set firewall bridge forward filter rule 10 inbound-interface name 'eth2' + set firewall bridge forward filter rule 10 vlan id '22' + set firewall bridge forward filter rule 20 action 'drop' + set firewall bridge forward filter rule 20 inbound-interface group 'TRUNK-RIGHT' + set firewall bridge forward filter rule 20 vlan id '60' + set firewall bridge forward filter rule 30 action 'jump' + set firewall bridge forward filter rule 30 jump-target 'TEST' + set firewall bridge forward filter rule 30 outbound-interface name '!eth1' + set firewall bridge forward filter rule 35 action 'accept' + set firewall bridge forward filter rule 35 vlan id '11' + set firewall bridge forward filter rule 40 action 'continue' + set firewall bridge forward filter rule 40 destination mac-address '66:55:44:33:22:11' + set firewall bridge forward filter rule 40 source mac-address '11:22:33:44:55:66' + set firewall bridge name TEST default-action 'accept' + set firewall bridge name TEST enable-default-log + set firewall bridge name TEST rule 10 action 'continue' + set firewall bridge name TEST rule 10 log + set firewall bridge name TEST rule 10 vlan priority '0' + +And op-mode commands: + +.. code-block:: none + + vyos@BRI:~$ show firewall bridge + Rulesets bridge Information + + --------------------------------- + bridge Firewall "forward filter" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- --------------------------------------------------------------------- + 10 continue all 0 0 iifname "eth2" vlan id 22 continue + 20 drop all 0 0 iifname @I_TRUNK-RIGHT vlan id 60 + 30 jump all 2130 170688 oifname != "eth1" jump NAME_TEST + 35 accept all 2080 168616 vlan id 11 accept + 40 continue all 0 0 ether daddr 66:55:44:33:22:11 ether saddr 11:22:33:44:55:66 continue + default drop all 0 0 + + --------------------------------- + bridge Firewall "name TEST" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- -------------------------------------------------- + 10 continue all 2130 170688 vlan pcp 0 prefix "[bri-NAM-TEST-10-C]" continue + default accept all 2130 170688 + + vyos@BRI:~$ + vyos@BRI:~$ show firewall bridge name TEST + Ruleset Information + + --------------------------------- + bridge Firewall "name TEST" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- -------------------------------------------------- + 10 continue all 2130 170688 vlan pcp 0 prefix "[bri-NAM-TEST-10-C]" continue + default accept all 2130 170688 + + vyos@BRI:~$ + +Inspect logs: + +.. code-block:: none + + vyos@BRI:~$ show log firewall bridge + Dec 05 14:37:47 kernel: [bri-NAM-TEST-10-C]IN=eth1 OUT=eth2 ARP HTYPE=1 PTYPE=0x0800 OPCODE=1 MACSRC=50:00:00:04:00:00 IPSRC=10.11.11.101 MACDST=00:00:00:00:00:00 IPDST=10.11.11.102 + Dec 05 14:37:48 kernel: [bri-NAM-TEST-10-C]IN=eth1 OUT=eth2 ARP HTYPE=1 PTYPE=0x0800 OPCODE=1 MACSRC=50:00:00:04:00:00 IPSRC=10.11.11.101 MACDST=00:00:00:00:00:00 IPDST=10.11.11.102 + Dec 05 14:37:49 kernel: [bri-NAM-TEST-10-C]IN=eth1 OUT=eth2 ARP HTYPE=1 PTYPE=0x0800 OPCODE=1 MACSRC=50:00:00:04:00:00 IPSRC=10.11.11.101 MACDST=00:00:00:00:00:00 IPDST=10.11.11.102 + ... + vyos@BRI:~$ show log firewall bridge forward filter + Dec 05 14:42:22 kernel: [bri-FWD-filter-default-D]IN=eth2 OUT=eth1 MAC=33:33:00:00:00:16:50:00:00:06:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 + Dec 05 14:42:22 kernel: [bri-FWD-filter-default-D]IN=eth2 OUT=eth1 MAC=33:33:00:00:00:16:50:00:00:06:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0000 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 diff --git a/docs/configuration/firewall/flowtables.rst b/docs/configuration/firewall/flowtables.rst index 8b44a9b9..bc7b9212 100644 --- a/docs/configuration/firewall/flowtables.rst +++ b/docs/configuration/firewall/flowtables.rst @@ -1,4 +1,4 @@ -:lastproofread: 2023-11-08 +:lastproofread: 2023-12-26 .. _firewall-flowtables-configuration: @@ -13,7 +13,7 @@ Overview ******** In this section there's useful information of all firewall configuration that -can be done regarding flowtables +can be done regarding flowtables. .. cfgcmd:: set firewall flowtables ... @@ -50,3 +50,139 @@ flowtable (flowtable miss), the packet follows the classic IP forwarding path. .. note:: **Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html + + +*********************** +Flowtable Configuration +*********************** + +In order to use flowtables, the minimal configuration needed includes: + + * Create flowtable: create flowtable, which includes the interfaces + that are going to be used by the flowtable. + + * Create firewall rule: create a firewall rule, setting action to + ``offload`` and using desired flowtable for ``offload-target``. + +Creating a flow table: + +.. cfgcmd:: set firewall flowtable <flow_table_name> interface <iface> + + Define interfaces to be used in the flowtable. + +.. cfgcmd:: set firewall flowtable <flow_table_name> description <text> + +Provide a description to the flow table. + +.. cfgcmd:: set firewall flowtable <flow_table_name> offload + <hardware | software> + + Define type of offload to be used by the flowtable: ``hardware`` or + ``software``. By default, ``software`` offload is used. + +.. note:: **Hardware offload:** should be supported by the NICs used. + +Creating rules for using flow tables: + +.. cfgcmd:: set firewall [ipv4 | ipv4] forward filter rule <1-999999> + action offload + + Create firewall rule in forward chain, and set action to ``offload``. + +.. cfgcmd:: set firewall [ipv4 | ipv4] forward filter rule <1-999999> + offload-target <flowtable> + + Create firewall rule in forward chain, and define which flowtbale + should be used. Only applicable if action is ``offload``. + +********************* +Configuration Example +********************* + +Things to be considred in this setup: + + * Two interfaces are going to be used in the flowtables: eth0 and eth1 + + * Minumum firewall ruleset is provided, which includes some filtering rules, + and appropiate rules for using flowtable offload capabilities. + +As described, first packet will be evaluated by all the firewall path, so +desired connection should be explicitely accepted. Same thing should be taken +into account for traffic in reverse order. In most cases state policies are +used in order to accept connection in reverse patch. + +We will only accept traffic comming from interface eth0, protocol tcp and +destination port 1122. All other traffic traspassing the router should be +blocked. + +Commands +-------- + +.. code-block:: none + + set firewall flowtable FT01 interface 'eth0' + set firewall flowtable FT01 interface 'eth1' + set firewall ipv4 forward filter default-action 'drop' + set firewall ipv4 forward filter rule 10 action 'offload' + set firewall ipv4 forward filter rule 10 offload-target 'FT01' + set firewall ipv4 forward filter rule 10 state 'established' + set firewall ipv4 forward filter rule 10 state 'related' + set firewall ipv4 forward filter rule 20 action 'accept' + set firewall ipv4 forward filter rule 20 state 'established' + set firewall ipv4 forward filter rule 20 state 'related' + set firewall ipv4 forward filter rule 110 action 'accept' + set firewall ipv4 forward filter rule 110 destination address '192.0.2.100' + set firewall ipv4 forward filter rule 110 destination port '1122' + set firewall ipv4 forward filter rule 110 inbound-interface name 'eth0' + set firewall ipv4 forward filter rule 110 protocol 'tcp' + +Explanation +----------- + +Analysis on what happens for desired connection: + + 1. First packet is received on eht0, with destination address 192.0.2.100, + protocol tcp and destination port 1122. Assume such destination address is + reachable through interface eth1. + + 2. Since this is the first packet, connection status of this connection, + so far is **new**. So neither rule 10 nor 20 are valid. + + 3. Rule 110 is hit, so connection is accepted. + + 4. Once answer from server 192.0.2.100 is seen in opposite direction, + connection state will be triggered to **established**, so this reply is + accepted in rule 10. + + 5. Second packet for this connection is received by the router. Since + connection state is **established**, then rule 10 is hit, and a new entry + in the flowtable FT01 is added for this connection. + + 6. All subsecuent packets will skip traditional path, and will be offloaded + and will use the **Fast Path**. + +Checks +------ + +It's time to check conntrack table, to see if any connection was accepted, +and if was properly offloaded + +.. code-block:: none + + vyos@FlowTables:~$ show firewall ipv4 forward filter + Ruleset Information + + --------------------------------- + ipv4 Firewall "forward filter" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ---------------------------------------------------------------- + 10 offload all 8 468 ct state { established, related } flow add @VYOS_FLOWTABLE_FT01 + 20 accept all 8 468 ct state { established, related } accept + 110 accept tcp 2 120 ip daddr 192.0.2.100 tcp dport 1122 iifname "eth0" accept + default drop all 7 420 + + vyos@FlowTables:~$ sudo conntrack -L | grep tcp + conntrack v1.4.6 (conntrack-tools): 5 flow entries have been shown. + tcp 6 src=198.51.100.100 dst=192.0.2.100 sport=41676 dport=1122 src=192.0.2.100 dst=198.51.100.100 sport=1122 dport=41676 [OFFLOAD] mark=0 use=2 + vyos@FlowTables:~$ diff --git a/docs/configuration/firewall/global-options.rst b/docs/configuration/firewall/global-options.rst index 316e0802..b3f311aa 100644 --- a/docs/configuration/firewall/global-options.rst +++ b/docs/configuration/firewall/global-options.rst @@ -1,4 +1,4 @@ -:lastproofread: 2023-11-07 +:lastproofread: 2023-12-26 .. _firewall-global-options-configuration: @@ -114,4 +114,34 @@ Configuration Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered: - * ``net.ipv4.tcp_rfc1337``
\ No newline at end of file + * ``net.ipv4.tcp_rfc1337`` + +.. cfgcmd:: set firewall global-options state-policy established action + [accept | drop | reject] + +.. cfgcmd:: set firewall global-options state-policy established log + +.. cfgcmd:: set firewall global-options state-policy established log-level + [emerg | alert | crit | err | warn | notice | info | debug] + + Set the global setting for an established connection. + +.. cfgcmd:: set firewall global-options state-policy invalid action + [accept | drop | reject] + +.. cfgcmd:: set firewall global-options state-policy invalid log + +.. cfgcmd:: set firewall global-options state-policy invalid log-level + [emerg | alert | crit | err | warn | notice | info | debug] + + Set the global setting for invalid packets. + +.. cfgcmd:: set firewall global-options state-policy related action + [accept | drop | reject] + +.. cfgcmd:: set firewall global-options state-policy related log + +.. cfgcmd:: set firewall global-options state-policy related log-level + [emerg | alert | crit | err | warn | notice | info | debug] + + Set the global setting for related connections. diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 3887e26a..74d5bc20 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -4,31 +4,32 @@ Firewall ######## -With VyOS being based on top of Linux and its kernel, the Netfilter project -created the iptables and now the successor nftables for the Linux kernel to -work directly on the data flows. This now extends the concept of zone-based -security to allow for manipulating the data at multiple stages once accepted -by the network interface and the driver before being handed off to the -destination (e.g. a web server OR another device). +As VyOS is based on Linux it leverages its firewall. The Netfilter project +created iptables and its successor nftables for the Linux kernel to +work directly on packet data flows. This now extends the concept of +zone-based security to allow for manipulating the data at multiple stages once +accepted by the network interface and the driver before being handed off to +the destination (e.g., a web server OR another device). -A simplified traffic flow, based on Netfilter packet flow, is shown next, in -order to have a full view and understanding of how packets are processed, and -what possible paths can take. +A simplified traffic flow diagram, based on Netfilter packet flow, is shown +next, in order to have a full view and understanding of how packets are +processed, and what possible paths traffic can take. .. figure:: /_static/images/firewall-gral-packet-flow.png -Main notes regarding this packet flow and terminology used in VyOS firewall: +The main points regarding this packet flow and terminology used in VyOS +firewall are covered below: - * **Bridge Port?**: choose appropiate path based on if interface were the - packet was received is part of a bridge, or not. + * **Bridge Port?**: choose appropriate path based on whether interface + where the packet was received is part of a bridge, or not. -If interface were the packet was received isn't part of a bridge, then packet -is processed at the **IP Layer**: +If the interface where the packet was received isn't part of a bridge, then +packetis processed at the **IP Layer**: * **Prerouting**: several actions can be done in this stage, and currently - these actions are defined in different parts in vyos configuration. Order + these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions - define under ``firewall`` section. Relevant configuration that acts in + defined under ``firewall`` section. Relevant configuration that acts in this stage are: * **Conntrack Ignore**: rules defined under ``set system conntrack ignore @@ -40,12 +41,12 @@ is processed at the **IP Layer**: * **Destination NAT**: rules defined under ``set [nat | nat66] destination...