diff options
Diffstat (limited to 'docs')
82 files changed, 4368 insertions, 294 deletions
diff --git a/docs/_ext/vyos.py b/docs/_ext/vyos.py index fe0a258b..c1a96cd9 100644 --- a/docs/_ext/vyos.py +++ b/docs/_ext/vyos.py @@ -530,7 +530,7 @@ def strip_cmd(cmd, debug=False): if c == "]": appearance = appearance - 1 - # only if all [..] will be delete if appearance > 0 there is a syntax errror + # only if all [..] will be delete if appearance > 0 there is a syntax error if appearance == 0: cmd = cmd_new @@ -545,7 +545,7 @@ def strip_cmd(cmd, debug=False): if c == ">": appearance = appearance - 1 - # only if all <..> will be delete if appearance > 0 there is a syntax errror + # only if all <..> will be delete if appearance > 0 there is a syntax error if appearance == 0: cmd = cmd_new diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 9753fafbfed02a3b6ebe7b6ddf51783c5dcbcf6 +Subproject f1fe8df14abef2add43d8422160322d31d7e286 diff --git a/docs/_locale/de/copyright.pot b/docs/_locale/de/copyright.pot index d5d53a50..be71d158 100644 --- a/docs/_locale/de/copyright.pot +++ b/docs/_locale/de/copyright.pot @@ -13,8 +13,8 @@ msgid "Copyright Notice" msgstr "Copyright Notice" #: ../../copyright.md:3 -msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors" -msgstr "Copyright (C) 2018-2023 VyOS maintainers and contributors" +msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors" +msgstr "Copyright (C) 2018-2024 VyOS maintainers and contributors" #: ../../copyright.md:9 msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one." diff --git a/docs/_locale/es/copyright.pot b/docs/_locale/es/copyright.pot index b4dcfb4e..c7befa5e 100644 --- a/docs/_locale/es/copyright.pot +++ b/docs/_locale/es/copyright.pot @@ -13,8 +13,8 @@ msgid "Copyright Notice" msgstr "Aviso de copyright" #: ../../copyright.md:3 -msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors" -msgstr "Copyright (C) 2018-2023 Mantenedores y colaboradores de VyOS" +msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors" +msgstr "Copyright (C) 2018-2024 Mantenedores y colaboradores de VyOS" #: ../../copyright.md:9 msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one." diff --git a/docs/_locale/ja/copyright.pot b/docs/_locale/ja/copyright.pot index 53078f45..d64e38c0 100644 --- a/docs/_locale/ja/copyright.pot +++ b/docs/_locale/ja/copyright.pot @@ -13,8 +13,8 @@ msgid "Copyright Notice" msgstr "Copyright Notice" #: ../../copyright.md:3 -msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors" -msgstr "Copyright (C) 2018-2023 VyOS maintainers and contributors" +msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors" +msgstr "Copyright (C) 2018-2024 VyOS maintainers and contributors" #: ../../copyright.md:9 msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one." diff --git a/docs/_locale/pt/copyright.pot b/docs/_locale/pt/copyright.pot index 63b2984b..6f47ee66 100644 --- a/docs/_locale/pt/copyright.pot +++ b/docs/_locale/pt/copyright.pot @@ -13,8 +13,8 @@ msgid "Copyright Notice" msgstr "Copyright Notice" #: ../../copyright.md:3 -msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors" -msgstr "Copyright (C) 2018-2023 VyOS maintainers and contributors" +msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors" +msgstr "Copyright (C) 2018-2024 VyOS maintainers and contributors" #: ../../copyright.md:9 msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one." diff --git a/docs/_locale/uk/copyright.pot b/docs/_locale/uk/copyright.pot index 1e83545b..c2e88942 100644 --- a/docs/_locale/uk/copyright.pot +++ b/docs/_locale/uk/copyright.pot @@ -13,8 +13,8 @@ msgid "Copyright Notice" msgstr "Copyright Notice" #: ../../copyright.md:3 -msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors" -msgstr "Copyright (C) 2018-2023 VyOS maintainers and contributors" +msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors" +msgstr "Copyright (C) 2018-2024 VyOS maintainers and contributors" #: ../../copyright.md:9 msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one." diff --git a/docs/_static/css/breadcrumbs.css b/docs/_static/css/breadcrumbs.css new file mode 100644 index 00000000..bdc91993 --- /dev/null +++ b/docs/_static/css/breadcrumbs.css @@ -0,0 +1,165 @@ +.wy-breadcrumbs { + + & > li, + & > li a { + color: #636A6D; + font-family: 'Roboto', sans-serif; + font-weight: 500; + letter-spacing: -0.5px; + height: 26px; + } + + & > li a { + padding: 0 5px 0 0; + } + + & > li:nth-child(1) { + visibility: hidden; + position: relative; + padding-left: 0; + } + + & > li > .icon-home::after { + content: url('../images/breadcrumbs-icon.svg'); + visibility: visible; + top: 6px; + position: absolute; + } + + & > li > .icon-home::before { + padding-right: 0; + content: 'Home'; + visibility: visible; + font-family: 'Roboto', sans-serif; + letter-spacing: -0.5px; + font-weight: 500; + } + + & > li:nth-child(n + 1) { + font-weight: 500; + position: relative; + } + + & > li:nth-child(n + 1)::before { + display: none; + } + + & > li:nth-last-child(2) { + color: #121010; + } + + & > li:nth-last-child(2)::after, + & > li:nth-last-child(1)::after { + display: none !important + } + + & > li:nth-child(n + 1)::after { + content: url('../images/breadcrumbs-icon.svg'); + top: 0; + position: absolute; + width: 20px; + height: 100%; + display: flex; + justify-content: center; + align-items: center; + background-color: #fff; + } + + & > li:last-of-type:has(a), + & > li:last-of-type:has(a) a { + font-family: 'Archivo', sans-serif; + font-size: 14px; + font-weight: 700; + letter-spacing: -0.02em; + color: #fff; + background-color: #121010; + display: flex; + align-items: center; + } + + & > li:last-of-type:has(a) { + padding: 7px 10px; + border-radius: 4px; + height: 30px; + } + + & > li:last-of-type:has(a) a { + max-height: 100%; + } + + & > li:last-of-type:has(a) a::before { + content: url('../images/github.svg'); + margin-right: 4px; + display: flex; + align-items: center; + } + + & > li:last-of-type::before { + display: none; + } +} + +@media screen and (max-width: 375px) { + + .wy-breadcrumbs { + & > li > .icon-home::after { + right: -2px; + } + + & > li:nth-child(n + 1)::after { + right: -13px; + } + } + + .wy-breadcrumbs > li { + padding: 5px 5px 5px 0; + } + + .wy-breadcrumbs > li, + .wy-breadcrumbs > li a { + font-size: 14px; + } + + .wy-breadcrumbs > li > .icon-home::before { + font-size: 14px; + } +} + +@media screen and (min-width: 376px) { + .wy-breadcrumbs { + & > li > .icon-home::after { + right: -8px; + } + + & > li:nth-child(n + 1)::after { + right: -13px; + } + } + + .wy-breadcrumbs > li { + padding: 5px 5px 5px 10px; + } + + .wy-breadcrumbs > li, + .wy-breadcrumbs > li a { + font-size: 16px; + } + + .wy-breadcrumbs > li > .icon-home::before { + font-size: 16px; + } +} + +@media screen and (max-width: 991px) { + li.wy-breadcrumbs-aside { + display: none !important; + } +} + +@media screen and (max-width: 1200px) { + ul.wy-breadcrumbs:has(li + li + li + li) li.wy-breadcrumbs-aside { + margin: 24px 0 16px; + max-width: 140px; + float: none; + } +} diff --git a/docs/_static/css/code-snippets.css b/docs/_static/css/code-snippets.css new file mode 100644 index 00000000..0ae5464d --- /dev/null +++ b/docs/_static/css/code-snippets.css @@ -0,0 +1,229 @@ +.rst-content { + & div[class^=highlight], + & pre.literal-block { + border: none; + background: linear-gradient(#FF9000, #FFBF12); + border-radius: 8px; + padding-left: 5px; + } + + & div[class^=highlight] div[class^=highlight], + & pre.literal-block div[class^=highlight] { + background: #525659 !important; + border-radius: 0; + border: none; + padding: 0; + position: relative; + } + + & .linenodiv pre, + & div[class^=highlight] pre, + & pre.literal-block { + font-size: 16px; + font-family: 'Roboto Mono', monospace; + font-weight: 400; + letter-spacing: -0.04em; + color: #fff; + line-height: 1.2; + overflow-x: scroll; + scroll-behavior: smooth; + } + + & .linenodiv pre::-webkit-scrollbar, + & div[class^=highlight] pre::-webkit-scrollbar, + & pre.literal-block::-webkit-scrollbar { + height: 3px; + color: #99A0A5 transparent; + } + + & .linenodiv pre::-webkit-scrollbar-track, + & div[class^=highlight] pre::-webkit-scrollbar-track, + & pre.literal-block::-webkit-scrollbar-track { + background-color: transparent; + border-radius: 8px; + margin: 0 18px; + } + + & .linenodiv pre::-webkit-scrollbar-thumb, + & div[class^=highlight] pre::-webkit-scrollbar-thumb, + & pre.literal-block::-webkit-scrollbar-thumb { + background-color: #99A0A5; + border-radius: 8px; + margin: 0 10px; + } + +} + +/* copy code div */ +.highlight > .copyDiv { + display: flex; + align-items: center; + transition: transform linear 250ms, width linear 250ms; + bottom: 0; + right: 0; + width: 100%; + padding: 5px 12px; + justify-content: end; + background-color: #393C3F; + height: 32px; + margin-top: 4px; +} + +.copiedNotifier > span { + font-size: 14px !important; + color: #fff !important; + text-align: center; + margin-bottom: 0; +} + +.highlight { + + & .kn { + color: #ccffda; + } + + & .nn { + color: #d0eefb; + } + + & .o { + color: #e6e6e6; + } + + & .s2 { + color: #dbe6f0; + } + + & .s1 { + color: #dbe6f0; + } + + & .nb { + color: #ccffda; + } + + & .c1 { + color: #dcebef; + font-style: italic; + } + + & .nt { + color: #8db1fe; + font-weight: bold; + } + + & .k { + color: #ccffda; + font-weight: bold; + } + + & .se { + color: #dbe6f0; + font-weight: bold; + } + + & .nv { + color: #eed7f4; + } + + & .gh { + color: #ccccff; + font-weight: bold; + } + + & .gd { + color: #ffcccc; + } + + & .gi { + color: #ccffcc; + } + + & .gu { + color: #ffc2ff; + font-weight: bold; + } + + & .na { + color: #81c0ff; + } + + & .s { + color: #dbe6f0; + } + + & .ni { + color: #f4d4cd; + font-weight: bold; + } + + & .cm { + color: #d5e7ec; + font-style: italic; + } + + & .cp { + color: #c2ffd3; + } + + & .mi { + color: #cef3e0; + } + + & .nf { + color: #c5d4fc; + } + + & .kc { + color: #c2ffd3; + font-weight: bold; + } + + & .ch { + color: #d5e7ec; + font-style: italic; + } + + & .mf { + color: #d6f5e6; + } + + & .go { + color: #e6e6e6; + } + + & .m { + color: #d6f5e6; + } +} + +.rst-content blockquote { + margin: 0 +} + +@media screen and (max-width: 991px) { + .rst-content .linenodiv pre, + .rst-content div[class^=highlight] pre, + .rst-content pre.literal-block { + padding: 16px 20px; + } + + .copyDiv > p { + margin: 0 10px 0 0; + color: #fff; + font-family: 'Roboto', sans-serif; + font-size: 14px; + } +} + +@media screen and (min-width: 992px) { + .rst-content .linenodiv pre, + .rst-content div[class^=highlight] pre, + .rst-content pre.literal-block { + padding: 24px 36px 18px; + } + + .copyDiv > p { + display: none; + } +} diff --git a/docs/_static/css/configuration/index.css b/docs/_static/css/configuration/index.css new file mode 100644 index 00000000..a759ea45 --- /dev/null +++ b/docs/_static/css/configuration/index.css @@ -0,0 +1,23 @@ +#configuration-guide > div > ul > li { + list-style: none !important; + position: relative; +} + +#configuration-guide > div > ul > li::before { + content: ''; + position: absolute; + top: 9px; + left: -15px; + width: 6px; + height: 6px; + background-color: #000; + border-radius: 50%; +} + +#configuration-guide .toctree-l1 > a { + color: #FD8F01; + font-family: 'Roboto', sans-serif; + font-size: 16px; + font-weight: 400; + letter-spacing: -0.5px; +}
\ No newline at end of file diff --git a/docs/_static/css/custom.css b/docs/_static/css/custom.css index e934fb54..cdb036d2 100644 --- a/docs/_static/css/custom.css +++ b/docs/_static/css/custom.css @@ -1,215 +1,535 @@ -div.card-header { - font-weight: bold; - background: #fdab10; -} - -span.opcmd, -span.cfgcmd { - font-weight: bold; - background-color: transparent; - border: none; - padding: 0; - font-size: 100% !important; - max-width: 100%; - color: #000; - font-family: SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace; -} - -span.cfgcmd:before { - content: "#"; - margin-right: 0px; -} - -td a.cmdlink span.cfgcmd:before, -td a.cmdlink span.opcmd:before { - content: ""; +p.devwarning { + top: 10px; + position: sticky; + margin: 10px 10px 10px 310px; + padding: 5px 10px; + border-radius: 4px; + letter-spacing: 1px; + color: #000; + text-align: center; + background: #d40 + repeating-linear-gradient( + 135deg, + transparent, + transparent 56px, + rgba(255, 255, 255, 0.2) 56px, + rgba(255, 255, 255, 0.2) 112px + ); + background-color: #fdab10; +} + +/* main page */ +.wy-body-for-nav { + background: #fff; + overflow-y: hidden +} + +.wy-grid-for-nav { + margin: 0 auto; + position: relative; + padding-top: 80px; + display: flex; + + &:has(nav.wy-nav-side.shift) { + background: #E7E7E7; + } + + &:not(:has(nav.shift)) > section > div.overlay { + background-color: transparent + } + + &:not(:has(nav.shift)) section > div.overlay > div .wy-breadcrumbs > li a::before, + &:not(:has(nav.shift)) section > div.overlay > div .wy-breadcrumbs > li a::after, + &:not(:has(nav.shift)) section > div.overlay > div .wy-breadcrumbs > li::before, + &:not(:has(nav.shift)) section > div.overlay > div .wy-breadcrumbs > li::after { + background-color: #fff; + } +} + +.wy-nav-content-wrap { + width: 100%; + margin-left: auto; + background-color: transparent; } -td a.cmdlink, -td a.cmdlink { - margin-left: 0px; -} +.wy-nav-content { + max-width: 100%; + background-color: transparent; + + &.overlay > div > div[role=navigation] .wy-breadcrumbs > li a::before, + &.overlay > div > div[role=navigation] .wy-breadcrumbs > li a::after, + &.overlay > div > div[role=navigation] .wy-breadcrumbs > li::before, + &.overlay > div > div[role=navigation] .wy-breadcrumbs > li::after, + &.overlay > div > div.document div.sd-card, + &.overlay > div > div.document div.sd-card-title { + background-color: #E7E7E7; + } + + &.overlay > div.rst-content > footer > .rst-footer-buttons > a { + background-color: #E7E7E7 !important; + } + +} + +/* main-page content */ +#vyos-user-guide { + & .sd-container-fluid { + padding-left: 0; + padding-right: 0; + } + + & .sd-container-fluid > .docutils > .sd-col { + max-width: 387px; + box-shadow: none; + flex: none; + width: 100% !important; + padding: 0 !important; + margin-top: 0 !important; + + & .sd-card-body .sd-card-text { + min-height: 120px; + } + } + + & > div.sd-container-fluid { + margin-top: 30px; + + & > div.docutils { + margin: 0; + display: grid; + } + } + + & > .pb-4 { + padding-bottom: 1.4rem !important; + } +} + +div.sd-card-title { + font-weight: bold; + background: #fff; + border: none; + font-family: 'Archivo', sans-serif; +} + +.sd-card { + background: #fff; + border: none; + border-bottom: 1px solid #ffae12; + border-radius: 0; + box-shadow: none !important; +} + +.sd-card-body { + padding: 0; +} + +.sd-card-title, +.sd-card-text { + padding: 0; +} + +.internal > .std-ref, +.line > .external { + color: #fd8f01; + font-family: 'Roboto', sans-serif; + font-size: 16px; + letter-spacing: -0.5px; + font-weight: 400; +} + +img { + height: auto !important; + border: 1px solid #C4C9CC; + margin-bottom: 20px !important; + border-radius: 8px; +} + +footer { + text-align: center; + font-family: 'Roboto', sans-serif; + font-size: 16px; + font-weight: 400; + letter-spacing: -0.5px; + color: #636a6d; + + & > a { + color: #fd8f01; + font-family: 'Roboto', sans-serif; + font-size: 16px; + letter-spacing: -0.5px; + font-weight: 400; + } + + & > hr { + display: none; + } + + & p { + margin-top: 105px; + text-align: center; + font-family: 'Roboto', sans-serif; + font-size: 16px; + font-weight: 400; + letter-spacing: -0.5px; + color: #636a6d; + + &:has(a) > a, + &:has(a) > a:visited { + color: #636a6d; + } + } + +} + +.rst-versions { + position: static; + background: transparent; + width: 262px; + display: block; + + &.shift-up { + background: #525659; + z-index: 100; + position: absolute; + left: 19px; + bottom: 30px; + border-radius: 6px; + overflow: hidden; + } + + & .rst-current-version { + background-color: #525659; + color: #01D38E; + border-radius: 6px; + width: 264px; + font-family: 'Roboto', sans-serif; + letter-spacing: -0.5px; + } + + & .rst-current-version span.fa-book { + color: #fff !important; + font-family: 'Roboto', sans-serif; + letter-spacing: -0.5px; + } +} + +.rst-other-versions { + & dt { + color: #808080; + font-family: 'Roboto', sans-serif; + font-size: 16px; + letter-spacing: -0.5px; + } + + & small { + font-family: 'Roboto', sans-serif; + color: #fff; + + & a { + font-family: 'Roboto', sans-serif; + letter-spacing: -0.5px; + color: #fd8f01; + } + } + +} + +div#rtd-sidebar { + display: none; +} + +.wy-nav-content-opened-sidebar { + padding: 25px 0 27px 40px; +} + +.wy-nav-content-wrap-opened-sidebar { + max-width: calc(100% - 294px); + margin-left: 294px; +} + +.wy-nav-content-closed-sidebar { + padding: 26px 0 !important; +} + +.wy-nav-content-wrap-closed-sidebar { + max-width: 100% !important; + width: 100% !important; +} + +html { + scroll-padding-top: 90px !important; +} + +.overlayDiv { + position: absolute; + top: 0; + left: 0; + bottom: 0; + right: 0; + width: 100%; + height: 100%; + z-index: 111; + background-color: #121010; + opacity: 0.1; +} + +.iframe-container { + position: relative; + width: 100%; + background-color: #f0f0f0; + z-index: 201; + overflow: hidden; + + &::-webkit-scrollbar { + display: none; + } + + & iframe { + width: 100%; + height: 100%; + border: none; + overflow: hidden; + + &::-webkit-scrollbar { + display: none; + } + } + +} + +@media screen and (min-width: 320px) and (max-width: 575px) { + #vyos-user-guide .container > .row { + grid-gap: 0px 15px + } +} + +@media screen and (max-width: 575px) { + .wy-nav-content-wrap, + .wy-nav-content-wrap.shift { + max-width: 100%; + width: 100% + } + + .wy-nav-content-wrap.shift { + padding: 70px 15px 0; + overflow: auto; + } + + .wy-nav-side { + display: none; + min-height: unset; + } + + .wy-nav-side.shift { + display: inherit; + width: 100%; + max-width: 320px; + } -tr td p { - margin-bottom:0px - } + #vyos-user-guide .container > .docutils > .p-2 { + max-width: 100%; + &:nth-child(2n) { + margin-left: 0; + } -span.opcmd:before { - content: "$"; - margin-right: 0px; -} + & .card-body .card-text { + min-height: 80px; + } + } -.cfgcmd-heading { - display: inline-block; - margin: 6px 0; - font-size: 90%; - line-height: normal; - background: #f0d481; - color: #2980B9; - border-top: solid 3px #6ab0de; - border-top-width: 3px; - border-top-style: solid; - border-top-color: #FF9302; - padding: 6px; -} + .wy-nav-content-wrap-opened-sidebar { + max-width: 100%; + margin-left: unset; + } -.opcmd-heading { - display: inline-block; - margin: 6px 0; - font-size: 90%; - line-height: normal; - background: #e7f2fa; - color: #2980B9; - border-top: solid 3px #6ab0de; - border-top-width: 3px; - border-top-style: solid; - border-top-color: rgb(106, 176, 222); - padding: 6px; -} + dl.footnote > dt { + padding-left: 0 !important; + } -.opcmd-body, -.cfgcmd-body { - margin: 6px 0; - padding-left: 12px; + .wy-grid-for-nav { + padding: 80px 20px 0; + max-width: 738px; + } +} + +@media screen and (min-width: 575px) and (max-width: 768px) { + .wy-nav-content-wrap, + .wy-nav-content-wrap.shift { + max-width: 100%; + width: 100% + } + + .wy-nav-content-wrap.shift { + padding: 70px 15px 0; + overflow: auto; + width: calc(100% - 294px); + + } + + .wy-nav-side { + display: none; + min-height: unset; + } + + .wy-nav-side.shift { + display: inherit; + width: 294px; + } +} + +@media screen and (min-width: 575px) { + #vyos-user-guide div.sd-container-fluid > div.docutils { + grid-gap: 30px; + grid-template-columns: 1fr 1fr; + } } +@media screen and (max-width: 767px) { + .wy-nav-content-wrap, + .wy-nav-content-wrap.shift { + margin: 0 auto; + } + .wy-nav-top { + background-color: #fdab10; + } -.cfgcmd-heading .cmdlink:after, -.opcmd-heading .cmdlink:after{ - content: ""; - font-family: FontAwesome -} - + p.devwarning { + margin: 10px 10px 10px 10px; + } -.cfgcmd-heading:not(:hover) .cmdlink, -.opcmd-heading:not(:hover) .cmdlink { - display: none; -} + #vyos-user-guide .container { + max-width: none; + } -.defaultvalue{ - font-size: 90%; - color: gray; - margin-bottom: 5px; + .wy-nav-content-wrap .wy-nav-content { + padding: 0 0 26px 0; + } -} + .wy-grid-for-nav { + padding: 80px 15px 0; + max-width: 738px; + } -a.cmdlink { - font-size: 80%; - margin-left: 6px; + .rst-content > div > hr { + display: none; + } } -a.cmdlink span{ - color: #2980B9; -} +@media screen and (min-width: 768px) { + .wy-nav-content-wrap { + width: calc(100% - 292px); + } -a.cmdlink span:hover{ - color: #3091d1; + .rst-content > div > hr { + margin: 16px 0 26px 0; + } } -.wy-nav-content { - max-width : none; -} +@media screen and (min-width: 768px) and (max-width: 991px) { + .wy-nav-content { + padding: 25px 0 27px 40px; + } -.wy-tray-container li.wy-tray-item-info { - background : #409ad5; -} + .wy-nav-content-wrap { + max-width: calc(100% - 294px); + } -.wy-table-responsive { - overflow : visible !important; + .wy-grid-for-nav { + max-width: 738px; + padding: 70px 15px 0; + } } -.wy-table-responsive table td { - white-space : normal !important; -} +@media screen and (min-width: 992px) and (max-width: 1266px) { + .wy-nav-content { + padding: 25px 0 27px 40px; + } -.wy-menu-vertical header, -.wy-menu-vertical p.caption { - color : #ffcc00 !important; -} + .wy-nav-content-wrap { + max-width: calc(100% - 294px); + } -.wy-menu-vertical li.current a { - color : #040077 !important; + .wy-grid-for-nav { + max-width: calc(100% - 130px); + } } -.wy-menu-vertical li ul li a { - color : #ffffff !important; -} +@media screen and (min-width: 1266px) { + .wy-nav-content { + padding: 25px 0 27px 40px; + } -.wy-menu-vertical a { - color : #ffffff !important; -} + .wy-nav-content-wrap { + max-width: calc(100% - 294px); + } -.wy-menu-vertical a:active { - background-color : #409ad5 !important; + .wy-grid-for-nav { + max-width: 1140px; + } } -.wy-side-nav-search { - background-color : #ffffff !important; -} +@media screen and (min-width: 1500px) { + .wy-nav-content { + padding: 25px 0 27px 40px; + } -.wy-side-nav-search img { - background-color : #ffffff !important; -} + .wy-nav-content-wrap { + max-width: calc(100% - 294px); + } -.wy-side-nav-search > div.version { - color : #000000 !important; + .wy-grid-for-nav { + max-width: 1340px; + } } -.wy-side-nav-search>a, -.wy-side-nav-search .wy-dropdown>a { - color:#000000; - font-size:100%; - font-weight:bold; - display:inline-block; - padding:4px 6px; - margin-bottom:.809em -} +@media screen and (max-height: 500px) { + .rst-versions { + margin-top: 10px; + } -.wy-nav-top { - background-color : #ffffff; + .closeButtonDivLine { + bottom: 45px; + } } -.wy-nav-top img { - background-color : #000000 !important; -} +@media screen and (min-height: 501px) and (max-height: 1000px) { + .rst-versions { + margin-top: 10px; + } -.