summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrebortg <github@ghlr.de>2023-11-26 13:34:49 +0100
committerrebortg <github@ghlr.de>2023-11-26 13:34:49 +0100
commit54da140062ece6ee42a20619e892bb8f23983746 (patch)
tree3144a0ca17f2eceaa5310a27e5084e895ad4bddc
parent4ca2e09a2a807f7224ab3f24b47981be2b175b8b (diff)
parent5953d6f69748c82cbd9eafbe662163924ae719e6 (diff)
downloadvyos-documentation-54da140062ece6ee42a20619e892bb8f23983746.tar.gz
vyos-documentation-54da140062ece6ee42a20619e892bb8f23983746.zip
Merge branch 'master' of github.com:vyos/vyos-documentation
-rw-r--r--docs/_static/images/ansible.pngbin0 -> 204124 bytes
-rw-r--r--docs/automation/vyos-api.rst37
-rw-r--r--docs/configexamples/ansible.rst216
-rw-r--r--docs/configexamples/index.rst1
-rw-r--r--docs/configuration/vpn/ipsec.rst8
5 files changed, 258 insertions, 4 deletions
diff --git a/docs/_static/images/ansible.png b/docs/_static/images/ansible.png
new file mode 100644
index 00000000..1d80b3f4
--- /dev/null
+++ b/docs/_static/images/ansible.png
Binary files differ
diff --git a/docs/automation/vyos-api.rst b/docs/automation/vyos-api.rst
index efd00dd8..afcc1767 100644
--- a/docs/automation/vyos-api.rst
+++ b/docs/automation/vyos-api.rst
@@ -143,6 +143,43 @@ The ``reset`` endpoint run a ``reset`` command.
"error": null
}
+/reboot
+=======
+
+To initiate a reboot use the ``reboot`` endpoint.
+
+.. code-block:: none
+
+ curl --location --request POST 'https://vyos/reboot' \
+ --form data='{"op": "reboot", "path": ["now"]}' \
+ --form key='MY-HTTPS-API-PLAINTEXT-KEY'
+
+ respone:
+ {
+ "success": true,
+ "data": "",
+ "error": null
+ }
+
+/poweroff
+=========
+
+To power off the system use the ``poweroff`` endpoint.
+
+.. code-block:: none
+
+ curl --location --request POST 'https://vyos/poweroff' \
+ --form data='{"op": "poweroff", "path": ["now"]}' \
+ --form key='MY-HTTPS-API-PLAINTEXT-KEY'
+
+ respone:
+ {
+ "success": true,
+ "data": "",
+ "error": null
+ }
+
+
/image
======
diff --git a/docs/configexamples/ansible.rst b/docs/configexamples/ansible.rst
new file mode 100644
index 00000000..431ad8c3
--- /dev/null
+++ b/docs/configexamples/ansible.rst
@@ -0,0 +1,216 @@
+:lastproofread: 2023-10-18
+
+.. _examples-ansible:
+
+###############
+Ansible example
+###############
+
+Setting up Ansible on a server running the Debian operating system.
+===================================================================
+
+In this example, we will set up a simple use of Ansible to configure multiple VyoS routers.
+We have four pre-configured routers with this configuration:
+
+Using the general schema for example:
+
+.. image:: /_static/images/ansible.png
+ :width: 80%
+ :align: center
+ :alt: Network Topology Diagram
+
+We have four pre-configured routers with this configuration:
+
+.. code-block:: none
+
+ set interfaces ethernet eth0 address dhcp
+ set service ssh
+ commit
+ save
+
+* vyos7 - 192.0.2.105
+* vyos8 - 192.0.2.106
+* vyos9 - 192.0.2.107
+* vyos10 - 192.0.2.108
+
+Install the Ansible:
+====================
+.. code-block:: none
+
+ # apt-get install ansible
+ Do you want to continue? [Y/n] y
+
+Install the paramiko:
+=====================
+
+.. code-block:: none
+
+ #apt-get install -y python3-paramiko
+
+Check the version:
+==================
+
+.. code-block:: none
+
+ # ansible --version
+ ansible 2.10.8
+ config file = None
+ configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
+ ansible python module location = /usr/lib/python3/dist-packages/ansible
+ executable location = /usr/bin/ansible
+ python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
+
+Basik configuration of the ansible.cfg:
+=======================================
+
+.. code-block:: none
+
+ # nano /root/ansible.cfg
+ [defaults]
+ host_key_checking = no
+
+Add all the hosts of VyOS:
+==========================
+
+.. code-block:: none
+
+ # nano /root/hosts
+ [vyos_hosts]
+ vyos7 ansible_ssh_host=192.0.2.105
+ vyos8 ansible_ssh_host=192.0.2.106
+ vyos9 ansible_ssh_host=192.0.2.107
+ vyos10 ansible_ssh_host=192.0.2.108
+
+Add general variables:
+======================
+
+.. code-block:: none
+
+ # mkdir /root/group_vars/
+ # nano /root/group_vars/vyos_hosts
+ ansible_python_interpreter: /usr/bin/python3
+ ansible_network_os: vyos
+ ansible_connection: network_cli
+ ansible_user: vyos
+ ansible_ssh_pass: vyos
+
+
+Add the simple playbook with the tasks for each router:
+=======================================================
+
+.. code-block:: none
+
+ # nano /root/main.yml
+
+ ---
+ - hosts: vyos_hosts
+ gather_facts: 'no'
+ tasks:
+ - name: Configure general settings for the vyos hosts group
+ vyos_config:
+ lines:
+ - set system name-server 8.8.8.8
+ - set interfaces ethernet eth0 description '#WAN#'
+ - set interfaces ethernet eth1 description '#LAN#'
+ - set interfaces ethernet eth2 disable
+ - set interfaces ethernet eth3 disable
+ - set system host-name {{ inventory_hostname }}
+ save:
+ true
+
+Start the playbook:
+==================
+
+.. code-block:: none
+
+ ansible-playbook -i hosts main.yml
+ PLAY [vyos_hosts] **************************************************************
+
+ TASK [Configure general settings for the vyos hosts group] *********************
+ ok: [vyos9]
+ ok: [vyos10]
+ ok: [vyos7]
+ ok: [vyos8]
+
+ PLAY RECAP *********************************************************************
+ vyos10 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+ vyos7 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+ vyos8 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+ vyos9 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+
+Check the result on the vyos10 router:
+======================================
+
+.. code-block:: none
+
+ vyos@vyos10:~$ show interfaces
+ Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
+ Interface IP Address S/L Description
+ --------- ---------- --- -----------
+ eth0 192.0.2.108/24 u/u WAN
+ eth1 - u/u LAN
+ eth2 - A/D
+ eth3 - A/D
+ lo 127.0.0.1/8 u/u
+ ::1/128
+
+ vyos@vyos10:~$ sh configuration commands | grep 8.8.8.8
+ set system name-server '8.8.8.8'
+
+The simple way without configuration of the hostname (one task for all routers):
+============================================================================
+
+.. code-block:: none
+
+ # nano /root/hosts_v2
+ [vyos_hosts_group]
+ vyos7 ansible_ssh_host=192.0.2.105
+ vyos8 ansible_ssh_host=192.0.2.106
+ vyos9 ansible_ssh_host=192.0.2.107
+ vyos10 ansible_ssh_host=192.0.2.108
+ [vyos_hosts_group:vars]
+ ansible_python_interpreter=/usr/bin/python3
+ ansible_user=vyos
+ ansible_ssh_pass=vyos
+ ansible_network_os=vyos
+ ansible_connection=network_cli
+
+ # nano /root/main_v2.yml
+ ---
+ - hosts: vyos_hosts_group
+
+ connection: network_cli
+ gather_facts: 'no'
+
+ tasks:
+ - name: Configure remote vyos_hosts_group
+ vyos_config:
+ lines:
+ - set system name-server 8.8.8.8
+ - set interfaces ethernet eth0 description WAN
+ - set interfaces ethernet eth1 description LAN
+ - set interfaces ethernet eth2 disable
+ - set interfaces ethernet eth3 disable
+ save:
+ true
+
+.. code-block:: none
+
+ # ansible-playbook -i hosts_v2 main_v2.yml
+
+ PLAY [vyos_hosts_group] ********************************************************
+
+ TASK [Configure remote vyos_hosts_group] ***************************************
+ ok: [vyos8]
+ ok: [vyos7]
+ ok: [vyos9]
+ ok: [vyos10]
+
+ PLAY RECAP *********************************************************************
+ vyos10 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+ vyos7 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+ vyos8 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+ vyos9 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+
+
+In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables.
diff --git a/docs/configexamples/index.rst b/docs/configexamples/index.rst
index 5528d280..7134e14c 100644
--- a/docs/configexamples/index.rst
+++ b/docs/configexamples/index.rst
@@ -21,6 +21,7 @@ This chapter contains various configuration examples:
qos
segment-routing-isis
nmp
+ ansible
policy-based-ipsec-and-firewall
site-2-site-cisco
diff --git a/docs/configuration/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst
index ece06fa2..b6ee86af 100644
--- a/docs/configuration/vpn/ipsec.rst
+++ b/docs/configuration/vpn/ipsec.rst
@@ -221,8 +221,8 @@ On the LEFT:
On the RIGHT, setup by analogy and swap local and remote addresses.
-Source tunnel from loopbacks
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Source tunnel from dummy interface
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The scheme above doesn't work when one of the routers has a dynamic external
address though. The classic workaround for this is to setup an address on a
@@ -240,7 +240,7 @@ On the LEFT:
.. code-block:: none
- set interfaces loopback lo address 192.168.99.1/32
+ set interfaces dummy dum0 address 192.168.99.1/32
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 address 10.10.10.1/30
@@ -251,7 +251,7 @@ On the RIGHT:
.. code-block:: none
- set interfaces loopback lo address 192.168.99.2/32
+ set interfaces dummy dum0 address 192.168.99.2/32
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 address 10.10.10.2/30