summaryrefslogtreecommitdiff
path: root/docs/system
diff options
context:
space:
mode:
Diffstat (limited to 'docs/system')
-rw-r--r--docs/system/advanced-index.rst19
-rw-r--r--docs/system/basic-index.rst14
-rw-r--r--docs/system/boot-options.rst57
-rw-r--r--docs/system/default-route.rst40
-rw-r--r--docs/system/eventhandler.rst48
-rw-r--r--docs/system/flow-accounting.rst203
-rw-r--r--docs/system/host-information.rst63
-rw-r--r--docs/system/lcd.rst45
-rw-r--r--docs/system/ntp.rst77
-rw-r--r--docs/system/option.rst94
-rw-r--r--docs/system/proxy.rst28
-rw-r--r--docs/system/serial-console.rst43
-rw-r--r--docs/system/syslog.rst226
-rw-r--r--docs/system/system-dns.rst69
-rw-r--r--docs/system/task-scheduler.rst40
-rw-r--r--docs/system/time-zone.rst18
-rw-r--r--docs/system/user-management.rst160
17 files changed, 0 insertions, 1244 deletions
diff --git a/docs/system/advanced-index.rst b/docs/system/advanced-index.rst
deleted file mode 100644
index 8e855789..00000000
--- a/docs/system/advanced-index.rst
+++ /dev/null
@@ -1,19 +0,0 @@
-.. _advanced_system_tweaks:
-
-######
-System
-######
-
-.. toctree::
- :maxdepth: 2
-
- boot-options
- eventhandler
- flow-accounting
- lcd
- ntp
- option
- proxy
- serial-console
- syslog
- task-scheduler
diff --git a/docs/system/basic-index.rst b/docs/system/basic-index.rst
deleted file mode 100644
index b7bbf1c5..00000000
--- a/docs/system/basic-index.rst
+++ /dev/null
@@ -1,14 +0,0 @@
-.. _basic_system_tweaks:
-
-###################
-Basic System Tweaks
-###################
-
-.. toctree::
- :maxdepth: 2
-
- user-management
- host-information
- default-route
- time-zone
- system-dns
diff --git a/docs/system/boot-options.rst b/docs/system/boot-options.rst
deleted file mode 100644
index d054748f..00000000
--- a/docs/system/boot-options.rst
+++ /dev/null
@@ -1,57 +0,0 @@
-.. _boot-options:
-
-
-############
-Boot Options
-############
-
-.. warning:: This function may be highly disruptive.
- It may cause major service interruption, so make sure you really
- need it and verify your input carefully.
-
-
-
-VyOS has several kernel command line options to modify the normal boot
-process.
-To add an option, select the desired image in GRUB menu at load
-time, press **e**, edit the first line, and press **Ctrl-x** to boot when
-ready.
-
-.. image:: /_static/images/boot-options.png
- :width: 80%
- :align: center
-
-
-Specify custom config file
-==========================
-
-Tells the system to use specified file instead of ``/config/config.boot``.
-If specified file does not exist or is not readable, fall back to
-default config. No additional verification is performed, so make sure
-you specify a valid config file.
-
-.. code-block:: none
-
- vyos-config=/path/to/file
-
-To load the *factory default* config, use:
-
-.. code-block:: none
-
- vyos-config=/opt/vyatta/etc/config.boot.default
-
-
-Disable specific boot process steps
-===================================
-
-These options disable some boot steps. Make sure you understand the
-:ref:`boot process <boot-steps>` well before using them!
-
-.. glossary::
-
- no-vyos-migrate
- Do not perform config migration.
-
- no-vyos-firewall
- Do not initialize default firewall chains, renders any firewall configuration unusable.
-
diff --git a/docs/system/default-route.rst b/docs/system/default-route.rst
deleted file mode 100644
index 27c74188..00000000
--- a/docs/system/default-route.rst
+++ /dev/null
@@ -1,40 +0,0 @@
-.. _default_gateway:
-
-#####################
-Default Gateway/Route
-#####################
-
-In the past (VyOS 1.1) used a gateway-address configured under the system tree
-(:cfgcmd:`set system gateway-address <address>`), this is no longer supported
-and existing configurations are migrated to the new CLI command.
-
-Configuration
-=============
-
-.. cfgcmd:: set protocols static route 0.0.0.0/0 next-hop <address>
-
- Specify static route into the routing table sending all non local traffic
- to the nexthop address `<address>`.
-
-
-.. cfgcmd:: delete protocols static route 0.0.0.0/0
-
- Delete default route from the system.
-
-Operation
-=========
-
-.. opcmd:: show ip route 0.0.0.0
-
- Show routing table entry for the default route.
-
- .. code-block:: none
-
- vyos@vyos:~$ show ip route 0.0.0.0
- Routing entry for 0.0.0.0/0
- Known via "static", distance 10, metric 0, best
- Last update 09:46:30 ago
- * 172.18.201.254, via eth0.201
-
-.. seealso:: Configuration of :ref:`static-routing`
-
diff --git a/docs/system/eventhandler.rst b/docs/system/eventhandler.rst
deleted file mode 100644
index a68b3924..00000000
--- a/docs/system/eventhandler.rst
+++ /dev/null
@@ -1,48 +0,0 @@
-.. _event-handler:
-
-Event Handler
--------------
-
-Event handler allows you to execute scripts when a string that matches a regex appears in a text stream (e.g. log file).
-
-It uses "feeds" (output of commands, or a named pipes) and "policies" that define what to execute if a regex is matched.