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td.coverage-ok, -.rst-content table.docutils td.coverage-ok { - color: green; - text-align: center; + .closeButtonDivLine { + bottom: 55px; + } } -.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td.coverage-fail, -.rst-content table.docutils td.coverage-fail { - color: red; - text-align: center; +@media screen and (min-height: 1001px) and (max-height: 1300px) { + .rst-versions { + margin-top: 10px; + } + .closeButtonDivLine { + bottom: 60px; + } } +@media screen and (min-height: 1301px) and (max-height: 1600px) { + .rst-versions { + margin-top: 25px; + } -p.devwarning { - top: 10px; - position: sticky; - margin: 10px 10px 10px 310px; - padding: 5px 10px; - border-radius: 4px; - letter-spacing: 1px; - color: #000; - text-align: center; - background: #d40 repeating-linear-gradient( 135deg, transparent, transparent 56px, rgba(255, 255, 255, 0.2) 56px, rgba(255, 255, 255, 0.2) 112px ); - background-color: #fdab10; + .closeButtonDivLine { + bottom: 75px; + } } +@media screen and (min-height: 1601px) { + .rst-versions { + margin-top: 35px; + } -@media screen and (max-width: 768px) { - .wy-nav-top{ - background-color: #fdab10; - } -} - -@media screen and (max-width: 768px) { - p.devwarning { - margin: 10px 10px 10px 10px; - } + .closeButtonDivLine { + bottom: 85px; + } }
\ No newline at end of file diff --git a/docs/_static/css/headers.css b/docs/_static/css/headers.css new file mode 100644 index 00000000..48b78a41 --- /dev/null +++ b/docs/_static/css/headers.css @@ -0,0 +1,134 @@ +h1, +h2, +h3, +h4, +h5 { + font-family: 'Archivo', sans-serif !important; + font-weight: 700 !important; + letter-spacing: -0.02em !important; + display: flex; + color: #121010; + margin-bottom: 15px !important; +} + +h2, +h3, +h4, +h5 { + margin-top: 15px !important; +} + +h1:has(a) > a, +h2:has(a) > a, +h3:has(a) > a, +h4:has(a) > a, +h5:has(a) > a { + display: flex !important; + position: relative; + padding-left: 5px; +} + +@media screen and (max-width: 767px) { + h1 { + font-size: 28px !important; + } + + h2 { + font-size: 22px !important; + } + + h3 { + font-size: 20px !important; + } + + h4 { + font-size: 18px !important; + } + + h5 { + font-size: 16px !important; + } +} + +@media screen and (min-width: 768px) { + h1 { + font-size: 48px !important; + } + + h2 { + font-size: 34px !important; + } + + h3 { + font-size: 24px !important; + } + + h4 { + font-size: 22px !important; + } + + h5 { + font-size: 20px !important; + } +} + +@media screen and (max-width: 991px) { + h1 { + margin-top: 15px; + } + + a.headerlink { + opacity: 1 !important; + color: transparent; + } + + h1:has(a):hover > a::after, + h2:has(a):hover > a::after, + h3:has(a):hover > a::after, + h4:has(a):hover > a::after, + h5:has(a):hover > a::after { + content: none !important; + display: none !important; + } + + h1:has(a) > a::before, + h2:has(a) > a::before, + h3:has(a) > a::before, + h4:has(a) > a::before, + h5:has(a) > a::before { + content: url('../images/cmnd-link-icon.svg'); + display: flex; + align-items: center; + justify-content: center; + position: absolute; + top: 25%; + height: 100%; + width: 20px; + z-index: 2; + background-color: transparent; + } +} + +@media screen and (min-width: 992px) { + h1:has(a):hover > a::after, + h2:has(a):hover > a::after, + h3:has(a):hover > a::after, + h4:has(a):hover > a::after, + h5:has(a):hover > a::after { + content: url('../images/cmnd-link-icon.svg'); + display: flex; + align-items: center; + justify-content: center; + position: absolute; + top: 0; + height: 100%; + width: 20px; + z-index: 2; + background-color: transparent; + } + + a.headerlink { + color: transparent; + } +} + diff --git a/docs/_static/css/hints.css b/docs/_static/css/hints.css new file mode 100644 index 00000000..fd7553f5 --- /dev/null +++ b/docs/_static/css/hints.css @@ -0,0 +1,123 @@ +div { + &.note, + &.hint, + &.warning, + &.error, + &.seealso, + &.tip { + border-radius: 8px; + + & > .admonition-title { + padding: 5px 8px; + border-radius: 6px; + font-family: 'Archivo', sans-serif !important; + font-size: 14px !important; + letter-spacing: -0.02em !important; + font-weight: 600 !important; + margin: -12px -16px 12px; + } + + & > .admonition-title::before { + content: url('../images/note-icon.svg'); + } + + & > .highlight-none { + margin-top: 10px; + } + + & > p:nth-child(1n+2) { + font-family: 'Roboto', sans-serif; + font-size: 16px; + letter-spacing: -0.5px; + color: #525659; + font-weight: 400; + margin: 10px 0 0 0 !important; + } + } + + &.note, + &.seealso { + background-color: #F5FCFF !important; + } + + &.note:has(a.reference), + &.hint:has(a.reference), + &.warning:has(a.reference), + &.error:has(a.reference), + &.seealso:has(a.reference), + &.tip:has(a.reference) { + & a.reference, + & a.reference span { + color: #508EEB !important; + } + } + + &.note, + &.seealso { + & > .admonition-title { + background-color: #CCEFFB !important; + color: #356E81 !important; + } + } + + &.hint, + &.tip { + background-color: #F7FDFB !important; + + & > .admonition-title { + background-color: #C6F0E3 !important; + color: #3F6461 !important; + } + } + + &.warning, + &.error { + background-color: #FDF7F7 !important; + + & > .admonition-title { + background-color: #F0C6C6 !important; + color: #8E2F2F !important; + } + } + +} + +#running-on-bare-metal div.note > p:nth-child(2) { + padding: 8px 12px 0 12px; +} + +@media screen and (max-width: 575px) { + div.note, + div.hint, + div.warning, + div.error, + div.seealso, + div.tip { + padding: 24px 32px !important; + border-radius: 8px; + } +} + +@media screen and (min-width: 576px) and (max-width: 991px) { + div.note, + div.hint, + div.warning, + div.error, + div.seealso, + div.tip { + padding: 24px 32px !important; + border-radius: 8px; + } +} + +@media screen and (min-width: 992px) { + div.note, + div.hint, + div.warning, + div.error, + div.seealso, + div.tip { + padding: 24px 32px !important; + border-radius: 8px; + } +} diff --git a/docs/_static/css/installation/running-on-bare-metal.css b/docs/_static/css/installation/running-on-bare-metal.css new file mode 100644 index 00000000..25ad7bbb --- /dev/null +++ b/docs/_static/css/installation/running-on-bare-metal.css @@ -0,0 +1,11 @@ +.toctree-l1 { + background-color: transparent; +} + +.current > .current > .internal { + background-color: #fff; + color: #FD8F01; + border: transparent; + padding: 11px 12px 11px 28px; + border: none !important; +}
\ No newline at end of file diff --git a/docs/_static/css/leftSidebar.css b/docs/_static/css/leftSidebar.css new file mode 100644 index 00000000..87112121 --- /dev/null +++ b/docs/_static/css/leftSidebar.css @@ -0,0 +1,371 @@ +nav.wy-nav-side { + padding-bottom: 1em !important; +} + +.wy-nav-side { + padding: 20px 19px; + width: 294px; + height: calc(100vh - 50px); +} + +.wy-form input { + height: 32px; +} + +.wy-form input::placeholder { + font-family: 'Archivo', sans-serif; + font-weight: 400; + font-size: 14px; + letter-spacing: -0.02em; +} + +.wy-side-nav-search { + width: 100%; + padding: 0; + margin-bottom: 0; + + & > .icon-home, + & > .version { + display: none + } + + & input { + border-color: #C4C9CC; + + &::placeholder { + color: #8D9499; + } + } +} + +.wy-nav-side, +.wy-nav-side .wy-side-nav-search { + background-color: #F6F7F7 +} + +ul.current > li.toctree-l1[aria-expanded=false] > a.current { + padding-left: 25px; + color: #FD8F01; + + & button.toctree-expand::before { + content: '+'; + color: #FD8F01; + } +} + +ul.current > li.toctree-l1[aria-expanded=false] > a.internal:has( + ul[aria-expanded=false]) { + padding-left: 25px; + color: #FD8F01; + + & button.toctree-expand::before { + content: '+'; + color: #FD8F01; + } +} + +ul.current > li.toctree-l1.current > ul > li.toctree-l2[aria-expanded=false]:has(ul > li > a.current) > a.internal { + color: #FD8F01; + padding-top: 11px; + padding-bottom: 11px; + padding-right: 12px; +} + +ul.current > li.toctree-l1.current > + ul > li.toctree-l2.current > ul > li.toctree-l3[aria-expanded=false] + > a.current { + color: #FD8F01; + padding-top: 11px; + padding-bottom: 11px; + padding-right: 12px; +} + +ul.current > li.toctree-l1.current > + ul > li.toctree-l2.current > ul > li.toctree-l3[aria-expanded=false]:has(ul > li.toctree-l4 > a.current) + > a.internal { + color: #FD8F01; + padding-top: 11px; + padding-bottom: 11px; + padding-right: 12px; +} + +.toctree-l2 > ul > li.toctree-l3.current { + padding-left: 0 !important; + background-color: #fff; +} + +.wy-menu-vertical { + width: 100%; + max-width: 292px; + + & a { + color: #121010; + font-family: 'Archivo', sans-serif; + font-weight: 500; + font-size: 14px; + letter-spacing: -0.02em; + padding: 11px 12px; + } + + & p.caption { + color: #8D9499; + font-family: 'Archivo', sans-serif; + font-weight: 600; + font-size: 14px; + letter-spacing: -0.02em; + padding: 5px 12px; + margin-top: 6px; + margin-bottom: 4px; + text-transform: none; + } + + & li.toctree-l1.current > a { + background-color: #fff; + color: #FD8F01; + border: transparent; + padding: 11px 12px; + } + + & > ul.current > li.toctree-l1.current > a.internal:has(+ ul) { + padding-left: 25px !important; + } + + & > ul.current > li.toctree-l1.current > a.current { + padding-left: 12px; + } + + & li.toctree-l1.current .toctree-l2 > a { + background-color: #fff; + border: transparent; + } + + & li.toctree-l1.current .toctree-l2 > a.internal { + padding-left: 35px !important; + } + + & li.toctree-l1.current .toctree-l2.current > a.internal:first-of-type { + color: #fdab10; + } + + & li.toctree-l1.current .toctree-l2 > a:hover { + background-color: #E1E4E5; + } + + & li.toctree-l1.current .toctree-l2 > a.current { + color: #fdab10; + padding: 11px 12px 11px 35px; + } + + & li.toctree-l1.current .toctree-l2 > a:hover { + background-color: #E1E4E5; + } + + & li.toctree-l2.current > a, + & li.toctree-l2.current li.toctree-l3 > a { + background: #fff; + border: none; + padding-left: 50px; + } + + & li.toctree-l2.current li.toctree-l3 > a.current, + & li.toctree-l2.current li.toctree-l3.current > a.internal { + padding-left: 50px !important; + color: #fdab10; + } + + & li.toctree-l3.current li.toctree-l4 > a { + background: #fff; + padding-left: 65px !important; + border-right: none; + } + + & li.toctree-l3.current li.toctree-l4 > a.current { + color: #fdab10; + } +} + +.wy-menu-vertical a:hover, +.wy-menu-vertical > ul.current > li.toctree-l1.current > a:hover, +.wy-menu-vertical li.toctree-l1.current .toctree-l2 > a:hover, +.wy-menu-vertical li.toctree-l2.current li.toctree-l3 > a:hover, +.wy-menu-vertical li.toctree-l3.current li.toctree-l4 > a:hover { + background-color: #E1E4E5; +} + +.wy-menu-vertical ul li .current > a { + padding: 11px 12px !important; +} + +.wy-menu-vertical > ul.current[aria-expanded=true] > li.toctree-l1:has(a[aria-expanded=false]) > a { + padding-left: 25px; +} + +.wy-menu-vertical > ul.current[aria-expanded=true] > li.toctree-l1:not(:has( ~ li:only-child a)) > a:has(.toctree-expand) { + padding-left: 25px; +} + +.wy-side-scroll { + /* that makes scroll possible to the end of div */ + height: 94%; +} + +.wy-nav-top { + display: none; +} + +.openLeftSidebarMenuButton { + width: 24px; + height: 24px; + cursor: pointer; + transition: transform 250ms linear; +} + +.openLeftSidebarMenuButton:hover, +.closeLeftSidebarMenuButton:hover { + transform: scale(1.05); +} + +div.wy-nav-content > div.rst-content > div:has(div.openLeftSidebarMenuButton) { + display: flex; +} + +div.wy-nav-content + > div.rst-content + > div:has(div.openLeftSidebarMenuButton) + > .wy-breadcrumbs { + margin-left: 20px; + width: 100%; +} + +.closeButtonDivLine { + width: 100%; + display: flex; + position: sticky; + height: 30px; + justify-content: flex-end; +} + +.closeLeftSidebarMenuButton { + width: 83px; + height: 32px; + margin-right: -6px; + display: flex; + justify-content: center; + align-items: center; + background-color: #FFBF12; + border-radius: 4px; + font-family: 'Roboto', sans-serif; + font-size: 16px; + letter-spacing: -0.5px; + font-weight: 400; + color: #FFF; + cursor: pointer; + align-self: flex-end; + transition: transform 250ms linear; + + &::before { + content: url('../images/close-sidebar-icon.svg'); + height: 100%; + display: flex; + align-items: center; + width: 14px; + margin-right: 10px; + margin-top: 3px; + } +} + +.additionalStylesForShift { + display: block !important; + padding-bottom: 10px !important; +} + +.overlay { + background-color: #E7E7E7; +} + +.wy-body-for-nav:has(.overlay) { + background-color: rgb(209,209,209); +} + +.display_none { + display: none !important; +} + +@media screen and (max-width: 575px) { + .wy-menu-vertical { + padding: 10px 0 0 0; + } +} + +@media screen and (min-width: 576px) { + .wy-side-nav-search { + max-width: 256px; + } + + .wy-menu-vertical { + padding: 10px 35px 0 0; + } +} + +@media screen and (max-width: 767px) { + .wy-nav-side { + border-radius: 0; + position: fixed; + top: 60px; + } + + .wy-side-scroll::-webkit-scrollbar { + display: none + } +} + +@media screen and (min-width: 768px) { + .wy-nav-side { + border-radius: 16px; + position: fixed; + left: unset; + top: 70px; + min-height: unset; + } +} + +@media screen and (max-width: 1200px) { + .wy-nav-side { + height: calc(100vh - 60px); + } +} + +@media screen and (min-width: 1200px) { + .wy-nav-side { + height: calc(100vh - 73px); + } +} + +@media screen and (max-height: 300px) { + .wy-side-scroll { + height: 78%; + } +} + +@media screen and (min-height: 301px) and (max-height: 400px) { + .wy-side-scroll { + height: 82%; + } +} + +@media screen and (min-height: 401px) and (max-height: 500px) { + .wy-side-scroll { + height: 88%; + } +} + +@media screen and (min-height: 501px) and (max-height: 700px) { + .wy-side-scroll { + height: 90%; + } +} + +@media screen and (min-height: 701px) { + .wy-side-scroll { + height: 94%; + } +}
\ No newline at end of file diff --git a/docs/_static/css/linkButtons.css b/docs/_static/css/linkButtons.css new file mode 100644 index 00000000..11a48e64 --- /dev/null +++ b/docs/_static/css/linkButtons.css @@ -0,0 +1,57 @@ +.rst-footer-buttons { + .fa-arrow-circle-left { + padding-left: 25px; + } + + .fa-arrow-circle-left::before { + content: url('../images/arrow-left.svg'); + position: absolute; + top: 10px; + left: 15px; + } + + & > .btn-neutral { + background: #fff !important; + min-width: 90px; + height: 40px; + border: 2px solid #FD8F01; + color: #121010 !important; + font-family: 'Archivo', sans-serif; + font-size: 16px; + font-weight: 600; + letter-spacing: -0.02em; + position: relative; + text-align: left; + box-shadow: none; + transition: transform 250ms linear; + display: flex; + align-items: center; + padding-top: 0; + padding-bottom: 0; + border-radius: 4px; + + &:hover, + &:active { + transform: scale(1.05); + /* padding-left: 16px; */ + } + + &:focus { + outline: none; + } + + .fa-arrow-circle-right::before { + content: url('../images/arrow-right.svg'); + position: absolute; + top: 10px; + right: 15px; + } + } +} + +p > a.reference.external, +p > a, +#partaker-i5 > p > a.external { + color: #FD8F01; + word-break: break-word; +} diff --git a/docs/_static/css/lists.css b/docs/_static/css/lists.css new file mode 100644 index 00000000..140663c9 --- /dev/null +++ b/docs/_static/css/lists.css @@ -0,0 +1,56 @@ +.simple > li, +.compound > ul > li, +.simple > li > ul > li, +#installation-and-image-management > div > ul > li.toctree-l1 > ul > li.toctree-l2, +#running-vyos-in-virtual-environments > div > ul > li.toctree-l1 > ul > li.toctree-l2, +#running-vyos-in-virtual-environments > div > ul > li.toctree-l1 > ul > li.toctree-l2 > ul > li.toctree-l3, +#running-vyos-in-cloud-environments > div > ul > li.toctree-l1 > ul > li.toctree-l2, +#running-vyos-in-cloud-environments > div > ul > li.toctree-l1 > ul > li.toctree-l2 > ul > li.toctree-l3, +#configuration-blueprints > div > ul > li.toctree-l1 > ul > li.toctree-l2, +#configuration-blueprints > div > ul > li.toctree-l1 > ul > li.toctree-l2 > ul > li.toctree-l3, +#contributing > div > ul > li.toctree-l1 > ul > li.toctree-l2, +#contributing > div > ul > li.toctree-l1 > ul > li.toctree-l2 > ul > li.toctree-l3 { + list-style: none !important; + position: relative; + + &::before { + content: ''; + position: absolute; + top: 8px; + left: -15px; + width: 6px; + height: 6px; + background-color: #000; + border-radius: 50%; + } +} + +.simple > li a, +.compound > ul > li a, +.simple > li > ul > li a { + color: #FD8F01; + font-family: 'Roboto', sans-serif; + font-size: 16px; + font-weight: 400; + letter-spacing: -0.5px; + height: 26px; +} + +.simple > li > ul > li p { + color: #525659; + font-family: 'Roboto', sans-serif; + font-size: 16px; + font-weight: 400; + letter-spacing: -0.5px; + height: 26px; +} + +#site-to-site ul, +#troubleshooting ol, +#troubleshooting ul { + margin-bottom: 0 !important; +} + +.rst-content:has(#troubleshooting) .rst-footer-buttons { + margin-top: 20px !important; +}
