From f7fc3ce017b03f7c9f4a20a94e2a4d03ee935852 Mon Sep 17 00:00:00 2001 From: fett0 Date: Thu, 17 Jun 2021 14:02:39 -0300 Subject: automation: add custom pre/post-commit hooks --- docs/automation/command-scripting.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index 6bc6690c..b48b8dbf 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -105,6 +105,25 @@ group, the script can be safeguarded like this: exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@" fi +Executing pre-hooks/post-hooks Scripts +------------------------------- + +Vyos has the ability to run custom scripts before and after each commit + +≈ + +The default folder where you put your custom Scripts is: + +.. code-block:: none + + +/config/scripts/commit/pre-hooks.d - folder with scripts that run before each commit +/config/scripts/commit/post-hooks.d - folder with scripts that run after each commit + +Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters, ASCII digits, ASCII underscores, and ASCII minus-hyphens. +No other characters are allowed. + + Postconfig on boot ------------------ -- cgit v1.2.3 From f06b82fdb0cbb0ca142bd753faa859ce05b338ff Mon Sep 17 00:00:00 2001 From: Cheeze_It Date: Thu, 17 Jun 2021 16:29:56 -0600 Subject: PING: T3634: Adding do not fragment to Ping Here we're just making a small change to reflect that we added do not fragment to ping. --- docs/troubleshooting/index.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/troubleshooting/index.rst b/docs/troubleshooting/index.rst index 1013dba6..902acf3a 100644 --- a/docs/troubleshooting/index.rst +++ b/docs/troubleshooting/index.rst @@ -36,6 +36,7 @@ section and are omitted from the output here): bypass-route count deadline + do-not-fragment flood interface interval -- cgit v1.2.3 From 7dab67c12964f5fbaeee0619c6db6748c14e924e Mon Sep 17 00:00:00 2001 From: rebortg Date: Fri, 18 Jun 2021 21:12:29 +0200 Subject: documentation: fix build error --- docs/documentation.rst | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/documentation.rst b/docs/documentation.rst index e0d73155..5d8b67c3 100644 --- a/docs/documentation.rst +++ b/docs/documentation.rst @@ -161,7 +161,7 @@ The plugin will warn on build if a headline has a duplicate name in the same document. To prevent this warning you have to put a custom link on top of the headline. -.. code-block:: +.. code-block:: none Section A ========== @@ -186,10 +186,6 @@ top of the headline. Lorem ipsum dolor sit amet, consetetur sadipscing elitr - - - - Address space ^^^^^^^^^^^^^ -- cgit v1.2.3 From 6f94d588f55a8794f5379112adcfef901a9cf754 Mon Sep 17 00:00:00 2001 From: fett0 Date: Fri, 18 Jun 2021 17:09:30 -0300 Subject: automation: add custom pre/post-commit hooks --- docs/automation/command-scripting.rst | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index b48b8dbf..43614c21 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -106,23 +106,39 @@ group, the script can be safeguarded like this: fi Executing pre-hooks/post-hooks Scripts -------------------------------- +-------------------------------------- Vyos has the ability to run custom scripts before and after each commit -≈ - -The default folder where you put your custom Scripts is: +The default directories where your custom Scripts should be located are: .. code-block:: none + /config/scripts/commit/pre-hooks.d - Directory with scripts that run before each commit + /config/scripts/commit/post-hooks.d - Directory with scripts that run after each commit -/config/scripts/commit/pre-hooks.d - folder with scripts that run before each commit -/config/scripts/commit/post-hooks.d - folder with scripts that run after each commit - -Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters, ASCII digits, ASCII underscores, and ASCII minus-hyphens. +Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and +lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens. No other characters are allowed. +.. note:: Custom scripts are not executed with root privileges (Use sudo inside if this is necessary). + +A simple example is shown below, where the ops command executed in the post-hook script is "show interfaces". + +.. code-block:: none + + vyos@vyos# set interfaces ethernet eth1 address 30.30.30.30/24 + vyos@vyos# commit + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + eth0 10.10.10.10/24 u/u + eth1 30.30.30.30/24 u/u + eth2 10.10.20.20/24 u/u + eth3 - u/u + lo 127.0.0.1/8 u/u + ::1/128 + Postconfig on boot ------------------ -- cgit v1.2.3 From d83da4ec55488ae1a3c09d8ca8d3b7d910adf0f2 Mon Sep 17 00:00:00 2001 From: fett0 Date: Fri, 18 Jun 2021 17:52:10 -0300 Subject: automation: add custom pre/post-commit hooks --- docs/automation/command-scripting.rst | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index 43614c21..cf6c1f7b 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -114,30 +114,34 @@ The default directories where your custom Scripts should be located are: .. code-block:: none - /config/scripts/commit/pre-hooks.d - Directory with scripts that run before each commit - /config/scripts/commit/post-hooks.d - Directory with scripts that run after each commit + /config/scripts/commit/pre-hooks.d - Directory with scripts that run before + each commit. -Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and -lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens. -No other characters are allowed. + /config/scripts/commit/post-hooks.d - Directory with scripts that run after + each commit. + +Scripts are run in alphabetical order. Their names must consist entirely of +ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and +ASCII minus-hyphens.No other characters are allowed. .. note:: Custom scripts are not executed with root privileges (Use sudo inside if this is necessary). -A simple example is shown below, where the ops command executed in the post-hook script is "show interfaces". +A simple example is shown below, where the ops command executed in +the post-hook script is "show interfaces". .. code-block:: none - vyos@vyos# set interfaces ethernet eth1 address 30.30.30.30/24 + vyos@vyos# set interfaces ethernet eth1 address 192.0.2.3/24 vyos@vyos# commit Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- - eth0 10.10.10.10/24 u/u - eth1 30.30.30.30/24 u/u - eth2 10.10.20.20/24 u/u + eth0 198.51.100.10/24 u/u + eth1 192.0.2.3/24 u/u + eth2 - u/u eth3 - u/u - lo 127.0.0.1/8 u/u - ::1/128 + lo 203.0.113.5/24 u/u + Postconfig on boot -- cgit v1.2.3 From 8f776a9e23f63f77c421126def5ea04a77a54f81 Mon Sep 17 00:00:00 2001 From: fett0 <50275740+fett0@users.noreply.github.com> Date: Fri, 18 Jun 2021 17:56:20 -0300 Subject: automation: add custom pre/post-commit hooks (#550) --- docs/automation/command-scripting.rst | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index 6bc6690c..cf6c1f7b 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -105,6 +105,45 @@ group, the script can be safeguarded like this: exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@" fi +Executing pre-hooks/post-hooks Scripts +-------------------------------------- + +Vyos has the ability to run custom scripts before and after each commit + +The default directories where your custom Scripts should be located are: + +.. code-block:: none + + /config/scripts/commit/pre-hooks.d - Directory with scripts that run before + each commit. + + /config/scripts/commit/post-hooks.d - Directory with scripts that run after + each commit. + +Scripts are run in alphabetical order. Their names must consist entirely of +ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and +ASCII minus-hyphens.No other characters are allowed. + +.. note:: Custom scripts are not executed with root privileges (Use sudo inside if this is necessary). + +A simple example is shown below, where the ops command executed in +the post-hook script is "show interfaces". + +.. code-block:: none + + vyos@vyos# set interfaces ethernet eth1 address 192.0.2.3/24 + vyos@vyos# commit + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + eth0 198.51.100.10/24 u/u + eth1 192.0.2.3/24 u/u + eth2 - u/u + eth3 - u/u + lo 203.0.113.5/24 u/u + + + Postconfig on boot ------------------ -- cgit v1.2.3 From 61bd4d04522cddf0166dd270f47dd18c0ef12cb2 Mon Sep 17 00:00:00 2001 From: erkin Date: Sun, 20 Jun 2021 20:16:57 +0300 Subject: Deprecate `loadkey` --- docs/configuration/service/ssh.rst | 29 +++++++++++++++++++++++++++++ docs/configuration/system/login.rst | 4 ++++ 2 files changed, 33 insertions(+) diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst index 6b09d40d..dc382b67 100644 --- a/docs/configuration/service/ssh.rst +++ b/docs/configuration/service/ssh.rst @@ -156,3 +156,32 @@ Operation Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created. + +.. opcmd:: generate public-key-commands name path + + Generate the configuration mode commands to add a public key for + :ref:`ssh_key_based_authentication`. + `` can be a local path or a URL pointing at a remote file. + Supported remote protocols are FTP, HTTP, HTTPS, SCP/SFTP and TFTP. + + Example: + + .. code-block:: none + + alyssa@vyos:~$ generate public-key-commands name alyssa path sftp://example.net/home/alyssa/.ssh/id_rsa.pub + # To add this key as an embedded key, run the following commands: + configure + set system login user alyssa authentication public-keys alyssa@example.net key AAA... + set system login user alyssa authentication public-keys alyssa@example.net type ssh-rsa + commit + save + exit + + ben@vyos:~$ generate public-key-command user ben path ~/.ssh/id_rsa.pub + # To add this key as an embedded key, run the following commands: + configure + set system login user ben authentication public-keys ben@vyos key AAA... + set system login user ben authentication public-keys ben@vyos type ssh-dss + commit + save + exit diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst index 0492f4d1..784e4f3e 100644 --- a/docs/configuration/system/login.rst +++ b/docs/configuration/system/login.rst @@ -76,6 +76,10 @@ The third part is simply an identifier, and is for your own reference. .. cfgcmd:: loadkey + **Deprecation notice:** ``loadkey`` has been deprecated in favour of + :opcmd:`generate public-key-commands` and will be removed in a future + version. See :ref:`ssh:operation`. + SSH keys can not only be specified on the command-line but also loaded for a given user with `` from a file pointed to by `.