diff options
Diffstat (limited to 'docs/configuration')
| -rw-r--r-- | docs/configuration/firewall/index.rst | 59 | ||||
| -rw-r--r-- | docs/configuration/loadbalancing/reverse-proxy.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/nat/nat66.rst | 97 | ||||
| -rw-r--r-- | docs/configuration/service/dhcp-server.rst | 148 | ||||
| -rw-r--r-- | docs/configuration/service/dns.rst | 25 | ||||
| -rw-r--r-- | docs/configuration/service/monitoring.rst | 19 | ||||
| -rw-r--r-- | docs/configuration/system/updates.rst | 2 | 
7 files changed, 186 insertions, 166 deletions
| diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 3887e26a..74d5bc20 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -4,31 +4,32 @@  Firewall  ######## -With VyOS being based on top of Linux and its kernel, the Netfilter project -created the iptables and now the successor nftables for the Linux kernel to -work directly on the data flows. This now extends the concept of zone-based -security to allow for manipulating the data at multiple stages once accepted -by the network interface and the driver before being handed off to the -destination (e.g. a web server OR another device). +As VyOS is based on Linux it leverages its firewall. The Netfilter project +created iptables and its successor nftables for the Linux kernel to +work directly on packet data flows. This now extends the concept of  +zone-based security to allow for manipulating the data at multiple stages once  +accepted by the network interface and the driver before being handed off to  +the destination (e.g., a web server OR another device). -A simplified traffic flow, based on Netfilter packet flow, is shown next, in -order to have a full view and understanding of how packets are processed, and -what possible paths can take. +A simplified traffic flow diagram, based on Netfilter packet flow, is shown  +next, in order to have a full view and understanding of how packets are  +processed, and what possible paths traffic can take.  .. figure:: /_static/images/firewall-gral-packet-flow.png -Main notes regarding this packet flow and terminology used in VyOS firewall: +The main points regarding this packet flow and terminology used in VyOS  +firewall are covered below: -   * **Bridge Port?**: choose appropiate path based on if interface were the -     packet was received is part of a bridge, or not. +   * **Bridge Port?**: choose appropriate path based on whether interface  +     where the packet was received is part of a bridge, or not. -If interface were the packet was received isn't part of a bridge, then packet -is processed at the **IP Layer**: +If the interface where the packet was received isn't part of a bridge, then  +packetis processed at the **IP Layer**:     * **Prerouting**: several actions can be done in this stage, and currently -     these actions are defined in different parts in vyos configuration. Order +     these actions are defined in different parts in VyOS configuration. Order       is important, and all these actions are performed before any actions -     define under ``firewall`` section. Relevant configuration that acts in +     defined under ``firewall`` section. Relevant configuration that acts in       this stage are:        * **Conntrack Ignore**: rules defined under ``set system conntrack ignore @@ -40,12 +41,12 @@ is processed at the **IP Layer**:        * **Destination NAT**: rules defined under ``set [nat | nat66]          destination...``. -   * **Destination is the router?**: choose appropiate path based on -     destination IP address. Transit forward continunes to **forward**, +   * **Destination is the router?**: choose appropriate path based on +     destination IP address. Transit forward continues to **forward**,       while traffic that destination IP address is configured on the router       continues to **input**. -   * **Input**: stage where traffic destinated to the router itself can be +   * **Input**: stage where traffic destined for the router itself can be       filtered and controlled. This is where all rules for securing the router       should take place. This includes ipv4 and ipv6 filtering rules, defined       in: @@ -61,10 +62,10 @@ is processed at the **IP Layer**:       * ``set firewall ipv6 forward filter ...``. -   * **Output**: stage where traffic that is originated by the router itself -     can be filtered and controlled. Bare in mind that this traffic can be a -     new connection originted by a internal process running on VyOS router, -     such as NTP, or can be a response to traffic received externaly through +   * **Output**: stage where traffic that originates from the router itself +     can be filtered and controlled. Bear in mind that this traffic can be a +     new connection originated by a internal process running on VyOS router, +     such as NTP, or a response to traffic received externaly through       **inputt** (for example response to an ssh login attempt to the router).       