\ No newline at end of file diff --git a/docs/_static/css/scrolls.css b/docs/_static/css/scrolls.css new file mode 100644 index 00000000..26cfe413 --- /dev/null +++ b/docs/_static/css/scrolls.css @@ -0,0 +1,20 @@ +.wy-table-responsive { + scrollbar-color: #99A0A5 transparent; + scroll-behavior: smooth; + + &::-webkit-scrollbar { + height: 5px; + } + + &::-webkit-scrollbar-track { + background-color: transparent; + border-radius: 8px; + margin: 0 10px; + } + + &::-webkit-scrollbar-thumb { + background-color: #99A0A5; + border-radius: 8px; + margin: 0 10px; + } +} diff --git a/docs/_static/css/separate-commands.css b/docs/_static/css/separate-commands.css new file mode 100644 index 00000000..5547c4ad --- /dev/null +++ b/docs/_static/css/separate-commands.css @@ -0,0 +1,116 @@ +.rst-content code.literal { + border: unset; + background-color: unset; + border: 1px solid rgba(253, 143, 1, 0.2); + background-color: #FFF4E6; + font-family: 'Archivo', sans-serif !important; + font-size: 14px !important; + font-weight: 500 !important; + color: #121010 !important; + border-radius: 4px; + padding: 3px 6px; + word-break: break-all; + + & > span.pre:nth-child(n+ 2) { + padding-left: 5px; + } +} + +div.opcmd-heading, +div.cfgcmd-heading, +table .opcmd, +table .cfgcmd { + padding: 0; + display: flex; + background-color: unset; + border: none; + border-radius: 8px 0 0 8px; +} + +div.opcmd-heading, +div.cfgcmd-heading { + margin-bottom: 15px; +} + +div.opcmd-heading, +table .opcmd { + border-left: 5px solid #B8E9F9; +} + +div.cfgcmd-heading, +table .cfgcmd { + border-left: 5px solid #FD8F01; +} + +span { + &.opcmd, + &.cfgcmd { + display: flex; + padding: 4px 8px 8px 30px; + align-items: center; + color: #121010 !important; + font-family: 'Roboto Mono', monospace !important; + letter-spacing: -0.04em !important; + font-weight: 500 !important; + position: relative; + word-break: break-all; + + &::before { + content: url('../images/cmnd-link-dollar-icon.svg'); + display: flex; + padding-right: 8px; + align-items: center; + position: absolute; + top: 6px; + left: 8px; + } + } + + &.opcmd { + background-color: #EBF9FF; + } + + &.cfgcmd { + background-color: #FFF4E6; + } +} + +span.opcmd, +span.cfgcmd { + font-size: 16px !important; +} + +table span.opcmd, +table span.cfgcmd { + font-size: 13px !important; +} + +.opcmd-heading > a.cmdlink, +.cfgcmd-heading > a.cmdlink { + display: flex; + + &::after { + display: flex; + align-items: center; + content: ''; + height: 100%; + align-items: center; + padding-right: 12px; + padding-top: 3px; + border-radius: 0 8px 8px 0; + } +} + +.opcmd-heading:hover a.cmdlink:after, +.cfgcmd-heading:hover a.cmdlink:after { + content: url('../images/cmnd-link-icon.svg'); + padding-right: 10px; +} + +.opcmd-heading a.cmdlink:after { + background-color: #EBF9FF; +} + +.cfgcmd-heading a.cmdlink:after { + background-color: #FFF4E6; +}
\ No newline at end of file diff --git a/docs/_static/css/tables.css b/docs/_static/css/tables.css new file mode 100644 index 00000000..7a106d56 --- /dev/null +++ b/docs/_static/css/tables.css @@ -0,0 +1,231 @@ +.wy-table-responsive { + overflow : auto !important ; + width: 100%; + + & table { + border: none !important; + + + & td { + white-space : normal !important; + } + + & > caption:hover a { + position: relative; + + &::after { + content: url('../images/cmnd-link-icon.svg'); + position: absolute; + top: 0; + right: -3px; + z-index: 2; + background-color: #fff; + width: 20px; + height: 100%; + } + } + } +} + +#coverage table.docutils td.coverage-ok p { + color: green; + text-align: center; +} + +#coverage table.docutils:not(.field-list) tr:nth-child(2n-1) td.coverage-fail p, +#coverage table.docutils td.coverage-fail p { + color: red; + text-align: center; +} + +#coverage a.paginate_button.current, +#coverage a.paginate_button.next, +#coverage a.paginate_button.previous { + color: #FD8F01 !important; + background-color: none; + background: none; +} + +#coverage a.paginate_button { + margin-left: 0; + border: unset; + border-radius: 8px; + transition: background-color 250ms linear, color 250ms linear; +} + +#coverage a.paginate_button:hover, +#coverage a.paginate_button.current:hover, +#coverage a.paginate_button.next:hover, +#coverage a.paginate_button.previous:hover { + background-color: #E1E4E5 !important; + background: none; + border: unset; + color: #121010 !important; +} + +.selectDiv { + width: 20px; + height: 20px; + position: absolute; + top: 10px; + right: 10px; + z-index: 11111; + background-color: red; +} + +#table-cfgcmd_wrapper, +#table-opcmd_wrapper { + & label { + color: #121010 !important; + font-family: 'Archivo', sans-serif; + font-size: 14px; + font-weight: 600; + letter-spacing: -0.02em; + } + + & option { + color: #8D9499 !important; + font-family: 'Roboto', sans-serif; + font-size: 16px; + font-weight: 500; + letter-spacing: -0.02em; + } + + & select { + height: 40px; + width: 80px; + padding: 10px 14px; + margin: 0 10px; + border-radius: 4px; + border: 1px solid #C6C9CC !important; + color: #8D9499; + font-size: 16px; + position: relative; + -webkit-appearance: none; + -moz-appearance: none; + appearance: none; + background-image: url("../images/select-arrow.svg"); + background-repeat: no-repeat; + background-position: right 18px top 50%; + } + + & input { + margin-left: 16px; + height: 40px; + padding: 10px 14px; + width: 245px; + border: 1px solid #C6C9CC !important; + color: #8D9499; + font-size: 16px; + } + + & .wy-table-responsive { + padding-top: 24px; + } +} + +@media screen and (max-width: 575px) { + #table-cfgcmd_wrapper, + #table-opcmd_wrapper { + & label { + & input { + margin-top: 10px + } + } + } +} + +thead tr th { + padding: 10px 16px !important; + border-top: none !important; + border-left: none !important; + border-right: none !important; + max-height: 40px; + + & p { + color: #121010 !important; + font-family: 'Archivo', sans-serif; + font-size: 14px !important; + font-weight: 600; + letter-spacing: -0.02em; + margin-right: 3px; + } +} + +.rst-content table.docutils td, +.wy-table-bordered-all td { + border-left: none !important; +} + +.rst-content table.docutils th:nth-child(2n), +.rst-content table.field-list th:nth-child(2n), +.wy-table td, .wy-table th:nth-child(2n) { + border-radius: 8px 8px 0 0 ; +} + +.wy-grid-for-nav:has(nav.display_none) .rst-content table.docutils td:nth-child(2n), +.wy-grid-for-nav:has(nav.display_none) .rst-content table.docutils th:nth-child(2n), +.wy-grid-for-nav:has(nav.display_none) .rst-content table.field-list td:nth-child(2n), +.wy-grid-for-nav:has(nav.display_none) .rst-content table.field-list th:nth-child(2n), +.wy-grid-for-nav:has(nav.display_none) .wy-table td, +.wy-grid-for-nav:has(nav.display_none) .wy-table th:nth-child(2n) { + background-color: #FAFAFA !important; +} + +.wy-grid-for-nav:has(nav.shift) .wy-nav-content-wrap-closed-sidebar .rst-content table th, +.wy-grid-for-nav:has(nav.shift) .wy-nav-content-wrap-closed-sidebar .rst-content table td { + background-color: #E7E7E7 !important; +} + +.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td, +.wy-table-backed, +.wy-table-odd td, +.wy-table-striped tr:nth-child(2n-1) td { + background-color: unset; +} + +tbody tr td { + & p { + color: #525659 !important; + font-family: 'Roboto', sans-serif; + font-size: 14px !important; + font-weight: 400; + letter-spacing: -0.02em; + } + + &.coverage-ok { + & p { + color: transparent !important; + width: 100%; + height: 100%; + margin: 0; + position: relative; + + &::before { + content: url('../images/check.svg'); + display: flex; + justify-content: center; + align-items: center; + width: 100%; + height: 100%; + position: absolute; + top: 0; + } + } + } +} + +.dataTables_info { + color: #121010 !important; + font-family: 'Roboto', sans-serif; + font-size: 16px !important; + font-weight: 400; + letter-spacing: -0.5px; +} + +.paginate_button { + font-family: 'Archivo', sans-serif; + font-size: 16px !important; + font-weight: 600; + letter-spacing: -0.5px; +}
\ No newline at end of file diff --git a/docs/_static/css/text.css b/docs/_static/css/text.css new file mode 100644 index 00000000..f1179534 --- /dev/null +++ b/docs/_static/css/text.css @@ -0,0 +1,120 @@ +.docutils .card-header p { + font-family: 'Archivo', sans-serif; + font-weight: 600; + font-size: 18px; + letter-spacing: -0.05em; + padding-bottom: 18px; + color: #121010; +} + +p, +blockquote > div > dl, +blockquote > div > dd, +#container dl, +#firewall dl, +#high-availability dl, +#development td, +#development th, +caption.caption-text, +.simple > dt, +div.line-block, +.paginate_button, +.dataTables_info, +#operational-commands label, +.card-body .card-text, +#search-results a { + font-family: 'Roboto', sans-serif; + font-size: 16px; + letter-spacing: -0.5px; + font-weight: 400; + color: #525659; + line-height: 1.6; +} + +p > strong { + color: #121010; +} + +.card-body .card-text { + padding-bottom: 22px; + display: block; +} + +.simple > dt { + font-weight: 600; +} + +#dual-hub-dmvpn-with-vyos td > p, +#route-based-redundant-site-to-site-vpn-to-azure-bgp-over-ikev2-ipsec td > p, +#route-based-site-to-site-vpn-to-azure-bgp-over-ikev2-ipsec td > p, +#development td p, +#development th p { + font-size: 14px !important; +} + +#development #writing-good-commit-messages > ul.simple > li > ul { + + & > li:nth-child(2) { + padding-bottom: 23px; + } + + & > li:nth-child(2) { + padding-bottom: 53px; + } +} + +#installation-and-image-management > div > p > span { + font-family: 'Archivo', sans-serif; + font-weight: 700; + letter-spacing: -0.02em; + font-size: 24px; + color: #121010; +} + +.caption-text { + text-align: left; + font-family: 'Roboto', sans-serif; +} + +p .caption-text { + color: #8D9499; + font-family: 'Roboto', sans-serif; +} + +aside.footnote .label { + & > a[role=doc-backlink] { + color: #fd8f01; + font-family: 'Roboto', sans-serif; + font-size: 16px; + } +} + +aside.footnote > p { + padding-bottom: 15px !important; +} + +#about a .external, +#a-note-on-copyright > dl.brackets > dt, +#a-note-on-copyright > dl.brackets > dt > .brackets > a, +a.footnote-reference.brackets, +#search-results a { + color: #FD8F01; +} + +#history p { + padding-bottom: 22px; + margin-bottom: 0; + font-size: 16px; +} + +#a-note-on-copyright > dl p { + padding-bottom: 12px; +} + +#search-results a { + font-size: 19px; +} + +#specify-custom-config-file { + padding-top: 15px; +}
\ No newline at end of file diff --git a/docs/_static/images/VyOS_Dual-Hub_DMVPN.png b/docs/_static/images/VyOS_Dual-Hub_DMVPN.png Binary files differnew file mode 100644 index 00000000..9c25a308 --- /dev/null +++ b/docs/_static/images/VyOS_Dual-Hub_DMVPN.png diff --git a/docs/_static/images/arrow-left.svg b/docs/_static/images/arrow-left.svg new file mode 100644 index 00000000..16d6750b --- /dev/null +++ b/docs/_static/images/arrow-left.svg @@ -0,0 +1,3 @@ +<svg width="15" height="16" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"> +<path fill-rule="evenodd" clip-rule="evenodd" d="M18 10.5L5.32396 10.5L10.1836 16.0076L7.93407 17.9924L-0.000432575 9L7.93406 0.0075688L10.1836 1.99243L5.32396 7.5L18 7.5L18 10.5Z" fill="#FFAE12"/> +</svg> diff --git a/docs/_static/images/arrow-right.svg b/docs/_static/images/arrow-right.svg new file mode 100644 index 00000000..15ab0eb4 --- /dev/null +++ b/docs/_static/images/arrow-right.svg @@ -0,0 +1,3 @@ +<svg width="15" height="16" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"> +<path fill-rule="evenodd" clip-rule="evenodd" d="M-4.58639e-07 10.5L12.676 10.5L7.81642 16.0076L10.0659 17.9924L18.0004 9L10.0659 0.0075688L7.81642 1.99243L12.676 7.5L-3.27505e-07 7.5L-4.58639e-07 10.5Z" fill="#FFAE12"/> +</svg> diff --git a/docs/_static/images/aws.png b/docs/_static/images/aws.png Binary files differnew file mode 100644 index 00000000..c1c111bb --- /dev/null +++ b/docs/_static/images/aws.png diff --git a/docs/_static/images/breadcrumbs-icon.svg b/docs/_static/images/breadcrumbs-icon.svg new file mode 100644 index 00000000..6420468b --- /dev/null +++ b/docs/_static/images/breadcrumbs-icon.svg @@ -0,0 +1,3 @@ +<svg width="7" height="10" viewBox="0 0 7 10" fill="none" xmlns="http://www.w3.org/2000/svg"> +<path d="M1 1L5 5L1 9" stroke="#8D9499" stroke-width="2"/> +</svg> diff --git a/docs/_static/images/check.svg b/docs/_static/images/check.svg new file mode 100644 index 00000000..fcec28a1 --- /dev/null +++ b/docs/_static/images/check.svg @@ -0,0 +1,3 @@ +<svg width="20" height="15" viewBox="0 0 20 15" fill="none" xmlns="http://www.w3.org/2000/svg"> +<path d="M2 6L8 12L18 2" stroke="#FFAE12" stroke-width="3"/> +</svg> diff --git a/docs/_static/images/close-sidebar-icon.svg b/docs/_static/images/close-sidebar-icon.svg new file mode 100644 index 00000000..e630ce27 --- /dev/null +++ b/docs/_static/images/close-sidebar-icon.svg @@ -0,0 +1,3 @@ +<svg width="15" height="16" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"> +<path fill-rule="evenodd" clip-rule="evenodd" d="M18 10.5L5.32396 10.5L10.1836 16.0076L7.93407 17.9924L-0.000432575 9L7.93406 0.0075688L10.1836 1.99243L5.32396 7.5L18 7.5L18 10.5Z" fill="#FFF"/> +</svg>
\ No newline at end of file diff --git a/docs/_static/images/cmnd-link-dollar-icon.svg b/docs/_static/images/cmnd-link-dollar-icon.svg new file mode 100644 index 00000000..b0e4a74b --- /dev/null +++ b/docs/_static/images/cmnd-link-dollar-icon.svg @@ -0,0 +1,3 @@ +<svg width="14" height="14" viewBox="0 0 7 12" fill="none" xmlns="http://www.w3.org/2000/svg"> +<path d="M3.36 2.992V0.877999H4.06V2.992H3.36ZM3.36 11.686V9.46H4.06V11.686H3.36ZM3.654 10.048C3.14067 10.048 2.688 9.99667 2.296 9.894C1.904 9.782 1.57733 9.628 1.316 9.432C1.05467 9.22667 0.854 8.98867 0.714 8.718C0.583333 8.438 0.518 8.13 0.518 7.794C0.518 7.74733 0.518 7.70533 0.518 7.668C0.527333 7.63067 0.532 7.598 0.532 7.57H1.974C1.974 7.598 1.974 7.626 1.974 7.654C1.974 7.67267 1.974 7.696 1.974 7.724C1.974 8.01333 2.05333 8.24667 2.212 8.424C2.37067 8.592 2.58067 8.71333 2.842 8.788C3.11267 8.85333 3.40667 8.886 3.724 8.886C4.004 8.886 4.26067 8.85333 4.494 8.788C4.73667 8.72267 4.93267 8.62 5.082 8.48C5.24067 8.33067 5.32 8.14867 5.32 7.934C5.32 7.654 5.222 7.43933 5.026 7.29C4.83 7.14067 4.57333 7.024 4.256 6.94C3.93867 6.84667 3.60733 6.75333 3.262 6.66C2.954 6.576 2.646 6.48267 2.338 6.38C2.03933 6.27733 1.76867 6.15133 1.526 6.002C1.28333 5.84333 1.08733 5.64267 0.938 5.4C0.788667 5.148 0.714 4.84 0.714 4.476C0.714 4.13067 0.788667 3.82733 0.938 3.566C1.08733 3.30467 1.29267 3.08533 1.554 2.908C1.82467 2.73067 2.142 2.59533 2.506 2.502C2.87933 2.40867 3.28533 2.362 3.724 2.362C4.18133 2.362 4.58733 2.41333 4.942 2.516C5.29667 2.60933 5.59533 2.74933 5.838 2.936C6.09 3.11333 6.28133 3.32333 6.412 3.566C6.54267 3.80867 6.608 4.07 6.608 4.35C6.608 4.41533 6.60333 4.476 6.594 4.532C6.594 4.588 6.594 4.62533 6.594 4.644H5.166V4.518C5.166 4.33133 5.11467 4.16333 5.012 4.014C4.90933 3.86467 4.746 3.74333 4.522 3.65C4.30733 3.55667 4.018 3.51 3.654 3.51C3.41133 3.51 3.19667 3.53333 3.01 3.58C2.82333 3.61733 2.66933 3.678 2.548 3.762C2.42667 3.83667 2.33333 3.92533 2.268 4.028C2.212 4.12133 2.184 4.23333 2.184 4.364C2.184 4.57867 2.25867 4.74667 2.408 4.868C2.56667 4.98 2.772 5.078 3.024 5.162C3.276 5.23667 3.54667 5.32067 3.836 5.414C4.172 5.50733 4.51267 5.60533 4.858 5.708C5.20333 5.80133 5.52067 5.92267 5.81 6.072C6.10867 6.22133 6.34667 6.43133 6.524 6.702C6.71067 6.96333 6.804 7.30867 6.804 7.738C6.804 8.14867 6.72467 8.50333 6.566 8.802C6.40733 9.09133 6.18333 9.32933 5.894 9.516C5.614 9.70267 5.28267 9.838 4.9 9.922C4.51733 10.006 4.102 10.048 3.654 10.048Z" fill="#121010"/> +</svg> diff --git a/docs/_static/images/cmnd-link-icon.svg b/docs/_static/images/cmnd-link-icon.svg new file mode 100644 index 00000000..4602fadf --- /dev/null +++ b/docs/_static/images/cmnd-link-icon.svg @@ -0,0 +1,3 @@ +<svg width="14" height="14" viewBox="0 0 14 14" fill="none" xmlns="http://www.w3.org/2000/svg"> +<path d="M11.2426 9.12076L10.1821 8.06026L11.2426 6.99976C11.5212 6.72118 11.7421 6.39045 11.8929 6.02646C12.0437 5.66248 12.1213 5.27236 12.1213 4.87838C12.1213 4.48441 12.0437 4.09429 11.8929 3.7303C11.7421 3.36632 11.5212 3.03559 11.2426 2.75701C10.964 2.47843 10.6333 2.25744 10.2693 2.10667C9.9053 1.95591 9.51518 1.87831 9.1212 1.87831C8.72723 1.87831 8.33711 1.95591 7.97312 2.10667C7.60914 2.25744 7.27841 2.47843 6.99983 2.75701L5.93933 3.81751L4.87883 2.75701L5.93933 1.69651C6.78556 0.863948 7.9265 0.3995 9.11361 0.404334C10.3007 0.409168 11.4378 0.882891 12.2773 1.72232C13.1167 2.56174 13.5904 3.69886 13.5953 4.88597C13.6001 6.07309 13.1356 7.21403 12.3031 8.06026L11.2426 9.12076ZM9.12083 11.2425L8.06033 12.303C7.64372 12.7265 7.14739 13.0632 6.59998 13.2939C6.05256 13.5246 5.46489 13.6446 4.87086 13.647C4.27684 13.6494 3.68821 13.5342 3.13893 13.308C2.58966 13.0818 2.0906 12.7491 1.67056 12.329C1.25051 11.909 0.917792 11.4099 0.691584 10.8607C0.465375 10.3114 0.350158 9.72275 0.352576 9.12872C0.354995 8.5347 0.475003 7.94703 0.705677 7.39961C0.936351 6.85219 1.27313 6.35587 1.69658 5.93926L2.75708 4.87876L3.81758 5.93926L2.75708 6.99976C2.47849 7.27834 2.25751 7.60907 2.10674 7.97305C1.95597 8.33704 1.87837 8.72716 1.87837 9.12113C1.87837 9.51511 1.95597 9.90523 2.10674 10.2692C2.25751 10.6332 2.47849 10.9639 2.75708 11.2425C3.03566 11.5211 3.36639 11.7421 3.73037 11.8928C4.09436 12.0436 4.48448 12.1212 4.87845 12.1212C5.27243 12.1212 5.66255 12.0436 6.02653 11.8928C6.39052 11.7421 6.72124 11.5211 6.99983 11.2425L8.06033 10.182L9.12083 11.2425ZM9.12083 3.81751L10.1821 4.87876L4.87883 10.1813L3.81758 9.12076L9.12083 3.81751Z" fill="#8D9499"/> +</svg> diff --git a/docs/_static/images/copy-code-icon.svg b/docs/_static/images/copy-code-icon.svg new file mode 100644 index 00000000..3417dfe5 --- /dev/null +++ b/docs/_static/images/copy-code-icon.svg @@ -0,0 +1,4 @@ +<svg width="13" height="12" viewBox="0 0 13 12" fill="none" xmlns="http://www.w3.org/2000/svg"> +<rect x="4.95605" y="4.5" width="7" height="7" rx="1.5" stroke="#FD8F01"/> +<path fill-rule="evenodd" clip-rule="evenodd" d="M0.456055 2C0.456055 0.895431 1.35149 0 2.45605 0H6.45605C7.56062 0 8.45605 0.895431 8.45605 2V3H7.45605V2C7.45605 1.44772 7.00834 1 6.45605 1H2.45605C1.90377 1 1.45605 1.44772 1.45605 2V6C1.45605 6.55228 1.90377 7 2.45605 7H3.45605V8H2.45605C1.35149 8 0.456055 7.10457 0.456055 6V2Z" fill="#FD8F01"/> +</svg> diff --git a/docs/_static/images/github.svg b/docs/_static/images/github.svg new file mode 100644 index 00000000..cb3d30ef --- /dev/null +++ b/docs/_static/images/github.svg @@ -0,0 +1,10 @@ +<svg width="15" height="14" viewBox="0 0 15 14" fill="none" xmlns="http://www.w3.org/2000/svg"> +<g clip-path="url(#clip0_17762_41)"> +<path d="M3.93172 10.8809C3.75672 10.7642 3.60622 10.6155 3.43005 10.4049C3.33861 10.293 3.248 10.1804 3.15822 10.0672C2.88813 9.73174 2.7178 9.57716 2.54163 9.51358C2.39598 9.46128 2.27706 9.35327 2.21103 9.2133C2.14501 9.07333 2.1373 8.91286 2.18959 8.7672C2.24188 8.62154 2.3499 8.50262 2.48987 8.4366C2.62984 8.37058 2.79031 8.36287 2.93597 8.41516C3.37463 8.57266 3.67155 8.84391 4.07172 9.34149C4.01688 9.27324 4.27005 9.59058 4.3243 9.65591C4.43513 9.78833 4.5168 9.86883 4.58097 9.91141C4.69997 9.99133 4.92338 10.0257 5.2518 9.99308C5.26522 9.77024 5.30663 9.55383 5.36963 9.35433C3.6383 8.93083 2.6583 7.81433 2.6583 5.62333C2.6583 4.89999 2.87413 4.24899 3.27547 3.70299C3.1483 3.18149 3.16755 2.55091 3.45163 1.84099C3.48387 1.76069 3.53358 1.68856 3.59714 1.62984C3.6607 1.57112 3.73653 1.52728 3.81913 1.50149C3.86638 1.48749 3.89322 1.48108 3.94047 1.47408C4.40888 1.40233 5.07038 1.57324 5.93255 2.11341C6.44635 1.99329 6.97232 1.933 7.49997 1.93374C8.03197 1.93374 8.56047 1.99441 9.06563 2.11341C9.92722 1.56916 10.5899 1.39824 11.0618 1.47408C11.1114 1.48166 11.1534 1.49158 11.189 1.50324C11.27 1.52995 11.3441 1.57408 11.4062 1.63253C11.4683 1.69099 11.5168 1.76235 11.5483 1.84158C11.8324 2.55091 11.8516 3.18149 11.7245 3.70241C12.1276 4.24841 12.3416 4.89533 12.3416 5.62333C12.3416 7.81491 11.3651 8.92791 9.6338 9.35199C9.70672 9.59408 9.74463 9.86474 9.74463 10.157C9.74469 10.6851 9.74235 11.2132 9.73763 11.7413C9.86864 11.7699 9.9858 11.8427 10.0694 11.9476C10.153 12.0524 10.1979 12.1828 10.1966 12.3169C10.1953 12.451 10.1479 12.5805 10.0622 12.6837C9.97663 12.7869 9.85808 12.8575 9.72655 12.8835C9.06213 13.0165 8.5698 12.5732 8.5698 11.9939L8.57097 11.7337L8.57388 11.3225C8.5768 10.9095 8.57797 10.542 8.57797 10.157C8.57797 9.75041 8.47122 9.48499 8.33005 9.36366C7.94447 9.03116 8.13988 8.39824 8.64505 8.34166C10.3758 8.14741 11.175 7.47716 11.175 5.62333C11.175 5.06624 10.993 4.60599 10.6424 4.22099C10.5685 4.14005 10.5189 4.03994 10.4993 3.93213C10.4797 3.82432 10.4909 3.71317 10.5316 3.61141C10.6284 3.36991 10.6698 3.05316 10.5876 2.66991L10.5817 2.67166C10.2953 2.75274 9.93422 2.92833 9.49788 3.22524C9.42752 3.27299 9.34758 3.30478 9.26364 3.31838C9.1797 3.33199 9.09381 3.32708 9.01197 3.30399C8.51958 3.16766 8.01088 3.09917 7.49997 3.10041C6.9808 3.10041 6.4663 3.16983 5.98797 3.30458C5.90643 3.32748 5.82088 3.33235 5.73727 3.31885C5.65366 3.30535 5.57399 3.27381 5.5038 3.22641C5.06513 2.93066 4.7023 2.75566 4.41413 2.67399C4.33013 3.05491 4.37155 3.37049 4.4678 3.61141C4.50852 3.71312 4.51978 3.82424 4.50028 3.93205C4.48078 4.03985 4.43132 4.13999 4.35755 4.22099C4.0093 4.60249 3.82497 5.07149 3.82497 5.62333C3.82497 7.47366 4.62472 8.14799 6.34613 8.34166C6.85072 8.39824 7.04672 9.02824 6.66347 9.36133C6.55147 9.45933 6.41322 9.78833 6.41322 10.157V11.9945C6.41322 12.5697 5.92613 13.0007 5.26988 12.8858C5.13675 12.8624 5.01586 12.7936 4.92789 12.6909C4.83991 12.5883 4.79031 12.4583 4.78755 12.3232C4.7848 12.188 4.82906 12.0561 4.91278 11.95C4.9965 11.8439 5.11448 11.7701 5.24655 11.7413V11.1638C4.71572 11.1994 4.27705 11.1125 3.93172 10.8809Z" fill="white"/> +</g> +<defs> +<clipPath id="clip0_17762_41"> +<rect width="14" height="14" fill="white" transform="translate(0.5)"/> +</clipPath> +</defs> +</svg> diff --git a/docs/_static/images/hamburger-icon.svg b/docs/_static/images/hamburger-icon.svg new file mode 100644 index 00000000..9fad3003 --- /dev/null +++ b/docs/_static/images/hamburger-icon.svg @@ -0,0 +1,3 @@ +<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"> +<path d="M0 5.3335H24M0 12.0002H24M0 18.6668H24" stroke="#FFAE12" stroke-width="3"/> +</svg> diff --git a/docs/_static/images/note-icon.svg b/docs/_static/images/note-icon.svg new file mode 100644 index 00000000..fd4f05c3 --- /dev/null +++ b/docs/_static/images/note-icon.svg @@ -0,0 +1,5 @@ +<svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg"> +<path d="M6.58341 8.91675V7.75008H5.41675V8.91675H6.58341Z" fill="#356E81"/> +<path fill-rule="evenodd" clip-rule="evenodd" d="M6.00008 0.166748C9.22008 0.166748 11.8334 2.78008 11.8334 6.00008C11.8334 9.22008 9.22008 11.8334 6.00008 11.8334C2.78008 11.8334 0.166748 9.22008 0.166748 6.00008C0.166748 2.78008 2.78008 0.166748 6.00008 0.166748ZM6.00008 10.6667C8.57841 10.6667 10.6667 8.57841 10.6667 6.00008C10.6667 3.42175 8.57841 1.33341 6.00008 1.33341C3.42175 1.33341 1.33341 3.42175 1.33341 6.00008C1.33341 8.57841 3.42175 10.6667 6.00008 10.6667Z" fill="#356E81"/> +<path d="M5.41675 6.87508H6.58341V3.08341H5.41675V6.87508Z" fill="#356E81"/> +</svg> diff --git a/docs/_static/images/wireguard_site2site_diagram.jpg b/docs/_static/images/wireguard_site2site_diagram.jpg Binary files differindex fc305952..4a7a95e4 100644 --- a/docs/_static/images/wireguard_site2site_diagram.jpg +++ b/docs/_static/images/wireguard_site2site_diagram.jpg diff --git a/docs/_static/images/zone-policy-diagram.png b/docs/_static/images/zone-policy-diagram.png Binary files differindex 49e3e046..cfde4af6 100644 --- a/docs/_static/images/zone-policy-diagram.png +++ b/docs/_static/images/zone-policy-diagram.png diff --git a/docs/_static/js/codecopier.js b/docs/_static/js/codecopier.js new file mode 100644 index 00000000..bf0b3b4d --- /dev/null +++ b/docs/_static/js/codecopier.js @@ -0,0 +1,67 @@ +const hamburgerIcon = ` + <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"> + <path d="M0 5.3335H24M0 12.0002H24M0 18.6668H24" stroke="#FFAE12" stroke-width="3"/> + </svg> +` + +const innersOfCopyDiv = ` + <p>Copy</p> + <svg width="13" height="12" viewBox="0 0 13 12" fill="none" xmlns="http://www.w3.org/2000/svg"> + <rect x="4.95605" y="4.5" width="7" height="7" rx="1.5" stroke="#FD8F01"/> + <path fill-rule="evenodd" clip-rule="evenodd" d="M0.456055 2C0.456055 0.895431 1.35149 0 2.45605 0H6.45605C7.56062 0 8.45605 0.895431 8.45605 2V3H7.45605V2C7.45605 1.44772 7.00834 1 6.45605 1H2.45605C1.90377 1 1.45605 1.44772 1.45605 2V6C1.45605 6.55228 1.90377 7 2.45605 7H3.45605V8H2.45605C1.35149 8 0.456055 7.10457 0.456055 6V2Z" fill="#FD8F01"/> + </svg> +` + +function formDiv(id) { + return ` + <div class='copyDiv' data-identifier='${id}'> + ${innersOfCopyDiv} + </div> +` +} + +$(document).ready(async function () { + const codeSnippets = $( + '.rst-content div[class^=highlight] div[class^=highlight], .rst-content pre.literal-block div[class^=highlight], .rst-content pre.literal-block div[class^=highlight]' + ) + + codeSnippets.each((index, el) => { + el.insertAdjacentHTML('beforeend', formDiv(index)) + }) + + const copyButton = $('.copyDiv') + + copyButton.click(async ({ + currentTarget + }) => { + // we obtain text and copy it + const id = currentTarget.dataset.identifier + + try { + await navigator.clipboard.writeText(currentTarget.offsetParent.innerText) + } catch (error) { + console.log('Copiing text failed, please try again', { + error + }) + } + + // we edit the copyDiv connected to copied text + const divWithNeededId = $(`div[data-identifier='${id}']`) + divWithNeededId.addClass('copiedNotifier') + divWithNeededId.html('<span>Copied!</span>') + + setTimeout(() => { + divWithNeededId.html(innersOfCopyDiv) + divWithNeededId.removeClass('copiedNotifier') + + }, 2000) + }) + + // we edit the button that is added by readthedocs portal + const readTheDocsButton = $('div.rst-versions') + const navbar = $('nav[data-toggle=wy-nav-shift]') + + navbar.append(readTheDocsButton) + +}); + diff --git a/docs/_static/js/footer.js b/docs/_static/js/footer.js new file mode 100644 index 00000000..5f135768 --- /dev/null +++ b/docs/_static/js/footer.js @@ -0,0 +1,92 @@ +$(document).ready(function() { + insertIframe() + + const options = { + threshold: 0.01, + } + const divDoc = document.querySelector('.iframe-container') + const innerSidebar = $('.wy-side-scroll') + + intersectionObserver(options, divDoc, innerSidebar) + + $(window).resize(function() { + intersectionObserver(options, divDoc, innerSidebar) + }) + + $(window).scroll(function() { + intersectionObserver(options, divDoc, innerSidebar) + }) +}); + +function intersectionObserver(options, divDoc, innerSidebar) { + // we delete any inline-styles from innerSidebar + if($(innerSidebar).attr('style')) { + innerSidebar.removeAttr('style') + } + const screenWidth = $(window).width() + const sidebar = $('.wy-nav-side') + const documentHeight = $(document).height() + const iframeHeight = $('.iframe-container').height() + const currentPosition = $(document).scrollTop() + const additionalPaddingFromSidebar = screenWidth > 991 ? 70 : 83 + const heightThatIsAddedByPaddings = 36 + const resultOfSums = documentHeight - + iframeHeight - + currentPosition - + additionalPaddingFromSidebar - + heightThatIsAddedByPaddings + const heightOfAdditionalButton = 50 + + const onEntry = (entries, observer) => { + entries.forEach(entry => { + if(entry.isIntersecting) { + if(resultOfSums <= 70) { + $(sidebar).hide() + return + } + $(sidebar).show() + $(sidebar).height(resultOfSums) + $(sidebar).css('margin-bottom', '20px') + $(innerSidebar).removeAttr('style') + $(innerSidebar).height(resultOfSums - heightOfAdditionalButton) + return + } else { + $(sidebar).removeAttr('style') + $(innerSidebar).removeAttr('style') + } + }) + } + const observer = new IntersectionObserver(onEntry, options); + observer.observe(divDoc) + + if($(innerSidebar).attr('style')) { + observer.unobserve(divDoc) + } + + determineHeightOfFooterContainer() + +} + +function determineHeightOfFooterContainer() { + const iframeFooter= $('#vyos-footer-iframe'); + const title = window.document.getElementsByTagName('title')?.[0]?.text; + const iframeContainer = $('.iframe-container') + const href = window.location.href; + + window.addEventListener('message',function(message){ + if(message.data.footerIframeHeight){ + $(iframeFooter).css('min-height', `${message.data.footerIframeHeight + 1}px`) + $(iframeContainer).height(message.data.footerIframeHeight + 1) + iframeFooter[0].contentWindow.postMessage({title, href},'*'); + } + }) +} + +function insertIframe() { + const body = $('.wy-body-for-nav') + body.append(divWithIframe) +} + +const divWithIframe = `<div class="iframe-container"> + <iframe src='https://vyos.io/iframes/footer' id='vyos-footer-iframe'></iframe> +</div>` diff --git a/docs/_static/js/sidebar.js b/docs/_static/js/sidebar.js new file mode 100644 index 00000000..8b5c029d --- /dev/null +++ b/docs/_static/js/sidebar.js @@ -0,0 +1,162 @@ +$(document).ready(function () { + removeOverlayAndCloseSidebar() + documentLoaded() + + $(window).on("resize", function () { + const screenWidth = window.innerWidth + + if (screenWidth <= 991) return userIsInTabletScreenWidth(screenWidth) + return removeOverlayAndButtons(screenWidth) + }) + +}) + +function removeButtons() { + const alreadyCreatedOpenButtonCheck = $('.openLeftSidebarMenuButton') + const alreadyCreatedCloseButtonCheck = $('.closeButtonDivLine') + + if(alreadyCreatedOpenButtonCheck[0]) alreadyCreatedOpenButtonCheck[0].remove() + if(alreadyCreatedCloseButtonCheck[0]) alreadyCreatedCloseButtonCheck[0].remove() +} + +function documentLoaded() { + const screenWidth = window.innerWidth + + if (screenWidth <= 991) return userIsInTabletScreenWidth(screenWidth) + return +} + +function userIsInTabletScreenWidth(screenWidth) { + const alreadyCreatedButtonCheck = $('.openLeftSidebarMenuButton') + if (alreadyCreatedButtonCheck[0]) return + createOpenSidebarButton(screenWidth) + createCloseSidebarButton(screenWidth) + removeOverlayAndCloseSidebar() +} + +function createOverlay(screenWidth) { + const contentContainer = $('.wy-nav-content') + contentContainer.addClass('overlay') + + const overlayDiv = ` + <div class='overlayDiv' /> + ` + + contentContainer.append(overlayDiv) + + $('.wy-nav-content.overlay').on('click', onOverlayClickHandler) +} + +function onOverlayClickHandler() { + removeOverlayAndCloseSidebar() +} + +function removeOverlayAndCloseSidebar() { + const screenWidth = window.innerWidth + + const contentContainer = $('.wy-nav-content') + contentContainer.removeClass('overlay') + + const overlayDiv = $('.overlayDiv') + overlayDiv.remove() + + const leftSidebarOpened = $('nav.wy-nav-side.shift') + leftSidebarOpened.removeClass('shift') + + const leftSidebar = $('nav.wy-nav-side') + + // that's working don't touch + if(screenWidth > 991) { + // when user is not in tablet -> we add classes on opened sidebar and remove classes on closed sidebar + const contentSection = $('section.wy-nav-content-wrap') + const contentDiv = $('div.wy-nav-content') + contentSection.addClass('wy-nav-content-wrap-opened-sidebar') + contentDiv.addClass('wy-nav-content-opened-sidebar') + contentSection.removeClass('wy-nav-content-wrap-closed-sidebar') + contentDiv.removeClass('wy-nav-content-closed-sidebar') + leftSidebar.removeClass('display_none') + return + } + + if(screenWidth <= 991) { + // I add closed classes to make contentContainer 100% width + const contentSection = $('section.wy-nav-content-wrap') + const contentDiv = $('div.wy-nav-content') + contentSection.removeClass('wy-nav-content-wrap-opened-sidebar') + contentDiv.removeClass('wy-nav-content-opened-sidebar') + contentSection.addClass('wy-nav-content-wrap-closed-sidebar') + contentDiv.addClass('wy-nav-content-closed-sidebar') + leftSidebar.addClass('display_none') + } + +} + +function createOpenSidebarButton() { + const divToInsert = $('div[role=navigation][aria-label="Page navigation"]') + divToInsert[0].insertAdjacentHTML('afterbegin', formOpenSidebarButton()) + + const newlyCreatedButton = $('.openLeftSidebarMenuButton') + + newlyCreatedButton.on('click', onOpenLeftSidebarMenuButtonClickHandler) +} + +function onOpenLeftSidebarMenuButtonClickHandler(e) { + e.stopPropagation() + const leftSidebar = $('nav.wy-nav-side') + const leftSidebarOpened = $('nav.wy-nav-side.shift') + if(leftSidebarOpened[0]) { + // leftSidebarOpened.removeClass('shift') + removeOverlayAndCloseSidebar() + } + + createOverlay() + if(leftSidebar.hasClass('display_none')) leftSidebar.removeClass('display_none') + if(leftSidebar.hasClass('.additionalStylesForShift')) leftSidebar.removeClass('.additionalStylesForShift') + // here I add classes to contentSection and contentDiv to make them margined left and remove closed classes if any + const contentSection = $('section.wy-nav-content-wrap') + const contentDiv = $('div.wy-nav-content') + // contentSection.removeClass('wy-nav-content-wrap-closed-sidebar') + // contentDiv.removeClass('wy-nav-content-closed-sidebar') + // contentSection.addClass('wy-nav-content-wrap-opened-sidebar') + // contentDiv.addClass('wy-nav-content-opened-sidebar') + return leftSidebar.addClass('shift') +} + +function createCloseSidebarButton(screenWidth) { + const updatedLeftSidebarScrollDiv = $('nav.wy-nav-side') + + const alreadyCreatedButtonCheck = $('div.closeLeftSidebarMenuButton') + if(alreadyCreatedButtonCheck[0]) return + + updatedLeftSidebarScrollDiv[0].insertAdjacentHTML('beforeend', formCloseLeftSidebarButton()) + updatedLeftSidebarScrollDiv.addClass('additionalStylesForShift') + + const createdCloseSidebarButton = $('.closeButtonDivLine') + + createdCloseSidebarButton.on('click', function () { + removeOverlayAndCloseSidebar() + }) +} + +function formOpenSidebarButton() { + return ` + <div class='openLeftSidebarMenuButton'> + ${hamburgerIcon} + </div> + ` +} + +function formCloseLeftSidebarButton() { + return ` + <div class='closeButtonDivLine'> + <div class='closeLeftSidebarMenuButton'> + Close + </div> + </div> + ` +} + +function removeOverlayAndButtons(screenWidth) { + removeOverlayAndCloseSidebar() + removeButtons() +} diff --git a/docs/_templates/layout.html b/docs/_templates/layout.html index 6cb68508..5736a26f 100644 --- a/docs/_templates/layout.html +++ b/docs/_templates/layout.html @@ -1,12 +1,32 @@ {% extends "!layout.html" %} {%- set current_version = "1.5.x circinus" %} {% block extrahead %} + <style>#vyos-header-iframe{position:fixed;top:0;left:0;right:0;z-index:999999999;width:100%;border:none}</style> + <style>#vyos-footer-iframe{width:100%;border:none}</style> + <iframe src='https://vyos.io/iframes/header' id='vyos-header-iframe'></iframe> + <script>const iframeHeader=document.getElementById('vyos-header-iframe');const postMessageToIframe=()=>{iframeHeader.contentWindow.postMessage({height:window.innerHeight,width:window.width},'*')};window.addEventListener('message',function(message){if(message.data.headerIframeHeight){iframeHeader.style.height=`${message.data.headerIframeHeight}px`;postMessageToIframe()}});window.addEventListener('resize',event=>{postMessageToIframe()})</script> <link href="{{ pathto("_static/css/custom.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/lists.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/hints.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/headers.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/breadcrumbs.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/linkButtons.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/text.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/leftSidebar.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/scrolls.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/tables.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/installation/running-on-bare-metal.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/code-snippets.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/separate-commands.css", True) }}" rel="stylesheet" type="text/css"> + <link href="{{ pathto("_static/css/configuration/index.css", True) }}" rel="stylesheet" type="text/css"> <link href="{{ pathto("_static/css/datatables.css", True) }}" rel="stylesheet" type="text/css"> + <link rel="preconnect" href="https://fonts.googleapis.com"> + <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> + <link href="https://fonts.googleapis.com/css2?family=Archivo:wght@400;500;600;700;800&display=swap" rel="stylesheet"> <script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/datatables.js", True) }}"></script> <script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/tables.js", True) }}"></script> -{% endblock %} -{% block extrabody %} - <p class="devwarning">Warning: This is the dev version. The latest stable version is - <a href="https://docs.vyos.io/en/equuleus/">Equuleus 1.3.x</a>.</a></p> + <script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/codecopier.js", True) }}"></script> + <script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/sidebar.js", True) }}"></script> + <script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/footer.js", True) }}"></script> + </script> {% endblock %} diff --git a/docs/automation/cloud-init.rst b/docs/automation/cloud-init.rst index b396fee0..bbc8967c 100644 --- a/docs/automation/cloud-init.rst +++ b/docs/automation/cloud-init.rst @@ -268,7 +268,7 @@ Generate qcow image ------------------- A VyOS qcow image with cloud-init options is needed. This can be obtained -using `vyos-vm-images`_ repo. After clonning the repo, edit the file +using `vyos-vm-images`_ repo. After cloning the repo, edit the file **qemu.yml** and comment the **download-iso** role. In this lab, we are using 1.3.0 VyOS version and setting a disk of 10G. @@ -344,7 +344,7 @@ Content of network-config file: dhcp4: false dhcp6: false -Finaly, file **meta-data** has no content, but it's required. +Finally, file **meta-data** has no content, but it's required. --------------- Create seed.iso @@ -360,7 +360,7 @@ Command for generating ``seed.iso`` mkisofs -joliet -rock -volid "cidata" -output seed.iso meta-data \ user-data network-config -**NOTE**: be carefull while copying and pasting previous commands. Doble +**NOTE**: be careful while copying and pasting previous commands. Double quotes may need to be corrected. --------------- diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index c8a72a36..cc67132c 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -49,7 +49,7 @@ prepended with ``run``, even if you haven't created a session with configure. Run commands remotely --------------------- -Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on +Sometimes you simply want to execute a bunch of op-mode commands via SSH on a remote VyOS system. .. code-block:: none diff --git a/docs/automation/index.rst b/docs/automation/index.rst index ee8282ac..ecabff7a 100644 --- a/docs/automation/index.rst +++ b/docs/automation/index.rst @@ -12,6 +12,7 @@ VyOS Automation vyos-api vyos-ansible + vyos-terraform vyos-napalm vyos-netmiko vyos-salt diff --git a/docs/automation/vyos-api.rst b/docs/automation/vyos-api.rst index afcc1767..8fad05ca 100644 --- a/docs/automation/vyos-api.rst +++ b/docs/automation/vyos-api.rst @@ -250,13 +250,14 @@ The ``generate`` endpoint run a ``generate`` command. .. code-block:: none curl -k --location --request POST 'https://vyos/generate' \ - --form data='{"op": "generate", "path": ["wireguard", "default-keypair"]}' \ + --form data='{"op": "generate", "path": ["pki", "wireguard", "key-pair"]}' \ --form key='MY-HTTPS-API-PLAINTEXT-KEY' response: { "success": true, - "data": "", + "data": "Private key: CFZR2eyhoVZwk4n3JFPMJx3E145f1EYgDM+ubytXYVY=\n + Public key: jjtpPT8ycI1Q0bNtrWuxAkO4k88Xwzg5VHV9xGZ58lU=\n\n", "error": null } diff --git a/docs/automation/vyos-netmiko.rst b/docs/automation/vyos-netmiko.rst index e57e0c78..075b0f34 100644 --- a/docs/automation/vyos-netmiko.rst +++ b/docs/automation/vyos-netmiko.rst @@ -32,7 +32,7 @@ Example 'set interfaces ethernet eth1 description LAN', ] - # set congiguration + # set configuration output = net_connect.send_config_set(config_commands, exit_config_mode=False) print(output) @@ -69,4 +69,4 @@ Output vtun10 10.10.0.1/24 u/u [edit] -.. _netmiko: https://github.com/ktbyers/netmiko
