diff options
| -rw-r--r-- | .github/workflows/auto-author-assign.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/lint-doc.yml | 2 | ||||
| -rw-r--r-- | docs/automation/terraform/terraformGoogle.rst | 48 | ||||
| -rw-r--r-- | docs/cli.rst | 109 | ||||
| -rw-r--r-- | docs/configuration/service/ntp.rst | 3 | ||||
| -rw-r--r-- | docs/configuration/service/router-advert.rst | 7 | ||||
| -rw-r--r-- | docs/configuration/service/ssh.rst | 5 | ||||
| -rw-r--r-- | docs/configuration/vrf/index.rst | 8 | ||||
| -rw-r--r-- | docs/contributing/build-vyos.rst | 32 |
9 files changed, 181 insertions, 35 deletions
diff --git a/.github/workflows/auto-author-assign.yml b/.github/workflows/auto-author-assign.yml index c3696ea4..61612cce 100644 --- a/.github/workflows/auto-author-assign.yml +++ b/.github/workflows/auto-author-assign.yml @@ -10,5 +10,5 @@ permissions: jobs: assign-author: - uses: vyos/.github/.github/workflows/assign-author.yml@feature/T6349-reusable-workflows + uses: vyos/.github/.github/workflows/assign-author.yml@current secrets: inherit diff --git a/.github/workflows/lint-doc.yml b/.github/workflows/lint-doc.yml index 7f2f2099..b5ba4688 100644 --- a/.github/workflows/lint-doc.yml +++ b/.github/workflows/lint-doc.yml @@ -4,7 +4,7 @@ on: jobs: lint-doc: - uses: vyos/.github/.github/workflows/lint-doc.yml@feature/T6349-reusable-workflows + uses: vyos/.github/.github/workflows/lint-doc.yml@current secrets: inherit diff --git a/docs/automation/terraform/terraformGoogle.rst b/docs/automation/terraform/terraformGoogle.rst index 01009be3..41a484c5 100644 --- a/docs/automation/terraform/terraformGoogle.rst +++ b/docs/automation/terraform/terraformGoogle.rst @@ -2,24 +2,24 @@ .. _terraformgoogle: -Deploying VyOS in the google cloud +Deploying VyOS in the Google Cloud ================================== -With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. +With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible. -In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the google cloud and make provisioning using Ansible. +In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible. -Preparation steps for deploying VyOS on google +Preparation steps for deploying VyOS on Google ---------------------------------------------- -How to create a single instance and install your configuration using Terraform+Ansible+google +How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step: -google cloud +Google Cloud -1 Create an account with google cloud and a new project +1 Create an account with Google Cloud and a new project .. image:: /_static/images/project.png :width: 50% @@ -79,15 +79,15 @@ Ansible 3 Create the folder for example /root/google/ -4 Copy all files into your Ansible project "/root/google/" (ansible.cfg, instance.yml, mykey.json and "all"), more detailed see `Structure of files Ansible for google cloud`_ +4 Copy all files into your Ansible project "/root/google/" (ansible.cfg, instance.yml, mykey.json and "all"), more detailed see `Structure of files Ansible for Google Cloud`_ -mykey.json you have to get using step 2 of the google cloud +mykey.json you have to get using step 2 of the Google Cloud Start -Type the commands on your Terrafom instance: +Type the commands on your Terraform instance: .. code-block:: none @@ -97,7 +97,7 @@ Type the commands on your Terrafom instance: yes -Start creating a google cloud instance and check the result +Start creating a Google Cloud instance and check the result. ----------------------------------------------------------- .. code-block:: none @@ -330,8 +330,8 @@ Start creating a google cloud instance and check the result -After executing all the commands you will have your VyOS instance on the google cloud with your configuration, it's a very convenient desition. -If you need to delete the instance please type the command: +After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. +If you need to delete the instance, please type the command: .. code-block:: none @@ -358,20 +358,20 @@ Make sure that you have opened access to the instance in the security group. Make sure that Ansible is pinging from Terrafom. -Structure of files Terrafom for google cloud +Structure of files Terrafom for Google Cloud -------------------------------------------- .. code-block:: none . ├── vyos.tf # The main script - ├── ***.JSON # The credential file from google cloud + ├── ***.JSON # The credential file from Google Cloud ├── var.tf # The file of all variables in "vyos.tf" - └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on) + └── terraform.tfvars # The value of all variables (passwords, login, IP addresses and so on) -File contents of Terrafom for google cloud +File contents of Terrafom for Google Cloud ------------------------------------------ vyos.tf @@ -380,7 +380,7 @@ vyos.tf ############################################################################## - # Build an VyOS VM from the Marketplace + # Build a VyOS VM from the Marketplace # # After deploying the GCP instance and getting an IP address, the IP address is copied into the file #"ip.txt" and copied to the Ansible node for provisioning. @@ -529,7 +529,7 @@ vyos.tf provisioner "remote-exec" { inline = [ "cd /root/google/", - "ansible-playbook instance.yml" # more detailed in "File contents of Ansible for google cloud" + "ansible-playbook instance.yml" # more detailed in "File contents of Ansible for Google Cloud" ] } } @@ -635,7 +635,7 @@ terraform.tfvars host = "" # IP of my Ansible -Structure of files Ansible for google cloud +Structure of files Ansible for Google Cloud ------------------------------------------- .. code-block:: none @@ -647,7 +647,7 @@ Structure of files Ansible for google cloud └── instance.yml -File contents of Ansible for google cloud +File contents of Ansible for Google Cloud ----------------------------------------- ansible.cfg @@ -666,7 +666,7 @@ instance.yml ############################################################################## # About tasks: # "Wait 300 seconds, but only start checking after 60 seconds" - try to make ssh connection every 60 seconds until 300 seconds - # "Configure general settings for the VyOS hosts group" - make provisioning into google cloud VyOS node + # "Configure general settings for the VyOS hosts group" - make provisioning into Google Cloud VyOS node # You have to add all necessary cammans of VyOS under the block "lines:" ############################################################################## @@ -699,10 +699,10 @@ group_vars/all ansible_user: vyos ansible_ssh_pass: vyos -Sourse files for google cloud from GIT +Sourse files for Google Cloud from GIT -------------------------------------- All files about the article can be found here_ -.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main
\ No newline at end of file +.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main diff --git a/docs/cli.rst b/docs/cli.rst index c1a9d14c..8169cbd5 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -71,6 +71,115 @@ When viewing in page mode the following commands are available: * ``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size. +Operational mode command families +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Many operational mode commands in VyOS are placed in families such as +``show``, ``clear``, or ``reset``. Every such family has a specific +meaning to allow the user to guess how the command is going to behave — +in particular, whether it will be disruptive to the system or not. + +Note that this convention was not always followed with perfect +consistency and some commands may still be in wrong families, so you +should always check the command help and documentation if you are not +sure what exactly it does. + +clear +''''' + +"Clear" commands are completely non-disruptive to any system operations. +Generally, they can be used freely without hesitation. + +Most often their purpose is to remove or reset various debug and +diagnostic information such as system logs and packet counters. + +Examples: + +- ``clear console`` — clears the screen. +- ``clear interfaces ethernet eth0 counters`` — zeroes packet counters + on ``eth0``. +- ``clear log`` — deletes all system log entries. + +reset +''''' + +"Reset" commands can be locally-disruptive. They may, for example, +terminate a single user session or a session with a dynamic routing +protocol peer. + +They should be used with caution since they may have a significant +impact on a particular users in the network. + +- ``reset pppoe-server username jsmith`` — terminate all PPPoE sessions + from user ``jsmith``. +- ``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor + 192.0.2.54. +- ``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates + IPsec tunnels to ``vpn.example.com``. + +restart +''''''' + +"Restart" operations may disrupt an entire subsystem. Most often they +initiate a restart of a server process, which causes it to be +unavailable for a brief period and resets all the process state. + +They should be used with extreme caution. + +- ``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP + requests are not served while it is restarting). +- ``restart ipsec`` — restarts the IPsec process (which forces all + sessions and all IPsec process state to reset). + +force +''''' + +"Force" commands force the system to perform an action that it might +perform by itself at a later point. + +Examples: + +- ``force arp request interface eth1 address 10.3.0.2`` — send a + gratuitious ARP request. +- ``force root-partition-auto-resize`` — grow the root filesystem to + the size of the system partition (this is also done on startup, but + this command can do it without