summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/interfaces/macsec.rst5
-rw-r--r--docs/configuration/interfaces/tunnel.rst40
-rw-r--r--docs/configuration/service/index.rst1
-rw-r--r--docs/configuration/service/salt-minion.disable2
-rw-r--r--docs/configuration/service/salt-minion.rst53
5 files changed, 75 insertions, 26 deletions
diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst
index 2bf643aa..9a20c425 100644
--- a/docs/configuration/interfaces/macsec.rst
+++ b/docs/configuration/interfaces/macsec.rst
@@ -27,14 +27,11 @@ Common interface configuration
MACsec options
==============
-.. cfgcmd:: set interfaces macsec <interface> security cipher [gcm-aes-128]
+.. cfgcmd:: set interfaces macsec <interface> security cipher <gcm-aes-128|gcm-aes-256>
Select cipher suite used for cryptographic operations. This setting is
mandatory.
- .. note:: gcm-aes-256 support planned once iproute2 package is updated to
- version >=5.2.
-
.. cfgcmd:: set interfaces macsec <interface> security encrypt
MACsec only provides authentication by default, encryption is optional. This
diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst
index d2d63ce2..36b1d70b 100644
--- a/docs/configuration/interfaces/tunnel.rst
+++ b/docs/configuration/interfaces/tunnel.rst
@@ -32,8 +32,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation ipip
- set interfaces tunnel tun0 local-ip 192.0.2.10
- set interfaces tunnel tun0 remote-ip 203.0.113.20
+ set interfaces tunnel tun0 source-address 192.0.2.10
+ set interfaces tunnel tun0 remote 203.0.113.20
set interfaces tunnel tun0 address 192.168.100.200/24
IP6IP6
@@ -50,8 +50,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation ip6ip6
- set interfaces tunnel tun0 local-ip 2001:db8:aa::1
- set interfaces tunnel tun0 remote-ip 2001:db8:aa::2
+ set interfaces tunnel tun0 source-address 2001:db8:aa::1
+ set interfaces tunnel tun0 remote 2001:db8:aa::2
set interfaces tunnel tun0 address 2001:db8:bb::1/64
IPIP6
@@ -67,8 +67,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation ipip6
- set interfaces tunnel tun0 local-ip 2001:db8:aa::1
- set interfaces tunnel tun0 remote-ip 2001:db8:aa::2
+ set interfaces tunnel tun0 source-address 2001:db8:aa::1
+ set interfaces tunnel tun0 remote 2001:db8:aa::2
set interfaces tunnel tun0 address 192.168.70.80/24
6in4 (SIT)
@@ -89,8 +89,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation sit
- set interfaces tunnel tun0 local-ip 192.0.2.10
- set interfaces tunnel tun0 remote-ip 192.0.2.20
+ set interfaces tunnel tun0 source-address 192.0.2.10
+ set interfaces tunnel tun0 remote 192.0.2.20
set interfaces tunnel tun0 address 2001:db8:bb::1/64
A full example of a Tunnelbroker.net config can be found at
@@ -112,8 +112,8 @@ over either IPv4 (gre) or IPv6 (ip6gre).
Configuration
^^^^^^^^^^^^^
-A basic configuration requires a tunnel source (local-ip), a tunnel destination
-(remote-ip), an encapsulation type (gre), and an address (ipv4/ipv6).Below is a
+A basic configuration requires a tunnel source (source-address), a tunnel destination
+(remote), an encapsulation type (gre), and an address (ipv4/ipv6).Below is a
basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS
router. The main difference between these two configurations is that VyOS
requires you explicitly configure the encapsulation type. The Cisco router
@@ -125,8 +125,8 @@ defaults to gre ip otherwise it would have to be configured as well.
set interfaces tunnel tun100 address '10.0.0.1/30'
set interfaces tunnel tun100 encapsulation 'gre'
- set interfaces tunnel tun100 local-ip '198.51.100.2'
- set interfaces tunnel tun100 remote-ip '203.0.113.10'
+ set interfaces tunnel tun100 source-address '198.51.100.2'
+ set interfaces tunnel tun100 remote '203.0.113.10'
**Cisco IOS Router:**
@@ -147,8 +147,8 @@ and a Linux host using systemd-networkd.