\ No newline at end of file +.. _netmiko: https://github.com/ktbyers/netmiko diff --git a/docs/automation/vyos-terraform.rst b/docs/automation/vyos-terraform.rst new file mode 100644 index 00000000..75967202 --- /dev/null +++ b/docs/automation/vyos-terraform.rst @@ -0,0 +1,1036 @@ +:lastproofread: 2024-01-11 + +.. _vyos-terraform: + +Terraform +========= + +VyOS supports develop infrastructia via Terraform and provisioning via ansible. +Need to install ``Terraform`` + +Structure of files + +.. code-block:: none + + . + ├── main.tf + ├── version.tf + ├── variables.tf + └── terraform.tfvars + +Run Terraform +------------- + +.. code-block:: none + + #cd /your folder + #terraform init + #terraform plan + #terraform apply + #yes + + +Deploying vyos in the AWS cloud +------------------------------- +With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the AWS cloud. If necessary, the infrastructure can be removed using terraform. +Also we will make provisioning using Ansible. + +Structure of files Terrafom + +.. code-block:: none + + . + ├── vyos.tf + └── var.tf + +File contents +------------- + +vyos.tf + +.. code-block:: none + + terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } + } + + provider "aws" { + access_key = var.access + secret_key = var.secret + region = var.region + } + + variable "region" { + default = "us-east-1" + description = "AWS Region" + } + + variable "ami" { + default = "ami-**************" # ami image please enter your details + description = "Amazon Machine Image ID for VyOS" + } + + variable "type" { + default = "t2.micro" + description = "Size of VM" + } + + # my resource for VyOS + + resource "aws_instance" "myVyOSec2" { + ami = var.ami + key_name = "mykeyname" # Please enter your details + security_groups = ["my_sg"] # Please enter your details + instance_type = var.type + tags = { + name = "VyOS System" + } + } + + output "my_IP"{ + value = aws_instance.myVyOSec2.public_ip + } + + + #IP of aws instance copied to a file ip.txt in local system Terraform + + resource "local_file" "ip" { + content = aws_instance.myVyOSec2.public_ip + filename = "ip.txt" + } + + #connecting to the Ansible control node using SSH connection + + resource "null_resource" "SSHconnection1" { + depends_on = [aws_instance.myVyOSec2] + connection { + type = "ssh" + user = "root" + password = var.password + host = var.host + } + #copying the ip.txt file to the Ansible control node from local system + provisioner "file" { + source = "ip.txt" + destination = "/root/aws/ip.txt" # The folder of your Ansible project + } + } + + resource "null_resource" "SSHconnection2" { + depends_on = [aws_instance.myVyOSec2] + connection { + type = "ssh" + user = "root" + password = var.password + host = var.host + } + #command to run Ansible playbook on remote Linux OS + provisioner "remote-exec" { + inline = [ + "cd /root/aws/", + "ansible-playbook instance.yml" + ] + } + } + + +var.tf + +.. code-block:: none + + variable "password" { + description = "pass for Ansible" + type = string + sensitive = true + } + variable "host"{ + description = "The IP of my Ansible" + } + variable "access" { + description = "my access_key for AWS" + type = string + sensitive = true + } + variable "secret" { + description = "my secret_key for AWS" + type = string + sensitive = true + } + + +Structure of files Ansible + +.. code-block:: none + + . + ├── group_vars + └── all + ├── ansible.cfg + ├── mykey.pem + └── instance.yml + + +File contents +------------- + +ansible.cfg + +.. code-block:: none + + [defaults] + inventory = /root/aws/ip.txt + host_key_checking= False + private_key_file = /root/aws/mykey.pem + remote_user=vyos + +mykey.pem + +.. code-block:: none + + -----BEGIN OPENSSH PRIVATE KEY----- + + Copy your key.pem from AWS + + -----END OPENSSH PRIVATE KEY----- + +instance.yml + +.. code-block:: none + + - name: integration of terraform and ansible + hosts: all + gather_facts: 'no' + + tasks: + + - name: "Wait 300 seconds, but only start checking after 60 seconds" + wait_for_connection: + delay: 60 + timeout: 300 + + - name: "Configure general settings for the vyos hosts group" + vyos_config: + lines: + - set system name-server 8.8.8.8 + save: + true + + +all + +.. code-block:: none + + ansible_connection: ansible.netcommon.network_cli + ansible_network_os: vyos.vyos.vyos + ansible_user: vyos + +AWS_terraform_ansible_single_vyos_instance +------------------------------------------ + +How to create a single instance and install your configuration using Terraform+Ansible+AWS +Step by step: + +AWS +--- + +1.1 Create an account with AWS and get your "access_key", "secret key" + +1.2 Create a key pair and download your .pem key + +1.3 Create a security group for the new VyOS instance + +Terraform +--------- + +2.1 Create a UNIX or Windows instance + +2.2 Download and install Terraform + +2.3 Create the folder for example ../awsvyos/ + +2.4 Copy all files into your Terraform project (vyos.tf, var.tf) +2.4.1 Please type the information into the strings 22, 35, 36 of file "vyos.tf" + +2.5 Type the commands : + + #cd /your folder + + #terraform init + +Ansible +------- + +3.1 Create a UNIX instance + +3.2 Download and install Ansible + +3.3 Create the folder for example /root/aws/ + +3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml, mykey.pem) + +mykey.pem you have to get using step 1.2 + +Start +----- + +4.1 Type the commands on your Terrafom instance: + + #cd /your folder + + #terraform plan + + #terraform apply + + #yes + +.. image:: /_static/images/aws.png + :width: 80% + :align: center + :alt: Network Topology Diagram + + + +Deploying vyos in the Azure cloud +--------------------------------- +With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform. + +Structure of files Terrafom + +.. code-block:: none + + . + ├── main.tf + └── variables.tf + +File contents +------------- + +main.tf + +.. code-block:: none + + ############################################################################## + # HashiCorp Guide to Using Terraform on Azure + # This Terraform configuration will create the following: + # Resource group with a virtual network and subnet + # An VyOS server without ssh key (only login+password) + ############################################################################## + + # Chouse a provider + + provider "azurerm" { + features {} + } + + # Create a resource group. In Azure every resource belongs to a + # resource group. + + resource "azurerm_resource_group" "azure_vyos" { + name = "${var.resource_group}" + location = "${var.location}" + } + + # The next resource is a Virtual Network. + + resource "azurerm_virtual_network" "vnet" { + name = "${var.virtual_network_name}" + location = "${var.location}" + address_space = ["${var.address_space}"] + resource_group_name = "${var.resource_group}" + } + + # Build a subnet to run our VMs in. + + resource "azurerm_subnet" "subnet" { + name = "${var.prefix}subnet" + virtual_network_name = "${azurerm_virtual_network.vnet.name}" + resource_group_name = "${var.resource_group}" + address_prefixes = ["${var.subnet_prefix}"] + } + + ############################################################################## + # Build an VyOS VM from the Marketplace + # To finde nessesery image use the command: + # + # az vm image list --offer vyos --all + # + # Now that we have a network, we'll deploy an VyOS server. + # An Azure Virtual Machine has several components. In this example we'll build + # a security group, a network interface, a public ip address, a storage + # account and finally the VM itself. Terraform handles all the dependencies + # automatically, and each resource is named with user-defined variables. + ############################################################################## + + + # Security group to allow inbound access on port 22 (ssh) + + resource "azurerm_network_security_group" "vyos-sg" { + name = "${var.prefix}-sg" + location = "${var.location}" + resource_group_name = "${var.resource_group}" + + security_rule { + name = "SSH" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefix = "${var.source_network}" + destination_address_prefix = "*" + } + } + + # A network interface. + + resource "azurerm_network_interface" "vyos-nic" { + name = "${var.prefix}vyos-nic" + location = "${var.location}" + resource_group_name = "${var.resource_group}" + + ip_configuration { + name = "${var.prefix}ipconfig" + subnet_id = "${azurerm_subnet.subnet.id}" + private_ip_address_allocation = "Dynamic" + public_ip_address_id = "${azurerm_public_ip.vyos-pip.id}" + } + } + + # Add a public IP address. + + resource "azurerm_public_ip" "vyos-pip" { + name = "${var.prefix}-ip" + location = "${var.location}" + resource_group_name = "${var.resource_group}" + allocation_method = "Dynamic" + } + + # Build a virtual machine. This is a standard VyOS instance from Marketplace. + + resource "azurerm_virtual_machine" "vyos" { + name = "${var.hostname}-vyos" + location = "${var.location}" + resource_group_name = "${var.resource_group}" + vm_size = "${var.vm_size}" + + network_interface_ids = ["${azurerm_network_interface.vyos-nic.id}"] + delete_os_disk_on_termination = "true" + + # To finde an information about the plan use the command: + # az vm image list --offer vyos --all + + plan { + publisher = "sentriumsl" + name = "vyos-1-3" + product = "vyos-1-2-lts-on-azure" + } + + storage_image_reference { + publisher = "${var.image_publisher}" + offer = "${var.image_offer}" + sku = "${var.image_sku}" + version = "${var.image_version}" + } + + storage_os_disk { + name = "${var.hostname}-osdisk" + managed_disk_type = "Standard_LRS" + caching = "ReadWrite" + create_option = "FromImage" + } + + os_profile { + computer_name = "${var.hostname}" + admin_username = "${var.admin_username}" + admin_password = "${var.admin_password}" + } + + os_profile_linux_config { + disable_password_authentication = false + } + } + + data "azurerm_public_ip" "example" { + depends_on = ["azurerm_virtual_machine.vyos"] + name = "vyos-ip" + resource_group_name = "${var.resource_group}" + } + output "public_ip_address" { + value = data.azurerm_public_ip.example.ip_address + } + + # IP of AZ instance copied to a file ip.txt in local system + + resource "local_file" "ip" { + content = data.azurerm_public_ip.example.ip_address + filename = "ip.txt" + } + + #Connecting to the Ansible control node using SSH connection + + resource "null_resource" "nullremote1" { + depends_on = ["azurerm_virtual_machine.vyos"] + connection { + type = "ssh" + user = "root" + password = var.password + host = var.host + } + + # Copying the ip.txt file to the Ansible control node from local system + + provisioner "file" { + source = "ip.txt" + destination = "/root/az/ip.txt" + } + } + + resource "null_resource" "nullremote2" { + depends_on = ["azurerm_virtual_machine.vyos"] + connection { + type = "ssh" + user = "root" + password = var.password + host = var.host + } + + # Command to run ansible playbook on remote Linux OS + + provisioner "remote-exec" { + + inline = [ + "cd /root/az/", + "ansible-playbook instance.yml" + ] + } + } + + + +variables.tf + +.. code-block:: none + + ############################################################################## + # Variables File + # + # Here is where we store the default values for all the variables used in our + # Terraform code. + ############################################################################## + + variable "resource_group" { + description = "The name of your Azure Resource Group." + default = "my_resource_group" + } + + variable "prefix" { + description = "This prefix will be included in the name of some resources." + default = "vyos" + } + + variable "hostname" { + description = "Virtual machine hostname. Used for local hostname, DNS, and storage-related names." + default = "vyos_terraform" + } + + variable "location" { + description = "The region where the virtual network is created." + default = "centralus" + } + + variable "virtual_network_name" { + description = "The name for your virtual network." + default = "vnet" + } + + variable "address_space" { + description = "The address space that is used by the virtual network. You can supply more than one address space. Changing this forces a new resource to be created." + default = "10.0.0.0/16" + } + + variable "subnet_prefix" { + description = "The address prefix to use for the subnet." + default = "10.0.10.0/24" + } + + variable "storage_account_tier" { + description = "Defines the storage tier. Valid options are Standard and Premium." + default = "Standard" + } + + variable "storage_replication_type" { + description = "Defines the replication type to use for this storage account. Valid options include LRS, GRS etc." + default = "LRS" + } + + # The most chippers size + + variable "vm_size" { + description = "Specifies the size of the virtual machine." + default = "Standard_B1s" + } + + variable "image_publisher" { + description = "Name of the publisher of the image (az vm image list)" + default = "sentriumsl" + } + + variable "image_offer" { + description = "Name of the offer (az vm image list)" + default = "vyos-1-2-lts-on-azure" + } + + variable "image_sku" { + description = "Image SKU to apply (az vm image list)" + default = "vyos-1-3" + } + + variable "image_version" { + description = "Version of the image to apply (az vm image list)" + default = "1.3.3" + } + + variable "admin_username" { + description = "Administrator user name" + default = "vyos" + } + + variable "admin_password" { + description = "Administrator password" + default = "Vyos0!" + } + + variable "source_network" { + description = "Allow access from this network prefix. Defaults to '*'." + default = "*" + } + + variable "password" { + description = "pass for Ansible" + type = string + sensitive = true + } + variable "host"{ + description = "IP of my Ansible" + } + + +Structure of files Ansible + +.. code-block:: none + + . + ├── group_vars + └── all + ├── ansible.cfg + └── instance.yml + + +File contents +------------- + +ansible.cfg + +.. code-block:: none + + [defaults] + inventory = /root/az/ip.txt + host_key_checking= False + remote_user=vyos + + +instance.yml + +.. code-block:: none + + - name: integration of terraform and ansible + hosts: all + gather_facts: 'no' + + tasks: + + - name: "Wait 300 seconds, but only start checking after 60 seconds" + wait_for_connection: + delay: 60 + timeout: 300 + + - name: "Configure general settings for the vyos hosts group" + vyos_config: + lines: + - set system name-server 8.8.8.8 + save: + true + + +all + +.. code-block:: none + + ansible_connection: ansible.netcommon.network_cli + ansible_network_os: vyos.vyos.vyos + + # user and password gets from terraform variables "admin_username" and "admin_password" + ansible_user: vyos + ansible_ssh_pass: Vyos0! + + +Azure_terraform_ansible_single_vyos_instance +-------------------------------------------- + +How to create a single instance and install your configuration using Terraform+Ansible+Azure +Step by step: + +Azure +----- + +1.1 Create an account with Azure + +Terraform +--------- + +2.1 Create a UNIX or Windows instance + +2.2 Download and install Terraform + +2.3 Create the folder for example ../azvyos/ + +2.4 Copy all files from my folder /Terraform into your Terraform project (main.tf, variables.tf) + +2.5 Login with Azure using the command + + #az login + +2.6 Type the commands : + + #cd /your folder + + #terraform init + +Ansible +------- + +3.1 Create a UNIX instance + +3.2 Download and install Ansible + +3.3 Create the folder for example /root/az/ + +3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars) + +Start +----- + +4.1 Type the commands on your Terrafom instance: + + #cd /your folder + + #terraform plan + + #terraform apply + + #yes + + + +Deploying vyos in the Vsphere infrastructia +------------------------------------------- +With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the vSphere. + +Structure of files Terrafom + +.. code-block:: none + + . + ├── main.tf + ├── versions.tf + ├── variables.tf + └── terraform.tfvars + +File contents +------------- + +main.tf + +.. code-block:: none + + provider "vsphere" { + user = var.vsphere_user + password = var.vsphere_password + vsphere_server = var.vsphere_server + allow_unverified_ssl = true + } + + data "vsphere_datacenter" "datacenter" { + name = var.datacenter + } + + data "vsphere_datastore" "datastore" { + name = var.datastore + datacenter_id = data.vsphere_datacenter.datacenter.id + } + + data "vsphere_compute_cluster" "cluster" { + name = var.cluster + datacenter_id = data.vsphere_datacenter.datacenter.id + } + + data "vsphere_resource_pool" "default" { + name = format("%s%s", data.vsphere_compute_cluster.cluster.name, "/Resources/terraform") # set as you need + datacenter_id = data.vsphere_datacenter.datacenter.id + } + + data "vsphere_host" "host" { + name = var.host + datacenter_id = data.vsphere_datacenter.datacenter.id + } + + data "vsphere_network" "network" { + name = var.network_name + datacenter_id = data.vsphere_datacenter.datacenter.id + } + + ## Deployment of VM from Remote OVF + resource "vsphere_virtual_machine" "vmFromRemoteOvf" { + name = var.remotename + datacenter_id = data.vsphere_datacenter.datacenter.id + datastore_id = data.vsphere_datastore.datastore.id + host_system_id = data.vsphere_host.host.id + resource_pool_id = data.vsphere_resource_pool.default.id + network_interface { + network_id = data.vsphere_network.network.id + } + wait_for_guest_net_timeout = 2 + wait_for_guest_ip_timeout = 2 + + ovf_deploy { + allow_unverified_ssl_cert = true + remote_ovf_url = var.url_ova + disk_provisioning = "thin" + ip_protocol = "IPv4" + ip_allocation_policy = "dhcpPolicy" + ovf_network_map = { + "Network 1" = data.vsphere_network.network.id + "Network 2" = data.vsphere_network.network.id + } + } + vapp { + properties = { + "password" = "12345678", + "local-hostname" = "terraform_vyos" + } + } + } + + output "ip" { + description = "default ip address of the deployed VM" + value = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address + } + + # IP of AZ instance copied to a file ip.txt in local system + + resource "local_file" "ip" { + content = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address + filename = "ip.txt" + } + + #Connecting to the Ansible control node using SSH connection + + resource "null_resource" "nullremote1" { + depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"] + connection { + type = "ssh" + user = "root" + password = var.ansiblepassword + host = var.ansiblehost + + } + + # Copying the ip.txt file to the Ansible control node from local system + + provisioner "file" { + source = "ip.txt" + destination = "/root/vsphere/ip.txt" + } + } + + resource "null_resource" "nullremote2" { + depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"] + connection { + type = "ssh" + user = "root" + password = var.ansiblepassword + host = var.ansiblehost + } + + # Command to run ansible playbook on remote Linux OS + + provisioner "remote-exec" { + + inline = [ + "cd /root/vsphere/", + "ansible-playbook instance.yml" + ] + } + } + + +versions.tf + +.. code-block:: none + + # Copyright (c) HashiCorp, Inc. + # SPDX-License-Identifier: MPL-2.0 + + terraform { + required_providers { + vsphere = { + source = "hashicorp/vsphere" + version = "2.4.0" + } + } + } + +variables.tf + +.. code-block:: none + + # Copyright (c) HashiCorp, Inc. + # SPDX-License-Identifier: MPL-2.0 + + variable "vsphere_server" { + description = "vSphere server" + type = string + } + + variable "vsphere_user" { + description = "vSphere username" + type = string + } + + variable "vsphere_password" { + description = "vSphere password" + type = string + sensitive = true + } + + variable "datacenter" { + description = "vSphere data center" + type = string + } + + variable "cluster" { + description = "vSphere cluster" + type = string + } + + variable "datastore" { + description = "vSphere datastore" + type = string + } + + variable "network_name" { + description = "vSphere network name" + type = string + } + + variable "host" { + description = "name if yor host" + type = string + } + + variable "remotename" { + description = "the name of you VM" + type = string + } + + variable "url_ova" { + description = "the URL to .OVA file or cloude store" + type = string + } + + variable "ansiblepassword" { + description = "Ansible password" + type = string + } + + variable "ansiblehost" { + description = "Ansible host name or IP" + type = string + } + +terraform.tfvars + +.. code-block:: none + + vsphere_user = "" + vsphere_password = "" + vsphere_server = "" + datacenter = "" + datastore = "" + cluster = "" + network_name = "" + host = "" + url_ova = "" + ansiblepassword = "" + ansiblehost = "" + remotename = "" + +Azure_terraform_ansible_single_vyos_instance +-------------------------------------------- + +How to create a single instance and install your configuration using Terraform+Ansible+Vsphere +Step by step: + +Vsphere +------- + +1.1 Collect all data in to file "terraform.tfvars" and create resources fo example "terraform" + +Terraform +--------- + +2.1 Create a UNIX or Windows instance + +2.2 Download and install Terraform + +2.3 Create the folder for example ../vsphere/ + +2.4 Copy all files from my folder /Terraform into your Terraform project + +2.5 Type the commands : + + #cd /your folder + + #terraform init + + +Ansible +------- + +3.1 Create a UNIX instance + +3.2 Download and install Ansible + +3.3 Create the folder for example /root/vsphere/ + +3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars) + +Start +----- + +4.1 Type the commands on your Terrafom instance: + + #cd /your folder + + #terraform plan + + #terraform apply + + #yes + diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index d0d71d55..6ae5a5fb 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,56 @@ _ext/releasenotes.py +2024-01-14 +========== + +* :vytask:`T5715` ``(bug): IPSec VPN: restart vpn is not working`` + + +2024-01-13 +========== + +* :vytask:`T5924` ``(bug): Build cannot pass the smoketest dialup-router-medium-vpn`` + + +2024-01-11 +========== + +* :vytask:`T5275` ``(default): Add op mode commands for exporting certificates to PEM files with correct headers`` +* :vytask:`T5274` ``(default): Add a deprecation warning for OpenVPN site-to-site with pre-shared secret`` +* :vytask:`T3191` ``(bug): PAM RADIUS freezing when accounting does not configured on RADIUS server`` + + +2024-01-10 +========== + +* :vytask:`T4646` ``(bug): USB serial output console does not work`` +* :vytask:`T4466` ``(bug): intel i225-v nic does not detect link after boot`` +* :vytask:`T4222` ``(feature): Support for TWAMP as round-trip metric`` +* :vytask:`T1369` ``(bug): GCP Networking Failure`` + + +2024-01-09 +========== + +* :vytask:`T3242` ``(bug): PPPoE Server overhead on virtual interfaces creation`` +* :vytask:`T2755` ``(default): Requirements for partial interface setup`` +* :vytask:`T2494` ``(bug): systemd dependencies issues`` +* :vytask:`T2343` ``(feature): Disable memory ballooning in VM templates`` +* :vytask:`T2254` ``(default): Provide more information on the build branch in the version data`` +* :vytask:`T2223` ``(feature): convert operational show interfaces to python/XML`` +* :vytask:`T1925` ``(bug): DMVPN is always listed as down in "show vpn ipsec sa"`` +* :vytask:`T1297` ``(feature): Add GARP settings to VRRP/keepalived`` + + +2024-01-08 +========== + +* :vytask:`T5318` ``(bug): Security Vulnerabilities for VyOS 1.3.3`` +* :vytask:`T3980` ``(bug): vrrp transition-script validator makes warning fatal and also causes a python NameError exception`` +* :vytask:`T2799` ``(feature): VyOS Certificates Manager`` + + 2023-12-29 ========== @@ -1989,7 +2039,6 @@ ========== * :vytask:`T3682` ``(bug): Remove running dhclient from ether-resume.py`` -* :vytask:`T3681` ``(default): The VMware Tools resume script did not run successfully in this virtual machine.