` Keys can be either loaded from local filesystem or any given remote location -- cgit v1.2.3 From 6f5dad1978811601f5219f6856f11b994dde301d Mon Sep 17 00:00:00 2001 From: erkin Date: Sun, 20 Jun 2021 20:23:53 +0300 Subject: ssh: Fix formatting --- docs/configuration/service/ssh.rst | 3 ++- docs/configuration/system/login.rst | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst index dc382b67..40ec62f5 100644 --- a/docs/configuration/service/ssh.rst +++ b/docs/configuration/service/ssh.rst @@ -161,7 +161,8 @@ Operation Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. - `` can be a local path or a URL pointing at a remote file. + ```` can be a local path or a URL pointing at a remote file. + Supported remote protocols are FTP, HTTP, HTTPS, SCP/SFTP and TFTP. Example: diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst index 784e4f3e..09b6e68b 100644 --- a/docs/configuration/system/login.rst +++ b/docs/configuration/system/login.rst @@ -78,7 +78,7 @@ The third part is simply an identifier, and is for your own reference. **Deprecation notice:** ``loadkey`` has been deprecated in favour of :opcmd:`generate public-key-commands` and will be removed in a future - version. See :ref:`ssh:operation`. + version. See :ref:`ssh`. SSH keys can not only be specified on the command-line but also loaded for a given user with `` from a file pointed to by `.` Keys -- cgit v1.2.3 From b9d6795ac8d9043af3e0444385222b5ed38e8f1d Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 21 Jun 2021 06:22:35 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.3.rst | 29 ++++++++++++++++++++++++++++- docs/changelog/1.4.rst | 43 ++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 71 insertions(+), 3 deletions(-) diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index 78099bcc..0de84e53 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit 78099bccc510c90ad7cfa5f56475ba024d5d53a7 +Subproject commit 0de84e53c36604af2bac3b5d8eb00480f9623aa0 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index afc77f4a..99d2dead 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,33 @@ _ext/releasenotes.py +2021-06-19 +========== + +* :vytask:`T3633` (feature): Add LRO offload for interface ethernet +* :vytask:`T3632` (bug): policy: route-map: unable to configure route-target / site-of-origin + + +2021-06-18 +========== + +* :vytask:`T3634` (feature): Add op command option for ping for do not fragment bit to be set + + +2021-06-17 +========== + +* :vytask:`T3631` (feature): route-map: migrate "set extcommunity-rt" and "set extcommunity-soo" to "set extcommunity rt|soo" to match FRR syntax + + +2021-06-16 +========== + +* :vytask:`T3623` (default): Fix for dummy interface option in the operational command "clear interfaces dummy" +* :vytask:`T2425` (feature): Rewrite all policy zebra filters to XML/Python style +* :vytask:`T3630` (feature): op-mode: add "show version kernel" command + + 2021-06-13 ========== @@ -528,7 +555,7 @@ 2021-02-16 ========== -* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.125 / 5.10.43 +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.127 / 5.10.45 2021-02-14 diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 8d4d8125..4d5cfe7b 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,47 @@ _ext/releasenotes.py +2021-06-21 +========== + +* :vytask:`T3628` (bug): commit-archive source-address Interface Broken +* :vytask:`T3563` (default): commit-archive breaks with IPv6 source addresses + + +2021-06-20 +========== + +* :vytask:`T3637` (bug): vrf: bind-to-all didn't work properly +* :vytask:`T3639` (default): GCC preprocessor clobbers C comments + + +2021-06-19 +========== + +* :vytask:`T3633` (feature): Add LRO offload for interface ethernet +* :vytask:`T3632` (bug): policy: route-map: unable to configure route-target / site-of-origin + + +2021-06-18 +========== + +* :vytask:`T3634` (feature): Add op command option for ping for do not fragment bit to be set +* :vytask:`T3599` (default): Migrate NHRP to XML/Python + + +2021-06-17 +========== + +* :vytask:`T3624` (feature): BGP: add support for extended community bandwidth definition + + +2021-06-16 +========== + +* :vytask:`T3623` (default): Fix for dummy interface option in the operational command "clear interfaces dummy" +* :vytask:`T3630` (feature): op-mode: add "show version kernel" command + + 2021-06-13 ========== @@ -621,7 +662,7 @@ ========== * :vytask:`T3313` (bug): ospfv3 interface missing options -* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.125 / 5.10.43 +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.127 / 5.10.45 2021-02-15 -- cgit v1.2.3 From f0b233d760ce1066b023b412c425a7976880905d Mon Sep 17 00:00:00 2001 From: fett0 Date: Wed, 23 Jun 2021 14:36:15 -0300 Subject: automation: add description preconfig on boot --- docs/automation/command-scripting.rst | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index cf6c1f7b..c186257e 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -142,7 +142,23 @@ the post-hook script is "show interfaces". eth3 - u/u lo 203.0.113.5/24 u/u +Preconfig on boot +----------------- +The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot +before the VyOS configuration during boot process. + +Any modifications done to work around unfixed bugs and implement enhancements +which are not complete in the VyOS system can be placed here. + +The default file looks like this: + +.. code-block:: none + + #!/bin/sh + # This script is executed at boot time before VyOS configuration is applied. + # Any modifications required to work around unfixed bugs or use + # services not available through the VyOS CLI system can be placed here. Postconfig on boot ------------------ @@ -158,10 +174,10 @@ The default file looks like this: .. code-block:: none #!/bin/sh - # This script is executed at boot time after VyOS configuration is fully + # This script is executed at boot time after VyOS configuration is fullyßßßß # applied. Any modifications required to work around unfixed bugs or use # services not available through the VyOS CLI system can be placed here. -.. hint:: For configuration/upgrade management issues, modification of this +.. hint:: For configuration/upgrade management issues, modification of these script should be the last option. Always try to find solutions based on CLI commands first. -- cgit v1.2.3 From 48c9f47f2ad498c725db466ebaac31dc6a2e71a9 Mon Sep 17 00:00:00 2001 From: fett0 Date: Wed, 23 Jun 2021 15:08:48 -0300 Subject: automation: add description preconfig on boot --- docs/automation/command-scripting.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index c186257e..56c0817e 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -174,7 +174,7 @@ The default file looks like this: .. code-block:: none #!/bin/sh - # This script is executed at boot time after VyOS configuration is fullyßßßß + # This script is executed at boot time after VyOS configuration is fully # applied. Any modifications required to work around unfixed bugs or use # services not available through the VyOS CLI system can be placed here. -- cgit v1.2.3 From 18e33cb14ab78c9899d9f9709e5810f3e11642b1 Mon Sep 17 00:00:00 2001 From: rebortg Date: Wed, 23 Jun 2021 20:20:26 +0200 Subject: vyos: add proofread meta data test --- docs/_ext/vyos.py | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/docs/_ext/vyos.py b/docs/_ext/vyos.py index 46ebae36..0a198821 100644 --- a/docs/_ext/vyos.py +++ b/docs/_ext/vyos.py @@ -1,6 +1,7 @@ import re import json import os +from datetime import datetime from docutils import io, nodes, utils, statemachine from docutils.parsers.rst.roles import set_classes from docutils.parsers.rst import Directive, directives, states @@ -9,6 +10,9 @@ from sphinx.util.docutils import SphinxDirective from testcoverage import get_working_commands +from sphinx.util import logging + +logger = logging.getLogger(__name__) def setup(app): @@ -74,6 +78,7 @@ def setup(app): app.add_directive('opcmd', OpCmdDirective) app.add_directive('cmdinclude', CfgInclude) app.connect('doctree-resolved', process_cmd_nodes) + app.connect('doctree-read', handle_document_meta_data) class CfgcmdList(nodes.General, nodes.Element): pass @@ -640,4 +645,23 @@ def vytask_role(name, rawtext, text, lineno, inliner, options={}, content=[]): def cmd_role(name, rawtext, text, lineno, inliner, options={}, content=[]): node = nodes.literal(text, text) - return [node], [] \ No newline at end of file + return [node], [] + + +def handle_document_meta_data(app, document): + docname = app.env.docname + lastproofread = app.env.metadata[docname].get('lastproofread', False) + if lastproofread: + try: + lastproofread_time = datetime.strptime(lastproofread, '%Y-%m-%d') + delta = datetime.now() - lastproofread_time + if delta.days > 180: + logger.warning(f'{delta.days} days since last proofread {app.env.doc2path(docname)}') + + except