-
-.. code-block:: none
-
- system
- event-handler
- feed <name>
- description <feed description>
- policy <policy name>
- source
- preset
- syslog # Use the syslog logs for feed
- custom
- command <command to execute> # E.g. "tail -f /var/log/somelogfile"
- named-pipe <path to a names pipe>
- policy <policy name>
- description <policy description>
- event <event name>
- description <event description>
- pattern <regex>
- run <command to run>
-
-In this small example a script runs every time a login failed and an interface goes down
-
-.. code-block:: none
-
- vyos@vyos# show system event-handler
- feed Syslog {
- policy MyPolicy
- source {
- preset syslog
- }
- }
- policy MyPolicy {
- description "Test policy"
- event BadThingsHappened {
- pattern "authentication failure"
- pattern "interface \.* index \d+ .* DOWN.*"
- run /config/scripts/email-to-admin
- }
- } \ No newline at end of file
diff --git a/docs/system/flow-accounting.rst b/docs/system/flow-accounting.rst
deleted file mode 100644
index f09c1c9a..00000000
--- a/docs/system/flow-accounting.rst
+++ /dev/null
@@ -1,203 +0,0 @@
-.. _flow-accounting:
-
-###############
-Flow Accounting
-###############
-
-VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts
-as a flow exporter, and you are free to use it with any compatible collector.
-
-Flows can be exported via two different protocols: NetFlow (versions 5, 9 and
-10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table
-internally in a router.
-
-.. warning:: You need to disable the in-memory table in production environments!
- Using :abbr:`IMT (In-Memory Table)` may lead to heavy CPU overloading and
- unstable flow-accounting behavior.
-
-
-NetFlow / IPFIX
-===============
-NetFlow is a feature that was introduced on Cisco routers around 1996 that
-provides the ability to collect IP network traffic as it enters or exits an
-interface. By analyzing the data provided by NetFlow, a network administrator
-can determine things such as the source and destination of traffic, class of
-service, and the causes of congestion. A typical flow monitoring setup (using
-NetFlow) consists of three main components:
-
-* **exporter**: aggregates packets into flows and exports flow records towards
- one or more flow collectors
-* **collector**: responsible for reception, storage and pre-processing of flow
- data received from a flow exporter
-* **application**: analyzes received flow data in the context of intrusion
- detection or traffic profiling, for example
-
-For connectionless protocols as like ICMP and UDP, a flow is considered
-complete once no more packets for this flow appear after configurable timeout.
-
-NetFlow is usually enabled on a per-interface basis to limit load on the router
-components involved in NetFlow, or to limit the amount of NetFlow records
-exported.
-
-Configuration
-=============
-
-In order for flow accounting information to be collected and displayed for an
-interface, the interface must be configured for flow accounting.
-
-.. cfgcmd:: set system flow-accounting interface <interface>
-
- Configure and enable collection of flow information for the interface
- identified by `<interface>`.
-
- You can configure multiple interfaces which whould participate in flow
- accounting.
-
-.. note:: Will be recorded only packets/flows on **incoming** direction in
- configured interfaces.
-
-
-By default, recorded flows will be saved internally and can be listed with the
-CLI command. You may disable using the local in-memory table with the command:
-
-.. cfgcmd:: set system flow-accounting disable-imt
-
- Internally, in flow-accounting processes exist a buffer for data exchanging
- between core process and plugins (each export target is a separated plugin).
- If you have high traffic levels or noted some problems with missed records
- or stopping exporting, you may try to increase a default buffer size (10
- MiB) with the next command:
-
-.. cfgcmd:: set system flow-accounting buffer-size <buffer size>
-
- In case, if you need to catch some logs from flow-accounting daemon, you may
- configure logging facility:
-
-.. cfgcmd:: set system flow-accounting syslog-facility <facility>
-
- TBD
-
-Flow Export
------------
-
-In addition to displaying flow accounting information locally, one can also
-exported them to a collection server.
-
-NetFlow
-^^^^^^^
-
-.. cfgcmd:: set system flow-accounting netflow version <version>
-
- There are multiple versions available for the NetFlow data. The `<version>`
- used in the exported flow data can be configured here. The following
- versions are supported:
-
- * **5** - Most common version, but restricted to IPv4 flows only
- * **9** - NetFlow version 9 (default)
- * **10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`
-
-.. cfgcmd:: set system flow-accounting netflow server <address>
-
- Configure address of NetFlow collector. NetFlow server at `<address>` can
- be both listening on an IPv4 or IPv6 address.
-
-.. cfgcmd:: set system flow-accounting netflow source-ip <address>
-
- IPv4 or IPv6 source address of NetFlow packets
-
-.. cfgcmd:: set system flow-accounting netflow engine-id <id>
-
- NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255.
-
-.. cfgcmd:: set system flow-accounting netflow sampling-rate <rate>
-
- Use this command to configure the sampling rate for flow accounting. The
- system samples one in every `<rate>` packets, where `<rate>` is the value
- configured for the sampling-rate option. The advantage of sampling every n
- packets, where n > 1, allows you to decrease the amount of processing
- resources required for flow accounting. The disadvantage of not sampling
- every packet is that the statistics produced are estimates of actual data
- flows.
-
- Per default every packet is sampled (that is, the sampling rate is 1).
-
-.. cfgcmd:: set system flow-accounting netflow timeout expiry-interval <interval>
-
- Specifies the interval at which Netflow data will be sent to a collector. As
- per default, Netflow data will be sent every 60 seconds.
-
- You may also additionally configure timeouts for different types of
- connections.
-
-.. cfgcmd:: set system flow-accounting netflow max-flows <n>
-
- If you want to change the maximum number of flows, which are tracking
- simultaneously, you may do this with this command (default 8192).
-
-sFlow
-^^^^^
-
-.. cfgcmd:: set system flow-accounting sflow server <address>
-
- Configure address of sFlow collector. sFlow server at `<address>` can
- be an IPv4 or IPv6 address. But you cannot export to both IPv4 and
- IPv6 collectors at the same time!