`` 2021-08-20 diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 7a4c96c0..1b9b09a0 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,122 @@ _ext/releasenotes.py +2024-01-14 +========== + +* :vytask:`T4428` ``(feature): Update ddclient to newer version`` + + +2024-01-12 +========== + +* :vytask:`T5925` ``(feature): Containers change systemd KillMode`` +* :vytask:`T5920` ``(bug): Quick Start documentation contains error`` +* :vytask:`T5919` ``(bug): Firewall - opmode for ipv6`` +* :vytask:`T5306` ``(default): bgp config migration failed with v6only option configured with peer-group`` +* :vytask:`T3429` ``(bug): Hyper-V integration services not working on VyOS 1.4 (sagitta/current)`` + + +2024-01-11 +========== + +* :vytask:`T5896` ``(bug): Config Error on Boot with Podman and Firewall`` +* :vytask:`T5532` ``(bug): After add system image the boot stuck and works again after the second reboot`` +* :vytask:`T5512` ``(bug): build linux-firmware script cannot expand asterisks if firmware name is a glob string`` +* :vytask:`T5379` ``(bug): show system updates doesnt seem to be working`` +* :vytask:`T5275` ``(default): Add op mode commands for exporting certificates to PEM files with correct headers`` +* :vytask:`T5274` ``(default): Add a deprecation warning for OpenVPN site-to-site with pre-shared secret`` +* :vytask:`T5262` ``(default): Warn the user about unsaved config on reboot/shutdown attempts`` +* :vytask:`T5257` ``(feature): Cannont assign netflow source ip to ip in non default VRF`` +* :vytask:`T5026` ``(feature): Python3 modules crypt and spwd are deprecated`` +* :vytask:`T5814` ``(bug): VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration`` +* :vytask:`T4610` ``(bug): Firewall with 20K entries cannot load after reboot`` +* :vytask:`T3191` ``(bug): PAM RADIUS freezing when accounting does not configured on RADIUS server`` +* :vytask:`T5917` ``(feature): Restore annotations of (running)/(default boot) in select image list`` +* :vytask:`T5916` ``(default): Added segment routing check for index size and SRGB size`` +* :vytask:`T5913` ``(feature): Allow for Peer-Groups in ipv4-labeled-unicast SAFI`` + + +2024-01-10 +========== + +* :vytask:`T5918` ``(bug): Verification problem for `set vpn ipsec interface``` +* :vytask:`T5911` ``(bug): pki: service update ignored if certificate name contains a hyphen (-)`` +* :vytask:`T5886` ``(feature): Add support for ACME protocol (LetsEncrypt)`` +* :vytask:`T5766` ``(bug): http: rewrite conf-mode script to get_config_dict()`` +* :vytask:`T5144` ``(default): Modernize dynamic dns operation`` +* :vytask:`T4689` ``(feature): Support RFS(Receive Flow Steering)`` +* :vytask:`T4659` ``(feature): Use vtysh to display bridge and some interface parameter information`` +* :vytask:`T4646` ``(bug): USB serial output console does not work`` +* :vytask:`T4577` ``(bug): WWAN commit failed which simple config`` +* :vytask:`T4502` ``(feature): Consider implementing (NAT/other) flow table offload`` +* :vytask:`T4446` ``(default): Unified CLI for displaying neithbors (ARP, IP, and NDP)`` +* :vytask:`T4427` ``(default): Remove the vyos-utils package list from vyos-build`` +* :vytask:`T4300` ``(feature): Extend list of supported interfaces for Cloud-init Network Configuration`` +* :vytask:`T4250` ``(bug): Organize logrotate settings to avoid duplicates`` +* :vytask:`T4236` ``(feature): Generate ovpn openvpn client configuration files`` +* :vytask:`T4222` ``(feature): Support for TWAMP as round-trip metric`` +* :vytask:`T3833` ``(bug): Cloud-init not finding data source in OpenStack`` +* :vytask:`T5902` ``(bug): http: remove virtual-host configuration in webserver`` +* :vytask:`T3499` ``(bug): Podman is not compatible with nat rules`` +* :vytask:`T3430` ``(bug): Cloud-init failing with “Unable to render networking” on VyOS 1.3`` +* :vytask:`T3011` ``(bug): router becomes unreachable for few minutes when vti interfaces goes down`` +* :vytask:`T5791` ``(default): Update dynamic dns configuration path to be consistent with other areas of VyOS`` +* :vytask:`T5708` ``(default): Additional dynamic dns improvements to align with ddclient 3.11.1 release`` +* :vytask:`T5573` ``(bug): Fix ddclient cache entries`` +* :vytask:`T5012` ``(feature): Control network configuration from Cloud-Init config`` +* :vytask:`T3116` ``(feature): Support back-end L4 level load balancing`` +* :vytask:`T5614` ``(default): Add conntrack helper matching on firewall`` +* :vytask:`T5080` ``(bug): Conntrack enabled by default`` +* :vytask:`T4782` ``(enhancment): Allow multiple CA certificates (on e.g. EAPoL)`` +* :vytask:`T2199` ``(default): Rewrite firewall in new XML/Python style`` + + +2024-01-09 +========== + +* :vytask:`T5898` ``(bug): Replace partprobe with partx due to unable to install VyOS`` +* :vytask:`T5838` ``(feature): Add Infiniband kernel modules`` +* :vytask:`T5785` ``(bug): API output of show container image broken`` +* :vytask:`T5410` ``(feature): Improve `utils.convert.convert_data()` to process all stdtypes`` +* :vytask:`T5269` ``(default): OpenVPN non-TLS site-to-site mode deprecation`` +* :vytask:`T5249` ``(feature): Add rollback-soft feature to rollback without a reboot`` +* :vytask:`T4944` ``(default): Prevent op mode functions from returning bare literals in raw output`` +* :vytask:`T4910` ``(default): Rewrite the remote access VPN op mode in the new style`` +* :vytask:`T4470` ``(feature): Rewrite load-balancing wan to XML/Python`` +* :vytask:`T3763` ``(bug): wireguard checks if port already binding`` +* :vytask:`T3489` ``(bug): NUMA has been disabled for the past few years and no-one has noticed`` +* :vytask:`T3476` ``(feature): Update availability check`` +* :vytask:`T2845` ``(bug): BGP conf_mode unable to delete configuration with peer-group`` +* :vytask:`T2844` ``(bug): BGP conf_mode errors disable-send-community`` +* :vytask:`T2755` ``(default): Requirements for partial interface setup`` +* :vytask:`T2721` ``(enhancment): Set FQ-CoDel as the default queueing mechanism for every class in Shaper`` +* :vytask:`T2511` ``(feature): Migrate vyatta-op-quagga to new XML format`` +* :vytask:`T2302` ``(default): Convert configuration scripts from executables to modules and use a script runner`` +* :vytask:`T2281` ``(feature): DHCP and Static IPs on Same Interface`` +* :vytask:`T2216` ``(default): Containerized third-party applications for VyOS`` +* :vytask:`T2171` ``(feature): Unify creation and manipulation of interfaces`` +* :vytask:`T1759` ``(feature): Replacing Vyatta::Interface perl`` +* :vytask:`T2408` ``(enhancment): DHCP Relay upstream and downstream interfaces`` +* :vytask:`T1297` ``(feature): Add GARP settings to VRRP/keepalived`` + + +2024-01-08 +========== + +* :vytask:`T5888` ``(bug): Firewall upgrade fails because of icmpv6`` +* :vytask:`T5844` ``(bug): HTTPS API doesn't start without configured keys even when GraphQL authentication type is set to token`` +* :vytask:`T5664` ``(bug): 1.4 user has no permissions?`` +* :vytask:`T5215` ``(default): Add a built-in ICMP health check for VRRP groups`` +* :vytask:`T5045` ``(bug): BFD is not starting after upgrade to 1.4-rolling-202302150317`` +* :vytask:`T4193` ``(default): Add support for transparent firewall`` +* :vytask:`T3754` ``(default): Make config scripts more testable`` +* :vytask:`T3663` ``(default): Use inotify file watching where applicable`` +* :vytask:`T3480` ``(bug): Does not possible to change console baud-rate`` +* :vytask:`T2897` ``(default): Remove cluster command`` +* :vytask:`T5904` ``(feature): op-mode: add "show ipv6 route vrf <name> <prefix>" command`` + + 2024-01-07 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index 631ccf91..3f88f950 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,64 @@ _ext/releasenotes.py +2024-01-12 +========== + +* :vytask:`T5925` ``(feature): Containers change systemd KillMode`` +* :vytask:`T5919` ``(bug): Firewall - opmode for ipv6`` +* :vytask:`T5306` ``(default): bgp config migration failed with v6only option configured with peer-group`` +* :vytask:`T3429` ``(bug): Hyper-V integration services not working on VyOS 1.4 (sagitta/current)`` + + +2024-01-11 +========== + +* :vytask:`T5713` ``(bug): strip-private doesn't strip string after "secret"`` +* :vytask:`T5532` ``(bug): After add system image the boot stuck and works again after the second reboot`` +* :vytask:`T5814` ``(bug): VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration`` +* :vytask:`T3191` ``(bug): PAM RADIUS freezing when accounting does not configured on RADIUS server`` +* :vytask:`T5917` ``(feature): Restore annotations of (running)/(default boot) in select image list`` +* :vytask:`T5916` ``(default): Added segment routing check for index size and SRGB size`` +* :vytask:`T5913` ``(feature): Allow for Peer-Groups in ipv4-labeled-unicast SAFI`` + + +2024-01-10 +========== + +* :vytask:`T5918` ``(bug): Verification problem for `set vpn ipsec interface``` +* :vytask:`T5911` ``(bug): pki: service update ignored if certificate name contains a hyphen (-)`` +* :vytask:`T5886` ``(feature): Add support for ACME protocol (LetsEncrypt)`` +* :vytask:`T5766` ``(bug): http: rewrite conf-mode script to get_config_dict()`` +* :vytask:`T4256` ``(feature): Display static DHCP server leases in the operational command output`` +* :vytask:`T5902` ``(bug): http: remove virtual-host configuration in webserver`` +* :vytask:`T3316` ``(feature): Use Kea DHCP(v6) instead of ISC DHCP(v6)`` +* :vytask:`T5791` ``(default): Update dynamic dns configuration path to be consistent with other areas of VyOS`` +* :vytask:`T5708` ``(default): Additional dynamic dns improvements to align with ddclient 3.11.1 release`` +* :vytask:`T5573` ``(bug): Fix ddclient cache entries`` +* :vytask:`T5614` ``(default): Add conntrack helper matching on firewall`` + + +2024-01-09 +========== + +* :vytask:`T5898` ``(bug): Replace partprobe with partx due to unable to install VyOS`` +* :vytask:`T5862` ``(bug): Default MTU is not acceptable in some environments`` +* :vytask:`T5840` ``(feature): Upgrade Kea to 2.4.x`` +* :vytask:`T5838` ``(feature): Add Infiniband kernel modules`` +* :vytask:`T5785` ``(bug): API output of show container image broken`` +* :vytask:`T5249` ``(feature): Add rollback-soft feature to rollback without a reboot`` +* :vytask:`T2511` ``(feature): Migrate vyatta-op-quagga to new XML format`` +* :vytask:`T5905` ``(bug): pki: IPsec and VTI interface priority inversion when using x509 site-to-site peer`` + + +2024-01-08 +========== + +* :vytask:`T5888` ``(bug): Firewall upgrade fails because of icmpv6`` +* :vytask:`T5844` ``(bug): HTTPS API doesn't start without configured keys even when GraphQL authentication type is set to token`` +* :vytask:`T5904` ``(feature): op-mode: add "show ipv6 route vrf <name> <prefix>" command`` + + 2024-01-07 ========== diff --git a/docs/cli.rst b/docs/cli.rst index ee9c49ed..41b4b9e0 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -558,7 +558,7 @@ different levels in the hierarchy. What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue - the ``commit-confirm`` command, your changes will be commited, and if + the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision. @@ -653,7 +653,7 @@ different levels in the hierarchy. The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments - need to be commited, just like other config changes. + need to be committed, just like other config changes. To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``""``) as @@ -852,7 +852,7 @@ Remote Archive VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a -:cfgcmd:`commit` is successfull the ``config.boot`` file will be copied +:cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``. diff --git a/docs/conf.py b/docs/conf.py index 4414286d..f05832fe 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -22,7 +22,7 @@ from docutils.parsers.rst.roles import set_classes # -- Project information ----------------------------------------------------- project = u'VyOS' -copyright = u'2023, VyOS maintainers and contributors' +copyright = u'2024, VyOS maintainers and contributors' author = u'VyOS maintainers and contributors' # The short X.Y version @@ -192,4 +192,4 @@ texinfo_documents = [ def setup(app): - pass + pass
\ No newline at end of file diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index 0487f863..adccd92b 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -93,6 +93,11 @@ Configuration Volume is either mounted as rw (read-write - default) or ro (read-only) +.. cfgcmd:: set container name <name> uid <number> +.. cfgcmd:: set container name <name> gid <number> + + Set the User ID or Group ID of the container + .. cfgcmd:: set container name <name> restart [no | on-failure | always] Set the restart behavior of the container. @@ -112,7 +117,7 @@ Configuration Add a host device to the container. -.. cfgcmd:: container name <name> cap-add <text> +.. cfgcmd:: set container name <name> cap-add <text> Set container capabilities or permissions. diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 74d5bc20..5d9190d6 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -66,10 +66,10 @@ packetis processed at the **IP Layer**: can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through - **inputt** (for example response to an ssh login attempt to the router). + **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in: - * ``set firewall ipv4 input filter ...``. + * ``set firewall ipv4 output filter ...``. * ``set firewall ipv6 output filter ...``. @@ -81,7 +81,7 @@ packetis processed at the **IP Layer**: destination...``. If the interface where the packet was received is part of a bridge, then -packetis processed at the **Bridge Layer**, which contains a basic setup for +the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering: * **Forward (Bridge)**: stage where traffic that is trespasing through the @@ -89,7 +89,7 @@ bridge filtering: * ``set firewall bridge forward filter ...``. -The main structure VyOS firewall cli is shown next: +The main structure of the VyOS firewall CLI is shown next: .. code-block:: none diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst index 496c0cf9..30876efc 100644 --- a/docs/configuration/protocols/bfd.rst +++ b/docs/configuration/protocols/bfd.rst @@ -56,6 +56,13 @@ Configure BFD Disable a BFD peer +.. cfgcmd:: set protocols bfd peer <address> minimum-ttl <1-254> + + For multi hop sessions only. Configure the minimum expected TTL for an + incoming BFD control packet. + + This feature serves the purpose of thightening the packet validation + requirements to avoid receiving BFD control packets from other sessions. Enable BFD in BGP ----------------- diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 8fc69111..3c983aae 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -209,35 +209,35 @@ Defining Peers .. cfgcmd:: set protocols bgp neighbor <address|interface> local-role <role> [strict] - BGP roles are defined in RFC :rfc:`9234` and provide an easy way to - add route leak prevention, detection and mitigation. The local Role - value is negotiated with the new BGP Role capability which has a - built-in check of the corresponding value. In case of a mismatch the + BGP roles are defined in RFC :rfc:`9234` and provide an easy way to + add route leak prevention, detection and mitigation. The local Role + value is negotiated with the new BGP Role capability which has a + built-in check of the corresponding value. In case of a mismatch the new OPEN Roles Mismatch Notification <2, 11> would be sent. The correct Role pairs are: - + Provider - Customer Peer - Peer RS-Server - RS-Client - If :cfgcmd:`strict` is set the BGP session won’t become established - until the BGP neighbor sets local Role on its side. This + If :cfgcmd:`strict` is set the BGP session won’t become established + until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side. - - Routes that are sent from provider, rs-server, or the peer local-role - (or if received by customer, rs-client, or the peer local-role) will + + Routes that are sent from provider, rs-server, or the peer local-role + (or if received by customer, rs-client, or the peer local-role) will be marked with a new Only to Customer (OTC) attribute. - + Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can - be received only if your local-role is customer or rs-client. - + be received only if your local-role is customer or rs-client. + In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number. - + All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set. @@ -584,6 +584,12 @@ General Configuration Common parameters ^^^^^^^^^^^^^^^^^ +.. cfgcmd:: set protocols bgp parameters allow-martian-nexthop + + When a peer receives a martian nexthop as part of the NLRI for a route + permit the nexthop to be used as such, instead of rejecting and resetting + the connection. + .. cfgcmd:: set protocols bgp parameters router-id <id> This command specifies the router-ID. If router ID is not specified it will @@ -598,6 +604,12 @@ Common parameters Path (both AS number and AS path length), Origin code, MED, IGP metric. Also, the next hop address for each path must be different. +.. cfgcmd:: set protocols bgp parameters no-hard-administrative-reset + + Do not send Hard Reset CEASE Notification for "Administrative Reset" + events. When set and Graceful Restart Notification capability is exchanged + between the peers, Graceful Restart procedures apply, and routes will be retained. + .. cfgcmd:: set protocols bgp parameters log-neighbor-changes This command enable logging neighbor up/down changes and reset reason. @@ -643,6 +655,16 @@ Common parameters compatibility with older versions of VyOS. With this option one can enable :rfc:`8212` functionality to operate. +.. cfgcmd:: set protocols bgp parameters labeled-unicast <explicit-null | + ipv4-explicit-null | ipv6-explicit-null> + + By default, locally advertised prefixes use the implicit-null label to + encode in the outgoing NLRI. + + The following command uses the explicit-null label value for all the + BGP instances. + + Administrative Distance ^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst index 827bfe1a..aeb2941b 100644 --- a/docs/configuration/protocols/rpki.rst +++ b/docs/configuration/protocols/rpki.rst @@ -30,8 +30,8 @@ in :rfc:`8210`. If you are new to these routing security technologies then there is an `excellent guide to RPKI`_ by NLnet Labs which will get you up to speed very quickly. Their documentation explains everything from what RPKI is to - deploying it in production. It also has some - `help and operational guidance`_ including "What can I do about my route + deploying it in production. It also has some + `help and operational guidance`_ including "What can I do about my route having an Invalid state?" *************** @@ -109,6 +109,20 @@ Configuration The default value is 300 seconds. +.. cfgcmd:: set protocols rpki expire-interval <600-172800> + + Set the number of seconds the router waits until the router + expires the cache. + + The default value is 7200 seconds. + +.. cfgcmd:: set protocols rpki retry-interval <1-7200> + + Set the number of seconds the router waits until retrying to connect + to the cache server. + + The default value is 600 seconds. + .. cfgcmd:: set protocols rpki cache <address> port <port> Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching @@ -136,10 +150,6 @@ the connection. SSH username to establish an SSH connection to the cache server. -.. cfgcmd:: set protocols rpki cache <address> ssh known-hosts-file <filepath> - - Local path that includes the known hosts file. - .. cfgcmd:: set protocols rpki cache <address> ssh private-key-file <filepath> Local path that includes the private key file of the router. @@ -148,7 +158,7 @@ the connection. Local path that includes the public key file of the router. -.. note:: When using SSH, known-hosts-file, private-key-file and public-key-file +.. note:: When using SSH, private-key-file and public-key-file are mandatory options. ******* diff --git a/docs/configuration/protocols/static.rst b/docs/configuration/protocols/static.rst index 1ad252e7..bfc25201 100644 --- a/docs/configuration/protocols/static.rst +++ b/docs/configuration/protocols/static.rst @@ -59,6 +59,29 @@ Static Routes .. note:: Routes with a distance of 255 are effectively disabled and not installed into the kernel. +.. cfgcmd:: set protocols static route6 <subnet> next-hop <address> segments <segments> + + It is possible to specify a static route for ipv6 prefixes using an SRv6 segments + instruction. The `/` separator can be used to specify multiple segment instructions. + + Example: + + .. code-block:: none + + set protocols static route6 2001:db8:1000::/36 next-hop 2001:db8:201::ffff segments '2001:db8:aaaa::7/2002::4/2002::3/2002::2' + + .. code-block:: none + + vyos@vyos:~$ show ipv6 route + Codes: K - kernel route, C - connected, S - static, R - RIPng, + O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table, + v - VNC, V - VNC-Direct, A - Babel, F - PBR, + f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + t - trapped, o - offload failure + C>* 2001:db8:201::/64 is directly connected, eth0.201, 00:00:46 + S>* 2001:db8:1000::/36 [1/0] via 2001:db8:201::ffff, eth0.201, seg6 2001:db8:aaaa::7,2002::4,2002::3,2002::2, weight 1, 00:00:08 + Interface Routes ================ @@ -103,6 +126,17 @@ Interface Routes Range is 1 to 255, default is 1. +.. cfgcmd:: set protocols static route6 <subnet> interface + <interface> segments <segments> + + It is possible to specify a static route for ipv6 prefixes using an SRv6 segments + instruction. The `/` separator can be used to specify multiple segment instructions. + + Example: + + .. code-block:: none + + set protocols static route6 2001:db8:1000::/36 interface eth0 segments '2001:db8:aaaa::7/2002::4/2002::3/2002::2' Blackhole ========= @@ -133,7 +167,6 @@ Blackhole Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance. - Alternate Routing Tables ======================== diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index c51a0aff..6813d2c0 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -178,12 +178,18 @@ MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement. .