Exception as e: + logger.warning(f'lastproofread meta data error in {app.env.doc2path(docname)}: {e}') + else: + pass + #logger.warning(f'lastproofread meta data missing in {app.env.doc2path(docname)}') + + -- cgit v1.2.3 From 41b787f16b7e61da0e1a5494763dc35f3f48fec1 Mon Sep 17 00:00:00 2001 From: Ganawa Juanah Date: Fri, 25 Jun 2021 11:47:23 -0500 Subject: added container command refrences --- docs/configuration/container/index.rst | 139 +++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 docs/configuration/container/index.rst diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst new file mode 100644 index 00000000..2447cf90 --- /dev/null +++ b/docs/configuration/container/index.rst @@ -0,0 +1,139 @@ +.. _container: + +######## +Container +######## + +************* +Configuration +************* + +.. cfgcmd:: set container + + Set an named container. + +.. cfgcmd:: set container network + + Creates a named container network + +.. cfgcmd:: set container registry + + By default, for any image that does not include the registry in the image name, Vyos will use docker.io. Multiple registries + can be added as unqualified-search-registries using this command + +.. cfgcmd:: set container image + + Sets the image name in the hub registry + + .. code-block:: none + + set container name mysql-server image mysql:8.0 + + If a registry is not specefied, Docker.io will be used as the registry by default unless an alternative registry is specefied + using **set container registry ** or the registry is included in the image name + + .. code-block:: none + + set container name mysql-server image quay.io/mysql:8.0 + +.. cfgcmd:: set container allow-host-networks + + Allow host networking in container. The network stack of the container is not isolated from the host and will use the + host IP. + + The following commands translates to "--net host" when the container is created + + .. note:: **allow-host-networks** cannot be used with **network** + +.. cfgcmd:: set container description + + Sets the container description + +.. cfgcmd:: set container environment '' value '' + + Adds a custom environment variables. Multiple enviroment variables are allowed. The following commands translates to "-e key=value" when container is created. + + .. code-block:: none + + set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix' + set container name mysql-server environment 'MYSQL_USER' value 'zabbix' + set container name mysql-server environment 'MYSQL_PASSWORD' value 'zabbix_pwd' + set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' + +.. cfgcmd:: set container network + + Attaches user defined network to container. Only one network must be specefied and must already exist. + + Optionally a specific static IPv4 or IPv6 address can be set for the container. This address must be within the named network. + + .. code-block:: none + + set container network address
+ + .. note:: The first IP in the container network is reserved by the engine and cannot be used + +.. cfgcmd:: set container port [source | destination ] + + Publishes a port for the container + + .. code-block:: none + + set container name zabbix-web-nginx-mysql port http source 80 + set container name zabbix-web-nginx-mysql port http destination 8080 + +.. cfgcmd:: set container volume [source | destination ] + + Mount a volume into the container + + .. code-block:: none + + set container name coredns volume 'corefile' source /config/coredns/Corefile + set container name coredns volume 'corefile' destination /etc/Corefile + + + +********************* +Example Configuration +********************* + + .. code-block:: none + + set container network zabbix-net prefix 172.20.0.0/16 + set container network zabbix-net description 'Network for Zabbix component containers' + + set container name mysql-server image mysql:8.0 + set container name mysql-server network zabbix-net + + set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix' + set container name mysql-server environment 'MYSQL_USER' value 'zabbix' + set container name mysql-server environment 'MYSQL_PASSWORD' value 'zabbix_pwd' + set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' + + set container name zabbix-java-gateway image zabbix/zabbix-java-gateway:alpine-5.2-latest + set container name zabbix-java-gateway network zabbix-net + + set container name zabbix-server-mysql image zabbix/zabbix-server-mysql:alpine-5.2-latest + set container name zabbix-server-mysql network zabbix-net + + set container name zabbix-server-mysql environment 'DB_SERVER_HOST' value 'mysql-server' + set container name zabbix-server-mysql environment 'MYSQL_DATABASE' value 'zabbix' + set container name zabbix-server-mysql environment 'MYSQL_USER' value 'zabbix' + set container name zabbix-server-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd' + set container name zabbix-server-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' + set container name zabbix-server-mysql environment 'ZBX_JAVAGATEWAY' value 'zabbix-java-gateway' + + set container name zabbix-server-mysql port zabbix source 10051 + set container name zabbix-server-mysql port zabbix destination 10051 + + set container name zabbix-web-nginx-mysql image zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest + set container name zabbix-web-nginx-mysql network zabbix-net + + set container name zabbix-web-nginx-mysql environment 'MYSQL_DATABASE' value 'zabbix' + set container name zabbix-web-nginx-mysql environment 'ZBX_SERVER_HOST' value 'zabbix-server-mysql' + set container name zabbix-web-nginx-mysql environment 'DB_SERVER_HOST' value 'mysql-server' + set container name zabbix-web-nginx-mysql environment 'MYSQL_USER' value 'zabbix' + set container name zabbix-web-nginx-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd' + set container name zabbix-web-nginx-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' + + set container name zabbix-web-nginx-mysql port http source 80 + set container name zabbix-web-nginx-mysql port http destination 8080 \ No newline at end of file -- cgit v1.2.3 From b40896ce4322e30fd6883941fba254e1db33a7a8 Mon Sep 17 00:00:00 2001 From: rebortg Date: Fri, 25 Jun 2021 19:42:58 +0200 Subject: documetation: correct spelling and grammar --- docs/documentation.rst | 62 ++++++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 30 deletions(-) diff --git a/docs/documentation.rst b/docs/documentation.rst index 5d8b67c3..6053acde 100644 --- a/docs/documentation.rst +++ b/docs/documentation.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-25 + .. _documentation: ############# @@ -5,7 +7,7 @@ Documentation ############# We encourage every VyOS user to help us improve our documentation as we have -a deficit like most software projects. This not only be helps you when reading, +a deficit like most software projects. This not only helps you when reading but also everyone else. If you are willing to contribute to our documentation this is the definite @@ -18,7 +20,7 @@ guide how to do so. Forking Workflow ================ -The Forking Workflow is fundamentally different than other popular Git +The Forking Workflow is fundamentally different from other popular Git workflows. Instead of using a single server-side repository to act as the "central" codebase, it gives every developer their own server-side repository. This means that each contributor has not one, but two Git repositories: a @@ -42,7 +44,7 @@ access to the official codebase. * Install the requirements ``$ pip install -r requirements.txt`` (or something similar) -* Create new branch for your work, use a descriptive name of your work: +* Create a new branch for your work, use a descriptive name of your work: ``$ git checkout -b `` * Make all your changes - please keep our commit rules in mind @@ -54,7 +56,7 @@ access to the official codebase. * Check your changes by locally building the documentation ``$ make html``. Sphinx will build the html files in the ``docs/_build`` folder. We provide - you with a Docker container for an easy to use user experience. Check the + you with a Docker container for an easy-to-use user experience. Check the README.md_ file of this repository. * View modified files by calling ``$ git status``. You will get an overview of @@ -67,7 +69,7 @@ access to the official codebase. * Commit your changes with the message, ``$ git commit -m ""`` or use ``$ git commit -v`` to have your configured editor launched. You can - type in a commit message. Again please make yourself comfortable with out + type in a commit message. Again please make yourself comfortable without rules (:ref:`prepare_commit`). * Push commits to your GitHub project: ``$ git push -u origin `` @@ -76,7 +78,7 @@ access to the official codebase. see a banner suggesting to make a pull request. Fill out the form and describe what you do. -* Once pull resquests have been approved, you may want to locally update +* Once pull requests have been approved, you may want to locally update your forked repository too. First you'll have to add a second remote called `upstream` which points to our main repository. ``$ git remote add upstream https://github.com/vyos/vyos-documentation.git`` @@ -141,7 +143,7 @@ Cross-References ^^^^^^^^^^^^^^^^ A plugin will be used to generate a reference label for each headline. -to reference a page or a section in the documentation use the +To reference a page or a section in the documentation use the ``:ref:`` command. For example, you want to reference the headline **VLAN** in the @@ -150,7 +152,7 @@ the headline and the file path. ``:ref:`configuration/interfaces/ethernet:vlan`` -to