diff options
Diffstat (limited to 'docs/system.rst')
-rw-r--r-- | docs/system.rst | 357 |
1 files changed, 0 insertions, 357 deletions
diff --git a/docs/system.rst b/docs/system.rst deleted file mode 100644 index 37b17823..00000000 --- a/docs/system.rst +++ /dev/null @@ -1,357 +0,0 @@ -.. _system: - -System -====== - -After a basic system setup by setting up :ref:`interfaces-addresses`, VyOS -should be ready for further configuration which is described in this chapter. - -Host Information ----------------- - -This section describes the system's host information and how to configure them, -it covers the following topics: - -* Host name -* Domain -* IP address -* Default gateway -* Aliases - -Host Name -^^^^^^^^^ - -A hostname is the label (name) assigned to a network device (a host) on a -network and is used to distinguish one device from another on specific networks -or over the internet. - -Set a system host name: - -.. code-block:: sh - - set system host-name <hostname> - -.. note:: Only letters, numbers and hyphens are allowed. - -Show host name: - -.. code-block:: sh - - show system host-name - -Delete host name: - -.. code-block:: sh - - delete system host-name <hostname> - -Example: Set system hostname to 'RT01': - -.. code-block:: sh - - set system host-name RT01 - commit - show system host-name - host-name RT01 - -Domain Name -^^^^^^^^^^^ - -A domainname is the label (name) assigned to a computer network and is thus -unique! - -Set the system's domain: - -.. code-block:: sh - - set system domain-name <domain> - -.. note:: Only letters, numbers, hyphens and periods are allowed. - -Show domain: - -.. code-block:: sh - - show system domain-name - -Remove domain name: - -.. code-block:: sh - - set system delete domain-name <domain> - -Example: Set system domain to example.com: - -.. code-block:: sh - - set system domain-name example.com - commit - show system domain-name - domain-name example.com - -Static host mappings -^^^^^^^^^^^^^^^^^^^^ - -How to assign IPs to interfaces is described in chapter -:ref:`interfaces-addresses`. This section shows how to statically map a system -IP to its host name for local (meaning on this VyOS instance) DNS resolution: - -.. code-block:: sh - - set system static-host-mapping host-name <hostname> inet <IP address> - -Show static mapping: - -.. code-block:: sh - - show system static-host-mapping - -Example: Create a static mapping between the system's hostname `RT01` and -IP address `10.20.30.41`: - -.. code-block:: sh - - set system static-host-mapping host-name RT01 inet 10.20.30.41 - commit - show system static-host-mapping - host-name RT01 { - inet 10.20.30.41 - } - -Aliases -******* - -One or more system aliases (static mappings) can be defined: - -.. code-block:: sh - - set system static-host-mapping host-name <hostname> alias <alias> - -Show aliases: - -.. code-block:: sh - - show system static-mapping - -Delete alias: - -.. code-block:: sh - - delete system static-host-mapping host-name <hostname> alias <alias> - -Example: Set alias `router1` for system with hostname `RT01`: - -.. code-block:: sh - - set system static-host-mapping host-name RT01 alias router1 - commit - show system static-host-mapping - host-name RT01 { - alias router1 - inet 10.20.30.41 - } - -Default Gateway/Route -^^^^^^^^^^^^^^^^^^^^^ - -In the past (VyOS 1.1.8) used a gateway-address configured in the system tree -(`set system gateway-address <IP address>`) this is no longer supported and -existing configurations are migrated to the new CLI commands. - -It is replaced by inserting a static route into the routing table using: - -.. code-block:: sh - - set protocols static route 0.0.0.0/0 next-hop <gateway ip> - -Delete default route fomr the system - -.. code-block:: sh - - delete protocols static route 0.0.0.0/0 - -Show default route: - -.. code-block:: sh - - vyos@vyos$ show ip route 0.0.0.0 - Routing entry for 0.0.0.0/0 - Known via "static", distance 1, metric 0, best - Last update 3d00h23m ago - * 172.16.34.6, via eth1 - -System Users ------------- - -VyOS supports two levels of users: admin and operator. - -The operator level restricts a user to operational commands and prevents -changes to system configuration. This is useful for gathering information -about the state of the system (dhcp leases, vpn connections, routing tables, -etc...) and for manipulating state of the system, such as resetting -connections, clearing counters and bringing up and taking down connection -oriented interfaces. - -The admin level has all of the capabilities of the operator level, plus the -ability to change system configuration. The