summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/automation/terraform/terraformGoogle.rst48
-rw-r--r--docs/cli.rst109
-rw-r--r--docs/configuration/nat/nat66.rst12
-rw-r--r--docs/configuration/service/ntp.rst3
-rw-r--r--docs/configuration/service/router-advert.rst7
-rw-r--r--docs/configuration/service/ssh.rst5
-rw-r--r--docs/configuration/vrf/index.rst8
-rw-r--r--docs/contributing/build-vyos.rst32
8 files changed, 191 insertions, 33 deletions
diff --git a/docs/automation/terraform/terraformGoogle.rst b/docs/automation/terraform/terraformGoogle.rst
index 01009be3..41a484c5 100644
--- a/docs/automation/terraform/terraformGoogle.rst
+++ b/docs/automation/terraform/terraformGoogle.rst
@@ -2,24 +2,24 @@
.. _terraformgoogle:
-Deploying VyOS in the google cloud
+Deploying VyOS in the Google Cloud
==================================
-With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform.
+With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform.
Also we will make provisioning using Ansible.
-In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the google cloud and make provisioning using Ansible.
+In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible.
-Preparation steps for deploying VyOS on google
+Preparation steps for deploying VyOS on Google
----------------------------------------------
-How to create a single instance and install your configuration using Terraform+Ansible+google
+How to create a single instance and install your configuration using Terraform+Ansible+Google
Step by step:
-google cloud
+Google Cloud
-1 Create an account with google cloud and a new project
+1 Create an account with Google Cloud and a new project
.. image:: /_static/images/project.png
:width: 50%
@@ -79,15 +79,15 @@ Ansible
3 Create the folder for example /root/google/
-4 Copy all files into your Ansible project "/root/google/" (ansible.cfg, instance.yml, mykey.json and "all"), more detailed see `Structure of files Ansible for google cloud`_
+4 Copy all files into your Ansible project "/root/google/" (ansible.cfg, instance.yml, mykey.json and "all"), more detailed see `Structure of files Ansible for Google Cloud`_
-mykey.json you have to get using step 2 of the google cloud
+mykey.json you have to get using step 2 of the Google Cloud
Start
-Type the commands on your Terrafom instance:
+Type the commands on your Terraform instance:
.. code-block:: none
@@ -97,7 +97,7 @@ Type the commands on your Terrafom instance:
yes
-Start creating a google cloud instance and check the result
+Start creating a Google Cloud instance and check the result.
-----------------------------------------------------------
.. code-block:: none
@@ -330,8 +330,8 @@ Start creating a google cloud instance and check the result
-After executing all the commands you will have your VyOS instance on the google cloud with your configuration, it's a very convenient desition.
-If you need to delete the instance please type the command:
+After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision.
+If you need to delete the instance, please type the command:
.. code-block:: none
@@ -358,20 +358,20 @@ Make sure that you have opened access to the instance in the security group.
Make sure that Ansible is pinging from Terrafom.
-Structure of files Terrafom for google cloud
+Structure of files Terrafom for Google Cloud
--------------------------------------------
.. code-block:: none
.
├── vyos.tf # The main script
- ├── ***.JSON # The credential file from google cloud
+ ├── ***.JSON # The credential file from Google Cloud
├── var.tf # The file of all variables in "vyos.tf"
- └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on)
+ └── terraform.tfvars # The value of all variables (passwords, login, IP addresses and so on)
-File contents of Terrafom for google cloud
+File contents of Terrafom for Google Cloud
------------------------------------------
vyos.tf
@@ -380,7 +380,7 @@ vyos.tf
##############################################################################
- # Build an VyOS VM from the Marketplace
+ # Build a VyOS VM from the Marketplace
#
# After deploying the GCP instance and getting an IP address, the IP address is copied into the file
#"ip.txt" and copied to the Ansible node for provisioning.