use a alternative Hyperlink use it this way: +to use an alternative hyperlink use it this way: ``:ref:`Check out VLAN`` @@ -158,7 +160,7 @@ handle build errors """"""""""""""""""" The plugin will warn on build if a headline has a duplicate name in the -same document. To prevent this warning you have to put a custom link on +same document. To prevent this warning, you have to put a custom link on top of the headline. .. code-block:: none @@ -217,10 +219,10 @@ renders the same line format from the source rst file. Autolinter ^^^^^^^^^^ -Each GitHub Pull request is automatically linted to check the Address space and +Each GitHub pull request is automatically linted to check the address space and line length. -Sometimes it is necessary to provide real IP Addresses like in the +Sometimes it is necessary to provide real IP addresses like in the :ref:`examples`. For this, please use the sphinx comment syntax ``.. stop_vyoslinter`` to stop the linter and ``.. start_vyoslinter`` to start. @@ -238,19 +240,19 @@ cfgcmd When documenting CLI commands, use the ``.. cfgcmd::`` directive for all configuration mode commands. An explanation of the described command should be added below this statement. -Replace all variable contents with or somthing similar. +Replace all variable contents with or something similar. -With those custom commands it will be possible to render them in a more +With those custom commands, it will be possible to render them in a more descriptive way in the resulting HTML/PDF manual. .. code-block:: none .. cfgcmd:: protocols static arp hwaddr - This will configure a static ARP entry always resolving `192.0.2.100` to + This will configure a static ARP entry, always resolving `192.0.2.100` to `00:53:27:de:23:aa`. -For a inline configuration level command, use ``:cfgcmd:`` +For an inline configuration level command, use ``:cfgcmd:`` .. code-block:: none @@ -271,7 +273,7 @@ descriptive way in the resulting HTML/PDF manual. Display all known ARP table entries spanning across all interfaces -For a inline operational level command, use ``:opcmd:`` +For an inline operational level command, use ``:opcmd:`` .. code-block:: none @@ -280,8 +282,8 @@ For a inline operational level command, use ``:opcmd:`` cmdinclude """""""""" -To minimize redundancy, there is a special include directive. It include a txt -file and replace the ``{{ var0 }}`` - ``{{ var9 }}`` with the correct value +To minimize redundancy, there is a special include directive. It includes a txt +file and replace the ``{{ var0 }}`` - ``{{ var9 }}`` with the correct value. .. code-block:: none @@ -344,44 +346,44 @@ All RST files must follow the same TOC Level syntax and have to start with Configuration mode pages ^^^^^^^^^^^^^^^^^^^^^^^^ -A configuration mode folder and article covers a specific level of a command. -The exact level depends on the command. This should provide stability for URLs -used in the forum or blogpost. +The configuration mode folder and the articles cover the specific level of +the commands. The exact level depends on the command. This should provide +stability for URLs used in the forum or blogpost. For example: * ``set zone-policy`` is written in ``zone-policy/index.rst`` * ``set interfaces ethernet`` is written in ``interfaces/ethernet.rst`` -The article starts with a short intruducing about the command or the -technologie. Please include some helpfull links or background informations. +The article starts with a short introduction about the command or the +technology. Please include some helpful links or background information. An optional section follows. Some commands have requirements like compatible hardware (e.g. Wifi) or some commands you have to set before. For -example, it is recommended to set a route-map before configure BGP. +example, it is recommended to set a route-map before configuring BGP. -In the configuration part of the page, all possible confiuration options +In the configuration part of the page, all possible configuration options should be documented. Use ``.. cfgcmd::`` described above. -Related Operation command must be documented in the next part of the article. +Related operation command must be documented in the next part of the article. Use ``::opcmd..`` for these commands. -If there some troubleshooting guides releated to the commands. Explain it in the +If there some troubleshooting guides related to the commands. Explain it in the next optional part. Operation mode pages ^^^^^^^^^^^^^^^^^^^^ -Operation mode commands that does not fit in a related configuraton mode command +Operation mode commands that do not fit in a related configuration mode command must be documented in this part of the documentation. -General concepts for troubleshooting, and detailed process descriptions belong +General concepts for troubleshooting and detailed process descriptions belong here. Anything else ^^^^^^^^^^^^^ -Anything else that is not a configuration or an operation command have no +Anything else that is not a configuration or an operation command has no predefined structure. -- cgit v1.2.3 From d5dfc17dd9ad54f835c4ab6ee7b552c0fffa29eb Mon Sep 17 00:00:00 2001 From: Ganawa Juanah Date: Fri, 25 Jun 2021 12:58:19 -0500 Subject: added containers to toctree --- docs/configuration/index.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/configuration/index.rst b/docs/configuration/index.rst index bce013cb..d6004cad 100644 --- a/docs/configuration/index.rst +++ b/docs/configuration/index.rst @@ -20,4 +20,5 @@ The following structure respresent the cli structure. trafficpolicy/index vpn/index vrf/index - zonepolicy/index \ No newline at end of file + zonepolicy/index + container/index \ No newline at end of file -- cgit v1.2.3 From d6820da432439ce5df65e543002555bd24b4a7af Mon Sep 17 00:00:00 2001 From: Ganawa Juanah Date: Fri, 25 Jun 2021 12:58:46 -0500 Subject: fixed wording for clarification --- docs/configuration/container/index.rst | 94 ++++++++++++++++++---------------- 1 file changed, 49 insertions(+), 45 deletions(-) diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index 2447cf90..520031d8 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -1,8 +1,10 @@ +.. include:: /_include/need_improvement.txt + .. _container: -######## +######### Container -######## +######### ************* Configuration @@ -18,8 +20,9 @@ Configuration .. cfgcmd:: set container registry - By default, for any image that does not include the registry in the image name, Vyos will use docker.io. Multiple registries - can be added as unqualified-search-registries using this command + Adds registry to list of unqualified-search-registries. By default, for any + image that does not include the registry in the image name, Vyos will use + docker.io as the container registry. .. cfgcmd:: set container image @@ -29,8 +32,9 @@ Configuration set container name mysql-server image mysql:8.0 - If a registry is not specefied, Docker.io will be used as the registry by default unless an alternative registry is specefied - using **set container registry ** or the registry is included in the image name + If a registry is not specefied, Docker.io will be used as the container + registry unless an alternative registry is specefied using + **set container registry ** or the registry is included in the image name .. code-block:: none @@ -38,8 +42,8 @@ Configuration .. cfgcmd:: set container allow-host-networks - Allow host networking in container. The network stack of the container is not isolated from the host and will use the - host IP. + Allow host networking in container. The network stack of the container is + not isolated from the host and will use the host IP. The following commands translates to "--net host" when the container is created @@ -78,8 +82,8 @@ Configuration .. code-block:: none - set container name zabbix-web-nginx-mysql port http source 80 - set container name zabbix-web-nginx-mysql port http destination 8080 + set container name zabbix-web-nginx-mysql port http source 80 + set container name zabbix-web-nginx-mysql port http destination 8080 .. cfgcmd:: set container volume [source | destination ] @@ -87,53 +91,53 @@ Configuration .. code-block:: none - set container name coredns volume 'corefile' source /config/coredns/Corefile - set container name coredns volume 'corefile' destination /etc/Corefile - - + set container name coredns volume 'corefile' source /config/coredns/Corefile + set container name coredns volume 'corefile' destination /etc/Corefile ********************* Example Configuration ********************* + For the sake of demonstration, `example #1 in the official documentation `_ to the declarative VyOS CLI syntax. + .. code-block:: none - set container network zabbix-net prefix 172.20.0.0/16 - set container network zabbix-net description 'Network for Zabbix component containers' + set container network zabbix-net prefix 172.20.0.0/16 + set container network zabbix-net description 'Network for Zabbix component containers' - set container name mysql-server image mysql:8.0 - set container name mysql-server network zabbix-net + set container name mysql-server image mysql:8.0 + set container name mysql-server network zabbix-net - set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix' - set container name mysql-server environment 'MYSQL_USER' value 'zabbix' - set container name mysql-server environment 'MYSQL_PASSWORD' value 'zabbix_pwd' - set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' + set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix' + set container name mysql-server environment 'MYSQL_USER' value 