From 6742fa6314fdf448f814d18dac70a638587b75e6 Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Mon, 27 May 2024 20:11:32 +0200 Subject: T6406: document cpu limit config option --- docs/configuration/container/index.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'docs') diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index 4dacc6f4..39d7872c 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -133,6 +133,17 @@ Configuration - **always**: Restart containers when they exit, regardless of status, retrying indefinitely +.. cfgcmd:: set container name cpus + + This specifies the number of CPU resources the container can use. + + Default is 0 for unlimited. + For example, 1.25 limits the container to use up to 1.25 cores + worth of CPU time. + This can be a decimal number with up to three decimal places. + + The command translates to "--cpus=" when the container is created. + .. cfgcmd:: set container name memory Constrain the memory available to the container. -- cgit v1.2.3 From a983832d14c28888d035e774ee63c2f459b84aa4 Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Tue, 28 May 2024 08:19:54 +0200 Subject: T6406: rename cpus to cpu --- docs/configuration/container/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index 39d7872c..399f2ef5 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -133,7 +133,7 @@ Configuration - **always**: Restart containers when they exit, regardless of status, retrying indefinitely -.. cfgcmd:: set container name cpus +.. cfgcmd:: set container name cpu-quota This specifies the number of CPU resources the container can use. -- cgit v1.2.3 From c2bc79045d065c1661290c9b1baf2f1f0a95ea7c Mon Sep 17 00:00:00 2001 From: Alex W Date: Wed, 29 May 2024 23:19:44 +0100 Subject: reverse-proxy: T6409: Remove unused backend parameters --- docs/configuration/loadbalancing/reverse-proxy.rst | 5 ----- 1 file changed, 5 deletions(-) (limited to 'docs') diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 044d2044..3edc4283 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -118,11 +118,6 @@ Backend Configure backend `` mode TCP or HTTP -.. cfgcmd:: set load-balancing reverse-proxy backend parameters - http-check - - Enable layer 7 HTTP health check - .. cfgcmd:: set load-balancing reverse-proxy backend server address -- cgit v1.2.3 From a5354a65be668f10136b2f65ba1c9a41bf2708ca Mon Sep 17 00:00:00 2001 From: Alex W Date: Mon, 3 Jun 2024 18:22:56 +0100 Subject: reverse-proxy: T6434: Support additional health-check protocols --- docs/configuration/loadbalancing/reverse-proxy.rst | 61 ++++++++++++++++------ 1 file changed, 44 insertions(+), 17 deletions(-) (limited to 'docs') diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 3edc4283..9cb49a7f 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -161,8 +161,34 @@ Backend Set custom HTTP headers to be included in all responses using the backend -HTTP health check -^^^^^^^^^^^^^^^^^ +Global +------- + +Global parameters + +.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections + + + Limit maximum number of connections + +.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers + + + Limit allowed cipher algorithms used during SSL/TLS handshake + +.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min + + + Specify the minimum required TLS version 1.2 or 1.3 + + +Health checks +============= + + +HTTP checks +----------- + For web application providing information about their state HTTP health checks can be used to determine their availability. @@ -185,31 +211,32 @@ checks can be used to determine their availability. expect Sets the expected result condition for considering a server healthy. + Some possible examples are: * ``status 200`` Expecting a 200 response code * ``status 200-399`` Expecting a non-failure response code * ``string success`` Expecting the string `success` in the response body -Global -------- - -Global parameters - -.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections - - - Limit maximum number of connections +TCP checks +---------- -.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers - +Health checks can also be configured for TCP mode backends. You can configure +protocol aware checks for a range of Layer 7 protocols: - Limit allowed cipher algorithms used during SSL/TLS handshake +.. cfgcmd:: set load-balancing reverse-proxy backend health-check -.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min - + Available health check protocols: + * ``ldap`` LDAP protocol check. + * ``redis`` Redis protocol check. + * ``mysql`` MySQL protocol check. + * ``pgsql`` PostgreSQL protocol check. + * ``smtp`` SMTP protocol check. - Specify the minimum required TLS version 1.2 or 1.3 +.. note:: If you specify a server to be checked but do not configure a + protocol, a basic TCP health check will be attempted. A server shall be + deemed online if it responses to a connection attempt with a valid + ``SYN/ACK`` packet. Redirect HTTP to HTTPS -- cgit v1.2.3 From 2a181d631d7d03e4ec91c9cb4cf9d1cd353efda9 Mon Sep 17 00:00:00 2001 From: Sam <33001794+SamLue@users.noreply.github.com> Date: Wed, 5 Jun 2024 09:47:44 +0200 Subject: Changed parameter flavor from iso to generic for 1.5 (circinus, current) The flavor has been renamed in this branch. https://vyos.dev/T6414 --- docs/contributing/build-vyos.rst | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index 16eb8ac7..55be147b 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -65,10 +65,14 @@ To start, clone the repository to your local machine: $ ./configure --architecture amd64 --build-by "j.randomhacker@vyos.io" $ sudo make iso - # For VyOS 1.4 (sagitta) and VyOS 1.5 (circinus,current) + # For VyOS 1.4 (sagitta) $ sudo make clean $ sudo ./build-vyos-image iso --architecture amd64 --build-by "j.randomhacker@vyos.io" + # For VyOS 1.5 (circinus,current) + $ sudo make clean + $ sudo ./build-vyos-image generic --architecture amd64 --build-by "j.randomhacker@vyos.io" + For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing. @@ -274,10 +278,14 @@ Start the build: vyos_bld@8153428c7e1f:/vyos$ ./configure --architecture amd64 --build-by "j.randomhacker@vyos.io" vyos_bld@8153428c7e1f:/vyos$ sudo make iso - # For VyOS 1.4 (sagitta) For VyOS 1.5 (circinus,current) + # For VyOS 1.4 (sagitta) vyos_bld@8153428c7e1f:/vyos$ sudo make clean vyos_bld@8153428c7e1f:/vyos$ sudo ./build-vyos-image iso --architecture amd64 --build-by "j.randomhacker@vyos.io" + # For VyOS 1.5 (circinus,current) + vyos_bld@8153428c7e1f:/vyos$ sudo make clean + vyos_bld@8153428c7e1f:/vyos$ sudo ./build-vyos-image generic --architecture amd64 --build-by "j.randomhacker@vyos.io" + When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``. -- cgit v1.2.3 From a3205cd2ee142ee41239a06acdd2994a3a372de0 Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Mon, 10 Jun 2024 08:48:04 +0200 Subject: T6219: Add doc for container sysctl parameter --- docs/configuration/container/index.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'docs') diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index 399f2ef5..a1672aa7 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -168,6 +168,17 @@ Configuration setdomainame) - **sys-time**: Permission to set system clock +.. cfgcmd:: set container name sysctl parameter value + + Set container sysctl values. + + The subset of possible parameters are: + + - Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, + kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced + - Parameters beginning with fs.mqueue.* + - Parameters beginning with net.* (only if user-defined network is used) + .. cfgcmd:: set container name label