This includes ipv4 and ipv6 filtering rules, defined in: @@ -79,16 +80,16 @@ is processed at the **IP Layer**:       * **Source NAT**: rules defined under ``set [nat | nat66]         destination...``. -If interface were the packet was received is part of a bridge, then packet -is processed at the **Bridge Layer**, which contains a ver basic setup where -for bridge filtering: +If the interface where the packet was received is part of a bridge, then  +packetis processed at the **Bridge Layer**, which contains a basic setup for +bridge filtering: -   * **Forward (Bridge)**: stage where traffic that is trasspasing through the +   * **Forward (Bridge)**: stage where traffic that is trespasing through the       bridge is filtered and controlled:       * ``set firewall bridge forward filter ...``. -Main structure VyOS firewall cli is shown next: +The main structure VyOS firewall cli is shown next:  .. code-block:: none @@ -134,7 +135,7 @@ Main structure VyOS firewall cli is shown next:              - custom_zone_name                 + ... -Please, refer to appropiate section for more information about firewall +Please, refer to appropriate section for more information about firewall  configuration:  .. toctree:: diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 04b612f5..19ef3773 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -105,7 +105,7 @@ Backend       of the client     * ``round-robin`` Distributes requests in a circular manner,       sequentially sending each request to the next server in line -   * ``least-connection`` Distributes requests tp tje server wotj the fewest  +   * ``least-connection`` Distributes requests to the server with the fewest       active connections  .. cfgcmd:: set load-balancing reverse-proxy backend <name> mode diff --git a/docs/configuration/nat/nat66.rst b/docs/configuration/nat/nat66.rst index 66cceb0a..9345e708 100644 --- a/docs/configuration/nat/nat66.rst +++ b/docs/configuration/nat/nat66.rst @@ -137,3 +137,100 @@ R2:    set interfaces bridge br1 member interface eth1    set protocols static route6 ::/0 next-hop fc01::1    set service router-advert interface br1 prefix ::/0 + + +Use the following topology to translate internal user local addresses (``fc::/7``) +to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair. + +.. figure:: /_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png +   :alt: VyOS NAT66 DHCPv6 using a dummy interface + +Configure both routers (a and b) for DHCPv6-PD via dummy interface: + +.. code-block:: none + +  set interfaces dummy dum1 description 'DHCPv6-PD NPT dummy' +  set interfaces bonding bond0 vif 20 dhcpv6-options pd 0 interface dum1 address '0' +  set interfaces bonding bond0 vif 20 dhcpv6-options pd 1 interface dum1 address '0' +  set interfaces bonding bond0 vif 20 dhcpv6-options pd 2 interface dum1 address '0' +  set interfaces bonding bond0 vif 20 dhcpv6-options pd 3 interface dum1 address '0' +  set interfaces bonding bond0 vif 20 dhcpv6-options rapid-commit +  commit + +Get the DHCPv6-PD prefixes from both routers: + +.. code-block:: none + +  trae@cr01a-vyos# run show interfaces dummy dum1 br +  Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down +  Interface        IP Address                        S/L  Description +  ---------        ----------                        ---  ----------- +  dum1             2001:db8:123:b008::/64           u/u  DHCPv6-PD NPT dummy +                   2001:db8:123:b00a::/64 +                   2001:db8:123:b00b::/64 +                   2001:db8:123:b009::/64 + +  trae@cr01b-vyos# run show int dummy dum1 brief +  Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down +  Interface        IP Address                        S/L  Description +  ---------        ----------                        ---  ----------- +  dum1             2001:db8:123:b00d::/64           u/u  DHCPv6-PD NPT dummy +                   2001:db8:123:b00c::/64 +                   2001:db8:123:b00e::/64 +                   2001:db8:123:b00f::/64 + +Configure the A-side router for NPTv6 using the prefixes above: + +.. code-block:: none + +  set nat66 source rule 10 description 'NPT to VLAN 10' +  set nat66 source rule 10 outbound-interface name 'bond0.20' +  set nat66 source rule 10 source prefix 'fd52:d62e:8011:a::/64' +  set