admin level also enables a user -to use the sudo command, which essentially means the user has root access to -the system. - -Creating Login User Accounts -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Create user account `jsmith`, with `admin` level access and the password -`mypassword` - -.. code-block:: sh - - set system login user jsmith full-name "Johan Smith" - set system login user jsmith authentication plaintext-password mypassword - set system login user jsmith level admin - -The command: - -.. code-block:: sh - - show system login - -will show the contents of :code:`system login` configuration node: - -.. code-block:: sh - - user jsmith { - authentication { - encrypted-password $6$0OQHjuQ8M$AYXVn7jufdfqPrSk4/XXsDBw99JBtNsETkQKDgVLptXogHA2bU9BWlvViOFPBoFxIi.iqjqrvsQdQ./cfiiPT. - plaintext-password "" - } - full-name "Johan Smith" - level admin - } - -SSH Access using Shared Public Keys -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The following command will load the public key `dev.pub` for user `jsmith` - -.. code-block:: sh - - loadkey jsmith dev.pub - -.. note:: This requires uploading the `dev.pub` public key to the VyOS router - first. As an alternative you can also load the SSH public key directly - from a remote system: - -.. code-block:: sh - - loadkey jsmith scp://devuser@dev001.vyos.net/home/devuser/.ssh/dev.pub - -Syslog ------- - -Per default VyOSs has minimal syslog logging enabled which is stored and -rotated locally. Errors will be always logged to a local file, which includes -`local7` error messages, emergency messages will be sent to the console, too. - -To configure syslog, you need to switch into configuration mode. - -Logging to serial console -^^^^^^^^^^^^^^^^^^^^^^^^^ - -The below would log all messages to :code:`/dev/console`. - -.. code-block:: sh - - set system syslog console facility all level all - -Use the **[tab]** function to display all facilities and levels which can -be configured. - -.. code-block:: sh - - vyos@vyos# set system syslog console facility <TAB> - Possible completions: - > all All facilities excluding "mark" - > auth Authentication and authorization - > authpriv Non-system authorization - > cron Cron daemon - > daemon System daemons - > kern Kernel - > lpr Line printer spooler - > mail Mail subsystem - > mark Timestamp - > news USENET subsystem - > protocols depricated will be set to local7 - > security depricated will be set to auth - > syslog Authentication and authorization - > user Application processes - > uucp UUCP subsystem - > local0 Local facility 0 - > local1 Local facility 1 - > local2 Local facility 2 - > local3 Local facility 3 - > local4 Local facility 4 - > local5 Local facility 5 - > local6 Local facility 6 - > local7 Local facility 7 - - vyos@vyos# set system syslog console facility all level <TAB> - Possible completions: - emerg Emergency messages - alert Urgent messages - crit Critical messages - err Error messages - warning Warning messages - notice Messages for further investigation - info Informational messages - debug Debug messages - all Log everything - - -Logging to a custom file -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Logging to a custom file, rotation size and the number of rotate files left -on the system can be configured. - -.. code-block:: sh - - set system syslog file <FILENAME> facility <FACILITY> level <LEVEL> - set system syslog file <FILENAME> archive file <NUMBER OF FILES> - set system syslog file FILENAME archive size <FILESIZE> - -The very same setting can be applied to the global configuration, to modify -the defaults for the global logging. - -Logging to a remote host -^^^^^^^^^^^^^^^^^^^^^^^^ - -Logging to a remote host leaves the local logging configuration intact, it -can be configured in parallel. You can log ro multiple hosts at the same time, -using either TCP or UDP. The default is sending the messages via UDP. - -**UDP** - -.. code-block:: sh - - set system syslog host 10.1.1.1 facility all level all - <optional> - set system syslog host 10.1.1.1 facility all protocol udp - - -**TCP** - -.. code-block:: sh - - set system syslog host 10.1.1.2 facility all level all - set system syslog host 10.1.1.2 facility all protocol tcp - -Logging to a local user account -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -If logging to a local useraccount is configured, all defined log messages are -display on the console if the local user is logged in, if the user is not -logged in, no messages are being displayed. - -.. code-block:: sh - - set system syslog user <LOCAL_USERNAME> facility <FACILITY> level <LEVEL> |