@@ -529,7 +529,7 @@ vyos.tf
provisioner "remote-exec" {
inline = [
"cd /root/google/",
- "ansible-playbook instance.yml" # more detailed in "File contents of Ansible for google cloud"
+ "ansible-playbook instance.yml" # more detailed in "File contents of Ansible for Google Cloud"
]
}
}
@@ -635,7 +635,7 @@ terraform.tfvars
host = "" # IP of my Ansible
-Structure of files Ansible for google cloud
+Structure of files Ansible for Google Cloud
-------------------------------------------
.. code-block:: none
@@ -647,7 +647,7 @@ Structure of files Ansible for google cloud
└── instance.yml
-File contents of Ansible for google cloud
+File contents of Ansible for Google Cloud
-----------------------------------------
ansible.cfg
@@ -666,7 +666,7 @@ instance.yml
##############################################################################
# About tasks:
# "Wait 300 seconds, but only start checking after 60 seconds" - try to make ssh connection every 60 seconds until 300 seconds
- # "Configure general settings for the VyOS hosts group" - make provisioning into google cloud VyOS node
+ # "Configure general settings for the VyOS hosts group" - make provisioning into Google Cloud VyOS node
# You have to add all necessary cammans of VyOS under the block "lines:"
##############################################################################
@@ -699,10 +699,10 @@ group_vars/all
ansible_user: vyos
ansible_ssh_pass: vyos
-Sourse files for google cloud from GIT
+Sourse files for Google Cloud from GIT
--------------------------------------
All files about the article can be found here_
-.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main \ No newline at end of file
+.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main
diff --git a/docs/cli.rst b/docs/cli.rst
index c1a9d14c..8169cbd5 100644
--- a/docs/cli.rst
+++ b/docs/cli.rst
@@ -71,6 +71,115 @@ When viewing in page mode the following commands are available:
* ``left-arrow`` and ``right-arrow`` can be used to scroll left or right
in the event that the output has lines which exceed the terminal size.
+Operational mode command families
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Many operational mode commands in VyOS are placed in families such as
+``show``, ``clear``, or ``reset``. Every such family has a specific
+meaning to allow the user to guess how the command is going to behave —
+in particular, whether it will be disruptive to the system or not.
+
+Note that this convention was not always followed with perfect
+consistency and some commands may still be in wrong families, so you
+should always check the command help and documentation if you are not
+sure what exactly it does.
+
+clear
+'''''
+
+"Clear" commands are completely non-disruptive to any system operations.
+Generally, they can be used freely without hesitation.
+
+Most often their purpose is to remove or reset various debug and
+diagnostic information such as system logs and packet counters.
+
+Examples:
+
+- ``clear console`` — clears the screen.
+- ``clear interfaces ethernet eth0 counters`` — zeroes packet counters
+ on ``eth0``.
+- ``clear log`` — deletes all system log entries.
+
+reset
+'''''
+
+"Reset" commands can be locally-disruptive. They may, for example,
+terminate a single user session or a session with a dynamic routing
+protocol peer.
+
+They should be used with caution since they may have a significant
+impact on a particular users in the network.
+
+- ``reset pppoe-server username jsmith`` — terminate all PPPoE sessions
+ from user ``jsmith``.
+- ``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor
+ 192.0.2.54.
+- ``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates
+ IPsec tunnels to ``vpn.example.com``.
+
+restart
+'''''''
+
+"Restart" operations may disrupt an entire subsystem. Most often they
+initiate a restart of a server process, which causes it to be
+unavailable for a brief period and resets all the process state.
+
+They should be used with extreme caution.
+
+- ``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP
+ requests are not served while it is restarting).
+- ``restart ipsec`` — restarts the IPsec process (which forces all
+ sessions and all IPsec process state to reset).
+
+force
+'''''
+
+"Force" commands force the system to perform an action that it might
+perform by itself at a later point.
+
+Examples:
+
+- ``force arp request interface eth1 address 10.3.0.2`` — send a
+ gratuitious ARP request.
+- ``force root-partition-auto-resize`` — grow the root filesystem to
+ the size of the system partition (this is also done on startup, but
+ this command can do it without a reboot).
+
+execute
+'''''''
+
+"Execute" commands are for executing various diagnostic and auxilliary
+actions that the system would never perform by itself.
+
+Examples:
+
+- ``execute wake-on-lan interface <intf> host <MAC>`` — send a
+ Wake-On-LAN packet to a host.
+
+show
+''''
+
+"Show" commands display various system information. They may
+occasionally use a pager for long outputs, that you can quit by pressing
+the Q button. Their output is always finite, however.
+
+Examples:
+
+- ``show system login`` — displays current system users.
+- ``show ip route`` — displays the IPv4 routing table.
+
+monitor
+'''''''
+
+"Monitor" commands initiate various monitoring operations that may
+output information continuously, until terminated with ``Ctrl-C`` or
+disabled.
+
+Examples:
+
+- ``monitor log`` — continuously outputs latest system logs.
+
+
Configuration Mode
##################
diff --git a/docs/configuration/nat/nat66.rst b/docs/configuration/nat/nat66.rst
index 9345e708..42f63fc9 100644
--- a/docs/configuration/nat/nat66.rst
+++ b/docs/configuration/nat/nat66.rst
@@ -105,6 +105,18 @@ Example:
set nat66 destination rule 1 destination address 'fc00::/64'
set nat66 destination rule 1 translation address 'fc01::/64'
+For the destination, groups can also be used instead of an address.