``. - * **Destination is the router?**: choose appropiate path based on - destination IP address. Transit forward continunes to **forward**, + * **Destination is the router?**: choose appropriate path based on + destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**. - * **Input**: stage where traffic destinated to the router itself can be + * **Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in: @@ -61,10 +62,10 @@ is processed at the **IP Layer**: * ``set firewall ipv6 forward filter ...``. - * **Output**: stage where traffic that is originated by the router itself - can be filtered and controlled. Bare in mind that this traffic can be a - new connection originted by a internal process running on VyOS router, - such as NTP, or can be a response to traffic received externaly through + * **Output**: stage where traffic that originates from the router itself + can be filtered and controlled. Bear in mind that this traffic can be a + new connection originated by a internal process running on VyOS router, + such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in: @@ -79,16 +80,16 @@ is processed at the **IP Layer**: * **Source NAT**: rules defined under ``set [nat | nat66] destination...``. -If interface were the packet was received is part of a bridge, then packet -is processed at the **Bridge Layer**, which contains a ver basic setup where -for bridge filtering: +If the interface where the packet was received is part of a bridge, then +packetis processed at the **Bridge Layer**, which contains a basic setup for +bridge filtering: - * **Forward (Bridge)**: stage where traffic that is trasspasing through the + * **Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled: * ``set firewall bridge forward filter ...``. -Main structure VyOS firewall cli is shown next: +The main structure VyOS firewall cli is shown next: .. code-block:: none @@ -134,7 +135,7 @@ Main structure VyOS firewall cli is shown next: - custom_zone_name + ... -Please, refer to appropiate section for more information about firewall +Please, refer to appropriate section for more information about firewall configuration: .. toctree:: diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index 3fd365e1..9a683d22 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -123,9 +123,46 @@ The action can be : .. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> jump-target <text> - To be used only when action is set to jump. Use this command to specify + To be used only when action is set to ``jump``. Use this command to specify jump target. +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + queue <0-65535> +.. cfgcmd:: set firewall ipv4 input filter rule <1-999999> + queue <0-65535> +.. cfgcmd:: set firewall ipv4 output filter rule <1-999999> + queue <0-65535> +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> + queue <0-65535> + + To be used only when action is set to ``queue``. Use this command to specify + queue target to use. Queue range is also supported. + +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + queue-options bypass +.. cfgcmd:: set firewall ipv4 input filter rule <1-999999> + queue-options bypass +.. cfgcmd:: set firewall ipv4 output filter rule <1-999999> + queue-options bypass +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> + queue-options bypass + + To be used only when action is set to ``queue``. Use this command to let + packet go through firewall when no userspace software is connected to the + queue. + +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + queue-options fanout +.. cfgcmd:: set firewall ipv4 input filter rule <1-999999> + queue-options fanout +.. cfgcmd:: set firewall ipv4 output filter rule <1-999999> + queue-options fanout +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> + queue-options fanout + + To be used only when action is set to ``queue``. Use this command to + distribute packets between several queues. + Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**. @@ -140,7 +177,7 @@ not match any rule in it's chain. For base chains, possible options for [accept | drop | jump | queue | reject | return] This set the default action of the rule-set if no rule matched a packet - criteria. If defacult-action is set to ``jump``, then + criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available. @@ -153,7 +190,7 @@ not match any rule in it's chain. For base chains, possible options for .. note:: **Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default - action is not defined, then the default-action is set to **drop** + action is not defined, then the default-action is set to **drop**. Firewall Logs ============= @@ -162,15 +199,12 @@ Logging can be enable for every single firewall rule. If enabled, other log options can be defined. .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> log - [disable | enable] .. cfgcmd:: set firewall ipv4 input filter rule <1-999999> log - [disable | enable] .. cfgcmd:: set firewall ipv4 output filter rule <1-999999> log - [disable | enable] .. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> log - [disable | enable] - Enable or disable logging for the matched packet. + Enable logging for the matched packet. If this configuration command is not + present, then log is not enabled. .. cfgcmd:: set firewall ipv4 forward filter enable-default-log .. cfgcmd:: set firewall ipv4 input filter enable-default-log @@ -266,7 +300,7 @@ just disable the rule, rather than removing it. Matching criteria ================= -There are a lot of matching criteria against which the package can be tested. +There are a lot of matching criteria against which the packet can be tested. .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> connection-status nat [destination | source] diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index 83a5f694..0aa8a137 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -123,9 +123,46 @@ The action can be : .. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> jump-target <text> - To be used only when action is set to jump. Use this command to specify + To be used only when action is set to ``jump``. Use this command to specify jump target. +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + queue <0-65535> +.. cfgcmd:: set firewall ipv6 input filter rule <1-999999> + queue <0-65535> +.. cfgcmd:: set firewall ipv6 output filter rule <1-999999> + queue <0-65535> +.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> + queue <0-65535> + + To be used only when action is set to ``queue``. Use this command to specify + queue target to use. Queue range is also supported. + +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + queue-options bypass +.. cfgcmd:: set firewall ipv6 input filter rule <1-999999> + queue-options bypass +.. cfgcmd:: set firewall ipv6 output filter rule <1-999999> + queue-options bypass +.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> + queue-options bypass + + To be used only when action is set to ``queue``. Use this command to let + packet go through firewall when no userspace software is connected to the + queue. + +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + queue-options fanout +.. cfgcmd:: set firewall ipv6 input filter rule <1-999999> + queue-options fanout +.. cfgcmd:: set firewall ipv6 output filter rule <1-999999> + queue-options fanout +.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> + queue-options fanout + + To be used only when action is set to ``queue``. Use this command to + distribute packets between several queues. + Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**. @@ -140,7 +177,7 @@ not match any rule in it's chain. For base chains, possible options for [accept | drop | jump | queue | reject | return] This set the default action of the rule-set if no rule matched a packet - criteria. If defacult-action is set to ``jump``, then + criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available. @@ -153,7 +190,7 @@ not match any rule in it's chain. For base chains, possible options for .. note:: **Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default - action is not defined, then the default-action is set to **drop** + action is not defined, then the default-action is set to **drop**. Firewall Logs ============= @@ -162,15 +199,12 @@ Logging can be enable for every single firewall rule. If enabled, other log options can be defined. .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> log - [disable | enable] .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> log - [disable | enable] .. cfgcmd:: set firewall ipv6 output filter rule <1-999999> log - [disable | enable] .. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> log - [disable | enable] - Enable or disable logging for the matched packet. + Enable logging for the matched packet. If this configuration command is not + present, then log is not enabled. .. cfgcmd:: set firewall ipv6 forward filter enable-default-log .. cfgcmd:: set firewall ipv6 input filter enable-default-log @@ -266,7 +300,7 @@ just disable the rule, rather than removing it. Matching criteria ================= -There are a lot of matching criteria against which the package can be tested. +There are a lot of matching criteria against which the packet can be tested. .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> connection-status nat [destination | source] @@ -936,7 +970,7 @@ Rule-set overview .. code-block:: none - vyos@vyos:~$ show firewall + vyos@vyos:~$ show firewall Rulesets Information --------------------------------- @@ -999,7 +1033,7 @@ Rule-set overview .. code-block:: none - vyos@vyos:~$ show firewall summary + vyos@vyos:~$ show firewall summary Ruleset Summary IPv6 Ruleset: @@ -1049,29 +1083,30 @@ Rule-set overview .. opcmd:: show firewall ipv6 [forward | input | output] filter -.. opcmd:: show firewall ipv4 name <name> - .. opcmd:: show firewall ipv6 ipv6-name <name> This command will give an overview of a single rule-set. .. code-block:: none - vyos@vyos:~$ show firewall ipv4 input filter + vyos@vyos:~$ show firewall ipv6 input filter Ruleset Information --------------------------------- - IPv4 Firewall "input filter" + ipv6 Firewall "input filter" Rule Action Protocol Packets Bytes Conditions - ------- -------- ---------- --------- ------- ----------------------------------------- - 5 jump all 0 0 iifname "eth2" jump NAME_VyOS_MANAGEMENT - default accept all + ------- -------- ---------- --------- ------- ------------------------------------------------------------------------------ + 10 jump all 13 1456 iifname "eth1" jump NAME6_INP-ETH1 + 20 accept ipv6-icmp 10 1112 meta l4proto ipv6-icmp iifname "eth0" prefix "[ipv6-INP-filter-20-A]" accept + default accept all 14 1584 + + vyos@vyos:~$ .. opcmd:: show firewall ipv6 [forward | input | output] filter rule <1-999999> -.. opcmd:: show firewall ipv4 name <name> rule <1-999999> +.. opcmd:: show firewall ipv6 name <name> rule <1-999999> .. opcmd:: show firewall ipv6 ipv6-name <name> rule <1-999999> @@ -1084,7 +1119,7 @@ Rule-set overview .. code-block:: none - vyos@vyos:~$ show firewall group LAN + vyos@vyos:~$ show firewall group LAN Firewall Groups Name Type References Members @@ -1119,45 +1154,38 @@ Example Partial Config .. code-block:: none - firewall { - group { - network-group BAD-NETWORKS { - network 198.51.100.0/24 - network 203.0.113.0/24 - } - network-group GOOD-NETWORKS { - network 192.0.2.0/24 - } - port-group BAD-PORTS { - port 65535 - } - } - ipv4 { - forward { - filter { - default-action accept - rule 5 { - action accept - source { - group { - network-group GOOD-NETWORKS + firewall { + ipv6 { + input { + filter { + rule 10 { + action jump + inbound-interface { + name eth1 } + jump-target INP-ETH1 } - } - rule 10 { - action drop - description "Bad Networks" - protocol all - source { - group { - network-group BAD-NETWORKS + rule 20 { + action accept + inbound-interface { + name eth0 } + log + protocol ipv6-icmp } } } + name INP-ETH1 { + default-action drop + enable-default-log + rule 10 { + action accept + protocol tcp_udp + } + } } } - } + Update geoip database ===================== diff --git a/docs/configuration/firewall/zone.rst b/docs/configuration/firewall/zone.rst index 1ab9c630..059b029d 100644 --- a/docs/configuration/firewall/zone.rst +++ b/docs/configuration/firewall/zone.rst @@ -123,3 +123,41 @@ written from the perspective of: *Source Zone*-to->*Destination Zone* set firewall zone DMZ from LAN firewall name LANv4-to-DMZv4 set firewall zone LAN from DMZ firewall name DMZv4-to-LANv4 +************** +Operation-mode +************** + +.. opcmd:: show firewall zone-policy + + This will show you a basic summary of zones configuration. + + .. code-block:: none + + vyos@vyos:~$ show firewall zone-policy + Zone Interfaces From Zone Firewall IPv4 Firewall IPv6 + ------ ------------ ----------- --------------- --------------- + LAN eth1 WAN WAN_to_LAN + eth2 + LOCAL LOCAL LAN LAN_to_LOCAL + WAN WAN_to_LOCAL WAN_to_LOCAL_v6 + WAN eth3 LAN LAN_to_WAN + eth0 LOCAL LOCAL_to_WAN + vyos@vyos:~$ + +.. opcmd:: show firewall zone-policy zone <zone> + + This will show you a basic summary of a particular zone. + + .. code-block:: none + + vyos@vyos:~$ show firewall zone-policy zone WAN + Zone Interfaces From Zone Firewall IPv4 Firewall IPv6 + ------ ------------ ----------- --------------- --------------- + WAN eth3 LAN LAN_to_WAN + eth0 LOCAL LOCAL_to_WAN + vyos@vyos:~$ show firewall zone-policy zone LOCAL + Zone Interfaces