-
-.. cfgcmd:: set system flow-accounting sflow sampling-rate <rate>
-
- Enable sampling of packets, which will be transmitted to sFlow collectors.
-
-.. cfgcmd:: set system flow-accounting sflow agent-address <address>
-
- Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you
- must set the same protocol, which is used for sFlow collector addresses. By
- default, using router-id from BGP or OSPF protocol, or the primary IP
- address from the first interface.
-
-Example:
---------
-
-NetFlow v5 example:
-
-.. code-block:: none
-
- set system flow-accounting netflow engine-id 100
- set system flow-accounting netflow version 5
- set system flow-accounting netflow server 192.168.2.10 port 2055
-
-Operation
-=========
-
-Once flow accounting is configured on an interfaces it provides the ability to
-display captured network traffic information for all configured interfaces.
-
-.. opcmd:: show flow-accounting interface <interface>
-
- Show flow accounting information for given `<interface>`.
-
- .. code-block:: none
-
- vyos@vyos:~$ show flow-accounting interface eth0
- IN_IFACE SRC_MAC DST_MAC SRC_IP DST_IP SRC_PORT DST_PORT PROTOCOL TOS PACKETS FLOWS BYTES
- ---------- ----------------- ----------------- ------------------------ --------------- ---------- ---------- ---------- ----- --------- ------- -------
- eth0 00:53:01:a8:28:ac ff:ff:ff:ff:ff:ff 192.0.2.2 255.255.255.255 5678 5678 udp 0 1 1 178
- eth0 00:53:01:b2:2f:34 33:33:ff:00:00:00 fe80::253:01ff:feb2:2f34 ff02::1:ff00:0 0 0 ipv6-icmp 0 2 1 144
- eth0 00:53:01:1a:b4:53 33:33:ff:00:00:00 fe80::253:01ff:fe1a:b453 ff02::1:ff00:0 0 0 ipv6-icmp 0 1 1 72
- eth0 00:53:01:b2:22:48 00:53:02:58:a2:92 192.0.2.100 192.0.2.14 40152 22 tcp 16 39 1 2064
- eth0 00:53:01:c8:33:af ff:ff:ff:ff:ff:ff 192.0.2.3 255.255.255.255 5678 5678 udp 0 1 1 154
- eth0 00:53:01:b2:22:48 00:53:02:58:a2:92 192.0.2.100 192.0.2.14 40006 22 tcp 16 146 1 9444
- eth0 00:53:01:b2:22:48 00:53:02:58:a2:92 192.0.2.100 192.0.2.14 0 0 icmp 192 27 1 4455
-
-.. opcmd:: show flow-accounting interface <interface> host <address>
-
- Show flow accounting information for given `<interface>` for a specific host
- only.
-
- .. code-block:: none
-
- vyos@vyos:~$ show flow-accounting interface eth0 host 192.0.2.14
- IN_IFACE SRC_MAC DST_MAC SRC_IP DST_IP SRC_PORT DST_PORT PROTOCOL TOS PACKETS FLOWS BYTES
- ---------- ----------------- ----------------- ----------- ---------- ---------- ---------- ---------- ----- --------- ------- -------
- eth0 00:53:01:b2:22:48 00:53:02:58:a2:92 192.0.2.100 192.0.2.14 40006 22 tcp 16 197 2 12940
- eth0 00:53:01:b2:22:48 00:53:02:58:a2:92 192.0.2.100 192.0.2.14 40152 22 tcp 16 94 1 4924
- eth0 00:53:01:b2:22:48 00:53:02:58:a2:92 192.0.2.100 192.0.2.14 0 0 icmp 192 36 1 5877
diff --git a/docs/system/host-information.rst b/docs/system/host-information.rst
deleted file mode 100644
index 30efe01e..00000000
--- a/docs/system/host-information.rst
+++ /dev/null
@@ -1,63 +0,0 @@
-.. _host-information:
-
-################
-Host Information
-################
-
-This section describes the system's host information and how to configure them,
-it covers the following topics:
-
-* Host name
-* Domain
-* IP address
-* Aliases
-
-Hostname
-========
-
-A hostname is the label (name) assigned to a network device (a host) on a
-network and is used to distinguish one device from another on specific networks
-or over the internet. On the other hand this will be the name which appears on
-the command line prompt.
-
-.. cfgcmd:: set system host-name <hostname>
-
- Set system hostname. The hostname can be up to 63 characters. A hostname
- must start and end with a letter or digit, and have as interior characters
- only letters, digits, or a hyphen.
-
- The default hostname used is `vyos`.
-
-Domain Name
-===========
-
-A domain name is the label (name) assigned to a computer network and is thus
-unique. VyOS appends the domain name as a suffix to any unqualified name. For
-example, if you set the domain name `example.com`, and you would ping the
-unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`.
-
-.. cfgcmd:: set system domain-name <domain>
-
- Configure system domain name. A domain name must start and end with a letter
- or digit, and have as interior characters only letters, digits, or a hyphen.
-
-Static Hostname Mapping
-=======================
-
-How an IP address is assigned to an interface in :ref:`ethernet-interface`.
-This section shows how to statically map an IP address to a hostname for local
-(meaning on this VyOS instance) name resolution.
-
-.. cfgcmd:: set system static-host-mapping host-name <hostname> inet <address>
-
- Create a static hostname mapping which will always resolve the name
- `<hostname>` to IP address `<address>`.
-
-
-.. cfgcmd:: set system static-host-mapping host-name <hostname> alias <alias>
-
- Create named `<alias>` for the configured static mapping for `<hostname>`.
- Thus the address configured as :cfgcmd:`set system static-host-mapping
- host-name <hostname> inet <address>` can be reached via multiple names.