nat66 source rule 10 translation address '2001:db8:123:b008::/64' +  set nat66 source rule 20 description 'NPT to VLAN 70' +  set nat66 source rule 20 outbound-interface name 'bond0.20' +  set nat66 source rule 20 source prefix 'fd52:d62e:8011:46::/64' +  set nat66 source rule 20 translation address '2001:db8:123:b009::/64' +  set nat66 source rule 30 description 'NPT to VLAN 200' +  set nat66 source rule 30 outbound-interface name 'bond0.20' +  set nat66 source rule 30 source prefix 'fd52:d62e:8011:c8::/64' +  set nat66 source rule 30 translation address '2001:db8:123:b00a::/64' +  set nat66 source rule 40 description 'NPT to VLAN 240' +  set nat66 source rule 40 outbound-interface name 'bond0.20' +  set nat66 source rule 40 source prefix 'fd52:d62e:8011:f0::/64' +  set nat66 source rule 40 translation address '2001:db8:123:b00b::/64' +  commit + +Configure the B-side router for NPTv6 using the prefixes above: + +.. code-block:: none + +  set nat66 source rule 10 description 'NPT to VLAN 10' +  set nat66 source rule 10 outbound-interface name 'bond0.20' +  set nat66 source rule 10 source prefix 'fd52:d62e:8011:a::/64' +  set nat66 source rule 10 translation address '2001:db8:123:b00c::/64' +  set nat66 source rule 20 description 'NPT to VLAN 70' +  set nat66 source rule 20 outbound-interface name 'bond0.20' +  set nat66 source rule 20 source prefix 'fd52:d62e:8011:46::/64' +  set nat66 source rule 20 translation address '2001:db8:123:b00d::/64' +  set nat66 source rule 30 description 'NPT to VLAN 200' +  set nat66 source rule 30 outbound-interface name 'bond0.20' +  set nat66 source rule 30 source prefix 'fd52:d62e:8011:c8::/64' +  set nat66 source rule 30 translation address '2001:db8:123:b00e::/64' +  set nat66 source rule 40 description 'NPT to VLAN 240' +  set nat66 source rule 40 outbound-interface name 'bond0.20' +  set nat66 source rule 40 source prefix 'fd52:d62e:8011:f0::/64' +  set nat66 source rule 40 translation address '2001:db8:123:b00f::/64' +  commit + +Verify that connections are hitting the rule on both sides: + +.. code-block:: none + +  trae@cr01a-vyos# run show nat66 source statistics +  Rule    Packets    Bytes    Interface +  ------  ---------  -------  ----------- +  10      1          104      bond0.20 +  20      1          104      bond0.20 +  30      8093       669445   bond0.20 +  40      2446       216912   bond0.20 diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index 0cc10feb..c51a0aff 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -4,7 +4,7 @@  DHCP Server  ########### -VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment. +VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment.  ***********  IPv4 server @@ -26,12 +26,7 @@ Configuration     Create DNS record per client lease, by adding clients to /etc/hosts file.     Entry will have format: `<shared-network-name>_<hostname>.<domain-name>` -.. cfgcmd:: set service dhcp-server host-decl-name - -   Will drop `<shared-network-name>_` from client DNS record, using only the -   host declaration name and domain: `<hostname>.<domain-name>` - -.. cfgcmd:: set service dhcp-server shared-network-name <name> domain-name <domain-name> +.. cfgcmd:: set service dhcp-server shared-network-name <name> option domain-name <domain-name>     The domain-name parameter should be the domain name that will be appended to     the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP @@ -40,7 +35,7 @@ Configuration     This is the configuration parameter for the entire shared network definition.     All subnets will inherit this configuration item if not specified locally. -.. cfgcmd:: set service dhcp-server shared-network-name <name> domain-search <domain-name> +.. cfgcmd:: set service dhcp-server shared-network-name <name> option domain-search <domain-name>     The domain-name parameter should be the domain name used when completing DNS     request where no full FQDN is passed. This option can be given multiple times @@ -49,7 +44,7 @@ Configuration     This is the configuration parameter for the entire shared network definition.     