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet - <subnet> static-mapping <description> mac-address <address> + <subnet> static-mapping <description> mac <address> Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`. .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet + <subnet> static-mapping <description> duid <identifier> + + Create a new DHCP static mapping named `<description>` which is valid for + the host identified by its DHCP unique identifier (DUID) `<identifier>`. + +.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> static-mapping <description> ip-address <address> Static DHCP IP address assign to host identified by `<description>`. IP @@ -205,7 +211,7 @@ inside the subnet definition but can be outside of the range statement. set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 subnet-id 1 set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 ip-address 192.168.1.100 - set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 mac-address aa:bb:11:22:33:00 + set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 mac aa:bb:11:22:33:00 The configuration will look as follows: @@ -215,7 +221,7 @@ The configuration will look as follows: subnet 192.168.1.0/24 { static-mapping client1 { ip-address 192.168.1.100 - mac-address aa:bb:11:22:33:00 + mac aa:bb:11:22:33:00 } subnet-id 1 } @@ -528,35 +534,35 @@ Configuration values need to be supplied in seconds. .. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet - <prefix> nis-domain <domain-name> + <prefix> option nis-domain <domain-name> A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients. .. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet - <prefix> nisplus-domain <domain-name> + <prefix> option nisplus-domain <domain-name> The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one: .. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet - <prefix> nis-server <address> + <prefix> option nis-server <address> Specify a NIS server address for DHCPv6 clients. .. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet - <prefix> nisplus-server <address> + <prefix> option nisplus-server <address> Specify a NIS+ server address for DHCPv6 clients. .. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet - <prefix> sip-server <address | fqdn> + <prefix> option sip-server <address | fqdn> Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients. .. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet - <prefix> sntp-server-address <address> + <prefix> option sntp-server-address <address> A SNTP server address can be specified for DHCPv6 clients. @@ -594,8 +600,9 @@ server. The following example describes a common scenario. .. code-block:: none - set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 address-range start 2001:db8::100 stop 2001:db8::199 - set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 name-server 2001:db8::ffff + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 range 1 start 2001:db8::100 stop 2001:db8::199 + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 range 1 stop 2001:db8::199 + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 option name-server 2001:db8::ffff set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 subnet-id 1 The configuration will look as follows: @@ -605,12 +612,13 @@ The configuration will look as follows: show service dhcpv6-server shared-network-name NET1 { subnet 2001:db8::/64 { - address-range { - start 2001:db8::100 { - stop 2001:db8::199 - } + range 1 { + start 2001:db8::100 + stop 2001:db8::199 + } + option { + name-server 2001:db8::ffff } - name-server 2001:db8::ffff subnet-id 1 } } @@ -639,7 +647,7 @@ be created. The following example explains the process. set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 ipv6-address 2001:db8::101 set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 ipv6-prefix 2001:db8:0:101::/64 - set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 identifier 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 duid 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff The configuration will look as follows: @@ -650,7 +658,7 @@ The configuration will look as follows: show service dhcpv6-server shared-network-name NET1 subnet 2001:db8::/64 { static-mapping client1 { - identifier 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff + duid 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff ipv6-address 2001:db8::101 ipv6-prefix 2001:db8:0:101::/64 } diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index 7624d309..e430dc73 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -156,6 +156,20 @@ avoid being tracked by the provider of your upstream DNS server. recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled. +.. cfgcmd:: set service dns forwarding options ecs-add-for <address> + + The requestor netmask for which the requestor IP Address should be used as the + EDNS Client Subnet for outgoing queries. + +.. cfgcmd:: set service dns forwarding options ecs-ipv4-bits <number> + + Number of bits of client IPv4 address to pass when sending EDNS Client Subnet + address information. + +.. cfgcmd:: set service dns forwarding options edns-subnet-allow-list <address|domain> + + The netmask or domain that EDNS Client Subnet should be enabled for in outgoing queries. + Example ======= diff --git a/docs/configuration/service/ids.rst b/docs/configuration/service/ids.rst new file mode 100644 index 00000000..3e508d50 --- /dev/null +++ b/docs/configuration/service/ids.rst @@ -0,0 +1,179 @@ +.. _ids: + +############### +DDoS Protection +############### + +********** +FastNetMon +********** + +FastNetMon is a high-performance DDoS detector/sensor built on top of multiple +packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror). It can +detect hosts in the deployed network sending or receiving large volumes of +traffic, packets/bytes/flows per second and perform a configurable action to +handle that event, such as calling a custom script. + +VyOS includes the FastNetMon Community Edition. + +Configuration +============= + +.. cfgcmd:: set service ids ddos-protection alert-script <text> + + Configure alert script that will be executed when an attack is detected. + +.. cfgcmd:: set service ids ddos-protection ban-time <1-4294967294> + + Configure how long an IP (attacker) should be kept in blocked state. + Default value is 1900. + +.. cfgcmd:: set service ids ddos-protection direction [in | out] + + Configure direction for processing traffic. + +.. cfgcmd:: set service ids ddos-protection exclude-network <x.x.x.x/x> +.. cfgcmd:: set service ids ddos-protection exlude-network <h:h:h:h:h:h:h:h/x> + + Specify IPv4 and/or IPv6 networks which are going to be excluded. + +.. cfgcmd:: set service ids ddos-protection listen-interface <text> + + Configure listen interface for mirroring traffic. + +.. cfgcmd:: set service ids ddos-protection mode [mirror | sflow] + + Configure traffic capture mode. + +.. cfgcmd:: set service ids ddos-protection network <x.x.x.x/x> +.. cfgcmd:: set service ids ddos-protection network <h:h:h:h:h:h:h:h/x> + + Specify IPv4 and/or IPv6 networks that should be protected/monitored. + +.. cfgcmd:: set service ids ddos-protection sflow listen-address <x.x.x.x> + + Configure local IPv4 address to listen for sflow. + +.. cfgcmd:: set service ids ddos-protection sflow port <1-65535> + + Configure port number to be used for sflow conection. Default port is 6343. + +.. cfgcmd:: set service ids ddos-protection threshold general + [fps | mbps | pps] <0-4294967294> + + Configure general threshold parameters. + +.. cfgcmd:: set service ids ddos-protection threshold icmp + [fps | mbps | pps] <0-4294967294> + + Configure ICMP threshold parameters. + +.. cfgcmd:: set service ids ddos-protection threshold tcp + [fps | mbps | pps] <0-4294967294> + + Configure TCP threshold parameters + +.. cfgcmd:: set service ids ddos-protection threshold udp + [fps | mbps | pps] <0-4294967294> + + Configure UDP threshold parameters + +Example +======= + +A configuration example can be found in this section. +In this simplified scenario, main things to be considered are: + + * Network to be protected: 192.0.2.0/24 (public IPs use by + customers) + + * **ban-time** and **threshold**: these values are kept very low in order + to easily identify and generate and attack. + + * Direction: **in** and **out**. Protect public network from external + attacks, and identify internal attacks towards internet. + + * Interface **eth0** used to connect to upstream. + +Since we are analyzing attacks to and from our internal network, two types +of attacks can be identified, and differents actions are needed: + + * External attack: an attack from the internet towards an internal IP + is identify. In this case, all connections towards such IP will be + blocked + + * Internal attack: an attack from the internal network (generated by a + customer) towards the internet is identify. In this case, all connections + from this particular IP/Customer will be blocked. + + +So, firewall configuration needed for this setup: + +.. code-block:: none + + set firewall group address-group FNMS-DST-Block + set firewall group address-group FNMS-SRC-Block + + set firewall ipv4 forward filter rule 10 action 'drop' + set firewall ipv4 forward filter rule 10 description 'FNMS - block destination' + set firewall ipv4 forward filter rule 10 destination group address-group 'FNMS-DST-Block' + + set firewall ipv4 forward filter rule 20 action 'drop' + set firewall ipv4 forward filter rule 20 description 'FNMS - Block source' + set firewall ipv4 forward filter rule 20 source group address-group 'FNMS-SRC-Block' + +Then, FastNetMon configuration: + +.. code-block:: none + + set service ids ddos-protection alert-script '/config/scripts/fnm-alert.sh' + set service ids ddos-protection ban-time '10' + set service ids ddos-protection direction 'in' + set service ids ddos-protection direction 'out' + set service ids ddos-protection listen-interface 'eth0' + set service ids ddos-protection mode 'mirror' + set service ids ddos-protection network '192.0.2.0/24' + set service ids ddos-protection threshold general pps '100' + +And content of the script: + +.. code-block:: none + + #!/bin/bash + + # alert-script is called twice. + # When an attack occurs, the program calls a bash script twice: + # 1st time when threshold exceed + # 2nd when we collect 100 packets for detailed audit of what happened. + + # Do nothing if “attack_details” is passed as an argument + if [ "${4}" == "attack_details" ]; then + # Do nothing + exit + fi + # Arguments: + ip=$1 + direction=$2 + pps_rate=$3 + action=$4 + + logger -t FNMS "** Start - Running alert script **" + + if [ "${direction}" == "incoming" ] ; then + group="FNMS-DST-Block" + origin="external" + else + group="FNMS-SRC-Block" + origin="internal" + fi + + if [ "${action}" == "ban" ] ; then + logger -t FNMS "Attack detected for IP ${ip} and ${direction} direction from ${origin} network. Need to block IP address." + logger -t FNMS "Adding IP address ${ip} to firewall group ${group}." + sudo nft add element ip vyos_filter A_${group} { ${ip} } + else + logger -t FNMS "Timeout for IP ${ip}, removing it from group ${group}." + sudo nft delete element ip vyos_filter A_${group} { ${ip} } + fi + logger -t FNMS "** End - Running alert script **" + exit diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst index 1195348f..56ce55eb 100644 --- a/docs/configuration/service/index.rst +++ b/docs/configuration/service/index.rst @@ -13,7 +13,9 @@ Service dhcp-relay dhcp-server dns + eventhandler https + ids ipoe-server lldp mdns @@ -26,4 +28,4 @@ Service ssh tftp-server webproxy - eventhandler + diff --git a/docs/configuration/service/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst index c219a063..ed4ade1a 100644 --- a/docs/configuration/service/ipoe-server.rst +++ b/docs/configuration/service/ipoe-server.rst @@ -72,8 +72,9 @@ IPv6 DNS addresses are optional. set service ipoe-server authentication interface eth3 mac 08:00:27:2F:D8:06 set service ipoe-server authentication mode 'local' - set service ipoe-server client-ipv6-pool delegate '2001:db8:1::/48' delegation-prefix '56' - set service ipoe-server client-ipv6-pool prefix '2001:db8::/48' mask '64' + set service ipoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:1::/48' delegation-prefix '56' + set service ipoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8::/48' mask '64' + set service ipoe-server default-ipv6-pool IPv6-POOL set service ipoe-server name-server '2001:db8::' set service ipoe-server name-server '2001:db8:aaa::' set service ipoe-server name-server '2001:db8:bbb::' @@ -171,8 +172,9 @@ Server configuration set service ipoe-server authentication interface eth1.51 mac 00:0c:29:b7:49:a7 rate-limit upload '50000' set service ipoe-server authentication mode 'local' - set service ipoe-server client-ipv6-pool delegate 2001:db8:ffff::/48 delegation-prefix '56' - set service ipoe-server client-ipv6-pool prefix 2001:db8:fffe::/48 mask '64' + set service ipoe-server client-ipv6-pool IPv6-POOL delegate 2001:db8:ffff::/48 delegation-prefix '56' + set service ipoe-server client-ipv6-pool IPv6-POOL prefix 2001:db8:fffe::/48 mask '64' + set service ipoe-server default-ipv6-pool IPv6-POOL set service ipoe-server interface eth1.50 client-subnet '100.64.50.0/24' set service ipoe-server interface eth1.50 mode 'l2' set service ipoe-server interface eth1.51 client-subnet '100.64.51.0/24' diff --git a/docs/configuration/service/ntp.rst b/docs/configuration/service/ntp.rst index 08be047c..e7ee392b 100644 --- a/docs/configuration/service/ntp.rst +++ b/docs/configuration/service/ntp.rst @@ -81,4 +81,33 @@ Configuration .. cfgcmd:: set service ntp vrf <name> - Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance. + Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance. + +.. cfgcmd:: set service ntp leap-second [ignore|smear|system|timezone] + + Define how to handle leaf-seonds. + + * `ignore`: No correction is applied to the clock for the leap second. The + clock will be corrected later in normal operation when new measurements are + made and the estimated offset includes the one second error. + + * `smear`: When smearing a leap second, the leap status is suppressed on the + server and the served time is corrected slowly by slewing instead of + stepping. The clients do not need any special configuration as they do not + know there is any leap second and they follow the server time which + eventually brings them back to UTC. Care must be taken to ensure they use + only NTP servers which smear the leap second in exactly the same way for + synchronisation. + + * `system`: When inserting a leap second, the kernel steps the system clock + backwards by one second when the clock gets to 00:00:00 UTC. When deleting + a leap second, it steps forward by one second when the clock gets to + 23:59:59 UTC. + + * `timezone`: This directive specifies a timezone in the system timezone + database which chronyd can use to determine when will the next leap second + occur and what is the current offset between TAI and UTC. It will + periodically check if 23:59:59 and 23:59:60 are valid times in the + timezone. This normally works with the right/UTC timezone which is the + default + diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index a230d9fe..56fcb968 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -266,11 +266,11 @@ other servers. Last command says that this PPPoE server can serve only IPv6 ---- -IPv6 client's prefix assignment -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +IPv6 client's prefix +^^^^^^^^^^^^^^^^^^^^ -.. cfgcmd:: set service pppoe-server client-ipv6-pool prefix <address> - mask <number-of-bits> +.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> + prefix <address> mask <number-of-bits> Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to @@ -281,8 +281,8 @@ IPv6 client's prefix assignment IPv6 Prefix Delegation ^^^^^^^^^^^^^^^^^^^^^^ -.. cfgcmd:: set service pppoe-server client-ipv6-pool delegate <address> - delegation-prefix <number-of-bits> +.