-
- Multiple aliases can pe specified per host-name.
diff --git a/docs/system/lcd.rst b/docs/system/lcd.rst
deleted file mode 100644
index 441becf5..00000000
--- a/docs/system/lcd.rst
+++ /dev/null
@@ -1,45 +0,0 @@
-.. _system-display:
-
-********************
-System Display (LCD)
-********************
-
-The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running
-VyOS on hardware that features an LCD display. This is typically a small display
-built in an 19 inch rack-mountable appliance. Those displays are used to show
-runtime data.
-
-To configure your LCD display you must first identify the used hardware, and
-connectivity of the display to your system. This can be any serial port
-(`ttySxx`) or serial via USB or even old parallel port interfaces.
-
-Configuration
-=============
-
-.. cfgcmd:: set system lcd device <device>
-
- This is the name of the physical interface used to connect to your LCD
- display. Tab completion is supported and it will list you all available
- serial interface.
-
- For serial via USB port information please refor to: :ref:`hardware_usb`.
-
-.. cfgcmd:: set system lcd model <model>
-
- This is the LCD model used in your system.
-
- At the time of this writing the following displays are supported:
-
- * Crystalfontz CFA-533
-
- * Crystalfontz CFA-631
-
- * Crystalfontz CFA-633
-
- * Crystalfontz CFA-635
-
- .. note:: We can't support all displays from the beginning. If your display
- type is missing, please create a feature request via Phabricator_.
-
-.. include:: ../common-references.rst
-
diff --git a/docs/system/ntp.rst b/docs/system/ntp.rst
deleted file mode 100644
index 223447f5..00000000
--- a/docs/system/ntp.rst
+++ /dev/null
@@ -1,77 +0,0 @@
-.. _ntp:
-
-###
-NTP
-###
-
-:abbr:`NTP (Network Time Protocol`) is a networking protocol for clock
-synchronization between computer systems over packet-switched, variable-latency
-data networks. In operation since before 1985, NTP is one of the oldest Internet
-protocols in current use.
-
-NTP is intended to synchronize all participating computers to within a few
-milliseconds of :abbr:`UTC (Coordinated Universal Time)`. It uses the
-intersection algorithm, a modified version of Marzullo's algorithm, to select
-accurate time servers and is designed to mitigate the effects of variable
-network latency. NTP can usually maintain time to within tens of milliseconds
-over the public Internet, and can achieve better than one millisecond accuracy
-in local area networks under ideal conditions. Asymmetric routes and network
-congestion can cause errors of 100 ms or more.
-
-The protocol is usually described in terms of a client-server model, but can as
-easily be used in peer-to-peer relationships where both peers consider the other
-to be a potential time source. Implementations send and receive timestamps using
-:abbr:`UDP (User Datagram Protocol)` on port number 123.
-
-NTP supplies a warning of any impending leap second adjustment, but no
-information about local time zones or daylight saving time is transmitted.
-
-The current protocol is version 4 (NTPv4), which is a proposed standard as
-documented in :rfc:`5905`. It is backward compatible with version 3, specified
-in :rfc:`1305`.
-
-Configuration
-=============
-
-.. cfgcmd:: set system ntp server <address>
-
- Configure one or more servers for synchronisation. Server name can be either
- an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`.
-
- There are 3 default NTP server set. You are able to change them.
-
- * ``0.pool.ntp.org``
- * ``1.pool.ntp.org``
- * ``2.pool.ntp.org``
-
-.. cfgcmd:: set system ntp server <address> <noselect | pool | preempt | prefer>
-
- Configure one or more attributes to the given NTP server.
-
- * ``noselect`` marks the server as unused, except for display purposes. The
- server is discarded by the selection algorithm.
-
- * ``pool`` mobilizes persistent client mode association with a number of
- remote servers.
-
- * ``preempt`` a preemptable association is expendable.
-
- * ``prefer`` marks the server as preferred. All other things being equal,
- this host will be chosen for synchronization among a set of correctly
- operating hosts.
-
-.. cfgcmd:: set system ntp listen-address <address>
-
- NTP process will only listen on the specified IP address. You must specify
- the `<address>` and optionally the permitted clients. Multiple listen
- addresses can be configured.
-
-.. cfgcmd:: set system ntp allow-clients address <address>
-
- List of networks or client addresses permitted to contact this NTP server.
-
- Multiple networks can be configured.
-
-.. cfgcmd:: set system ntp vrf <name>
-
- Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance.
diff --git a/docs/system/option.rst b/docs/system/option.rst
deleted file mode 100644
index e7661492..00000000
--- a/docs/system/option.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-.. _system_option:
-
-#######
-Options
-#######
-
-This chapter describe the possibilities of advanced system behavior.
-
-*******
-General
-*******
-
-.. cfgcmd:: set system option ctrl-alt-delete <ignore | reboot | poweroff>
-
- Action which will be run once the ctrl-alt-del keystroke is received.
-
-.. cfgcmd:: set system option reboot-on-panic
-
- Automatically reboot system on kernel panic after 60 seconds.
-
-.. cfgcmd:: set system option startup-beep
-
- Play an audible beep to the system speaker when system is ready.
-
-***********
-HTTP client
-***********
-
-.. cfgcmd:: set system option http-client source-address <address>
-
- Several commands utilize curl to initiate transfers. Configure the local
- source IPv4/IPv6 address used for all CURL operations.
-
-.. cfgcmd:: set system option http-client source-interface <interface>
-
- Several commands utilize curl to initiate transfers. Configure the local
- source interface used for all CURL operations.
-
-.. note:: `source-address` and `source-interface` can not be used at the same time.