+
+Example:
+
+.. code-block:: none
+
+ set firewall group ipv6-address-group ADR-INSIDE-v6 address fc00::1
+
+ set nat66 destination rule 1 inbound-interface name 'eth0'
+ set nat66 destination rule 1 destination group address-group ADR-INSIDE-v6
+ set nat66 destination rule 1 translation address 'fc01::/64'
+
Configuration Examples
======================
diff --git a/docs/configuration/service/ntp.rst b/docs/configuration/service/ntp.rst
index 266376cf..f82baa34 100644
--- a/docs/configuration/service/ntp.rst
+++ b/docs/configuration/service/ntp.rst
@@ -71,7 +71,8 @@ Configuration
NTP process will only listen on the specified IP address. You must specify
the `<address>` and optionally the permitted clients. Multiple listen
- addresses can be configured.
+ addresses for same IP family is no longer supported. Only one IPv4 and one
+ IPv6 address can be configured, using separate commands for each.
.. cfgcmd:: set service ntp allow-client address <address>
diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst
index 8f984b10..365017dd 100644
--- a/docs/configuration/service/router-advert.rst
+++ b/docs/configuration/service/router-advert.rst
@@ -102,6 +102,13 @@ To disable advertisements without deleting the configuration:
.. cfgcmd:: set service router-advert interface <interface> no-send-advert
+ If set, the router will no longer send periodic router advertisements and
+ will not respond to router solicitations.
+
+.. cfgcmd:: set service router-advert interface <interface> no-send-interval
+
+ Advertisement Interval Option (specified by Mobile IPv6) is always included in
+ Router Advertisements unless this option is set.
*******
Example
diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst
index d3ca51b5..e7642433 100644
--- a/docs/configuration/service/ssh.rst
+++ b/docs/configuration/service/ssh.rst
@@ -64,11 +64,12 @@ Configuration
Disable the host validation through reverse DNS lookups - can speedup login
time when reverse lookup is not possible.
-.. cfgcmd:: set service ssh macs <mac>
+.. cfgcmd:: set service ssh mac <mac>
Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms.
The MAC algorithm is used in protocol version 2 for data integrity protection.
- Multiple algorithms can be provided.
+ Multiple algorithms can be provided by using multiple commands, defining
+ one algorithm per command.
List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``,
``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``,
diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst
index 0d6b895f..e9115458 100644
--- a/docs/configuration/vrf/index.rst
+++ b/docs/configuration/vrf/index.rst
@@ -18,14 +18,10 @@ Configuration
A VRF device is created with an associated route table. Network interfaces are
then enslaved to a VRF device.
-.. cfgcmd:: set vrf name <name>
-
- Create new VRF instance with `<name>`. The name is used when placing
- individual interfaces into the VRF.
-
.. cfgcmd:: set vrf name <name> table <id>
- Configured routing table `<id>` is used by VRF `<name>`.
+ Create a new VRF instance with `<name>` and `<id>`. The name is used when placing
+ individual interfaces into the VRF.
.. note:: A routing table ID can not be modified once it is assigned. It can
only be changed by deleting and re-adding the VRF instance.
diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst
index ea0a4765..93b492ae 100644
--- a/docs/contributing/build-vyos.rst
+++ b/docs/contributing/build-vyos.rst
@@ -741,6 +741,38 @@ binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them
to the ``vyos-build/packages`` folder for inclusion during the ISO build.
+Mellanox OFED
+^^^^^^^^^^^^^
+
+The Mellanox OFED drivers do not come from a Git repository, instead we fetch the
+tarball from Nvidia and compile the sources its contains against our kernel tree.
+
+Simply use our wrapper script to build all of the driver modules.
+
+.. code-block:: none
+
+ ./build-mellanox-ofed.sh
+ ...
+ Below is the list of OFED packages that you have chosen
+ (some may have been added by the installer due to package dependencies):
+
+ ofed-scripts
+ mlnx-tools
+ mlnx-ofed-kernel-utils
+ mlnx-ofed-kernel-modules
+ ...
+ Building packages
+ Building DEB for ofed-scripts-24.04.OFED.24.04.0.6.6 (ofed-scripts)...
+ Running /usr/bin/dpkg-buildpackage -us -uc
+ Installing ofed-scripts-24.04.OFED.24.04.0.6.6...
+ Running /usr/bin/dpkg -i --force-confmiss '/vyos/packages/linux-kernel/MLNX_OFED_SRC-debian-24.04-0.6.6.0/DEBS/debian12.1/x86_64/ofed-scripts_24.04.OFED.24.04.0.6.6-1_amd64.deb'
+ Building DEB for mlnx-tools-24.04.0 (mlnx-tools)...
+
+
+After compiling the packages you will find yourself the newly generated `*.deb`
+binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them
+to the ``vyos-build/packages`` folder for inclusion during the ISO build.
+
Packages
========