From Zone Firewall IPv4 Firewall IPv6 + ------ ------------ ----------- --------------- --------------- + LOCAL LOCAL LAN LAN_to_LOCAL + WAN WAN_to_LOCAL WAN_to_LOCAL_v6 + vyos@vyos:~$ diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 04b612f5..19ef3773 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -105,7 +105,7 @@ Backend of the client * ``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line - * ``least-connection`` Distributes requests tp tje server wotj the fewest + * ``least-connection`` Distributes requests to the server with the fewest active connections .. cfgcmd:: set load-balancing reverse-proxy backend <name> mode diff --git a/docs/configuration/nat/index.rst b/docs/configuration/nat/index.rst index 90275226..6556b7f9 100644 --- a/docs/configuration/nat/index.rst +++ b/docs/configuration/nat/index.rst @@ -9,4 +9,5 @@ NAT :includehidden: nat44 + nat64 nat66 diff --git a/docs/configuration/nat/nat64.rst b/docs/configuration/nat/nat64.rst new file mode 100644 index 00000000..e8a3a0e6 --- /dev/null +++ b/docs/configuration/nat/nat64.rst @@ -0,0 +1,81 @@ +.. _nat64: + +##### +NAT64 +##### + +:abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in +modern networking, facilitating communication between IPv6 and IPv4 networks. +This documentation outlines the setup, configuration, and usage of the NAT64 +feature in your project. Whether you are transitioning to IPv6 or need to +seamlessly connect IPv4 and IPv6 devices. +NAT64 is a stateful translation mechanism that translates IPv6 addresses to +IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable +IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP. + + +Overview +======== + +Different NAT Types +------------------- + +.. _source-nat64: + +SNAT64 +^^^^^^ + +:abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful +translation mechanism that translates IPv6 addresses to IPv4 addresses. + +``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. +The prefix is used to represent IPv4 addresses in an IPv6 address format. +The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. +The high-order 32 bits are set to the well-known prefix 64:ff9b::/96. + + +Configuration Examples +====================== + +The following examples show how to configure NAT64 on a VyOS router. +The 192.0.2.10 address is used as the IPv4 address for the translation pool. + + +NAT64 server configuration: + +.. code-block:: none + + set interfaces ethernet eth0 address '192.0.2.1/24' + set interfaces ethernet eth0 address '192.0.2.10/24' + set interfaces ethernet eth0 description 'WAN' + set interfaces ethernet eth1 address '2001:db8::1/64' + set interfaces ethernet eth1 description 'LAN' + + set service dns forwarding allow-from '2001:db8::/64' + set service dns forwarding dns64-prefix '64:ff9b::/96' + set service dns forwarding listen-address '2001:db8::1' + + set nat64 source rule 100 source prefix '64:ff9b::/96' + set nat64 source rule 100 translation pool 10 address '192.0.2.10' + set nat64 source rule 100 translation pool 10 port '1-65535' + +NAT64 client configuration: + +.. code-block:: none + + set interfaces ethernet eth1 address '2001:db8::2/64' + set protocols static route6 64:ff9b::/96 next-hop 2001:db8::1 + set system name-server '2001:db8::1' + +Test from the IPv6 only client: + +.. code-block:: none + + vyos@r1:~$ ping 64:ff9b::192.0.2.1 count 2 + PING 64:ff9b::192.0.2.1(64:ff9b::c000:201) 56 data bytes + 64 bytes from 64:ff9b::c000:201: icmp_seq=1 ttl=63 time=0.351 ms + 64 bytes from 64:ff9b::c000:201: icmp_seq=2 ttl=63 time=0.373 ms + + --- 64:ff9b::192.0.2.1 ping statistics --- + 2 packets transmitted, 2 received, 0% packet loss, time 1023ms + rtt min/avg/max/mdev = 0.351/0.362/0.373/0.011 ms diff --git a/docs/configuration/nat/nat66.rst b/docs/configuration/nat/nat66.rst index 66cceb0a..9345e708 100644 --- a/docs/configuration/nat/nat66.rst +++ b/docs/configuration/nat/nat66.rst @@ -137,3 +137,100 @@ R2: set interfaces bridge br1 member interface eth1 set protocols static route6 ::/0 next-hop fc01::1 set service router-advert interface br1 prefix ::/0 + + +Use the following topology to translate internal user local addresses (``fc::/7``) +to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair. + +.. figure:: /_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png + :alt: VyOS NAT66 DHCPv6 using a dummy interface + +Configure both routers (a and b) for DHCPv6-PD via dummy interface: + +.. code-block:: none + + set interfaces dummy dum1 description 'DHCPv6-PD NPT dummy' + set interfaces bonding bond0 vif 20 dhcpv6-options pd 0 interface dum1 address '0' + set interfaces bonding bond0 vif 20 dhcpv6-options pd 1 interface dum1 address '0' + set interfaces bonding bond0 vif 20 dhcpv6-options pd 2 interface dum1 address '0' + set interfaces bonding bond0 vif 20 dhcpv6-options pd 3 interface dum1 address '0' + set interfaces bonding bond0 vif 20 dhcpv6-options rapid-commit + commit + +Get the DHCPv6-PD prefixes from both routers: + +.. code-block:: none + + trae@cr01a-vyos# run show interfaces dummy dum1 br + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + dum1 2001:db8:123:b008::/64 u/u DHCPv6-PD NPT dummy + 2001:db8:123:b00a::/64 + 2001:db8:123:b00b::/64 + 2001:db8:123:b009::/64 + + trae@cr01b-vyos# run show int dummy dum1 brief + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + dum1 2001:db8:123:b00d::/64 u/u DHCPv6-PD NPT dummy + 2001:db8:123:b00c::/64 + 2001:db8:123:b00e::/64 + 2001:db8:123:b00f::/64 + +Configure the A-side router for NPTv6 using the prefixes above: + +.. code-block:: none + + set nat66 source rule 10 description 'NPT to VLAN 10' + set nat66 source rule 10 outbound-interface name 'bond0.20' + set nat66 source rule 10 source prefix 'fd52:d62e:8011:a::/64' + set nat66 source rule 10 translation address '2001:db8:123:b008::/64' + set nat66 source rule 20 description 'NPT to VLAN 70' + set nat66 source rule 20 outbound-interface name 'bond0.20' + set nat66 source rule 20 source prefix 'fd52:d62e:8011:46::/64' + set nat66 source rule 20 translation address '2001:db8:123:b009::/64' + set nat66 source rule 30 description 'NPT to VLAN 200' + set nat66 source rule 30 outbound-interface name 'bond0.20' + set nat66 source rule 30 source prefix 'fd52:d62e:8011:c8::/64' + set nat66 source rule 30 translation address '2001:db8:123:b00a::/64' + set nat66 source rule 40 description 'NPT to VLAN 240' + set nat66 source rule 40 outbound-interface name 'bond0.20' + set nat66 source rule 40 source prefix 'fd52:d62e:8011:f0::/64' + set nat66 source rule 40 translation address '2001:db8:123:b00b::/64' + commit + +Configure the B-side router for NPTv6 using the prefixes above: + +.. code-block:: none + + set nat66 source rule 10 description 'NPT to VLAN 10' + set nat66 source rule 10 outbound-interface name 'bond0.20' + set nat66 source rule 10 source prefix 'fd52:d62e:8011:a::/64' + set nat66 source rule 10 translation address '2001:db8:123:b00c::/64' + set nat66 source rule 20 description 'NPT to VLAN 70' + set nat66 source rule 20 outbound-interface name 'bond0.20' + set nat66 source rule 20 source prefix 'fd52:d62e:8011:46::/64' + set nat66 source rule 20 translation address '2001:db8:123:b00d::/64' + set nat66 source rule 30 description 'NPT to VLAN 200' + set nat66 source rule 30 outbound-interface name 'bond0.20' + set nat66 source rule 30 source prefix 'fd52:d62e:8011:c8::/64' + set nat66 source rule 30 translation address '2001:db8:123:b00e::/64' + set nat66 source rule 40 description 'NPT to VLAN 240' + set nat66 source rule 40 outbound-interface name 'bond0.20' + set nat66 source rule 40 source prefix 'fd52:d62e:8011:f0::/64' + set nat66 source rule 40 translation address '2001:db8:123:b00f::/64' + commit + +Verify that connections are hitting the rule on both sides: + +.. code-block:: none + + trae@cr01a-vyos# run show nat66 source statistics + Rule Packets Bytes Interface + ------ --------- ------- ----------- + 10 1 104 bond0.20 + 20 1 104 bond0.20 + 30 8093 669445 bond0.20 + 40 2446 216912 bond0.20 diff --git a/docs/configuration/pki/index.rst b/docs/configuration/pki/index.rst index 66ad84a3..1fea13ac 100644 --- a/docs/configuration/pki/index.rst +++ b/docs/configuration/pki/index.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-09-01 +:lastproofread: 2024-01-05 .. include:: /_include/need_improvement.txt @@ -248,6 +248,44 @@ certificates used by services on this router. If CA is present, this certificate will be included in generated CRLs +ACME +^^^^ + +The VyOS PKI subsystem can also be used to automatically retrieve Certificates +using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol. + +.. cfgcmd:: set pki certificate <name> acme domain-name <name> + + Domain names to apply, multiple domain-names can be specified. + + This is a mandatory option + +.. cfgcmd:: set pki certificate <name> acme email <address> + + Email used for registration and recovery contact. + + This is a mandatory option + +.. cfgcmd:: set pki certificate <name> acme listen-address <address> + + The address the server listens to during http-01 challenge + +.. cfgcmd:: set pki certificate <name> acme rsa-key-size <2048 | 3072 | 4096> + + Size of the RSA key. + + This options defaults to 2048 + +.. cfgcmd:: set pki certificate <name> acme url <url> + + ACME Directory Resource URI. + + This defaults to https://acme-v02.api.letsencrypt.org/directory + + .. note:: During initial deployment we recommend using the staging API + of LetsEncrypt to prevent and blacklisting of your system. The API + endpoint is https://acme-staging-v02.api.letsencrypt.org/directory + Operation ========= @@ -292,3 +330,7 @@ also to display them. .. opcmd:: show pki crl Show a list of installed :abbr:`CRLs (Certificate Revocation List)`. + +.. opcmd:: renew certbot + + Manually trigger certificate renewal. This will be done twice a day. diff --git a/docs/configuration/policy/route-map.rst b/docs/configuration/policy/route-map.rst index 9fe1eef7..07cfcf02 100644 --- a/docs/configuration/policy/route-map.rst +++ b/docs/configuration/policy/route-map.rst @@ -318,10 +318,12 @@ Route Map Set BGP local preference attribute. .. cfgcmd:: set policy route-map <text> rule <1-65535> set metric - <+/-metric|0-4294967295> + <+/-metric|0-4294967295|rtt|+rtt|-rtt> - Set destination routing protocol metric. Add or subtract metric, or set - metric value. + Set the route metric. When used with BGP, set the BGP attribute MED + to a specific value. Use ``+/-`` to add or subtract the specified value + to/from the existing/MED. Use ``rtt`` to set the MED to the round trip + time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED. .. cfgcmd:: set policy route-map <text> rule <1-65535> set metric-type <type-1|type-2> diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 737e98fa..8fc69111 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -952,7 +952,7 @@ Operational Mode Commands Show ==== -.. opcmd:: show <ip|ipv6> bgp +.. opcmd:: show bgp <ipv4|ipv6> This command displays all entries in BGP routing table. @@ -964,6 +964,7 @@ Show i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete + RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 198.51.100.0/24 10.0.34.4 0 0 65004 i @@ -971,7 +972,7 @@ Show Displayed 2 routes and 2 total paths -.. opcmd:: show <ip|ipv6> bgp <address|prefix> +.. opcmd:: show bgp <ipv4|ipv6> <address|prefix> This command displays information about the particular entry in the BGP routing table. @@ -991,55 +992,55 @@ Show This command displays routes with classless interdomain routing (CIDR). -.. opcmd:: show <ip|ipv6> bgp community <value> +.. opcmd:: show bgp <ipv4|ipv6> community <value> This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise. -.. opcmd:: show <ip|ipv6> bgp community-list <name> +.. opcmd:: show bgp <ipv4|ipv6> community-list <name> This command displays routes that are permitted by the BGP community list. -.. opcmd:: show ip bgp dampened-paths +.. opcmd:: show bgp <ipv4|ipv6> dampening dampened-paths This command displays BGP dampened routes. -.. opcmd:: show ip bgp flap-statistics +.. opcmd:: show bgp <ipv4|ipv6> dampening flap-statistics This command displays information about flapping BGP routes. -.. opcmd:: show ip bgp filter-list <name> +.. opcmd:: show bgp <ipv4|ipv6> filter-list <name> This command displays BGP routes allowed by the specified AS Path access list. -.. opcmd:: show <ip|ipv6> bgp neighbors <address> advertised-routes +.. opcmd:: show bgp <ipv4|ipv6> neighbors <address> advertised-routes This command displays BGP routes advertised to a neighbor. -.. opcmd:: show <ip|ipv6> bgp neighbors <address> received-routes +.. opcmd:: show bgp <ipv4|ipv6> neighbors <address> received-routes This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled. -.. opcmd:: show <ip|ipv6> bgp neighbors <address> routes +.. opcmd:: show bgp <ipv4|ipv6> neighbors <address> routes This command displays BGP received-routes that are accepted after filtering. -.. opcmd:: show <ip|ipv6> bgp neighbors <address> dampened-routes +.. opcmd:: show bgp <ipv4|ipv6> neighbors <address> dampened-routes This command displays dampened routes received from BGP neighbor. -.. opcmd:: show <ip|ipv6> bgp regexp <text> +.. opcmd:: show bgp <ipv4|ipv6> regexp <text> This command displays information about BGP routes whose AS path matches the specified regular expression. -.. opcmd:: show <ip|ipv6> bgp summary +.. opcmd:: show bgp <ipv4|ipv6> summary This command displays the status of all BGP connections. diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst index 18a7c166..1f779d0a 100644 --- a/docs/configuration/protocols/isis.rst +++ b/docs/configuration/protocols/isis.rst @@ -302,6 +302,34 @@ Timers control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`. +Loop Free Alternate (LFA) +------------------------- + +.. cfgcmd:: set protocols isis fast-reroute lfa remote prefix-list <name> + <level-1|level-2> + + This command enables IP fast re-routing that is part of :rfc:`5286`. + Specifically this is a prefix list which references a prefix in which + will select eligible PQ nodes for remote LFA backups. + +.. cfgcmd:: set protocols isis fast-reroute lfa local load-sharing disable + <level-1|level-2> + + This command disables the load sharing across multiple LFA backups. + +.. cfgcmd:: set protocols isis fast-reroute lfa local tiebreaker + <downstream|lowest-backup-metric|node-protecting> index <number> + <level-1|level-2> + + This command will configure a tie-breaker for multiple local LFA backups. + The lower index numbers will be processed first. + +.. cfgcmd:: set protocols isis fast-reroute lfa local priority-limit + <medium|high|critical> <level-1|level-2> + + This command will limit LFA backup computation up to the specified + prefix priority. + ******** Examples diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index b5b12a5b..c51a0aff 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -4,7 +4,7 @@ DHCP Server ########### -VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment. +VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment. *********** IPv4 server @@ -26,12 +26,7 @@ Configuration Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>` -.. cfgcmd:: set service dhcp-server host-decl-name - - Will drop `<shared-network-name>_` from client DNS record, using only the - host declaration name and domain: `<hostname>.