-
-***************
-Keyboard Layout
-***************
-
-When starting a VyOS live system (the installation CD) the configured keyboard
-layout defaults to US. As this might not suite everyones use case you can adjust
-the used keyboard layout on the system console.
-
-.. cfgcmd:: set system option keyboard-layout <us | fr | de | fi | no | dk>
-
- Change system keyboard layout to given language.
-
- Defaults to ``us``.
-
- .. note:: Changing the keymap only has an effect on the system console, using
- SSH oder Serial remote access to the device is not affected as the keyboard
- layout here corresponds to your access system.
-
-.. _system_options_performance:
-
-***********
-Performance
-***********
-
-As more and more routers run on Hypervisors, expecially with a :abbr:`NOS
-(Network Operating System)` as VyOS, it makes fewer and fewer sense to use
-static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and
-earlier to pin certain interrupt handlers to specific CPUs.
-
-We now utilize `tuned` for dynamic resource balancing based on profiles.
-
- .. seealso:: https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf
-
-.. cfgcmd:: set system option performance < throughput | latency >
-
- Configure one of the predefined system performance profiles.
-
- * ``throughput``: A server profile focused on improving network throughput.
- This profile favors performance over power savings by setting ``intel_pstate``
- and ``max_perf_pct=100`` and increasing kernel network buffer sizes.
-
- It enables transparent huge pages, and uses cpupower to set the performance
- cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us,
- ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to
- 40%.
-
- * ``latency``: A server profile focused on lowering network latency.
- This profile favors performance over power savings by setting ``intel_pstate``
- and ``min_perf_pct=100``.
-
- It disables transparent huge pages, and automatic NUMA balancing. It also
- uses cpupower to set the performance cpufreq governor, and requests a
- cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to
- 50 us, and tcp_fastopen to 3.
diff --git a/docs/system/proxy.rst b/docs/system/proxy.rst
deleted file mode 100644
index 8e0339a7..00000000
--- a/docs/system/proxy.rst
+++ /dev/null
@@ -1,28 +0,0 @@
-.. _system_proxy:
-
-############
-System Proxy
-############
-
-Some IT environments require the use of a proxy to connect to the Internet.
-Without this configuration VyOS updates could not be installed directly by
-using the :opcmd:`add system image` command (:ref:`update_vyos`).
-
-.. cfgcmd:: set system proxy url <url>
-
- Set proxy for all connections initiated by VyOS, including HTTP, HTTPS, and
- FTP (anonymous ftp).
-
-.. cfgcmd:: set system proxy port <port>
-
- Configure proxy port if it does not listen to the default port 80.
-
-.. cfgcmd:: set system proxy username <username>
-
- Some proxys require/support the "basic" HTTP authentication scheme as per
- :rfc:`7617`, thus a username can be configured.
-
-.. cfgcmd:: set system proxy password <password>
-
- Some proxys require/support the "basic" HTTP authentication scheme as per
- :rfc:`7617`, thus a password can be configured.
diff --git a/docs/system/serial-console.rst b/docs/system/serial-console.rst
deleted file mode 100644
index 4a750ada..00000000
--- a/docs/system/serial-console.rst
+++ /dev/null
@@ -1,43 +0,0 @@
-.. _serial-console:
-
-##############
-Serial Console
-##############
-
-For the average user a serial console has no advantage over a console offered
-by a directly attached keyboard and screen. Serial consoles are much slower,
-taking up to a second to fill a 80 column by 24 line screen. Serial consoles
-generally only support non-proportional ASCII text, with limited support for
-languages other than English.
-
-There are some scenarios where serial consoles are useful. System administration
-of remote computers is usually done using :ref:`ssh`, but there are times when
-access to the console is the only way to diagnose and correct software failures.
-Major upgrades to the installed distribution may also require console access.
-
-
-.. cfgcmd:: set system console device <device>
-
- Defines the specified device as a system console. Available console devices
- can be (see completion helper):
-
- * ``ttySN`` - Serial device name
- * ``ttyUSBX`` - USB Serial device name
- * ``hvc0`` - Xen console
-
-.. cfgcmd:: set system console device <device> speed <speed>
-
- The speed (baudrate) of the console device. Supported values are:
-
- * ``1200`` - 1200 bps
- * ``2400`` - 2400 bps
- * ``4800`` - 4800 bps
- * ``9600`` - 9600 bps
- * ``19200`` - 19,200 bps
- * ``38400`` - 38,400 bps (default for Xen console)
- * ``57600`` - 57,600 bps
- * ``115200`` - 115,200 bps (default for serial console)
-
- .. note:: If you use a USB to serial converter please note that most of them
- use software emulation without flow control, thus you should start with a
- common baud rate of 9600 as otherwise you could get
diff --git a/docs/system/syslog.rst b/docs/system/syslog.rst
deleted file mode 100644
index 3449c15b..00000000
--- a/docs/system/syslog.rst
+++ /dev/null
@@ -1,226 +0,0 @@
-.. _syslog:
-
-######
-Syslog
-######
-
-Per default VyOSs has minimal syslog logging enabled which is stored and
-rotated locally. Errors will be always logged to a local file, which includes
-`local7` error messages, emergency messages will be sent to the console, too.
-
-To configure syslog, you need to switch into configuration mode.
-
-Logging
-=======
-
-Syslog supports logging to multiple targets, those targets could be a plain
-file on your VyOS installation itself, a serial console or a remote syslog
-server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP.
-
-Console
--------
-
-.. cfgcmd:: set system syslog console facility <keyword> level <keyword>
-
-Log syslog messages to ``/dev/console``, for an explanation on
-:ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
-see tables below.
-
-
-Custom File
------------
-
-.. cfgcmd:: set system syslog file <filename> facility <keyword> level <keyword>
-
-Log syslog messages to file specified via `<filename>`, for en explanation on
-:ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see
-tables below.