'zabbix' + set container name mysql-server environment 'MYSQL_PASSWORD' value 'zabbix_pwd' + set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' - set container name zabbix-java-gateway image zabbix/zabbix-java-gateway:alpine-5.2-latest - set container name zabbix-java-gateway network zabbix-net + set container name zabbix-java-gateway image zabbix/zabbix-java-gateway:alpine-5.2-latest + set container name zabbix-java-gateway network zabbix-net - set container name zabbix-server-mysql image zabbix/zabbix-server-mysql:alpine-5.2-latest - set container name zabbix-server-mysql network zabbix-net + set container name zabbix-server-mysql image zabbix/zabbix-server-mysql:alpine-5.2-latest + set container name zabbix-server-mysql network zabbix-net - set container name zabbix-server-mysql environment 'DB_SERVER_HOST' value 'mysql-server' - set container name zabbix-server-mysql environment 'MYSQL_DATABASE' value 'zabbix' - set container name zabbix-server-mysql environment 'MYSQL_USER' value 'zabbix' - set container name zabbix-server-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd' - set container name zabbix-server-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' - set container name zabbix-server-mysql environment 'ZBX_JAVAGATEWAY' value 'zabbix-java-gateway' + set container name zabbix-server-mysql environment 'DB_SERVER_HOST' value 'mysql-server' + set container name zabbix-server-mysql environment 'MYSQL_DATABASE' value 'zabbix' + set container name zabbix-server-mysql environment 'MYSQL_USER' value 'zabbix' + set container name zabbix-server-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd' + set container name zabbix-server-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' + set container name zabbix-server-mysql environment 'ZBX_JAVAGATEWAY' value 'zabbix-java-gateway' - set container name zabbix-server-mysql port zabbix source 10051 - set container name zabbix-server-mysql port zabbix destination 10051 + set container name zabbix-server-mysql port zabbix source 10051 + set container name zabbix-server-mysql port zabbix destination 10051 - set container name zabbix-web-nginx-mysql image zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest - set container name zabbix-web-nginx-mysql network zabbix-net + set container name zabbix-web-nginx-mysql image zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest + set container name zabbix-web-nginx-mysql network zabbix-net - set container name zabbix-web-nginx-mysql environment 'MYSQL_DATABASE' value 'zabbix' - set container name zabbix-web-nginx-mysql environment 'ZBX_SERVER_HOST' value 'zabbix-server-mysql' - set container name zabbix-web-nginx-mysql environment 'DB_SERVER_HOST' value 'mysql-server' - set container name zabbix-web-nginx-mysql environment 'MYSQL_USER' value 'zabbix' - set container name zabbix-web-nginx-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd' - set container name zabbix-web-nginx-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' - - set container name zabbix-web-nginx-mysql port http source 80 - set container name zabbix-web-nginx-mysql port http destination 8080 \ No newline at end of file + set container name zabbix-web-nginx-mysql environment 'MYSQL_DATABASE' value 'zabbix' + set container name zabbix-web-nginx-mysql environment 'ZBX_SERVER_HOST' value 'zabbix-server-mysql' + set container name zabbix-web-nginx-mysql environment 'DB_SERVER_HOST' value 'mysql-server' + set container name zabbix-web-nginx-mysql environment 'MYSQL_USER' value 'zabbix' + set container name zabbix-web-nginx-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd' + set container name zabbix-web-nginx-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' + + set container name zabbix-web-nginx-mysql port http source 80 + set container name zabbix-web-nginx-mysql port http destination 8080 \ No newline at end of file -- cgit v1.2.3 From bed2cf512af352b9aabc4480e9b5bfe1d9934b34 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 26 Jun 2021 08:39:59 +0200 Subject: op-mode: add "show version" tree (cherry picked from commit fd22f8d53720ed35df5e982acc7fd9bd9c3fe99c) --- docs/operation/information.rst | 57 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/docs/operation/information.rst b/docs/operation/information.rst index ec2506cb..4070bcf5 100644 --- a/docs/operation/information.rst +++ b/docs/operation/information.rst @@ -94,3 +94,60 @@ For additional details you can refer to https://phabricator.vyos.net/T2490. usb0b2.4p1.1 Quad_RS232-HS Future Technology Devices International, Ltd usb0b2.4p1.2 Quad_RS232-HS Future Technology Devices International, Ltd usb0b2.4p1.3 Quad_RS232-HS Future Technology Devices International, Ltd + +.. _information_version: + +######## +Version +######## + +.. opcmd:: show version + + Return the current running VyOS version and build information. This includes + also the name of the release train which is ``crux`` on VyOS 1.2, ``equuleus`` + on VyOS 1.3 and ``sagitta`` on VyOS 1.4. + + .. code-block:: none + + vyos@vyos:~$ show version + + Version: VyOS 1.3.0-rc4 + Release Train: equuleus + + Built by: Sentrium S.L. + Built on: Mon 19 Apr 2021 08:28 UTC + Build UUID: 8d9996d2-511e-4dea-be4f-cd4515c404f3 + Build Commit ID: 2aac286ccfe594 + + Architecture: x86_64 + Boot via: installed image + System type: VMware guest + + Hardware vendor: VMware, Inc. + Hardware model: VMware Virtual Platform + Hardware S/N: VMware-42 33 79 fe 73 64 2d 62-d5 62 ab 99 5a 3e d9 6d + Hardware UUID: fe793342-6473-622d-d562-ab995a3ed96d + + Copyright: VyOS maintainers and contributors + +.. opcmd:: show version kernel + + Return version number of the Linux Kernel used in this release. + + .. code-block:: none + + vyos@vyos:~$ show version kernel + 5.4.128-amd64-vyos + +.. opcmd:: show version frr + + Return version number of FRR (Free Range Routing - https://frrouting.org/) + used in this release. This is the routing control plane and a successor to GNU + Zebra and Quagga. + + .. code-block:: none + + vyos@vyos:~$ show version frr + FRRouting 7.5.1-20210625-00-gf07d935a2 (vyos). + Copyright 1996-2005 Kunihiro Ishiguro, et al. + -- cgit v1.2.3 From d6f43313133b5532e6da5495812bf757722343ff Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 27 Jun 2021 12:34:14 +0200 Subject: version: update "show version" numbers to match 1.4 development cycle --- docs/operation/information.rst | 40 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/docs/operation/information.rst b/docs/operation/information.rst index 4070bcf5..f9e1f7d6 100644 --- a/docs/operation/information.rst +++ b/docs/operation/information.rst @@ -109,26 +109,24 @@ Version .. code-block:: none - vyos@vyos:~$ show version - - Version: VyOS 1.3.0-rc4 - Release Train: equuleus - - Built by: Sentrium S.L. - Built on: Mon 19 Apr 2021 08:28 UTC - Build UUID: 8d9996d2-511e-4dea-be4f-cd4515c404f3 - Build Commit ID: 2aac286ccfe594 - - Architecture: x86_64 - Boot via: installed image - System type: VMware guest - - Hardware vendor: VMware, Inc. - Hardware model: VMware Virtual Platform - Hardware S/N: VMware-42 33 79 fe 73 64 2d 62-d5 62 ab 99 5a 3e d9 6d - Hardware UUID: fe793342-6473-622d-d562-ab995a3ed96d - - Copyright: VyOS maintainers and contributors + Version: VyOS 1.4-rolling-202106270801 + Release Train: sagitta + + Built by: autobuild@vyos.net + Built on: Sun 27 Jun 2021 09:50 UTC + Build UUID: ab43e735-edcb-405a-9f51-f16a1b104e52 + Build Commit ID: f544d75eab758f + + Architecture: x86_64 + Boot via: installed image + System type: KVM guest + + Hardware vendor: QEMU + Hardware model: Standard PC (i440FX + PIIX, 1996) + Hardware S/N: + Hardware UUID: Unknown + + Copyright: VyOS maintainers and contributors .. opcmd:: show version kernel @@ -137,7 +135,7 @@ Version .. code-block:: none vyos@vyos:~$ show version kernel - 5.4.128-amd64-vyos + 5.10.46-amd64-vyos .. opcmd:: show version frr -- cgit v1.2.3 From 477a4c488ccdbdb8a4e01dadf2fa0038991a6fa6 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 27 Jun 2021 12:35:23 +0200 Subject: version: fix "show version" indention --- docs/operation/information.rst | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/docs/operation/information.rst b/docs/operation/information.rst index f9e1f7d6..fea85feb 100644 --- a/docs/operation/information.rst +++ b/docs/operation/information.rst @@ -108,25 +108,27 @@ Version on VyOS 1.3 and ``sagitta`` on VyOS 1.4. .. code-block:: none + + vyos@vyos:~$ show version - Version: VyOS 1.4-rolling-202106270801 - Release Train: sagitta - - Built by: autobuild@vyos.net - Built on: Sun 27 Jun 2021 09:50 UTC - Build UUID: ab43e735-edcb-405a-9f51-f16a1b104e52 - Build Commit ID: f544d75eab758f - - Architecture: x86_64 - Boot via: installed image - System type: KVM guest - - Hardware vendor: QEMU - Hardware model: Standard PC (i440FX + PIIX, 1996) - Hardware S/N: - Hardware UUID: Unknown - - Copyright: VyOS maintainers and contributors + Version: VyOS 1.4-rolling-202106270801 + Release Train: sagitta + + Built by: autobuild@vyos.net + Built on: Sun 27 Jun 2021 09:50 UTC + Build UUID: ab43e735-edcb-405a-9f51-f16a1b104e52 + Build Commit ID: f544d75eab758f + + Architecture: x86_64 + Boot via: installed image + System type: KVM guest + + Hardware vendor: QEMU + Hardware model: Standard PC (i440FX + PIIX, 1996) + Hardware S/N: + Hardware UUID: Unknown + + Copyright: VyOS maintainers and contributors .. opcmd:: show version kernel -- cgit v1.2.3 From d97e8384e503c750df43b3520aa689670f10951e Mon Sep 17 00:00:00 2001 From: rebortg Date: Sun, 27 Jun 2021 16:02:27 +0200 Subject: cloud-init: correct spelling and grammar --- docs/automation/cloud-init.rst | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/docs/automation/cloud-init.rst b/docs/automation/cloud-init.rst index be585321..7b2d53fb 100644 --- a/docs/automation/cloud-init.rst +++ b/docs/automation/cloud-init.rst @@ -1,29 +1,31 @@ -.. _cloud-init: +:lastproofread: 2021-06-27 + +. _cloud-init: ############### VyOS cloud-init ############### -Cloud instances of VyOS are initialized using the industry-standard cloud-init. -Via cloud-init, the system performs tasks such as injecting SSH keys and -configuring the network. In addition, the user can supply a custom +Cloud instances of VyOS are initialized using the industry-standard +cloud-init. Via cloud-init, the system performs tasks such as injecting +SSH keys and configuring the network. In addition, the user can supply a custom configuration at the time of instance launch. ************** Config Sources ************** -VyOS support three type of config sources. - -.. stop_vyoslinter - -* Metadata - Metadata is sourced by the cloud platform or hypervisor. In some clouds, there is implemented as an HTTP endpoint at http://169.254.169.254. +VyOS support three types of config sources. -* Network configuration - Ths config source informs the system about the network. +* Metadata - Metadata is sourced by the cloud platform or hypervisor. + In some clouds, there is implemented as an HTTP endpoint at + http://169.254.169.254. -* User-data - User-data is specified by the user. This config source offers the most flexibility and will be the focus of this documentation. +* Network configuration - This config source informs the system about the + network. -.. start_vyoslinter +* User-data - User-data is specified by the user. This config source offers the + most flexibility and will be the focus of this documentation. ********* @@ -86,7 +88,7 @@ These are the VyOS defaults and fallbacks. * DHCP on first Ethernet interface if no network configuration is provided -All of these can be overridden using configuration in user-data. +All of these can be overridden using the configuration in user-data. *************** -- cgit v1.2.3 From 1895ea987a1468dd808a14608f72a70f6f838a31 Mon Sep 17 00:00:00 2001 From: rebortg Date: Sun, 27 Jun 2021 16:11:53 +0200 Subject: command-scripting: correct spelling and grammar --- docs/automation/command-scripting.rst | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index b8cf0d9e..14f2edfa 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-27 + .. _command-scripting: Command Scripting @@ -34,7 +36,7 @@ example, if you want to disable a BGP peer on VRRP transition to backup: Run operational commands ------------------------ -Unlike a normal configuration sessions, all operational commands must be +Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure. .. code-block:: none @@ -44,8 +46,8 @@ prepended with ``run``, even if you haven't created a session with configure. run show interfaces exit -Other script language ---------------------- +Other script languages +---------------------- If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script. @@ -108,7 +110,7 @@ group, the script can be safeguarded like this: Executing pre-hooks/post-hooks Scripts -------------------------------------- -Vyos has the ability to run custom scripts before and after each commit +VyOS has the ability to run custom scripts before and after each commit The default directories where your custom Scripts should be located are: @@ -124,7 +126,8 @@ Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed. -.. note:: Custom scripts are not executed with root privileges (Use sudo inside if this is necessary). +.. note:: Custom scripts are not executed with root privileges + (Use sudo inside if this is necessary). A simple example is shown below, where the ops command executed in the post-hook script is "show interfaces". @@ -148,8 +151,8 @@ Preconfig on boot The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process. -Any modifications done to work around unfixed bugs and implement enhancements -which are not complete in the VyOS system can be placed here. +Any modifications were done to work around unfixed bugs and implement +enhancements that are not complete in the VyOS system can be placed here. The default file looks like this: @@ -167,8 +170,8 @@ Postconfig on boot The ``/config/scripts/vyos-postconfig-bootup.script`` script is called on boot after the VyOS configuration is fully applied. -Any modifications done to work around unfixed bugs and implement enhancements -which are not complete in the VyOS system can be placed here. +Any modifications were done to work around unfixed bugs and implement +enhancements that are not complete in the VyOS system can be placed here. The default file looks like this: @@ -179,6 +182,6 @@ The default file looks like this: # applied. Any modifications required to work around unfixed bugs or use # services not available through the VyOS CLI system can be placed here. -.. hint:: For configuration/upgrade management issues, modification of these +.. hint:: For configuration/upgrade management issues, modification of this script should be the last option. Always try to find solutions based on CLI commands first. -- cgit v1.2.3 From 333a98d0886abae85fabe8ffa591fae26c4c0e60 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 28 Jun 2021 06:11:44 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.3.rst | 28 +++++++++++++++++++++++++++- docs/changelog/1.4.rst | 31 ++++++++++++++++++++++++++++++- 3 files changed, 58 insertions(+), 3 deletions(-) diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index 0de84e53..09efa055 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit 0de84e53c36604af2bac3b5d8eb00480f9623aa0 +Subproject commit 09efa0550dd169e30a851513781b611dd84e9c79 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 99d2dead..4833656f 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,32 @@ _ext/releasenotes.py +2021-06-27 +========== + +* :vytask:`T3653` (default): Cloudinit subnet error if a cidr (/24) is used instead of a subnet mask (255.255.255.0) + + +2021-06-25 +========== + +* :vytask:`T3650` (bug): OpenVPN: Upgrade package to 2.5.1 before releasing VyOS 1.3.0 +* :vytask:`T3649` (feature): Add bonding additional hash-policy + + +2021-06-24 +========== + +* :vytask:`T2722` (bug): get_config_dict() and key_mangling=('-', '_') will alter CLI data for tagNodes + + +2021-06-22 +========== + +* :vytask:`T3629` (bug): IPoE server shifting address in the range +* :vytask:`T3582` (default): 'delete log file' does not work + + 2021-06-19 ========== @@ -555,7 +581,7 @@ 2021-02-16 ========== -* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.127 / 5.10.45 +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.128 / 5.10.46 2021-02-14 diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 4d5cfe7b..cad3e003 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,35 @@ _ext/releasenotes.py +2021-06-27 +========== + +* :vytask:`T3653` (default): Cloudinit subnet error if a cidr (/24) is used instead of a subnet mask (255.255.255.0) + + +2021-06-25 +========== + +* :vytask:`T3641` (feature): Upgrade base system from Debian Buster -> Debian Bullseye +* :vytask:`T3649` (feature): Add bonding additional hash-policy + + +2021-06-23 +========== + +* :vytask:`T3647` (feature): Bullseye: gcc defaults to passing --as-needed to linker +* :vytask:`T3644` (default): Replace GCC with a simpler preprocessor for including nested XML snippets in XML documents +* :vytask:`T3356` (feature): Script for remote file transfers + + +2021-06-22 +========== + +* :vytask:`T3629` (bug): IPoE server shifting address in the range +* :vytask:`T3645` (feature): Bullseye: ethtool changed output for ring-buffer information +* :vytask:`T3582` (default): 'delete log file' does not work + + 2021-06-21 ========== @@ -662,7 +691,7 @@ ========== * :vytask:`T3313` (bug): ospfv3 interface missing options -* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.127 / 5.10.45 +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.128 / 5.10.46 2021-02-15 -- cgit v1.2.3 From d742504a0c7a4e807ac10ad2338a97c35163c3d1 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 28 Jun 2021 14:07:15 +0200 Subject: ansible: correct spelling and grammar --- docs/automation/vyos-ansible.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/automation/vyos-ansible.rst b/docs/automation/vyos-ansible.rst index a199152f..e02d06a9 100644 --- a/docs/automation/vyos-ansible.rst +++ b/docs/automation/vyos-ansible.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-28 + .. _vyos-ansible: Ansible -- cgit v1.2.3 From 61dfaf6f618074c2f0d67178e7188d010ac7ad7d Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 28 Jun 2021 14:17:53 +0200 Subject: vyos-api: correct spelling and grammar --- docs/automation/vyos-api.rst | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/docs/automation/vyos-api.rst b/docs/automation/vyos-api.rst index 1504a05a..5ab150e3 100644 --- a/docs/automation/vyos-api.rst +++ b/docs/automation/vyos-api.