All subnets will inherit this configuration item if not specified locally. -.. cfgcmd:: set service dhcp-server shared-network-name <name> name-server <address> +.. cfgcmd:: set service dhcp-server shared-network-name <name> option name-server <address>     Inform client that the DNS server can be found at `<address>`. @@ -58,21 +53,6 @@ Configuration     Multiple DNS servers can be defined. -.. cfgcmd:: set service dhcp-server shared-network-name <name> ping-check - -   When the DHCP server is considering dynamically allocating an IP address to a -   client, it first sends an ICMP Echo request (a ping) to the address being -   assigned. It waits for a second, and if no ICMP Echo response has been heard, -   it assigns the address. - -   If a response is heard, the lease is abandoned, and the server does not -   respond to the client. The lease will remain abandoned for a minimum of -   abandon-lease-time seconds (defaults to 24 hours). - -   If there are no free addresses but there are abandoned IP addresses, the -   DHCP server will attempt to reclaim an abandoned IP address regardless of the -   value of abandon-lease-time. -  .. cfgcmd:: set service dhcp-server listen-address <address>     This configuration parameter lets the DHCP server to listen for DHCP  @@ -91,14 +71,20 @@ Individual Client Subnet     network.  .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> -   default-router <address> +   subnet-id <id> + +   This configuration parameter is required and must be unique to each subnet. +   It is required to map subnets to lease file entries. + +.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> +   option default-router <address>     This is a configuration parameter for the `<subnet>`, saying that as part of     the response, tell the client that the default gateway can be reached at     `<address>`.  .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> -   name-server <address> +   option name-server <address>     This is a configuration parameter for the subnet, saying that as part of the     response, tell the client that the DNS server can be found at `<address>`. @@ -133,40 +119,19 @@ Individual Client Subnet     This option can be specified multiple times.  .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> -   domain-name <domain-name> +   option domain-name <domain-name>     The domain-name parameter should be the domain name that will be appended to     the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP     Option 015).  .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> -   domain-search <domain-name> +   option domain-search <domain-name>     The domain-name parameter should be the domain name used when completing DNS     request where no full FQDN is passed. This option can be given multiple times     if you need multiple search domains (DHCP Option 119). -.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> -   ping-check - -   When the DHCP server is considering dynamically allocating an IP address to a -   client, it first sends an ICMP Echo request (a ping) to the address being -   assigned. It waits for a second, and if no ICMP Echo response has been heard, -   it assigns the address. - -   If a response is heard, the lease is abandoned, and the server does not -   respond to the client. The lease will remain abandoned for a minimum of -   abandon-lease-time seconds (defaults to 24 hours). - -   If a there are no free addresses but there are abandoned IP addresses, the -   DHCP server will attempt to reclaim an abandoned IP address regardless of the -   value of abandon-lease-time. - -.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> -   enable-failover - -   Enable DHCP failover configuration for this address pool. -  Failover  -------- @@ -238,6 +203,7 @@ inside the subnet definition but can be outside of the range statement.  .. code-block:: none +  set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 subnet-id 1    set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 ip-address 192.168.1.100    set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 mac-address aa:bb:11:22:33:00 @@ -251,6 +217,7 @@ The configuration will look as follows:             ip-address 192.168.1.100             mac-address aa:bb:11:22:33:00         } +       subnet-id 1     }  Options @@ -391,32 +358,6 @@ Options  Multi: can be specified multiple times. -Raw Parameters -============== - -Raw parameters can be passed to shared-network-name, subnet and static-mapping: - -.. code-block:: none - -  set service dhcp-server shared-network-name <name> shared-network-parameters -     <text>       Additional shared-network parameters for DHCP server. -  set service dhcp-server shared-network-name <name> subnet <subnet> subnet-parameters -     <text>       Additional subnet parameters for DHCP server. -  set service dhcp-server shared-network-name <name> subnet <subnet> static-mapping <description> static-mapping-parameters -     <text>       Additional static-mapping parameters for DHCP server. -                  Will be placed inside the "host" block of the mapping. - -These parameters are passed as-is to isc-dhcp's dhcpd.conf under the -configuration node they are defined in. They are not validated so an error in -the raw parameters won't be caught by vyos's scripts and will cause dhcpd to -fail to start. Always verify that the parameters are correct before committing -the configuration. Refer to isc-dhcp's dhcpd.conf manual for more information: -https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpdconf - -Quotes can be used inside parameter values by replacing all quote characters -with the string ``"``. They will be replaced with literal quote characters -when generating dhcpd.conf. -  Example  ======= @@ -439,12 +380,12 @@ Common configuration, valid for both primary and secondary node.  .. code-block:: none -  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 default-router '192.0.2.254' -  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 name-server '192.0.2.254' -  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 domain-name 'vyos.net' +  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option default-router '192.0.2.254' +  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option name-server '192.0.2.254' +  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option domain-name 'vyos.net'    set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 start '192.0.2.10'    set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 stop '192.0.2.250' -  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 enable-failover +  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 subnet-id '1'  **Primary** @@ -467,47 +408,6 @@ Common configuration, valid for both primary and secondary node.  .. _dhcp-server:v4_example_raw: -Raw Parameters --------------- - -* Override static-mapping's name-server with a custom one that will be sent only -  to this host. -* An option that takes a quoted string is set by replacing all quote characters -  with the string ``"`` inside the static-mapping-parameters value. -  The resulting line in dhcpd.conf will be -  ``option pxelinux.configfile "pxelinux.cfg/01-00-15-17-44-2d-aa";``. - - -.. code-block:: none - -  set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option domain-name-servers 192.0.2.11, 192.0.2.12;" -  set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option pxelinux.configfile "pxelinux.cfg/01-00-15-17-44-2d-aa";" - -Option 43 for UniFI -------------------- - -* These parameters need to be part of the DHCP global options. -  They stay unchanged. - - -.. code-block:: none - - set service dhcp-server global-parameters 'option space ubnt;' - set service dhcp-server global-parameters 'option ubnt.unifi-address code 1 = ip-address;' - set service dhcp-server global-parameters 'class "ubnt" {' - set service dhcp-server global-parameters 'match if substring (option vendor-class-identifier, 0, 4) = "ubnt";' - set service dhcp-server global-parameters 'option vendor-class-identifier "ubnt";' - set service dhcp-server global-parameters 'vendor-option-space ubnt;' - set service dhcp-server global-parameters '}' - -* Now we add the option to the scope, adapt to your setup - - -.. code-block:: none - - set service dhcp-server shared-network-name example-scope subnet 10.1.1.0/24 subnet-parameters 'option ubnt.unifi-address 172.16.1.10;' - -  Operation Mode  ============== @@ -614,6 +514,12 @@ Configuration     Clients receiving advertise messages from multiple servers choose the server     with the highest preference value. The range for this value is ``0...255``. +.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <subnet> +   subnet-id <id> + +   This configuration parameter is required and must be unique to each subnet. +   It is required to map subnets to lease file entries. +  .. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet     <prefix> lease-time {default | maximum | minimum} @@ -690,6 +596,7 @@ server. The following example describes a common scenario.    set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 address-range start 2001:db8::100 stop 2001:db8::199    set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 name-server 2001:db8::ffff +  set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 subnet-id 1  The configuration will look as follows: @@ -704,6 +611,7 @@ The configuration will look as follows:                  }               }               name-server 2001:db8::ffff +             subnet-id 1            }        } diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index 2caeb22d..7624d309 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -143,6 +143,19 @@ avoid being tracked by the provider of your upstream DNS server.     