set interfaces tunnel tun101 address '2001:db8:feed:beef::1/126'
set interfaces tunnel tun101 address '192.168.5.1/30'
set interfaces tunnel tun101 encapsulation 'ip6gre'
- set interfaces tunnel tun101 local-ip '2001:db8:babe:face::3afe:3'
- set interfaces tunnel tun101 remote-ip '2001:db8:9bb:3ce::5'
+ set interfaces tunnel tun101 source-address '2001:db8:babe:face::3afe:3'
+ set interfaces tunnel tun101 remote '2001:db8:9bb:3ce::5'
**Linux systemd-networkd:**
@@ -189,15 +189,15 @@ An example:
.. code-block:: none
- set interfaces tunnel tun0 local-ip 192.0.2.10
- set interfaces tunnel tun0 remote-ip 192.0.2.20
+ set interfaces tunnel tun0 source-address 192.0.2.10
+ set interfaces tunnel tun0 remote 192.0.2.20
set interfaces tunnel tun0 address 10.40.50.60/24
set interfaces tunnel tun0 parameters ip key 10
-
+
.. code-block:: none
- set interfaces tunnel tun0 local-ip 192.0.2.10
- set interfaces tunnel tun0 remote-ip 192.0.2.20
+ set interfaces tunnel tun0 source-address 192.0.2.10
+ set interfaces tunnel tun0 remote 192.0.2.20
set interfaces tunnel tun0 address 172.16.17.18/24
set interfaces tunnel tun0 parameters ip key 20
@@ -211,7 +211,7 @@ to make sure the configuration performs as expected. A common cause for GRE
tunnels to fail to come up correctly include ACL or Firewall configurations
that are discarding IP protocol 47 or blocking your source/desintation traffic.
-**1. Confirm IP connectivity between tunnel local-ip and remote-ip:**
+**1. Confirm IP connectivity between tunnel source-address and remote:**
.. code-block:: none
diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst
index fb194239..96660e91 100644
--- a/docs/configuration/service/index.rst
+++ b/docs/configuration/service/index.rst
@@ -19,6 +19,7 @@ Service
mdns
pppoe-server
router-advert
+ salt-minion
snmp
ssh
tftp-server
diff --git a/docs/configuration/service/salt-minion.disable b/docs/configuration/service/salt-minion.disable
deleted file mode 100644
index 63df57a4..00000000
--- a/docs/configuration/service/salt-minion.disable
+++ /dev/null
@@ -1,2 +0,0 @@
-salt-minion
-########### \ No newline at end of file
diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst
new file mode 100644
index 00000000..aa747c36
--- /dev/null
+++ b/docs/configuration/service/salt-minion.rst
@@ -0,0 +1,53 @@
+.. _saltminion:
+
+###########
+Salt-Minion
+###########
+
+SaltStack_ is Python-based, open-source
+software for event-driven IT automation, remote task execution, and
+configuration management. Supporting the "infrastructure as code"
+approach to data center system and network deployment and management,
+configuration automation, SecOps orchestration, vulnerability remediation,
+and hybrid cloud control.
+
+
+************
+Requirements
+************
+
+To use the Salt-Minion, a running Salt-Master is required. You can find more
+in the `Salt Poject Documentaion
+<https://docs.saltproject.io/en/latest/contents.html>`_
+
+*************
+Configuration
+*************
+
+.. cfgcmd:: set service salt-minion hash <type>
+
+ The hash type used when discovering file on master server (default: sha256)
+
+.. cfgcmd:: set service salt-minion id <id>
+
+ Explicitly declare ID for this minion to use (default: hostname)
+
+.. cfgcmd:: set service salt-minion interval <1-1440>
+
+ Interval in minutes between updates (default: 60)
+
+.. cfgcmd:: set service salt-minion master <hostname | IP>
+
+ The hostname or IP address of the master
+
+.. cfgcmd:: set service salt-minion master-key <key>
+
+ URL with signature of master for auth reply verification
+
+
+Please take a look in the Automation section to find some usefull
+Examples.
+
+
+
+.. _SaltStack: https://saltproject.io/ \ No newline at end of file