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> + delegate <address> delegation-prefix <number-of-bits> Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation @@ -291,6 +291,14 @@ IPv6 Prefix Delegation delegation prefix can be set from 32 to 64 bit long. +IPv6 default client's pool assignment +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. cfgcmd:: set service pppoe-server default-ipv6-pool <POOL-NAME> + + Use this command to define default IPv6 address pool name. + + Maintenance mode ================ @@ -374,8 +382,9 @@ The example below covers a dual-stack configuration via pppoe-server. set service pppoe-server authentication mode 'local' set service pppoe-server client-ip-pool IP-POOL range '192.168.0.1/24' set service pppoe-server default-pool 'IP-POOL' - set service pppoe-server client-ipv6-pool delegate '2001:db8:8003::/48' delegation-prefix '56' - set service pppoe-server client-ipv6-pool prefix '2001:db8:8002::/48' mask '64' + set service pppoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' + set service pppoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set service pppoe-server default-ipv6-pool IPv6-POOL set service pppoe-server ppp-options ipv6 allow set service pppoe-server name-server '10.1.1.1' set service pppoe-server name-server '2001:db8:4860::8888' diff --git a/docs/configuration/system/ip.rst b/docs/configuration/system/ip.rst index 0f45b7ca..279630e2 100644 --- a/docs/configuration/system/ip.rst +++ b/docs/configuration/system/ip.rst @@ -43,6 +43,19 @@ can be used to filter which routes zebra will install in the kernel. .. note:: If you choose any as the option that will cause all protocols that are sending routes to zebra. +Nexthop Tracking +^^^^^^^^^^^^^^^^ + +Nexthop tracking resolve nexthops via the default route by default. This is enabled +by default for a traditional profile of FRR which we use. It and can be disabled if +you do not wan't to e.g. allow BGP to peer across the default route. + +.. cfgcmd:: set system ip nht no-resolve-via-default + + Do not allow IPv4 nexthop tracking to resolve via the default route. This + parameter is configured per-VRF, so the command is also available in the VRF + subnode. + Operational commands -------------------- diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst index c7308f9d..d8d3c4c9 100644 --- a/docs/configuration/system/ipv6.rst +++ b/docs/configuration/system/ipv6.rst @@ -39,6 +39,19 @@ can be used to filter which routes zebra will install in the kernel. .. note:: If you choose any as the option that will cause all protocols that are sending routes to zebra. +Nexthop Tracking +^^^^^^^^^^^^^^^^ + +Nexthop tracking resolve nexthops via the default route by default. This is enabled +by default for a traditional profile of FRR which we use. It and can be disabled if +you do not wan't to e.g. allow BGP to peer across the default route. + +.. cfgcmd:: set system ipv6 nht no-resolve-via-default + + Do not allow IPv6 nexthop tracking to resolve via the default route. This + parameter is configured per-VRF, so the command is also available in the VRF + subnode. + Operational commands -------------------- diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst index 98e05cdd..09e27c53 100644 --- a/docs/configuration/system/login.rst +++ b/docs/configuration/system/login.rst @@ -34,6 +34,10 @@ Local Setup encrypted password for given username. This is useful for transferring a hashed password from system to system. +.. cfgcmd:: set system login user <name> disable + + Disable (lock) account. User will not be able to log in. + .. _ssh_key_based_authentication: Key Based Authentication diff --git a/docs/configuration/system/option.rst b/docs/configuration/system/option.rst index c9c9bfb1..788765f0 100644 --- a/docs/configuration/system/option.rst +++ b/docs/configuration/system/option.rst @@ -22,6 +22,19 @@ General Play an audible beep to the system speaker when system is ready. +.. cfgcmd:: set system option root-partition-auto-resize + + Enables the root partition auto-extension and resizes to the maximum + available space on system boot. + +Kernel +====== + +.. cfgcmd:: set system option kernel disable-mitigations + + Disable all optional CPU mitigations. This improves system performance, + but it may also expose users to several CPU vulnerabilities. + *********** HTTP client *********** diff --git a/docs/configuration/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst index b6ee86af..fad69bc3 100644 --- a/docs/configuration/vpn/ipsec.rst +++ b/docs/configuration/vpn/ipsec.rst @@ -49,9 +49,9 @@ VyOS IKE group has the next options: * ``none`` set action to none (default); - * ``hold`` set action to hold; + * ``trap`` installs a trap policy for the CHILD_SA; - * ``restart`` set action to restart; + * ``start`` tries to immediately re-create the CHILD_SA; * ``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty @@ -60,11 +60,13 @@ VyOS IKE group has the next options: * ``action`` keep-alive failure action: - * ``hold`` set action to hold (default) + * ``trap`` installs a trap policy, which will catch matching traffic + and tries to re-negotiate the tunnel on-demand; - * ``clear`` set action to clear; + * ``clear`` closes the CHILD_SA and does not take further action (default); - * ``restart`` set action to restart; + * ``restart`` immediately tries to re-negotiate the CHILD_SA + under a fresh IKE_SA; * ``interval`` keep-alive interval in seconds <2-86400> (default 30); diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index 4a7657e7..ce3b6711 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -98,7 +98,7 @@ Below is an example to configure a LNS: set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254 set vpn l2tp remote-access default-pool 'L2TP-POOL' set vpn l2tp remote-access lns shared-secret 'secret' - set vpn l2tp remote-access ccp-disable + set vpn l2tp remote-access ppp-options disable-ccp set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access authentication local-users username test password 'test' diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst index 23df1b76..78cadfb5 100644 --- a/docs/configuration/vpn/site2site_ipsec.rst +++ b/docs/configuration/vpn/site2site_ipsec.rst @@ -317,7 +317,7 @@ Imagine the following topology set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256' set vpn ipsec ike-group IKEv2_DEFAULT close-action 'none' - set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold' + set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'trap' set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30' set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120' set vpn ipsec ike-group IKEv2_DEFAULT disable-mobike @@ -357,7 +357,7 @@ Imagine the following topology set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256' set vpn ipsec ike-group IKEv2_DEFAULT close-action 'none' - set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold' + set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'trap' set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30' set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120' set vpn ipsec ike-group IKEv2_DEFAULT disable-mobike @@ -397,18 +397,18 @@ Key Parameters: routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration. -* ``dead-peer-detection action = clear | hold | restart`` - R_U_THERE +* ``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The - values clear, hold, and restart all activate DPD and determine the action to + values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. - ``hold`` installs a trap policy, which will catch matching traffic and tries + ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection. -* ``close-action = none | clear | hold | restart`` - defines the action to take +* ``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids. diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index d9bb4353..a9def827 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -132,7 +132,8 @@ Configuration Use this command to define default address pool name. -.. cfgcmd:: set vpn sstp client-ipv6-pool prefix <address> mask <number-of-bits> +.. cfgcmd:: set vpn sstp client-ipv6-pool <IPv6-POOL-NAME> prefix <address> + mask <number-of-bits> Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the @@ -140,8 +141,8 @@ Configuration bit long, the default value is 64. -.. cfgcmd:: set vpn sstp client-ipv6-pool delegate <address> delegation-prefix - <number-of-bits> +.. cfgcmd:: set vpn sstp client-ipv6-pool <IPv6-POOL-NAME> delegate <address> + delegation-prefix <number-of-bits> Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the @@ -150,6 +151,11 @@ Configuration delegation prefix can be set from 32 to 64 bit long. +.. cfgcmd:: set vpn sstp default-ipv6-pool <IPv6-POOL-NAME> + + Use this command to define default IPv6 address pool name. + + .. cfgcmd:: set vpn sstp name-server <address> Connected client should use `<address>` as their DNS server. This @@ -173,35 +179,98 @@ SSL Certificates PPP Settings ------------ +.. cfgcmd:: set vpn sstp ppp-options disable-ccp + + Disable Compression Control Protocol (CCP). + CCP is enabled by default. + +.. cfgcmd:: set vpn sstp ppp-options interface-cache <number> + + Specifies number of interfaces to keep in cache. It means that don’t + destroy interface after corresponding session is destroyed, instead + place it to cache and use it later for new sessions repeatedly. + This should reduce kernel-level interface creation/deletion rate lack. + Default value is **0**. + +.. cfgcmd:: set vpn sstp ppp-options ipv4 <require | prefer | allow | deny> + + Specifies IPv4 negotiation preference. + + * **require** - Require IPv4 negotiation + * **prefer** - Ask client for IPv4 negotiation, do not fail if it rejects + * **allow** - Negotiate IPv4 only if client requests (Default value) + * **deny** - Do not negotiate IPv4 + +.. cfgcmd:: set vpn sstp ppp-options ipv6 <require | prefer | allow | deny> + + Specifies IPv6 negotiation preference. + + * **require** - Require IPv6 negotiation + * **prefer** - Ask client for IPv6 negotiation, do not fail if it rejects + * **allow** - Negotiate IPv6 only if client requests + * **deny** - Do not negotiate IPv6 (default value) + +.. cfgcmd:: set vpn sstp ppp-options ipv6-accept-peer-interface-id + + Accept peer interface identifier. By default is not defined. + +.. cfgcmd:: set vpn sstp ppp-options ipv6-interface-id <random | x:x:x:x> + + Specifies fixed or random interface identifier for IPv6. + By default is fixed. + + * **random** - Random interface identifier for IPv6 + * **x:x:x:x** - Specify interface identifier for IPv6 + +.. cfgcmd:: set vpn sstp ppp-options ipv6-interface-id <random | x:x:x:x> + + Specifies peer interface identifier for IPv6. By default is fixed. + + * **random** - Random interface identifier for IPv6 + * **x:x:x:x** - Specify interface identifier for IPv6 + * **ipv4-addr** - Calculate interface identifier from IPv4 address. + * **calling-sid** - Calculate interface identifier from calling-station-id. + .. cfgcmd:: set vpn sstp ppp-options lcp-echo-failure <number> Defines the maximum `<number>` of unanswered echo requests. Upon reaching the - value `<number>`, the session will be reset. + value `<number>`, the session will be reset. Default value is **3**. .. cfgcmd:: set vpn sstp ppp-options lcp-echo-interval <interval> If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. + Default value is **30**. .. cfgcmd:: set vpn sstp ppp-options lcp-echo-timeout Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" - is not used. + is not used. Default value is **0**. + +.. cfgcmd:: set vpn sstp ppp-options min-mtu <number> + + Defines minimum acceptable MTU. If client will try to negotiate less then + specified MTU then it will be NAKed or disconnected if rejects greater MTU. + Default value is **100**. .. cfgcmd:: set vpn sstp ppp-options mppe <require | prefer | deny> - Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation + Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference. * **require** - ask client for mppe, if it rejects drop connection - * **prefer** - ask client for mppe, if it rejects don't fail + * **prefer** - ask client for mppe, if it rejects don't fail. (Default value) * **deny** - deny mppe Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute. +.. cfgcmd:: set vpn sstp ppp-options mru <number> + + Defines preferred MRU. By default is not defined. + RADIUS ------ diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst index bd482cd9..67eba886 100644 --- a/docs/configuration/vrf/index.rst +++ b/docs/configuration/vrf/index.rst @@ -67,6 +67,25 @@ can be used to filter which routes zebra will install in the kernel. .. note:: If you choose any as the option that will cause all protocols that are sending routes to zebra. +Nexthop Tracking +---------------- + +Nexthop tracking resolve nexthops via the default route by default. This is enabled +by default for a traditional profile of FRR which we use. It and can be disabled if +you do not wan't to e.g. allow BGP to peer across the default route. + +.. cfgcmd:: set vrf name <name> ip nht no-resolve-via-default + + Do not allow IPv4 nexthop tracking to resolve via the default route. This + parameter is configured per-VRF, so the command is also available in the VRF + subnode. + +.. cfgcmd:: set vrf name <name> ipv6 nht no-resolve-via-default + + Do not allow IPv4 nexthop tracking to resolve via the default route. This + parameter is configured per-VRF, so the command is also available in the VRF + subnode. + Interfaces ---------- diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index 919f30bf..16eb8ac7 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -371,7 +371,7 @@ more or less similar looking error message: (10:13) vyos_bld ece068908a5b:/vyos [current] # To debug the build process and gain additional information of what could be the -root cause, you need to use `chroot` to change into the build directry. This is +root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure: .. code-block:: none diff --git a/docs/contributing/debugging.rst b/docs/contributing/debugging.rst index fec73257..e03f3f81 100644 --- a/docs/contributing/debugging.rst +++ b/docs/contributing/debugging.rst @@ -125,7 +125,7 @@ You can type ``help`` to get an overview of the available commands, and Useful commands are: * examine variables using ``pp(var)`` -* contine execution using ``cont`` +* continue execution using ``cont`` * get a backtrace using ``bt`` Config Migration Scripts @@ -147,7 +147,7 @@ look like: The reason is that the configuration migration backend is rewritten and uses a new form of "magic string" which is applied on demand when real config -migration is run on boot. When runnint individual migrators for testing, +migration is run on boot. When running individual migrators for testing, you need to convert the "magic string" on your own by: .. code-block:: none @@ -157,13 +157,13 @@ you need to convert the "magic string" on your own by: Configuration Error on System Boot ---------------------------------- -Beeing brave and running the latest rolling releases will sometimes trigger +Being brave and running the latest rolling releases will sometimes trigger bugs due to corner cases we missed in our design. Those bugs should be filed -via Phabricator_ but you can help us to narrow doen the issue. Login to your +via Phabricator_ but you can help us to narrow down the issue. Login to your VyOS system and change into configuration mode by typing ``configure``. Now re-load your boot configuration by simply typing ``load`` followed by return. -You shoudl now see a Python backtrace which will help us to handle the issue, +You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task. Boot Timing @@ -179,7 +179,7 @@ installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_ -To enable boot time graphing change the Kernel commandline and add the folowing +To enable boot time graphing change the Kernel commandline and add the following string: ``init=/usr/lib/systemd/systemd-bootchart`` This can also be done permanently by changing ``/boot/grub/grub.cfg``. @@ -190,7 +190,7 @@ Priorities VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any -other ``commit`` to the config all scripts are executed from lowest to higest +other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior. To debug issues in priorities or to see what's going on in the background diff --git a/docs/contributing/development.rst b/docs/contributing/development.rst index 1f296144..e39af3a5 100644 --- a/docs/contributing/development.rst +++ b/docs/contributing/development.rst @@ -252,7 +252,7 @@ contributors to navigate through the sources and all the implied logic of the spaghetti code. Please use the following template as good starting point when developing new -modules or even rewrite a whole bunch of code in the new style XML/Pyhon +modules or even rewrite a whole bunch of code in the new style XML/Python interface. diff --git a/docs/contributing/testing.rst b/docs/contributing/testing.rst index 772ff04a..78860c06 100644 --- a/docs/contributing/testing.rst +++ b/docs/contributing/testing.rst @@ -20,7 +20,7 @@ Jenkins CI Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a -successfull test drive. +successful test drive. We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make @@ -42,7 +42,7 @@ with the following packages: if (params.BUILD_SMOKETESTS) CUSTOM_PACKAGES = '--custom-package vyos-1x-smoketest' -So if you plan to build your own custom ISO image and wan't to make use of our +So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed. The ``make test`` command from the vyos-build_ repository will launch a new @@ -106,7 +106,7 @@ Those common tests consists out of: * VLANs (QinQ and regular 802.1q) * ... -.. note:: When you are working on interface configuration and you also wan't to +.. note:: When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand diff --git a/docs/copyright.md b/docs/copyright.md index 2a06d761..97cc30ca 100644 --- a/docs/copyright.md +++ b/docs/copyright.md @@ -1,6 +1,6 @@ # Copyright Notice -Copyright (C) 2018-2023 VyOS maintainers and contributors +Copyright (C) 2018-2024 VyOS maintainers and contributors Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all diff --git a/docs/documentation.rst b/docs/documentation.rst index 1d7e3402..91f0e42b 100644 --- a/docs/documentation.rst +++ b/docs/documentation.rst @@ -146,7 +146,7 @@ access to the official codebase. Style Guide =========== -Formating and Sphinxmarkup +Formatting and Sphinxmarkup -------------------------- TOC Level diff --git a/docs/installation/cloud/aws.rst b/docs/installation/cloud/aws.rst index da0c46d3..992e2609 100644 --- a/docs/installation/cloud/aws.rst +++ b/docs/installation/cloud/aws.rst @@ -25,7 +25,7 @@ Deploy VyOS on Amazon :abbr:`AWS (Amazon Web Services)` .. figure:: /_static/images/cloud-aws-04.png 5. Additional storage. You can remove additional storage ``/dev/sdb``. First - root device will be ``/dev/xvda``. You can skeep this step. + root device will be ``/dev/xvda``. You can skip this step. .. figure:: /_static/images/cloud-aws-05.png @@ -66,7 +66,7 @@ To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Sto .. note:: The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+ -3. Retreive an existing CloudWatch Agent configuration from the :abbr:`SSM (Systems Manager)` Parameter Store. +3. Retrieve an existing CloudWatch Agent configuration from the :abbr:`SSM (Systems Manager)` Parameter Store. .. code-block:: none @@ -85,7 +85,7 @@ Creating the Amazon Cloudwatch Agent Configuration in Amazon :abbr:`SSM (Systems 1. Create an :abbr:`IAM (Identity and Access Management)` role for your :abbr:`EC2 (Elastic Compute Cloud)` instance to access the CloudWatch service. Name it CloudWatchAgentAdminRole. The role should contain at two default policies: CloudWatchAgentAdminPolicy and AmazonSSMManagedInstanceCore. - .. note:: CloudWatchAgentServerRole is too permisive and should be used for single configuration creation and deployment. That's why after completion of step #3 higly recommended to replace instance CloudWatchAgentAdminRole role with CloudWatchAgentServerRole. + .. note:: CloudWatchAgentServerRole is too permissive and should be used for single configuration creation and deployment. That's why after completion of step #3 highly recommended to replace instance CloudWatchAgentAdminRole role with CloudWatchAgentServerRole. 2. Run Cloudwatch configuration wizard. @@ -99,4 +99,4 @@ References ---------- - https://console.aws.amazon.com/ - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-iam-roles-for-cloudwatch-agent.html -- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-EC2-Instance-fleet.html
\ No newline at end of file +- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-EC2-Instance-fleet.html diff --git a/docs/quick-start.rst b/docs/quick-start.rst index cf930bdd..49f5aeb6 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -165,7 +165,7 @@ Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and -will be avaluated before any other rule defined in the firewall. +will be evaluated before any other rule defined in the firewall. Most installations would choose this option, and will contain: @@ -241,7 +241,7 @@ established and related connections, we can block all other incoming traffic addressed to our local network. Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not -explicity allowed at some point in the chain. Then, we can jump to that chain +explicitly allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network. diff --git a/docs/troubleshooting/index.rst b/docs/troubleshooting/index.rst index 902acf3a..8a34edd9 100644 --- a/docs/troubleshooting/index.rst +++ b/docs/troubleshooting/index.rst @@ -378,7 +378,7 @@ to clear interface counters # clear all interfaces vyos@vyos:~$ clear interface ethernet counters # clear specific interface - vyos@vyos:~$ clear interface ehternet eth0 counters + vyos@vyos:~$ clear interface ethernet eth0 counters The command follow the same logic as the ``set`` command in configuration mode. |