168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream     DNS server(s) to be used for reverse lookups of these zones. +.. cfgcmd:: set service dns forwarding serve-stale-extension <0-65535> + +   Maximum number of times an expired record’s TTL is extended by 30s when +   serving stale. Extension only occurs if a record cannot be refreshed. A +   value of 0 means the Serve Stale mechanism is not used. To allow records +   becoming stale to be served for an hour, use a value of 120. + +.. cfgcmd:: set service dns forwarding exclude-throttle-address <ip|prefix> + +   When an authoritative server does not answer a query or sends a reply the +   recursor does not like, it is throttled. Any servers matching the supplied +   netmasks will never be throttled. +  Example  ======= @@ -381,12 +394,12 @@ By default, ddclient_ will update a dynamic dns record using the IP address  directly attached to the interface. If your VyOS instance is behind NAT, your  record will be updated to point to your internal IP. -Above, command syntax isn noted to configure dynamic dns on a specific interface.  -It is possible to overlook the additional address option, web, when completeing  -those commands. ddclient_ has another way to determine the WAN IP address, using  -a web-based url to determine the external IP. Each of the commands above will  -need to be modified to use 'web' as the 'interface' specified if this functionality  -is to be utilized.  +Above, command syntax isn noted to configure dynamic dns on a specific interface. +It is possible to overlook the additional address option, web, when completeing +those commands. ddclient_ has another way to determine the WAN IP address, using +a web-based url to determine the external IP. Each of the commands above will +need to be modified to use 'web' as the 'interface' specified if this functionality +is to be utilized.  This functionality is controlled by adding the following configuration: diff --git a/docs/configuration/service/monitoring.rst b/docs/configuration/service/monitoring.rst index 0aa93e71..245af067 100644 --- a/docs/configuration/service/monitoring.rst +++ b/docs/configuration/service/monitoring.rst @@ -109,11 +109,11 @@ Monitoring functionality with ``telegraf`` and ``InfluxDB 2`` is provided.  Telegraf is the open source server agent to help you collect metrics, events  and logs from your routers. -.. cfgcmd:: set service monitoring telegraf authentication organization <organization> +.. cfgcmd:: set service monitoring telegraf influxdb authentication organization <organization>     Authentication organization name -.. cfgcmd:: set service monitoring telegraf authentication token <token> +.. cfgcmd:: set service monitoring telegraf influxdb authentication token <token>     Authentication token @@ -121,11 +121,11 @@ and logs from your routers.     Remote ``InfluxDB`` bucket name -.. cfgcmd:: set service monitoring port <port> +.. cfgcmd:: set service monitoring telegraf influxdb port <port>     Remote port -.. cfgcmd:: set service monitoring telegraf url <url> +.. cfgcmd:: set service monitoring telegraf influxdb url <url>     Remote URL @@ -138,12 +138,11 @@ An example of a configuration that sends ``telegraf`` metrics to remote  .. code-block:: none -  set service monitoring telegraf authentication organization 'vyos' -  set service monitoring telegraf authentication token 'ZAml9Uy5wrhA...==' -  set service monitoring telegraf bucket 'bucket_vyos' -  set service monitoring telegraf port '8086' -  set service monitoring telegraf source 'all' -  set service monitoring telegraf url 'http://r1.influxdb2.local' +  set service monitoring telegraf influxdb authentication organization 'vyos' +  set service monitoring telegraf influxdb authentication token 'ZAml9Uy5wrhA...==' +  set service monitoring telegraf influxdb bucket 'bucket_vyos' +  set service monitoring telegraf influxdb port '8086' +  set service monitoring telegraf influxdb url 'http://r1.influxdb2.local'  .. _azure-data-explorer: https://github.com/influxdata/telegraf/tree/master/plugins/outputs/azure_data_explorer  .. _prometheus-client: https://github.com/influxdata/telegraf/tree/master/plugins/outputs/prometheus_client diff --git a/docs/configuration/system/updates.rst b/docs/configuration/system/updates.rst index a55bfa9a..505d9318 100644 --- a/docs/configuration/system/updates.rst +++ b/docs/configuration/system/updates.rst @@ -35,3 +35,5 @@ Check:    Update available: 1.5-rolling-202312250024    Update URL: https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/1.5-rolling-202312250024/1.5-rolling-202312250024-amd64.iso    vyos@r4:~$ + +  vyos@r4:~$ add system image latest | 