<domain-name>` - -.. cfgcmd:: set service dhcp-server shared-network-name <name> domain-name <domain-name> +.. cfgcmd:: set service dhcp-server shared-network-name <name> option domain-name <domain-name> The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP @@ -40,7 +35,7 @@ Configuration This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally. -.. cfgcmd:: set service dhcp-server shared-network-name <name> domain-search <domain-name> +.. cfgcmd:: set service dhcp-server shared-network-name <name> option domain-search <domain-name> The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times @@ -49,7 +44,7 @@ Configuration This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally. -.. cfgcmd:: set service dhcp-server shared-network-name <name> name-server <address> +.. cfgcmd:: set service dhcp-server shared-network-name <name> option name-server <address> Inform client that the DNS server can be found at `<address>`. @@ -58,21 +53,6 @@ Configuration Multiple DNS servers can be defined. -.. cfgcmd:: set service dhcp-server shared-network-name <name> ping-check - - When the DHCP server is considering dynamically allocating an IP address to a - client, it first sends an ICMP Echo request (a ping) to the address being - assigned. It waits for a second, and if no ICMP Echo response has been heard, - it assigns the address. - - If a response is heard, the lease is abandoned, and the server does not - respond to the client. The lease will remain abandoned for a minimum of - abandon-lease-time seconds (defaults to 24 hours). - - If there are no free addresses but there are abandoned IP addresses, the - DHCP server will attempt to reclaim an abandoned IP address regardless of the - value of abandon-lease-time. - .. cfgcmd:: set service dhcp-server listen-address <address> This configuration parameter lets the DHCP server to listen for DHCP @@ -91,14 +71,20 @@ Individual Client Subnet network. .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> - default-router <address> + subnet-id <id> + + This configuration parameter is required and must be unique to each subnet. + It is required to map subnets to lease file entries. + +.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> + option default-router <address> This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`. .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> - name-server <address> + option name-server <address> This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`. @@ -133,40 +119,19 @@ Individual Client Subnet This option can be specified multiple times. .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> - domain-name <domain-name> + option domain-name <domain-name> The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015). .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> - domain-search <domain-name> + option domain-search <domain-name> The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119). -.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> - ping-check - - When the DHCP server is considering dynamically allocating an IP address to a - client, it first sends an ICMP Echo request (a ping) to the address being - assigned. It waits for a second, and if no ICMP Echo response has been heard, - it assigns the address. - - If a response is heard, the lease is abandoned, and the server does not - respond to the client. The lease will remain abandoned for a minimum of - abandon-lease-time seconds (defaults to 24 hours). - - If a there are no free addresses but there are abandoned IP addresses, the - DHCP server will attempt to reclaim an abandoned IP address regardless of the - value of abandon-lease-time. - -.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> - enable-failover - - Enable DHCP failover configuration for this address pool. - Failover -------- @@ -238,6 +203,7 @@ inside the subnet definition but can be outside of the range statement. .. code-block:: none + set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 subnet-id 1 set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 ip-address 192.168.1.100 set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 mac-address aa:bb:11:22:33:00 @@ -251,6 +217,7 @@ The configuration will look as follows: ip-address 192.168.1.100 mac-address aa:bb:11:22:33:00 } + subnet-id 1 } Options @@ -391,32 +358,6 @@ Options Multi: can be specified multiple times. -Raw Parameters -============== - -Raw parameters can be passed to shared-network-name, subnet and static-mapping: - -.. code-block:: none - - set service dhcp-server shared-network-name <name> shared-network-parameters - <text> Additional shared-network parameters for DHCP server. - set service dhcp-server shared-network-name <name> subnet <subnet> subnet-parameters - <text> Additional subnet parameters for DHCP server. - set service dhcp-server shared-network-name <name> subnet <subnet> static-mapping <description> static-mapping-parameters - <text> Additional static-mapping parameters for DHCP server. - Will be placed inside the "host" block of the mapping. - -These parameters are passed as-is to isc-dhcp's dhcpd.conf under the -configuration node they are defined in. They are not validated so an error in -the raw parameters won't be caught by vyos's scripts and will cause dhcpd to -fail to start. Always verify that the parameters are correct before committing -the configuration. Refer to isc-dhcp's dhcpd.conf manual for more information: -https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpdconf - -Quotes can be used inside parameter values by replacing all quote characters -with the string ``"``. They will be replaced with literal quote characters -when generating dhcpd.conf. - Example ======= @@ -439,12 +380,12 @@ Common configuration, valid for both primary and secondary node. .. code-block:: none - set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 default-router '192.0.2.254' - set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 name-server '192.0.2.254' - set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 domain-name 'vyos.net' + set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option default-router '192.0.2.254' + set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option name-server '192.0.2.254' + set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option domain-name 'vyos.net' set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 start '192.0.2.10' set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 stop '192.0.2.250' - set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 enable-failover + set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 subnet-id '1' **Primary** @@ -467,47 +408,6 @@ Common configuration, valid for both primary and secondary node. .. _dhcp-server:v4_example_raw: -Raw Parameters --------------- - -* Override static-mapping's name-server with a custom one that will be sent only - to this host. -* An option that takes a quoted string is set by replacing all quote characters - with the string ``"`` inside the static-mapping-parameters value. - The resulting line in dhcpd.conf will be - ``option pxelinux.configfile "pxelinux.cfg/01-00-15-17-44-2d-aa";``. - - -.. code-block:: none - - set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option domain-name-servers 192.0.2.11, 192.0.2.12;" - set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option pxelinux.configfile "pxelinux.cfg/01-00-15-17-44-2d-aa";" - -Option 43 for UniFI -------------------- - -* These parameters need to be part of the DHCP global options. - They stay unchanged. - - -.. code-block:: none - - set service dhcp-server global-parameters 'option space ubnt;' - set service dhcp-server global-parameters 'option ubnt.unifi-address code 1 = ip-address;' - set service dhcp-server global-parameters 'class "ubnt" {' - set service dhcp-server global-parameters 'match if substring (option vendor-class-identifier, 0, 4) = "ubnt";' - set service dhcp-server global-parameters 'option vendor-class-identifier "ubnt";' - set service dhcp-server global-parameters 'vendor-option-space ubnt;' - set service dhcp-server global-parameters '}' - -* Now we add the option to the scope, adapt to your setup - - -.. code-block:: none - - set service dhcp-server shared-network-name example-scope subnet 10.1.1.0/24 subnet-parameters 'option ubnt.unifi-address 172.16.1.10;' - - Operation Mode ============== @@ -549,18 +449,43 @@ Operation Mode .. code-block:: none vyos@vyos:~$ show dhcp server leases - IP address Hardware address State Lease start Lease expiration Remaining Pool Hostname - -------------- ------------------ ------- ------------------- ------------------- ---------- ----------- --------- - 192.0.2.104 00:53:01:dd:ee:ff active 2019/12/05 14:24:23 2019/12/06 02:24:23 6:05:35 dhcpexample test1 - 192.0.2.115 00:53:01:ae:af:bf active 2019/12/05 18:02:37 2019/12/06 06:02:37 9:43:49 dhcpexample test2 + IP Address MAC address State Lease start Lease expiration Remaining Pool Hostname Origin + -------------- ----------------- ------- ------------------- ------------------- ----------- -------- ---------- -------- + 192.168.11.134 00:50:79:66:68:09 active 2023/11/29 09:51:05 2023/11/29 10:21:05 0:24:10 LAN VPCS1 local + 192.168.11.133 50:00:00:06:00:00 active 2023/11/29 09:51:38 2023/11/29 10:21:38 0:24:43 LAN VYOS-6 local + 10.11.11.108 50:00:00:05:00:00 active 2023/11/29 09:51:43 2023/11/29 10:21:43 0:24:48 VIF-1001 VYOS5 local + 192.168.11.135 00:50:79:66:68:07 active 2023/11/29 09:55:16 2023/11/29 09:59:16 0:02:21 remote + vyos@vyos:~$ .. hint:: Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``. +.. opcmd:: show dhcp server leases origin [local | remote] + + Show statuses of all active leases granted by local (this server) or + remote (failover server): + +.. code-block:: none + + vyos@vyos:~$ show dhcp server leases origin remote + IP Address MAC address State Lease start Lease expiration Remaining Pool Hostname Origin + -------------- ----------------- ------- ------------------- ------------------- ----------- -------- ---------- -------- + 192.168.11.135 00:50:79:66:68:07 active 2023/11/29 09:55:16 2023/11/29 09:59:16 0:02:21 remote + vyos@vyos:~$ + .. opcmd:: show dhcp server leases pool <pool> Show only leases in the specified pool. +.. code-block:: none + + vyos@vyos:~$ show dhcp server leases pool LAN + IP Address MAC address State Lease start Lease expiration Remaining Pool Hostname Origin + -------------- ----------------- ------- ------------------- ------------------- ----------- ------ ---------- -------- + 192.168.11.134 00:50:79:66:68:09 active 2023/11/29 09:51:05 2023/11/29 10:21:05 0:23:55 LAN VPCS1 local + 192.168.11.133 50:00:00:06:00:00 active 2023/11/29 09:51:38 2023/11/29 10:21:38 0:24:28 LAN VYOS-6 local + vyos@vyos:~$ + .. opcmd:: show dhcp server leases sort <key> Sort the output by the specified key. Possible keys: ip, hardware_address, @@ -572,7 +497,6 @@ Operation Mode free, expired, released, abandoned, reset, backup (default = active) - *********** IPv6 server *********** @@ -590,6 +514,12 @@ Configuration Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``. +.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <subnet> + subnet-id <id> + + This configuration parameter is required and must be unique to each subnet. + It is required to map subnets to lease file entries. + .. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <prefix> lease-time {default | maximum | minimum} @@ -666,6 +596,7 @@ server. The following example describes a common scenario. set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 address-range start 2001:db8::100 stop 2001:db8::199 set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 name-server 2001:db8::ffff + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 subnet-id 1 The configuration will look as follows: @@ -680,6 +611,7 @@ The configuration will look as follows: } } name-server 2001:db8::ffff + subnet-id 1 } } diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index 2caeb22d..7624d309 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -143,6 +143,19 @@ avoid being tracked by the provider of your upstream DNS server. 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones. +.. cfgcmd:: set service dns forwarding serve-stale-extension <0-65535> + + Maximum number of times an expired record’s TTL is extended by 30s when + serving stale. Extension only occurs if a record cannot be refreshed. A + value of 0 means the Serve Stale mechanism is not used. To allow records + becoming stale to be served for an hour, use a value of 120. + +.. cfgcmd:: set service dns forwarding exclude-throttle-address <ip|prefix> + + When an authoritative server does not answer a query or sends a reply the + recursor does not like, it is throttled. Any servers matching the supplied + netmasks will never be throttled. + Example ======= @@ -381,12 +394,12 @@ By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP. -Above, command syntax isn noted to configure dynamic dns on a specific interface. -It is possible to overlook the additional address option, web, when completeing -those commands. ddclient_ has another way to determine the WAN IP address, using -a web-based url to determine the external IP. Each of the commands above will -need to be modified to use 'web' as the 'interface' specified if this functionality -is to be utilized. +Above, command syntax isn noted to configure dynamic dns on a specific interface. +It is possible to overlook the additional address option, web, when completeing +those commands. ddclient_ has another way to determine the WAN IP address, using +a web-based url to determine the external IP. Each of the commands above will +need to be modified to use 'web' as the 'interface' specified if this functionality +is to be utilized. This functionality is controlled by adding the following configuration: diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index eb2e30eb..973c5355 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -1,7 +1,7 @@ .. _http-api: ######## -HTTP-API +HTTP API ######## VyOS provide an HTTP API. You can use it to execute op-mode commands, @@ -13,75 +13,71 @@ Please take a look at the :ref:`vyosapi` page for an detailed how-to. Configuration ************* -.. cfgcmd:: set service https api keys id <name> key <apikey> +.. cfgcmd:: set service https allow-client address <address> - Set a named api key. Every key has the same, full permissions - on the system. + Only allow certain IP addresses or prefixes to access the https + webserver. -.. cfgcmd:: set service https api debug +.. cfgcmd:: set service https certificates ca-certificate <name> - To enable debug messages. Available via :opcmd:`show log` or - :opcmd:`monitor log` + Use CA certificate from PKI subsystem -.. cfgcmd:: set service https api strict +.. cfgcmd:: set service https certificates certificate <name> - Enforce strict path checking + Use certificate from PKI subsystem -.. cfgcmd:: set service https virtual-host <vhost> listen-address - <ipv4 or ipv6 address> +.. cfgcmd:: set service https certificates dh-params <name> - Address to listen for HTTPS requests + Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. + Must be at least 2048 bits in length. -.. cfgcmd:: set service https virtual-host <vhost> port <1-65535> +.. cfgcmd:: set service https listen-address <address> - Port to listen for HTTPS requests; default 443 + Webserver should only listen on specified IP address -.. cfgcmd:: set service https virtual-host <vhost> server-name <text> +.. cfgcmd:: set service https port <number> - Server names for virtual hosts it can be exact, wildcard or regex. + Webserver should listen on specified port. -.. cfgcmd:: set service https api-restrict virtual-host <vhost> + Default: 443 - By default, nginx exposes the local API on all virtual servers. - Use this to restrict nginx to one or more virtual hosts. +.. cfgcmd:: set service https enable-http-redirect -.. cfgcmd:: set service https certificates certbot domain-name <text> + Enable automatic redirect from http to https. - Domain name(s) for which to obtain certificate +.. cfgcmd:: set service https tls-version <1.2 | 1.3> -.. cfgcmd:: set service https certificates certbot email + Select TLS version used. - Email address to associate with certificate + This defaults to both 1.2 and 1.3. -.. cfgcmd:: set service https certificates system-generated-certificate +.. cfgcmd:: set service https vrf <name> - Use an automatically generated self-signed certificate + Start Webserver in given VRF. -.. cfgcmd:: set service https certificates system-generated-certificate - lifetime <days> +API +=== - Lifetime in days; default is 365 +.. cfgcmd:: set service https api keys id <name> key <apikey> + Set a named api key. Every key has the same, full permissions + on the system. -********************* -Example Configuration -********************* +.. cfgcmd:: set service https api debug -Set an API-KEY is the minimal configuration to get a working API Endpoint. + To enable debug messages. Available via :opcmd:`show log` or + :opcmd:`monitor log` -.. code-block:: none +.. cfgcmd:: set service https api strict - set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY + Enforce strict path checking +********************* +Example Configuration +********************* -To use this full configuration we asume a public accessible hostname. +Set an API-KEY is the minimal configuration to get a working API Endpoint. .. code-block:: none set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY - set service https certificates certbot domain-name rtr01.example.com - set service https certificates certbot email mail@example.com - set service https virtual-host rtr01 listen-address 198.51.100.2 - set service https virtual-host rtr01 port 11443 - set service https virtual-host rtr01 server-name rtr01.example.com - set service https api-restrict virtual-host rtr01 diff --git a/docs/configuration/service/lldp.rst b/docs/configuration/service/lldp.rst index aa357211..12a9e0b6 100644 --- a/docs/configuration/service/lldp.rst +++ b/docs/configuration/service/lldp.rst @@ -54,7 +54,7 @@ Configuration Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled. -.. cfgcmd:: set service lldp snmp enable +.. cfgcmd:: set service lldp snmp Enable SNMP queries of the LLDP database diff --git a/docs/configuration/service/monitoring.rst b/docs/configuration/service/monitoring.rst index 0aa93e71..245af067 100644 --- a/docs/configuration/service/monitoring.rst +++ b/docs/configuration/service/monitoring.rst @@ -109,11 +109,11 @@ Monitoring functionality with ``telegraf`` and ``InfluxDB 2`` is provided. Telegraf is the open source server agent to help you collect metrics, events and logs from your routers. -.. cfgcmd:: set service monitoring telegraf authentication organization <organization> +.. cfgcmd:: set service monitoring telegraf influxdb authentication organization <organization> Authentication organization name -.. cfgcmd:: set service monitoring telegraf authentication token <token> +.. cfgcmd:: set service monitoring telegraf influxdb authentication token <token> Authentication token @@ -121,11 +121,11 @@ and logs from your routers. Remote ``InfluxDB`` bucket name -.. cfgcmd:: set service monitoring port <port> +.. cfgcmd:: set service monitoring telegraf influxdb port <port> Remote port -.. cfgcmd:: set service monitoring telegraf url <url> +.. cfgcmd:: set service monitoring telegraf influxdb url <url> Remote URL @@ -138,12 +138,11 @@ An example of a configuration that sends ``telegraf`` metrics to remote .. code-block:: none - set service monitoring telegraf authentication organization 'vyos' - set service monitoring telegraf authentication token 'ZAml9Uy5wrhA...==' - set service monitoring telegraf bucket 'bucket_vyos' - set service monitoring telegraf port '8086' - set service monitoring telegraf source 'all' - set service monitoring telegraf url 'http://r1.influxdb2.local' + set service monitoring telegraf influxdb authentication organization 'vyos' + set service monitoring telegraf influxdb authentication token 'ZAml9Uy5wrhA...==' + set service monitoring telegraf influxdb bucket 'bucket_vyos' + set service monitoring telegraf influxdb port '8086' + set service monitoring telegraf influxdb url 'http://r1.influxdb2.local' .. _azure-data-explorer: https://github.com/influxdata/telegraf/tree/master/plugins/outputs/azure_data_explorer .. _prometheus-client: https://github.com/influxdata/telegraf/tree/master/plugins/outputs/prometheus_client diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index 3a0adee7..a230d9fe 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -57,48 +57,35 @@ Client Address Pools -------------------- To automatically assign the client an IP address as tunnel endpoint, a -client IP pool is needed. The source can be either RADIUS or a local -subnet or IP range definition. - -Once the local tunnel endpoint ``set service pppoe-server gateway-address -'10.1.1.2'`` has been defined, the client IP pool can be either defined -as a range or as subnet using CIDR notation. If the CIDR notation is -used, multiple subnets can be setup which are used sequentially. +client IP pool is needed. The source can be either RADIUS or a +named pool. There is possibility to create multiple named pools. +Each named pool can include only one address range. To use multiple +address ranges configure ``next-pool`` option. **Client IP address via IP range definition** -.. cfgcmd:: set service pppoe-server client-ip-pool start <address> - - Use this command to define the first IP address of a pool of - addresses to be given to PPPoE clients. It must be within a /24 - subnet. - -.. cfgcmd:: set service pppoe-server client-ip-pool stop <address> - - Use this command to define the last IP address of a pool of - addresses to be given to PPPoE clients. It must be within a /24 - subnet. - -.. code-block:: none +.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x> - set service pppoe-server client-ip-pool start '10.1.1.100' - set service pppoe-server client-ip-pool stop '10.1.1.111' + Use this command to define the IP address range to be given + to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, + it must be within a /24 subnet. If notation ``x.x.x.x/x`` is + used there is possibility to set host/netmask. +.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME> -**Client IP subnets via CIDR notation** + Use this command to define the next address pool name. -.. cfgcmd:: set service pppoe-server client-ip-pool subnet <address> +.. cfgcmd:: set service pppoe-server default-pool <POOL-NAME> - Use this command for every pool of client IP addresses you want to - define. The addresses of this pool will be given to PPPoE clients. - You must use CIDR notation. + Use this command to define default address pool name. .. code-block:: none - set service pppoe-server client-ip-pool subnet '10.1.1.0/24' - set service pppoe-server client-ip-pool subnet '10.1.2.0/23' - set service pppoe-server client-ip-pool subnet '10.1.4.0/22' + set service pppoe-server client-ip-pool IP-POOL next-pool 'IP-POOL2' + set service pppoe-server client-ip-pool IP-POOL range '10.0.10.5/24' + set service pppoe-server client-ip-pool IP-POOL2 range '10.0.0.10-10.0.0.12' + set service pppoe-server default-pool 'IP-POOL' **RADIUS based IP pools (Framed-IP-Address)** @@ -213,8 +200,8 @@ For Local Users set service pppoe-server authentication local-users username foo rate-limit download '20480' set service pppoe-server authentication local-users username foo rate-limit upload '10240' set service pppoe-server authentication mode 'local' - set service pppoe-server client-ip-pool start '10.1.1.100' - set service pppoe-server client-ip-pool stop '10.1.1.111' + set service pppoe-server client-ip-pool IP-POOL range '10.1.1.100/24' + set service pppoe-server default-pool 'IP-POOL' set service pppoe-server name-server '10.100.100.1' set service pppoe-server name-server '10.100.200.1' set service pppoe-server interface 'eth1' @@ -367,8 +354,8 @@ address from the pool 10.1.1.100-111, terminates at the local endpoint set service pppoe-server access-concentrator 'ACN' set service pppoe-server authentication local-users username foo password 'bar' set service pppoe-server authentication mode 'local' - set service pppoe-server client-ip-pool start '10.1.1.100' - set service pppoe-server client-ip-pool stop '10.1.1.111' + set service pppoe-server client-ip-pool IP-POOL range '10.1.1.100-10.1.1.111' + set service pppoe-server default-pool 'IP-POOL' set service pppoe-server interface eth1 set service pppoe-server gateway-address '10.1.1.2' set service pppoe-server name-server '10.100.100.1' @@ -385,8 +372,8 @@ The example below covers a dual-stack configuration via pppoe-server. set service pppoe-server authentication local-users username test password 'test' set service pppoe-server authentication mode 'local' - set service pppoe-server client-ip-pool start '192.168.0.1' - set service pppoe-server client-ip-pool stop '192.168.0.10' + set service pppoe-server client-ip-pool IP-POOL range '192.168.0.1/24' + set service pppoe-server default-pool 'IP-POOL' set service pppoe-server client-ipv6-pool delegate '2001:db8:8003::/48' delegation-prefix '56' set service pppoe-server client-ipv6-pool prefix '2001:db8:8002::/48' mask '64' set service pppoe-server ppp-options ipv6 allow diff --git a/docs/configuration/system/conntrack.rst b/docs/configuration/system/conntrack.rst index 68a4f2b8..6ed5fef7 100644 --- a/docs/configuration/system/conntrack.rst +++ b/docs/configuration/system/conntrack.rst @@ -46,9 +46,23 @@ Configure | Use `delete system conntrack modules` to deactive all modules. | Or, for example ftp, `delete system conntrack modules ftp`. +.. cfgcmd:: set system conntrack tcp half-open-connections <1-21474836> + :defaultvalue: -Define Conection Timeouts -========================= + Set the maximum number of TCP half-open connections. + +.. cfgcmd:: set system conntrack tcp loose <enable | disable> + :defaultvalue: + + Policy to track previously established connections. + +.. cfgcmd:: set system conntrack tcp max-retrans <1-2147483647> + :defaultvalue: + + Set the number of TCP maximum retransmit attempts. + +Contrack Timeouts +================= VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP @@ -82,34 +96,48 @@ states. Set the timeout in secounds for a protocol or state. - You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector. -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> description <test> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + description <test> Set a rule description. +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + destination address <ip-address> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + source address <ip-address> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> destination address <ip-address> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> source address <ip-address> - - set a destination and/or source address. Accepted input: + Set a destination and/or source address. Accepted input for ipv4: .. code-block:: none - <x.x.x.x> IP address to match - <x.x.x.x/x> Subnet to match - <x.x.x.x>-<x.x.x.x> - IP range to match - !