-
-.. cfgcmd:: set system syslog file <filename> archive size <size>
-
-Syslog will write `<size>` kilobytes into the file specified by `<filename>`.
-After this limit has been reached, the custom file is "rotated" by logrotate
-and a new custom file is created.
-
-.. cfgcmd:: set system syslog file <filename> archive file <number>
-
-Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep
-as many as `<number>` rotated file before they are deleted on the system.
-
-
-Remote Host
------------
-
-Logging to a remote host leaves the local logging configuration intact, it
-can be configured in parallel to a custom file or console logging. You can log
-to multiple hosts at the same time, using either TCP or UDP. The default is
-sending the messages via port 514/UDP.
-
-
-.. cfgcmd:: set system syslog host <address> facility <keyword> level <keyword>
-
-Log syslog messages to remote host specified by `<address>`. The address can be
-specified by either FQDN or IP address. For en explanation on
-:ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see
-tables below.
-
-
-.. cfgcmd:: set system syslog host <address> facility <keyword> protocol <udp|tcp>
-
-Configure protocol used for communication to remote syslog host. This can be
-either UDP or TCP.
-
-
-Local User Account
-------------------
-
-.. cfgcmd:: set system syslog user <username> facility <keyword> level <keyword>
-
-If logging to a local user account is configured, all defined log messages are
-display on the console if the local user is logged in, if the user is not
-logged in, no messages are being displayed. For en explanation on
-:ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see
-tables below.
-
-.. _syslog_facilities:
-
-Facilities
-==========
-
-List of facilities used by syslog. Most facilities names are self explanatory.
-Facilities local0 - local7 common usage is f.e. as network logs facilities for
-nodes and network equipment. Generally it depends on the situation how to
-classify logs and put them to facilities. See facilities more as a tool rather
-than a directive to follow.
-
-Facilities can be adjusted to meet the needs of the user:
-
-+----------+----------+----------------------------------------------------+
-| Facility | Keyword | Description |
-| Code | | |
-+==========+==========+====================================================+
-| | all | All facilities |
-+----------+----------+----------------------------------------------------+
-| 0 | kern | Kernel messages |
-+----------+----------+----------------------------------------------------+
-| 1 | user | User-level messages |
-+----------+----------+----------------------------------------------------+
-| 2 | mail | Mail system |
-+----------+----------+----------------------------------------------------+
-| 3 | daemon | System daemons |
-+----------+----------+----------------------------------------------------+
-| 4 | auth | Security/authentication messages |
-+----------+----------+----------------------------------------------------+
-| 5 | syslog | Messages generated internally by syslogd |
-+----------+----------+----------------------------------------------------+
-| 6 | lpr | Line printer subsystem |
-+----------+----------+----------------------------------------------------+
-| 7 | news | Network news subsystem |
-+----------+----------+----------------------------------------------------+
-| 8 | uucp | UUCP subsystem |
-+----------+----------+----------------------------------------------------+
-| 9 | cron | Clock daemon |
-+----------+----------+----------------------------------------------------+
-| 10 | security | Security/authentication messages |
-+----------+----------+----------------------------------------------------+
-| 11 | ftp | FTP daemon |
-+----------+----------+----------------------------------------------------+
-| 12 | ntp | NTP subsystem |
-+----------+----------+----------------------------------------------------+
-| 13 | logaudit | Log audit |
-+----------+----------+----------------------------------------------------+
-| 14 | logalert | Log alert |
-+----------+----------+----------------------------------------------------+
-| 15 | clock | clock daemon (note 2) |
-+----------+----------+----------------------------------------------------+
-| 16 | local0 | local use 0 (local0) |
-+----------+----------+----------------------------------------------------+
-| 17 | local1 | local use 1 (local1) |
-+----------+----------+----------------------------------------------------+
-| 18 | local2 | local use 2 (local2) |
-+----------+----------+----------------------------------------------------+
-| 19 | local3 | local use 3 (local3) |
-+----------+----------+----------------------------------------------------+
-| 20 | local4 | local use 4 (local4) |
-+----------+----------+----------------------------------------------------+
-| 21 | local5 | local use 5 (local5) |
-+----------+----------+----------------------------------------------------+
-| 22 | local6 | use 6 (local6) |
-+----------+----------+----------------------------------------------------+
-| 23 | local7 | local use 7 (local7) |
-+----------+----------+----------------------------------------------------+
-
-.. _syslog_severity_level:
-
-Severity Level
-==============
-
-+-------+---------------+---------+-------------------------------------------+
-| Value | Severity | Keyword | Description |
-+=======+===============+=========+===========================================+
-| | | all | Log everything |
-+-------+---------------+---------+-------------------------------------------+
-| 0 | Emergency | emerg | System is unusable - a panic condition |
-+-------+---------------+---------+-------------------------------------------+
-| 1 | Alert | alert | Action must be taken immediately - A |
-| | | | condition that should be corrected |
-| | | | immediately, such as a corrupted system |
-| | | | database. |
-+-------+---------------+---------+-------------------------------------------+
-| 2 | Critical | crit | Critical conditions - e.g. hard drive |
-| | | | errors. |
-+-------+---------------+---------+-------------------------------------------+
-| 3 | Error | err | Error conditions |
-+-------+---------------+---------+-------------------------------------------+
-| 4 | Warning | warning | Warning conditions |
-+-------+---------------+---------+-------------------------------------------+
-| 5 | Notice | notice | Normal but significant conditions - |
-| | | | conditions that are not error conditions, |
-| | | | but that may require special handling. |
-+-------+---------------+---------+-------------------------------------------+
-| 6 | Informational | info | Informational messages |
-+-------+---------------+---------+-------------------------------------------+
-| 7 | Debug | debug | Debug-level messages - Messages that |
-| | | | contain information normally of use only |
-| | | | when debugging a program. |
-+-------+---------------+---------+-------------------------------------------+
-
-
-Display Logs
-============
-
-.. opcmd:: show log [all | authorization | cluster | conntrack-sync | ...]