a reboot). + +execute +''''''' + +"Execute" commands are for executing various diagnostic and auxilliary +actions that the system would never perform by itself. + +Examples: + +- ``execute wake-on-lan interface <intf> host <MAC>`` — send a + Wake-On-LAN packet to a host. + +show +'''' + +"Show" commands display various system information. They may +occasionally use a pager for long outputs, that you can quit by pressing +the Q button. Their output is always finite, however. + +Examples: + +- ``show system login`` — displays current system users. +- ``show ip route`` — displays the IPv4 routing table. + +monitor +''''''' + +"Monitor" commands initiate various monitoring operations that may +output information continuously, until terminated with ``Ctrl-C`` or +disabled. + +Examples: + +- ``monitor log`` — continuously outputs latest system logs. + + Configuration Mode ################## diff --git a/docs/configuration/service/ntp.rst b/docs/configuration/service/ntp.rst index 266376cf..f82baa34 100644 --- a/docs/configuration/service/ntp.rst +++ b/docs/configuration/service/ntp.rst @@ -71,7 +71,8 @@ Configuration NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen - addresses can be configured. + addresses for same IP family is no longer supported. Only one IPv4 and one + IPv6 address can be configured, using separate commands for each. .. cfgcmd:: set service ntp allow-client address <address> diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst index 8f984b10..365017dd 100644 --- a/docs/configuration/service/router-advert.rst +++ b/docs/configuration/service/router-advert.rst @@ -102,6 +102,13 @@ To disable advertisements without deleting the configuration: .. cfgcmd:: set service router-advert interface <interface> no-send-advert + If set, the router will no longer send periodic router advertisements and + will not respond to router solicitations. + +.. cfgcmd:: set service router-advert interface <interface> no-send-interval + + Advertisement Interval Option (specified by Mobile IPv6) is always included in + Router Advertisements unless this option is set. ******* Example diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst index d3ca51b5..e7642433 100644 --- a/docs/configuration/service/ssh.rst +++ b/docs/configuration/service/ssh.rst @@ -64,11 +64,12 @@ Configuration Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible. -.. cfgcmd:: set service ssh macs <mac> +.. cfgcmd:: set service ssh mac <mac> Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. - Multiple algorithms can be provided. + Multiple algorithms can be provided by using multiple commands, defining + one algorithm per command. List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst index 0d6b895f..e9115458 100644 --- a/docs/configuration/vrf/index.rst +++ b/docs/configuration/vrf/index.rst @@ -18,14 +18,10 @@ Configuration A VRF device is created with an associated route table. Network interfaces are then enslaved to a VRF device. -.. cfgcmd:: set vrf name <name> - - Create new VRF instance with `<name>`. The name is used when placing - individual interfaces into the VRF. - .. cfgcmd:: set vrf name <name> table <id> - Configured routing table `<id>` is used by VRF `<name>`. + Create a new VRF instance with `<name>` and `<id>`. The name is used when placing + individual interfaces into the VRF. .. note:: A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance. diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index ea0a4765..93b492ae 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -741,6 +741,38 @@ binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build. +Mellanox OFED +^^^^^^^^^^^^^ + +The Mellanox OFED drivers do not come from a Git repository, instead we fetch the +tarball from Nvidia and compile the sources its contains against our kernel tree. + +Simply use our wrapper script to build all of the driver modules. + +.. code-block:: none + + ./build-mellanox-ofed.sh + ... + Below is the list of OFED packages that you have chosen + (some may have been added by the installer due to package dependencies): + + ofed-scripts + mlnx-tools + mlnx-ofed-kernel-utils + mlnx-ofed-kernel-modules + ... + Building packages + Building DEB for ofed-scripts-24.04.OFED.24.04.0.6.6 (ofed-scripts)... + Running /usr/bin/dpkg-buildpackage -us -uc + Installing ofed-scripts-24.04.OFED.24.04.0.6.6... + Running /usr/bin/dpkg -i --force-confmiss '/vyos/packages/linux-kernel/MLNX_OFED_SRC-debian-24.04-0.6.6.0/DEBS/debian12.1/x86_64/ofed-scripts_24.04.OFED.24.04.0.6.6-1_amd64.deb' + Building DEB for mlnx-tools-24.04.0 (mlnx-tools)... + + +After compiling the packages you will find yourself the newly generated `*.deb` +binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them +to the ``vyos-build/packages`` folder for inclusion during the ISO build. + Packages ======== |