<x.x.x.x> Match everything except the specified address - !<x.x.x.x/x> Match everything except the specified subnet - !<x.x.x.x>-<x.x.x.x> - Match everything except the specified range - -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> destination port <value> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> source port <value> + set system conntrack timeout custom ipv4 rule <1-999999> [source | destination] address + Possible completions: + <x.x.x.x> IPv4 address to match + <x.x.x.x/x> IPv4 prefix to match + <x.x.x.x>-<x.x.x.x> IPv4 address range to match + !<x.x.x.x> Match everything except the specified address + !<x.x.x.x/x> Match everything except the specified prefix + !<x.x.x.x>-<x.x.x.x> Match everything except the specified range + + set system conntrack timeout custom ipv6 rule <1-999999> [source | destination] address + Possible completions: + <h:h:h:h:h:h:h:h> IP address to match + <h:h:h:h:h:h:h:h/x> Subnet to match + <h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h> + IP range to match + !<h:h:h:h:h:h:h:h> Match everything except the specified address + !<h:h:h:h:h:h:h:h/x> Match everything except the specified prefix + !<h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h> + Match everything except the specified range + +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + destination port <value> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + source port <value> Set a destination and/or source port. Accepted input: @@ -123,49 +151,58 @@ create a rule defining the packet and flow selector. The whole list can also be "negated" using '!'. For example: `!22,telnet,http,123,1001-1005`` - - -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol icmp <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol other <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp close <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp close-wait <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp established <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp fin-wait <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp last-ack <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp syn-recv <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp syn-sent <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp time-wait <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol udp other <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol udp stream <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp close <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp close-wait <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp established <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp fin-wait <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp last-ack <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp syn-recv <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp syn-sent <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp time-wait <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol udp replied <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol udp unreplied <1-21474836> Set the timeout in secounds for a protocol or state in a custom rule. - -.. cfgcmd:: set system conntrack tcp half-open-connections <1-21474836> - :defaultvalue: - - Set the maximum number of TCP half-open connections. - -.. cfgcmd:: set system conntrack tcp loose <enable | disable> - :defaultvalue: - - Policy to track previously established connections. - -.. cfgcmd:: set system conntrack tcp max-retrans <1-2147483647> - :defaultvalue: - - Set the number of TCP maximum retransmit attempts. - -.. cfgcmd:: set system conntrack ignore rule <1-9999> description <text> -.. cfgcmd:: set system conntrack ignore rule <1-9999> destination address <ip-address> -.. cfgcmd:: set system conntrack ignore rule <1-9999> destination port <port> -.. cfgcmd:: set system conntrack ignore rule <1-9999> inbound-interface <interface> -.. cfgcmd:: set system conntrack ignore rule <1-9999> protocol <protocol> -.. cfgcmd:: set system conntrack ignore rule <1-9999> source address <ip-address> -.. cfgcmd:: set system conntrack ignore rule <1-9999> source port <port> +Conntrack ignore rules +====================== Customized ignore rules, based on a packet and flow selector. +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + description <text> +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + destination address <ip-address> +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + destination port <port> +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + inbound-interface <interface> +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + protocol <protocol> +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + source address <ip-address> +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + source port <port> +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + tcp flags [not] <text> + + Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, + ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for + inverted selection use ``not``, as shown in the example. + +Conntrack log +============= + .. cfgcmd:: set system conntrack log icmp destroy .. cfgcmd:: set system conntrack log icmp new .. cfgcmd:: set system conntrack log icmp update diff --git a/docs/configuration/system/frr.rst b/docs/configuration/system/frr.rst new file mode 100644 index 00000000..a7f7ff93 --- /dev/null +++ b/docs/configuration/system/frr.rst @@ -0,0 +1,38 @@ +.. _system_frr: + +### +FRR +### + +VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic +and static routing. The routing daemon behavior can be adjusted during runtime, +but require either a restart of the routing daemon, or a reboot of the system. + +.. cfgcmd:: set system frr bmp + + Enable :abbr:`BMP (BGP Monitoring Protocol)` support + +.. cfgcmd:: set system frr descriptors <numer> + + This allows the operator to control the number of open file descriptors + each daemon is allowed to start with. If the operator plans to run bgp with + several thousands of peers then this is where we would modify FRR to allow + this to happen. + +.. cfgcmd:: set system frr irdp + + Enable ICMP Router Discovery Protocol support + +.. cfgcmd:: set system frr snmp <daemon> + + Enable SNMP support for an individual routing daemon. + + Supported daemons: + + - bgpd + - isisd + - ldpd + - ospf6d + - ospfd + - ripd + - zebra diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst index 23edaa3f..dbb63d09 100644 --- a/docs/configuration/system/index.rst +++ b/docs/configuration/system/index.rst @@ -11,6 +11,7 @@ System conntrack console flow-accounting + frr host-name ip ipv6 @@ -24,6 +25,7 @@ System sysctl task-scheduler time-zone + updates .. toctree:: diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst index 076efdae..c7308f9d 100644 --- a/docs/configuration/system/ipv6.rst +++ b/docs/configuration/system/ipv6.rst @@ -81,6 +81,7 @@ Show commands static Show IPv6 static routes summary Show IPv6 routes summary table Show IP routes in policy table + tag Show only routes with tag vrf Show IPv6 routes in VRF @@ -112,33 +113,6 @@ Show commands <Enter> Execute the current command <text> Show specified IPv6 access-list -.. opcmd:: show ipv6 bgp - - Use this command to show IPv6 Border Gateway Protocol information. - - - In addition, you can specify many other parameters to get BGP - information: - - .. code-block:: none - - vyos@vyos:~$ show ipv6 bgp - Possible completions: - <Enter> Execute the current command - <X:X::X:X> Show BGP information for given address or prefix - <X:X::X:X/M> - community Show routes matching the communities - community-list - Show routes matching the community-list - filter-list Show routes conforming to the filter-list - large-community - Show routes matching the large-community-list - large-community-list - neighbors Show detailed information on TCP and BGP neighbor connections - prefix-list Show routes matching the prefix-list - regexp Show routes matching the AS path regular expression - route-map Show BGP routes matching the specified route map - summary Show summary of BGP neighbor status .. opcmd:: show ipv6 ospfv3 diff --git a/docs/configuration/system/name-server.rst b/docs/configuration/system/name-server.rst index f18cb5a3..5d08dbc5 100644 --- a/docs/configuration/system/name-server.rst +++ b/docs/configuration/system/name-server.rst @@ -48,7 +48,7 @@ In order for the system to use and complete unqualified host names, a list can be defined which will be used for domain searches. -.. cfgcmd:: set system domain-search domain <domain> +.. cfgcmd:: set system domain-search <domain> Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries. @@ -68,7 +68,7 @@ order: vyos.io (first), vyos.net (second) and vyos.network (last): .. code-block:: none - set system domain-search domain vyos.io - set system domain-search domain vyos.net - set system domain-search domain vyos.network + set system domain-search vyos.io + set system domain-search vyos.net + set system domain-search vyos.network diff --git a/docs/configuration/system/updates.rst b/docs/configuration/system/updates.rst new file mode 100644 index 00000000..505d9318 --- /dev/null +++ b/docs/configuration/system/updates.rst @@ -0,0 +1,39 @@ +####### +Updates +####### + +VyOS supports online checking for updates + +Configuration +============= + +.. cfgcmd:: set system update-check auto-check + + Configure auto-checking for new images + + +.. cfgcmd:: set system update-check url <url> + + Configure a URL that contains information about images. + + +Example +======= + +.. code-block:: none + + set system update-check auto-check + set system update-check url 'https://raw.githubusercontent.com/vyos/vyos-rolling-nightly-builds/main/version.json' + +Check: + +.. code-block:: none + + vyos@r4:~$ show system updates + Current version: 1.5-rolling-202312220023 + + Update available: 1.5-rolling-202312250024 + Update URL: https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/1.5-rolling-202312250024/1.5-rolling-202312250024-amd64.iso + vyos@r4:~$ + + vyos@r4:~$ add system image latest diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index 26de47b3..4a7657e7 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -17,8 +17,8 @@ with native Windows and Mac VPN clients): set vpn ipsec interface eth0 set vpn l2tp remote-access outside-address 192.0.2.2 - set vpn l2tp remote-access client-ip-pool start 192.168.255.2 - set vpn l2tp remote-access client-ip-pool stop 192.168.255.254 + set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254 + set vpn l2tp remote-access default-pool 'L2TP-POOL' set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret> set vpn l2tp remote-access authentication mode local @@ -95,8 +95,8 @@ Below is an example to configure a LNS: .. code-block:: none set vpn l2tp remote-access outside-address 192.0.2.2 - set vpn l2tp remote-access client-ip-pool start 192.168.255.2 - set vpn l2tp remote-access client-ip-pool stop 192.168.255.254 + set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254 + set vpn l2tp remote-access default-pool 'L2TP-POOL' set vpn l2tp remote-access lns shared-secret 'secret' set vpn l2tp remote-access ccp-disable set vpn l2tp remote-access authentication mode local @@ -122,8 +122,8 @@ The rate-limit is set in kbit/sec. .. code-block:: none set vpn l2tp remote-access outside-address 192.0.2.2 - set vpn l2tp remote-access client-ip-pool start 192.168.255.2 - set vpn l2tp remote-access client-ip-pool stop 192.168.255.254 + set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254 + set vpn l2tp