-
-Display log files of given category on the console. Use tab completion to get
-a list of available categories. Thos categories could be: all, authorization,
-cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image
-lldp, nat, openvpn, snmp, tail, vpn, vrrp
-
-If no option is specified, this defaults to `all`.
-
-.. opcmd:: show log image <name> [all | authorization | directory | file <file name> | tail <lines>]
-
-Log messages from a specified image can be displayed on the console. Details of
-allowed parameters:
-
-.. list-table::
- :widths: 25 75
- :header-rows: 0
-
- * - all
- - Display contents of all master log files of the specified image
- * - authorization
- - Display all authorization attempts of the specified image
- * - directory
- - Display list of all user-defined log files of the specified image
- * - file <file name>
- - Display contents of a specified user-defined log file of the specified image
- * - tail
- - Display last lines of the system log of the specified image
- * - <lines>
- - Number of lines to be displayed, default 10
-
-When no options/parameters are used, the contents of the main syslog file are
-displayed.
-
-.. hint:: Use ``show log | strip-private`` if you want to hide private data when sharing your logs.
diff --git a/docs/system/system-dns.rst b/docs/system/system-dns.rst
deleted file mode 100644
index 59cfdb5d..00000000
--- a/docs/system/system-dns.rst
+++ /dev/null
@@ -1,69 +0,0 @@
-.. _system-dns:
-
-##########
-System DNS
-##########
-
-
-This section describes configuring DNS on the system, namely:
-
- * DNS name servers
- * Domain search order
-
-
-DNS name servers
-================
-
-.. cfgcmd:: set system name-server <address>
-
- Use this command to specify a DNS server for the system to be used
- for DNS lookups. More than one DNS server can be added, configuring
- one at a time. Both IPv4 and IPv6 addresses are supported.
-
-
-
-Example
--------
-
-In this example, some *OpenNIC* servers are used, two IPv4 addresses
-and two IPv6 addresses:
-
-
-.. code-block:: none
-
- set system name-server 176.9.37.132
- set system name-server 195.10.195.195
- set system name-server 2a01:4f8:161:3441::1
- set system name-server 2a00:f826:8:2::195
-
-
-Domain search order
-===================
-
-In order for the system to use and complete unqualified host names, a
-list can be defined which will be used for domain searches.
-
-
-.. cfgcmd:: set system domain-search domain <domain>
-
- Use this command to define domains, one at a time, so that the system
- uses them to complete unqualified host names. Maximum: 6 entries.
-
-
-.. note:: Domain names can include letters, numbers, hyphens and periods
- with a maximum length of 253 characters.
-
-
-Example
--------
-
-The system is configured to attempt domain completion in the following
-order: vyos.io (first), vyos.net (second) and vyos.network (last):
-
-
-.. code-block:: none
-
- set system domain-search domain vyos.io
- set system domain-search domain vyos.net
- set system domain-search domain vyos.network
-
diff --git a/docs/system/task-scheduler.rst b/docs/system/task-scheduler.rst
deleted file mode 100644
index 382da39f..00000000
--- a/docs/system/task-scheduler.rst
+++ /dev/null
@@ -1,40 +0,0 @@
-.. _task-scheduler:
-
-##############
-Task Scheduler
-##############
-
-The task scheduler allows you to execute tasks on a given schedule. It makes
-use of UNIX cron_.
-
-.. note:: All scripts excecuted this way are executed as root user - this may
- be dangerous. Together with :ref:`command-scripting` this can be used for
- automating (re-)configuration.
-
-.. cfgcmd:: set system task-scheduler task <task> interval <interval>
-
- Specify the time interval when `<task>` should be executed. The interval
- is specified as number with one of the following suffixes:
-
- * ``none`` - Execution interval in minutes
- * ``m`` - Execution interval in minutes
- * ``h`` - Execution interval in hours
- * ``d`` - Execution interval in days
-
- .. note:: If suffix is omitted, minutes are implied.
-
-.. cfgcmd:: set system task-scheduler task <task> crontab-spec <spec>
-
- Set execution time in common cron_ time format. A cron `<spec>` of
- ``30 */6 * * *`` would execute the `<task>` at minute 30 past every 6th hour.
-
-.. cfgcmd:: set system task-scheduler task <task> executable path <path>
-
- Specify absolute `<path>` to script which will be run when `<task>` is
- executed.
-
-.. cfgcmd:: set system task-scheduler task <task> executable arguments <args>
-
- Arguments which will be passed to the executable.
-
-.. _cron: https://en.wikipedia.org/wiki/Cron
diff --git a/docs/system/time-zone.rst b/docs/system/time-zone.rst
deleted file mode 100644
index 025c4376..00000000
--- a/docs/system/time-zone.rst
+++ /dev/null
@@ -1,18 +0,0 @@
-.. _timezone:
-
-#########
-Time Zone
-#########
-
-Time Zone setting is very important as e.g all your logfile entries will be
-based on the configured zone. Without proper time zone configuration it will
-be very difficult to compare logfiles from different systems.
-
-.. cfgcmd:: set system time-zone <timezone>
-
- Specify the systems `<timezone>` as the Region/Location that best defines
- your location. For example, specifying US/Pacific sets the time zone to US
- Pacific time.
-
- Command completion can be used to list available time zones. The adjustment
- for daylight time will take place automatically based on the time of year. \ No newline at end of file
diff --git a/docs/system/user-management.rst b/docs/system/user-management.rst
deleted file mode 100644
index 6d89735f..00000000
--- a/docs/system/user-management.rst
+++ /dev/null
@@ -1,160 +0,0 @@
-.. _user_management:
-
-###############
-User Management
-###############
-
-The default VyOS user account (`vyos`), as well as newly created user accounts,
-have all capabilities to configure the system. All accounts have sudo
-capabilities and therefore can operate as root on the system.
-
-Both local administered and remote administered :abbr:`RADIUS (Remote
-Authentication Dial-In User Service)` accounts are supported.
-
-Local
-=====
-
-.. cfgcmd:: set system login user <name> full-name "<string>"
-
- Create new system user with username `<name>` and real-name specified by
- `<string>`.
-
-.. cfgcmd:: set system login user <name> authentication plaintext-password <password>
-
- Specify the plaintext password user by user `<name>` on this system. The
- plaintext password will be automatically transferred into a secure hashed
- password and not saved anywhere in plaintext.
-
-.. cfgcmd:: set system login user <name> authentication encrypted-password <password>
-
- Setup encrypted password for given username. This is useful for
- transferring a hashed password from system to system.
-
-.. _ssh_key_based_authentication:
-
-Key Based Authentication
-------------------------
-
-It is highly recommended to use SSH key authentication. By default there is
-only one user (``vyos``), and you can assign any number of keys to that user.
-You can generate a ssh key with the ``ssh-keygen`` command on your local
-machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``.
-
-Every SSH key comes in three parts:
-
-``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com``
-
-Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the
-key will usually be several hundred characters long, and you will need to copy
-and paste it. Some terminal emulators may accidentally split this over several
-lines. Be attentive when you paste it that it only pastes as a single line.
-The third part is simply an identifier, and is for your own reference.
-
-.. cfgcmd:: set system login user <username> authentication public-keys <identifier> key <key>
-
- Assign the SSH public key portion `<key>` identified by per-key
- `<identifier>` to the local user `<username>`.
-
-.. cfgcmd:: set system login user <username> authentication public-keys <identifier> type <type>
-
- Every SSH public key portion referenced by `<identifier>` requires the
- configuration of the `<type>` of public-key used. This type can be any of:
-
- * ``ecdsa-sha2-nistp256``
- * ``ecdsa-sha2-nistp384``
- * ``ecdsa-sha2-nistp521``
- * ``ssh-dss``
- * ``ssh-ed25519``
- * ``ssh-rsa``
-
- .. note:: You can assign multiple keys to the same user by using a unique
- identifier per SSH key.
-
-.. cfgcmd:: loadkey <username> <location>
-
- SSH keys can not only be specified on the command-line but also loaded for
- a given user with `<username>` from a file pointed to by `<location>.` Keys
- can be either loaded from local filesystem or any given remote location
- using one of the following :abbr:`URIs (Uniform Resource Identifier)`:
-
- * ``<file>`` - Load from file on local filesystem path
- * ``scp://<user>@<host>:/<file>`` - Load via SCP from remote machine
- * ``sftp://<user>@<host>/<file>`` - Load via SFTP from remote machine
- * ``ftp://<user>@<host>/<file>`` - Load via FTP from remote machine
- * ``http://<host>/<file>`` - Load via HTTP from remote machine
- * ``tftp://<host>/<file>`` - Load via TFTP from remote machine
-
-Example
--------
-
-In the following example, both `User1` and `User2` will be able to SSH into
-VyOS as user ``vyos`` using their very own keys.
-
-.. code-block:: none
-
- set system login user vyos authentication public-keys 'User1' key "AAAAB3Nz...KwEW"
- set system login user vyos authentication public-keys 'User1' type ssh-rsa
- set system login user vyos authentication public-keys 'User2' key "AAAAQ39x...fbV3"
- set system login user vyos authentication public-keys 'User2' type ssh-rsa
-
-
-RADIUS
-======
-
-In large deployments it is not reasonable to configure each user individually
-on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication
-Dial-In User Service)` servers as backend for user authentication.
-
-Configuration
--------------
-
-.. cfgcmd:: set system login radius server <address> secret <secret>
-
- Specify the `<address>` of the RADIUS server user with the pre-shared-secret
- given in `<secret>`. Multiple servers can be specified.
-
-.. cfgcmd:: set system login radius server <address> port <port>
-
- Configure the discrete port under which the RADIUS server can be reached.
- This defaults to 1812.
-
-.. cfgcmd:: set system login radius server <address> timeout <timeout>
-
- Setup the `<timeout>` in seconds when querying the RADIUS server.
-
-.. cfgcmd:: set system login radius server <address> disable
-
- Temporary disable this RADIUS server. It won't be queried.
-
-.. cfgcmd:: set system login radius source-address <address>
-
- RADIUS servers could be hardened by only allowing certain IP addresses to
- connect. As of this the source address of each RADIUS query can be
- configured. If this is not set, incoming connections to the RADIUS server
- will use the nearest interface address pointing towards the server - making
- it error prone on e.g. OSPF networks when a link fails and a backup route is
- taken.
-
-.. hint:: If you want to have admin users to authenticate via RADIUS it is
- essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without
- the attribute you will only get regular, non privilegued, system users.
-
-
-
-Login Banner
-============
-
-You are able to set post-login or pre-login banner messages to display certain
-information for this system.
-
-.. cfgcmd:: set system login banner pre-login <message>
-
- Configure `<message>` which is shown during SSH connect and before a user is
- logged in.
-
-.. cfgcmd:: set system login banner post-login <message>
-
- Configure `<message>` which is shown after user has logged in to the system.
-
-.. note:: To create a new line in your login message you need to escape the new
- line character by using ``\\n``.