remote-access default-pool 'L2TP-POOL' set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access authentication local-users username test password test set vpn l2tp remote-access authentication local-users username test rate-limit download 20480 diff --git a/docs/configuration/vpn/openconnect.rst b/docs/configuration/vpn/openconnect.rst index 1cc197e9..845d9196 100644 --- a/docs/configuration/vpn/openconnect.rst +++ b/docs/configuration/vpn/openconnect.rst @@ -165,6 +165,13 @@ Simple setup with one user added and password authentication: set vpn openconnect ssl ca-certificate 'ca-ocserv' set vpn openconnect ssl certificate 'srv-ocserv' +To enable the HTTP security headers in the configuration file, use the command: + +.. code-block:: none + + set vpn openconnect http-security-headers + + Adding a 2FA with an OTP-key ============================ diff --git a/docs/configuration/vpn/pptp.rst b/docs/configuration/vpn/pptp.rst index 12364acb..fe536eec 100644 --- a/docs/configuration/vpn/pptp.rst +++ b/docs/configuration/vpn/pptp.rst @@ -20,8 +20,8 @@ server example set vpn pptp remote-access authentication local-users username test password 'test' set vpn pptp remote-access authentication mode 'local' - set vpn pptp remote-access client-ip-pool start '192.168.0.10' - set vpn pptp remote-access client-ip-pool stop '192.168.0.15' + set vpn pptp remote-access client-ip-pool PPTP-POOL range 192.168.0.10-192.168.0.15 + set vpn pptp remote-access default-pool 'PPTP-POOL' set vpn pptp remote-access gateway-address '10.100.100.1' set vpn pptp remote-access outside-address '10.1.1.120' diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst index 8c0af774..23df1b76 100644 --- a/docs/configuration/vpn/site2site_ipsec.rst +++ b/docs/configuration/vpn/site2site_ipsec.rst @@ -10,8 +10,8 @@ connected/routed networks. To configure site-to-site connection you need to add peers with the ``set vpn ipsec site-to-site peer <name>`` command. -The peer name must be an alphanumeric and can have hypen or underscore as -special characters. It is purely informational. +The peer name must be an alphanumeric and can have hypen or underscore as +special characters. It is purely informational. Each site-to-site peer has the next options: @@ -20,11 +20,11 @@ Each site-to-site peer has the next options: * ``psk`` - Preshared secret key name: - * ``dhcp-interface`` - ID for authentication generated from DHCP address + * ``dhcp-interface`` - ID for authentication generated from DHCP address dynamically; - * ``id`` - static ID's for authentication. In general local and remote + * ``id`` - static ID's for authentication. In general local and remote address ``<x.x.x.x>``, ``<h:h:h:h:h:h:h:h>`` or ``%any``; - * ``secret`` - predefined shared secret. Used if configured mode + * ``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``; @@ -110,7 +110,7 @@ Each site-to-site peer has the next options: * ``remote-address`` - remote IP address or hostname for IPSec connection. IPv4 or IPv6 address is used when a peer has a public static IP address. - Hostname is a DNS name which could be used when a peer has a public IP + Hostname is a DNS name which could be used when a peer has a public IP address and DNS name, but an IP address could be changed from time to time. * ``tunnel`` - define criteria for traffic to be matched for encrypting and send @@ -149,9 +149,9 @@ Each site-to-site peer has the next options: * ``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface. -* ``virtual-address`` - Defines a virtual IP address which is requested by the - initiator and one or several IPv4 and/or IPv6 addresses are assigned from - multiple pools by the responder. +* ``virtual-address`` - Defines a virtual IP address which is requested by the + initiator and one or several IPv4 and/or IPv6 addresses are assigned from + multiple pools by the responder. Examples: ------------------ @@ -308,31 +308,35 @@ Imagine the following topology set interfaces dummy dum0 address '10.0.11.1/24' set interfaces vti vti10 address '10.0.0.2/31' - set vpn ipsec option disable-route-autoinstall - set vpn ipsec authentication psk OFFICE-B id '172.18.201.10' - set vpn ipsec authentication psk OFFICE-B id '172.18.202.10' - set vpn ipsec authentication psk OFFICE-B secret 'secretkey' + set vpn ipsec authentication psk peer_172-18-202-10 id '172.18.201.10' + set vpn ipsec authentication psk peer_172-18-202-10 id '172.18.202.10' + set vpn ipsec authentication psk peer_172-18-202-10 secret 'secretkey' set vpn ipsec esp-group ESP_DEFAULT lifetime '3600' set vpn ipsec esp-group ESP_DEFAULT mode 'tunnel' set vpn ipsec esp-group ESP_DEFAULT pfs 'dh-group19' set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256' + set vpn ipsec ike-group IKEv2_DEFAULT close-action 'none' + set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold' + set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30' + set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120' + set vpn ipsec ike-group IKEv2_DEFAULT disable-mobike set vpn ipsec ike-group IKEv2_DEFAULT key-exchange 'ikev2' set vpn ipsec ike-group IKEv2_DEFAULT lifetime '10800' - set vpn ipsec ike-group IKEv2_DEFAULT disable-mobike set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 dh-group '19' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 hash 'sha256' set vpn ipsec interface 'eth0.201' - set vpn ipsec site-to-site peer OFFICE-B authentication local-id '172.18.201.10' - set vpn ipsec site-to-site peer OFFICE-B authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer OFFICE-B authentication remote-id '172.18.202.10' - set vpn ipsec site-to-site peer OFFICE-B connection-type 'respond' - set vpn ipsec site-to-site peer OFFICE-B ike-group 'IKEv2_DEFAULT' - set vpn ipsec site-to-site peer OFFICE-B local-address '172.18.201.10' - set vpn ipsec site-to-site peer OFFICE-B remote-address '172.18.202.10' - set vpn ipsec site-to-site peer OFFICE-B vti bind 'vti10' - set vpn ipsec site-to-site peer OFFICE-B vti esp-group 'ESP_DEFAULT' + set vpn ipsec site-to-site peer peer_172-18-202-10 authentication local-id '172.18.201.10' + set vpn ipsec site-to-site peer peer_172-18-202-10 authentication mode 'pre-shared-secret' + set vpn ipsec site-to-site peer peer_172-18-202-10 authentication remote-id '172.18.202.10' + set vpn ipsec site-to-site peer peer_172-18-202-10 connection-type 'initiate' + set vpn ipsec site-to-site peer peer_172-18-202-10 ike-group 'IKEv2_DEFAULT' + set vpn ipsec site-to-site peer peer_172-18-202-10 ikev2-reauth 'inherit' + set vpn ipsec site-to-site peer peer_172-18-202-10 local-address '172.18.201.10' + set vpn ipsec site-to-site peer peer_172-18-202-10 remote-address '172.18.202.10' + set vpn ipsec site-to-site peer peer_172-18-202-10 vti bind 'vti10' + set vpn ipsec site-to-site peer peer_172-18-202-10 vti esp-group 'ESP_DEFAULT' set protocols static interface-route 10.0.12.0/24 next-hop-interface vti10 @@ -344,34 +348,35 @@ Imagine the following topology set interfaces dummy dum0 address '10.0.12.1/24' set interfaces vti vti10 address '10.0.0.3/31' - set vpn ipsec option disable-route-autoinstall - set vpn ipsec authentication psk OFFICE-A id '172.18.201.10' - set vpn ipsec authentication psk OFFICE-A id '172.18.202.10' - set vpn ipsec authentication psk OFFICE-A secret 'secretkey' + set vpn ipsec authentication psk peer_172-18-201-10 id '172.18.202.10' + set vpn ipsec authentication psk peer_172-18-201-10 id '172.18.201.10' + set vpn ipsec authentication psk peer_172-18-201-10 secret 'secretkey' set vpn ipsec esp-group ESP_DEFAULT lifetime '3600' set vpn ipsec esp-group ESP_DEFAULT mode 'tunnel' set vpn ipsec esp-group ESP_DEFAULT pfs 'dh-group19' set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256' - set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'restart' + set vpn ipsec ike-group IKEv2_DEFAULT close-action 'none' + set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold' set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30' set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120' + set vpn ipsec ike-group IKEv2_DEFAULT disable-mobike set vpn ipsec ike-group IKEv2_DEFAULT key-exchange 'ikev2' set vpn ipsec ike-group IKEv2_DEFAULT lifetime '10800' - set vpn ipsec ike-group IKEv2_DEFAULT disable-mobike set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 dh-group '19' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 hash 'sha256' set vpn ipsec interface 'eth0.202' - set vpn ipsec site-to-site peer OFFICE-A authentication local-id '172.18.202.10' - set vpn ipsec site-to-site peer OFFICE-A authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer OFFICE-A authentication remote-id '172.18.201.10' - set vpn ipsec site-to-site peer OFFICE-A connection-type 'initiate' - set vpn ipsec site-to-site peer OFFICE-A ike-group 'IKEv2_DEFAULT' - set vpn ipsec site-to-site peer OFFICE-A local-address '172.18.202.10' - set vpn ipsec site-to-site peer OFFICE-A remote-address '172.18.201.10' - set vpn ipsec site-to-site peer OFFICE-A vti bind 'vti10' - set vpn ipsec site-to-site peer OFFICE-A vti esp-group 'ESP_DEFAULT' + set vpn ipsec site-to-site peer peer_172-18-201-10 authentication local-id '172.18.202.10' + set vpn ipsec site-to-site peer peer_172-18-201-10 authentication mode 'pre-shared-secret' + set vpn ipsec site-to-site peer peer_172-18-201-10 authentication remote-id '172.18.201.10' + set vpn ipsec site-to-site peer peer_172-18-201-10 connection-type 'initiate' + set vpn ipsec site-to-site peer peer_172-18-201-10 ike-group 'IKEv2_DEFAULT' + set vpn ipsec site-to-site peer peer_172-18-201-10 ikev2-reauth 'inherit' + set vpn ipsec site-to-site peer peer_172-18-201-10 local-address '172.18.202.10' + set vpn ipsec site-to-site peer peer_172-18-201-10 remote-address '172.18.201.10' + set vpn ipsec site-to-site peer peer_172-18-201-10 vti bind 'vti10' + set vpn ipsec site-to-site peer peer_172-18-201-10 vti esp-group 'ESP_DEFAULT' set protocols static interface-route 10.0.11.0/24 next-hop-interface vti10 @@ -379,44 +384,44 @@ Key Parameters: * ``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure - local/remote-identity, the device uses the IPv4 or IPv6 address that + local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. - In certain network setups (like ipsec interface with dynamic address, or - behind the NAT ), the IKE ID received from the peer does not match the IKE - gateway configured on the device. This can lead to a Phase 1 validation + In certain network setups (like ipsec interface with dynamic address, or + behind the NAT ), the IKE ID received from the peer does not match the IKE + gateway configured on the device. This can lead to a Phase 1 validation failure. - So, make sure to configure the local/remote id explicitly and ensure that the + So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device. * ``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration. -* ``dead-peer-detection action = clear | hold | restart`` - R_U_THERE - notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) - are periodically sent in order to check the liveliness of the IPsec peer. The - values clear, hold, and restart all activate DPD and determine the action to +* ``dead-peer-detection action = clear | hold | restart`` - R_U_THERE + notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) + are periodically sent in order to check the liveliness of the IPsec peer. The + values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. - With ``clear`` the connection is closed with no further actions taken. - ``hold`` installs a trap policy, which will catch matching traffic and tries - to re-negotiate the connection on demand. - ``restart`` will immediately trigger an attempt to re-negotiate the + With ``clear`` the connection is closed with no further actions taken. + ``hold`` installs a trap policy, which will catch matching traffic and tries + to re-negotiate the connection on demand. + ``restart`` will immediately trigger an attempt to re-negotiate the connection. -* ``close-action = none | clear | hold | restart`` - defines the action to take - if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of +* ``close-action = none | clear | hold | restart`` - defines the action to take + if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids. - - When the close-action option is set on the peers, the connection-type + + When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set - on both peers, then both would attempt to initiate and hold open multiple - copies of each child SA. This might lead to instability of the device or - cpu/memory utilization. - - Below flow-chart could be a quick reference for the close-action - combination depending on how the peer is configured. + on both peers, then both would attempt to initiate and hold open multiple + copies of each child SA. This might lead to instability of the device or + cpu/memory utilization. + + Below flow-chart could be a quick reference for the close-action + combination depending on how the peer is configured. .. figure:: /_static/images/IPSec_close_action_settings.jpg - + Similar combinations are applicable for the dead-peer-detection. diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index f3e062fe..d9bb4353 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -116,9 +116,20 @@ Configuration Specifies the port `<port>` that the SSTP port will listen on (default 443). -.. cfgcmd:: set vpn sstp client-ip-pool subnet <subnet> +.. cfgcmd:: set vpn sstp client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x> - Use `<subnet>` as the IP pool for all connecting clients. + Use this command to define the first IP address of a pool of + addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, + it must be within a /24 subnet. If notation ``x.x.x.x/x`` is + used there is possibility to set host/netmask. + +.. cfgcmd:: set vpn sstp client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME> + + Use this command to define the next address pool name. + +.. cfgcmd:: set vpn sstp default-pool <POOL-NAME> + + Use this command to define default address pool name. .. cfgcmd:: set vpn sstp client-ipv6-pool prefix <address> mask <number-of-bits> @@ -282,7 +293,8 @@ Example set vpn sstp authentication local-users username vyos password vyos set vpn sstp authentication mode local set vpn sstp gateway-address 192.0.2.254 - set vpn sstp client-ip-pool subnet 192.0.2.0/25 + set vpn sstp client-ip-pool SSTP-POOL range 192.0.2.0/25 + set vpn sstp default-pool 'SSTP-POOL' set vpn sstp name-server 10.0.0.1 set vpn sstp name-server 10.0.0.2 set vpn sstp ssl ca-cert-file /config/auth/ca.crt diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index bb212e2f..919f30bf 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -23,10 +23,60 @@ also set up your own build machine and run a :ref:`build_native`. The source code remains public and an ISO can be built using the process outlined in this chapter. + The following includes the build process for VyOS 1.2 to the latest version. + This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster. +.. _build_native: + +Native Build +============ + +To build VyOS natively you require a properly configured build host with the +following Debian versions installed: + +- Debian Jessie for VyOS 1.2 (crux) +- Debian Buster for VyOS 1.3 (equuleus) +- Debian Bookworm for VyOS 1.4 (sagitta) +- Debian Bookworm for the upcoming VyOS 1.5/circinus/current + (subject to change) - aka the rolling release + +To start, clone the repository to your local machine: + +.. code-block:: none + + # For VyOS 1.2 (crux) + $ git clone -b crux --single-branch https://github.com/vyos/vyos-build + + # For VyOS 1.3 (equuleus) + $ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build + + # For VyOS 1.4 (sagitta) + $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build + + # For VyOS 1.5 (circinus,current) + $ git clone -b current --single-branch https://github.com/vyos/vyos-build + + $ cd vyos-build + + # For VyOS 1.2 (crux) and VyOS 1.3 (equuleus) + $ ./configure --architecture amd64 --build-by "j.randomhacker@vyos.io" + $ sudo make iso + + # For VyOS 1.4 (sagitta) and VyOS 1.5 (circinus,current) + $ sudo make clean + $ sudo ./build-vyos-image iso --architecture amd64 --build-by "j.randomhacker@vyos.io" + +For the packages required, you can refer to the ``docker/Dockerfile`` file +in the repository_. The ``./build-vyos-image`` script will also warn you if any +dependencies are missing. + +This will guide you through the process of building a VyOS ISO using Docker. +This process has been tested on clean installs of Debian Bullseye (11) and +Bookworm (12). + .. _build_docker: Docker @@ -34,14 +84,26 @@ Docker Installing Docker_ and prerequisites: +.. hint:: Due to the updated version of Docker, the following examples may + become invalid. + .. code-block:: none - $ sudo apt-get update - $ sudo apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common - $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - - $ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" - $ sudo apt-get update - $ sudo apt-get install -y docker-ce + # Add Docker's official GPG key: + sudo apt-get update + sudo apt-get install ca-certificates curl gnupg + sudo install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + sudo chmod a+r /etc/apt/keyrings/docker.gpg + + # Add the repository to Apt sources: + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + + sudo apt-get update + sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker @@ -79,7 +141,7 @@ To manually download the container from DockerHub, run: $ docker pull vyos/vyos-build:crux # For VyOS 1.2 $ docker pull vyos/vyos-build:equuleus # For VyOS 1.3 $ docker pull vyos/vyos-build:sagitta # For VyOS 1.4 - $ docker pull vyos/vyos-build:current # For rolling release + $ docker pull vyos/vyos-build:current # For VyOS 1.5 rolling release Build from source ^^^^^^^^^^^^^^^^^ @@ -94,15 +156,19 @@ The container can also be built directly from source: $ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build # For VyOS 1.4 (sagitta) $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build + # For VyOS 1.5 (circinus,current) + $ git clone -b current --single-branch https://github.com/vyos/vyos-build $ cd vyos-build - $ docker build -t vyos/vyos-build:crux docker # For VyOS 1.2 - $ docker build -t vyos/vyos-build:current docker # For rolling release - -.. note:: Since VyOS has switched to Debian (11) Bullseye in its ``current`` - branch, you will require individual container for `current`, `equuleus` and - `crux` builds. - + $ docker build -t vyos/vyos-build:crux docker # For VyOS 1.2 + $ docker build -t vyos/vyos-build:equuleus docker # For VyOS 1.3 + $ docker build -t vyos/vyos-build:sagitta docker # For VyOS 1.4 + $ docker build -t vyos/vyos-build:current docker # For VyOS 1.5 rolling release + +.. note:: VyOS has switched to Debian (12) Bookworm in its ``current`` branch, + Due to software version updates, it is recommended to use the official + Docker Hub image to build VyOS ISO. + Tips and Tricks --------------- @@ -141,39 +207,6 @@ your development containers in your current working directory. ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail. -.. _build_native: - -Native Build -============ - -To build VyOS natively you require a properly configured build host with the -following Debian versions installed: - -- Debian Jessie for VyOS 1.2 (crux) -- Debian Buster for VyOS 1.3 (equuleus) -- Debian Bullseye for VyOS 1.4 (sagitta) - -To start, clone the repository to your local machine: - -.. code-block:: none - - # For VyOS 1.2 (crux) - $ git clone -b crux --single-branch https://github.com/vyos/vyos-build - - # For VyOS 1.3 (equuleus) - $ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build - - # For VyOS 1.4 (sagitta) - $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build - - -For the packages required, you can refer to the ``docker/Dockerfile`` file -in the repository_. The ``./build-vyos-image`` script will also warn you if any -dependencies are missing. - -Once you have the required dependencies installed, you may proceed with the -steps described in :ref:`build_iso`. - .. _build_iso: @@ -196,6 +229,10 @@ Please note as this will differ for both `current` and `crux`. # For VyOS 1.4 (sagitta) $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build + # For VyOS 1.5 (circinus,current) + $ git clone -b current --single-branch https://github.com/vyos/vyos-build + + Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run: @@ -210,7 +247,10 @@ Now a fresh build of the VyOS ISO can begin. Change directory to the # For VyOS 1.4 (sagitta) $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:sagitta bash - + + # For VyOS 1.5 (current) + $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:current bash + .. code-block:: none # For MacOS (crux, equuleus, sagitta) @@ -234,7 +274,7 @@ Start the build: vyos_bld@8153428c7e1f:/vyos$ ./configure --architecture amd64 --build-by "j.randomhacker@vyos.io" vyos_bld@8153428c7e1f:/vyos$ sudo make iso - # For VyOS 1.4 (sagitta) + # For VyOS 1.4 (sagitta) For VyOS 1.5 (circinus,current) vyos_bld@8153428c7e1f:/vyos$ sudo make clean vyos_bld@8153428c7e1f:/vyos$ sudo ./build-vyos-image iso --architecture amd64 --build-by "j.randomhacker@vyos.io" @@ -836,7 +876,7 @@ information. .. stop_vyoslinter -.. _Docker: https://www.docker.com +.. _Docker: https://docs.docker.com/engine/install/debian/ .. _`Docker as non-root`: https://docs.docker.com/engine/install/linux-postinstall .. _VyOS DockerHub organisation: https://hub.docker.com/u/vyos .. _repository: https://github.com/vyos/vyos-build diff --git a/docs/contributing/testing.rst b/docs/contributing/testing.rst index d5df9d59..772ff04a 100644 --- a/docs/contributing/testing.rst +++ b/docs/contributing/testing.rst @@ -4,10 +4,11 @@ Testing ####### -One of the major advantages introduced in VyOS 1.3 is an autmated test framework. -When assembling an ISO image multiple things can go wrong badly and publishing -a faulty ISO makes no sense. The user is disappointed by the quality of the image -and the developers get flodded with bug reports over and over again. +One of the major advantages introduced in VyOS 1.3 is an automated test +framework. When assembling an ISO image multiple things can go wrong badly and +publishing a faulty ISO makes no sense. The user is disappointed by the quality +of the image and the developers get flodded with bug reports over and over +again. As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated diff --git a/docs/installation/install.rst b/docs/installation/install.rst index 2bbce8ee..17bccfbd 100644 --- a/docs/installation/install.rst +++ b/docs/installation/install.rst @@ -458,13 +458,16 @@ In this example we configured an existent VyOS as the DHCP server: vyos@vyos# show service dhcp-server shared-network-name mydhcp { subnet 192.168.1.0/24 { - bootfile-name pxelinux.0 - bootfile-server 192.168.1.50 - default-router 192.168.1.50 + option { + bootfile-name pxelinux.0 + bootfile-server 192.168.1.50 + default-router 192.168.1.50 + } range 0 { start 192.168.1.70 stop 192.168.1.100 } + subnet-id 1 } } diff --git a/docs/installation/update.rst b/docs/installation/update.rst index 5f75f9db..b0b43836 100644 --- a/docs/installation/update.rst +++ b/docs/installation/update.rst @@ -10,7 +10,7 @@ for the new image to boot using the current configuration. .. note:: Only LTS releases are PGP-signed. -.. opcmd:: add system image <url | path> [vrf name] +.. opcmd:: add system image <url | path> | [latest] [vrf name] [username user [password pass]] Use this command to install a new system image. You can reach the @@ -72,6 +72,13 @@ Example OK. This image will be named: vyos-1.3-rolling-201912201452 +You can use ``latest`` option. It loads the latest available Rolling release. + +.. code-block:: none + + vyos@vyos:~$ add system image latest + +.. note:: To use the `latest` option the "system update-check url" must be configured. .. hint:: The most up-do-date Rolling Release for AMD64 can be accessed using the following URL: diff --git a/docs/quick-start.rst b/docs/quick-start.rst index c8bb3f04..cf930bdd 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -93,12 +93,13 @@ DNS server. .. code-block:: none - set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1' - set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 name-server '192.168.0.1' - set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name 'vyos.net' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option default-router '192.168.0.1' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option name-server '192.168.0.1' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option domain-name 'vyos.net' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 start '192.168.0.9' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 stop '192.168.0.254' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 subnet-id '1' set service dns forwarding cache-size '0' set service dns forwarding listen-address '192.168.0.1' @@ -141,7 +142,7 @@ networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration. -In this case, we will create two interface groups—a ``WAN`` group for our +In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet. @@ -156,10 +157,26 @@ Configure Stateful Packet Filtering ----------------------------------- With the new firewall structure, we have have a lot of flexibility in how we -group and order our rules, as shown by the two alternative approaches below. +group and order our rules, as shown by the three alternative approaches below. -Option 1: Common Chain -^^^^^^^^^^^^^^^^^^^^^^ +Option 1: Global State Policies +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Using options defined in ``set firewall global-options state-policy``, state +policy rules that applies for both IPv4 and IPv6 are created. These global +state policies also applies for all traffic that passes through the router +(transit) and for traffic originated/destinated to/from the router itself, and +will be avaluated before any other rule defined in the firewall. + +Most installations would choose this option, and will contain: + +.. code-block:: none + + set firewall global-options state-policy established action accept + set firewall global-options state-policy related action accept + set firewall global-options state-policy invalid action drop + +Option 2: Common/Custom Chain +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual @@ -196,12 +213,11 @@ hooks as the first filtering rule in the respective chains: set firewall ipv4 input filter rule 10 action 'jump' set firewall ipv4 input filter rule 10 jump-target CONN_FILTER -Option 2: Per-Hook Chain +Option 3: Per-Hook Chain ^^^^^^^^^^^^^^^^^^^^^^^^ -Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, -you can take the more traditional stateful connection filtering approach by -creating rules on each hook's chain: +Alternatively, you can take the more traditional stateful connection +filtering approach by creating rules on each base hook's chain: .. code-block:: none |