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-28 + .. _vyosapi: ######## @@ -10,11 +12,11 @@ for configuration and enabling the API see :ref:`http-api` Authentication ************** -All Endpoint only listen on HTTP POST requests and the API KEY must set as +All endpoints only listen on HTTP POST requests and the API KEY must set as ``key`` in the formdata. -Below see one example or curl and one for python. -In the following, the documentation is reduced to curl. +Below see one example for curl and one for python. +The rest of the documentation is reduced to curl. .. code-block:: none @@ -74,8 +76,7 @@ To get the whole configuration, pass an empty list to the ``path`` field } -only get a part of the configuration, -for example ``system syslog``. +To only get a part of the configuration, for example ``system syslog``. .. code-block:: none @@ -105,7 +106,7 @@ for example ``system syslog``. if you just want the Value of a multi-valued node, use the ``returnValues`` operation. -for example get the addresses of a ``dum0`` interface +For example, get the addresses of a ``dum0`` interface. .. code-block:: none @@ -165,9 +166,9 @@ delete an image, for example ``1.3-rolling-202006070117`` /show ===== -The ``/show`` endpoint is to show everthing in operational mode +The ``/show`` endpoint is to show everything in the operational mode. -for example which images are installed +For example, show which images are installed. .. code-block:: none @@ -189,7 +190,7 @@ for example which images are installed /generate ========= -to run a ``generate`` command use the +THe ``generate`` endpoint run a ``generate`` command. .. code-block:: none @@ -242,10 +243,10 @@ You can pass a ``set``, ``delete`` or ``comment`` command to the "error": null } -The API push every request to a session and commit it. +The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. -The Endpoint will process multiple commands when you pass them as a list to +The endpoint will process multiple commands when you pass them as a list to the ``data`` field. .. code-block:: none -- cgit v1.2.3 From d4c4b1e08de489cf16098734160cf4b3b61d11f5 Mon Sep 17 00:00:00 2001 From: Pieter Waegeman Date: Mon, 28 Jun 2021 18:45:08 +0200 Subject: Fixed several typos --- docs/installation/install.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/installation/install.rst b/docs/installation/install.rst index 75c1713d..e095489a 100644 --- a/docs/installation/install.rst +++ b/docs/installation/install.rst @@ -35,7 +35,7 @@ Building from source ---------------------- Non-subscribers can always get the LTS release by building it from source. -Instruction can be found in the :ref:`build` section of this manual. VyOS +Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available for everyone at https://github.com/vyos/vyos-build. @@ -58,11 +58,11 @@ https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso Download Verification --------------------- -LTS images are signed by VyOS lead package-maintainer private key. With +LTS images are signed by the VyOS lead package-maintainer private key. With the official public key, the authenticity of the package can be verified. :abbr:`GPG (GNU Privacy Guard)` is used for verification. -.. note:: This subsection only applies e applies to LTS images, for +.. note:: This subsection only applies to LTS images, for Rolling images please jump to :ref:`live_installation`. Preparing for the verification @@ -190,7 +190,7 @@ it in your hard drive. **With your downloaded VyOS .iso file you can create a bootable USB drive that will let you boot into a fully functional VyOS system**. Once you have tested it, you can either decide to begin a :ref:`permanent_installation` in your hard drive or power -your system off, remove the USB drive, and leave everythng as it was. +your system off, remove the USB drive, and leave everything as it was. If you have a GNU+Linux system, you can create your VyOS bootable USB -- cgit v1.2.3 From 9f7416894cbfba2a4533b8b794bab4d505f863b1 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 28 Jun 2021 20:37:33 +0200 Subject: configexamples: correct spelling and grammar --- docs/configexamples/azure-vpn-bgp.rst | 2 ++ docs/configexamples/azure-vpn-dual-bgp.rst | 2 ++ docs/configexamples/bgp-ipv6-unnumbered.rst | 2 ++ docs/configexamples/dhcp-relay-through-gre-bridge.rst | 5 +---- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/configexamples/azure-vpn-bgp.rst b/docs/configexamples/azure-vpn-bgp.rst index c40e1b76..7dc2f332 100644 --- a/docs/configexamples/azure-vpn-bgp.rst +++ b/docs/configexamples/azure-vpn-bgp.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-28 + .. _examples-azure-vpn-bgp: Route-Based Site-to-Site VPN to Azure (BGP over IKEv2/IPsec) diff --git a/docs/configexamples/azure-vpn-dual-bgp.rst b/docs/configexamples/azure-vpn-dual-bgp.rst index 6df5d2ff..8cf2c0ef 100644 --- a/docs/configexamples/azure-vpn-dual-bgp.rst +++ b/docs/configexamples/azure-vpn-dual-bgp.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-28 + .. _examples-azure-vpn-dual-bgp: Route-Based Redundant Site-to-Site VPN to Azure (BGP over IKEv2/IPsec) diff --git a/docs/configexamples/bgp-ipv6-unnumbered.rst b/docs/configexamples/bgp-ipv6-unnumbered.rst index 12ce2bd6..d8965b6b 100644 --- a/docs/configexamples/bgp-ipv6-unnumbered.rst +++ b/docs/configexamples/bgp-ipv6-unnumbered.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-28 + .. _examples-bgp-ipv6-unnumbered: ######################################### diff --git a/docs/configexamples/dhcp-relay-through-gre-bridge.rst b/docs/configexamples/dhcp-relay-through-gre-bridge.rst index 10184970..16d8488b 100644 --- a/docs/configexamples/dhcp-relay-through-gre-bridge.rst +++ b/docs/configexamples/dhcp-relay-through-gre-bridge.rst @@ -1,7 +1,4 @@ - - - - +:lastproofread: 2021-06-28 .. _examples-dhcp-relay-through-gre-bridge: -- cgit v1.2.3 From 1ad450e27d9d5da7761584c8a9a40cc099c9b901 Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 29 Jun 2021 10:26:10 +0200 Subject: HA Walkthrough: correct spelling and grammar --- docs/configexamples/ha.rst | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/docs/configexamples/ha.rst b/docs/configexamples/ha.rst index 401d7b9f..12c431f0 100644 --- a/docs/configexamples/ha.rst +++ b/docs/configexamples/ha.rst @@ -1,24 +1,26 @@ +:lastproofread: 2021-06-28 + ############################# High Availability Walkthrough ############################# This document walks you through a complete HA setup of two VyOS machines. This -design is based on a VM as the primary router, and a physical machine as a -backup, using VRRP, BGP, OSPF and conntrack sharing. +design is based on a VM as the primary router and a physical machine as a +backup, using VRRP, BGP, OSPF, and conntrack sharing. -The aim of this document is to walk you through setting everything up, so +This document aims to walk you through setting everything up, so at a point where you can reboot any machine and not lose more than a few seconds worth of connectivity. Design ====== -This is based on a real life, in production design. One of the complex issues +This is based on a real-life production design. One of the complex issues is ensuring you have redundant data INTO your network. We do this with a pair -of Cisco Nexus switches, and using Virtual PortChannels that are spanned across -them. This as an added bonus, also allows for complete switch failure without -an outage. How you achieve this yourself is left as an exercise to the reader -but our setup is documented here. +of Cisco Nexus switches and using Virtual PortChannels that are spanned across +them. As a bonus, this also allows for complete switch failure without +an outage. How you achieve this yourself is left as an exercise to the reader. +But our setup is documented here. Walkthrough suggestion ---------------------- @@ -31,7 +33,7 @@ If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router. -This ensures you don't go to fast, or miss a step. However, it will make your +This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router. @@ -43,7 +45,7 @@ provider, which we are publishing on VLAN100. They want us to establish a BGP session to their routers on 192.0.2.11 and 192.0.2.12 from our routers 192.0.2.21 and 192.0.2.22. They are AS 65550 and -we are AS65551. +we are AS 65551. Our routers are going to have a floating IP address of 203.0.113.1, and use .2 and .3 as their fixed IPs. @@ -54,13 +56,13 @@ When traffic is originated from the 10.200.201.0/24 network, it will be masqueraded to 203.0.113.1 For connection between sites, we are running a WireGuard link to two REMOTE -routers, and using OSPF over those links to distribute routes. That remote +routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16 VLANs ----- -These are the vlans we wll be using: +These are the vlans we will be using: * 50: Upstream, using the 192.0.2.0/24 network allocated by them. * 100: 'Public' network, using our 203.0.113.0/24 network. @@ -95,7 +97,7 @@ of scope of this. .. note:: Our implementation uses VMware's Distributed Port Groups, which allows VMware to use LACP. This is a part of the ENTERPRISE licence, and is not - available on a Free licence. If you are implementing this and do not have + available on a free licence. If you are implementing this and do not have access to DPGs, you should not use VMware, and use some other virtualization platform instead. @@ -103,7 +105,7 @@ of scope of this. Basic Setup (via console) ========================= -Create your router1 VM so it is able to withstand a VM Host failing, or a +Create your router1 VM. So it can withstand a VM Host failing or a network link failing. Using VMware, this is achieved by enabling vSphere DRS, vSphere Availability, and creating a Distributed Port Group that uses LACP. @@ -177,7 +179,7 @@ Enable SSH so you can now SSH into the routers, rather than using the console. commit save -At this point you should be able to SSH into both of them, and will no longer +At this point, you should be able to SSH into both of them, and will no longer need access to the console (unless you break something!) @@ -417,9 +419,9 @@ Make sure you can ping 10.254.60.1 and .2 from both routers. Create Export Filter -------------------- -We only want to export the networks we know we should be exporting. Always -whitelist your route filters, both importing and exporting. A good rule of -thumb is **'If you are not the default router for a network, don't advertise +We only want to export the networks we know. Always do a whitelist on your route +filters, both importing and exporting. A good rule of thumb is +**'If you are not the default router for a network, don't advertise it'**. This means we explicitly do not want to advertise the 192.0.2.0/24 network (but do want to advertise 10.200.201.0 and 203.0.113.0, which we ARE the default route for). This filter is applied to ``redistribute connected``. @@ -448,7 +450,7 @@ default again. This is called 'flapping'. Create Import Filter -------------------- -We only want to import networks we know about. Our OSPF peer should only be +We only want to import networks we know. Our OSPF peer should only be advertising networks in the 10.201.0.0/16 range. Note that this is an INVERSE MATCH. You deny in access-list 100 to accept the route. @@ -491,7 +493,7 @@ Test OSPF When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' -or '2-Way', if it is not then there is a network connectivity issue between the +or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route`` @@ -514,8 +516,8 @@ You should now be able to see the advertised network on the other host. Duplicate configuration ----------------------- -At this pont you now need to create the X link between all four routers. Use a -different /30 for each link. +At this point, you now need to create the X link between all four routers. +Use amdifferent /30 for each link. Priorities ---------- -- cgit v1.2.3 From 0a78f4a22c191b0f78da675b2e17b505e037c90b Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 29 Jun 2021 10:33:03 +0200 Subject: OSPF-unnumbered: correct spelling and grammar --- docs/configexamples/ospf-unnumbered.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configexamples/ospf-unnumbered.rst b/docs/configexamples/ospf-unnumbered.rst index dfb4eec1..6a5a1bb4 100644 --- a/docs/configexamples/ospf-unnumbered.rst +++ b/docs/configexamples/ospf-unnumbered.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-29 + .. _examples-ospf-unnumbered: ######################### -- cgit v1.2.3 From 0530a0bb6e349495d51b1d5f5f70ce221e0bebba Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 29 Jun 2021 10:33:21 +0200 Subject: pppoe-ipv6: correct spelling and grammar --- docs/configexamples/pppoe-ipv6-basic.rst | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/docs/configexamples/pppoe-ipv6-basic.rst b/docs/configexamples/pppoe-ipv6-basic.rst index 451d2b09..809514e7 100644 --- a/docs/configexamples/pppoe-ipv6-basic.rst +++ b/docs/configexamples/pppoe-ipv6-basic.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-29 + .. _examples-pppoe-ipv6-basic: ####################################### @@ -5,9 +7,9 @@ PPPoE IPv6 Basic Setup for Home Network ####################################### This document is to describe a basic setup using PPPoE with DHCPv6-PD + -SLAAC to construct a typical home network. The user can follow steps described -here to quickly setup a working network and use this as a starting point to -further configure or fine tune other settings. +SLAAC to construct a typical home network. The user can follow the steps +described here to quickly setup a working network and use this as a starting +point to further configure or fine-tune other settings. To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information. @@ -40,8 +42,8 @@ DHCPv6-PD Setup --------------- During address configuration, in addition to assigning an address to the WAN -interface, ISP also provides a prefix to allow router to configure addresses of -LAN interface and other nodes connecting to LAN, which is called prefix +interface, ISP also provides a prefix to allow the router to configure addresses +of LAN interface and other nodes connecting to LAN, which is called prefix delegation (PD). .. code-block:: none @@ -49,8 +51,8 @@ delegation (PD). set interfaces pppoe pppoe0 ipv6 address autoconf set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1 address '100' -* Here we use prefix to configure the address of eth1 (LAN) to form ``::64``, - where ``64`` is hexadecimal of address 100. +* Here we use the prefix to configure the address of eth1 (LAN) to form +``::64``, where ``64`` is hexadecimal of address 100. * For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information. @@ -59,7 +61,7 @@ Router Advertisement -------------------- We need to enable router advertisement for LAN network so that PC can receive -the prefix and use SLAAC to configure address automatically. +the prefix and use SLAAC to configure the address automatically. .. code-block:: none @@ -68,8 +70,8 @@ the prefix and use SLAAC to configure address automatically. set service router-advert interface eth1 prefix ::/64 valid-lifetime '172800' * Set MTU in advertisement to 1492 because of PPPoE header overhead. -* Set DNS server address in advertisement so that clients can obtain it by using - RDNSS option. Most operating systems (Windows, Linux, Mac) should +* Set DNS server address in the advertisement so that clients can obtain it by + using RDNSS option. Most operating systems (Windows, Linux, Mac) should already support it. * Here we set the prefix to ``::/64`` to indicate advertising any /64 prefix the LAN interface is assigned. @@ -106,5 +108,5 @@ To have basic protection while keeping IPv6 network functional, we need to: set interfaces pppoe pppoe0 firewall in ipv6-name 'WAN_IN' set interfaces pppoe pppoe0 firewall local ipv6-name 'WAN_LOCAL' -Note to allow router to receive DHCPv6 response from ISP, we need to allow +Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client). -- cgit v1.2.3 From 8e100c63014403179a1f8736553ea826c6509c45 Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 29 Jun 2021 10:39:19 +0200 Subject: tunnelbroker: correct spelling and grammar --- docs/configexamples/tunnelbroker-ipv6.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/configexamples/tunnelbroker-ipv6.rst b/docs/configexamples/tunnelbroker-ipv6.rst index 9317912a..b3f8d5e1 100644 --- a/docs/configexamples/tunnelbroker-ipv6.rst +++ b/docs/configexamples/tunnelbroker-ipv6.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-29 + .. _examples-tunnelbroker-ipv6: .. stop_vyoslinter @@ -6,7 +8,7 @@ Tunnelbroker.net (IPv6) ####################### -This guides walks through the setup of https://www.tunnelbroker.net/ for an +This guide walks through the setup of https://www.tunnelbroker.net/ for an IPv6 Tunnel. Prerequisites @@ -78,12 +80,12 @@ You should now be able to ping something by IPv6 DNS name: 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 16.880/17.153/17.426/0.273 ms -Assuming everything works, you can proceed to client configuration +Assuming everything works, you can proceed to the client configuration LAN Configuration ================= -At this point your VyOS install should have full IPv6, but now your LAN devices +At this point, your VyOS install should have full IPv6, but now your LAN devices need access. With Tunnelbroker.net, you have two options: @@ -140,7 +142,7 @@ The format of these addresses: In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535). -So, when your LAN is eth1, your DMZ is eth2, your cameras live on eth3, etc: +So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc: .. code-block:: none -- cgit v1.2.3 From ebe03785e10dc40f3802c9d62c2e62fd870876a6 Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 29 Jun 2021 11:25:40 +0200 Subject: pppoe-ipv6: correct indent --- docs/configexamples/pppoe-ipv6-basic.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configexamples/pppoe-ipv6-basic.rst b/docs/configexamples/pppoe-ipv6-basic.rst index 809514e7..f569d9c3 100644 --- a/docs/configexamples/pppoe-ipv6-basic.rst +++ b/docs/configexamples/pppoe-ipv6-basic.rst @@ -52,7 +52,7 @@ delegation (PD). set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1 address '100' * Here we use the prefix to configure the address of eth1 (LAN) to form -``::64``, where ``64`` is hexadecimal of address 100. + ``::64``, where ``64`` is hexadecimal of address 100. * For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information. -- cgit v1.2.3 From 2db2398ee7201a5bb1bd1a35412fc0305293ab4e Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 29 Jun 2021 11:34:19 +0200 Subject: wan-lb: correct spelling and grammar --- docs/configexamples/wan-load-balancing.rst | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/docs/configexamples/wan-load-balancing.rst b/docs/configexamples/wan-load-balancing.rst index cd150121..ace9a981 100644 --- a/docs/configexamples/wan-load-balancing.rst +++ b/docs/configexamples/wan-load-balancing.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-29 + .. _wan-load-balancing: .. stop_vyoslinter # pictures and text have to change @@ -65,21 +67,20 @@ Configure the WAN load balancer with the parameters described above: Example 2: Failover based on interface weights ---------------------------------------------- -This examples uses the failover mode. - +This example uses the failover mode. .. _wan:example2_overwiew: Overview ^^^^^^^^ -In this example eth0 is the primary interface and eth1 is the secondary -interface to provide simple failover functionality. If eth0 fails, eth1 +In this example, eth0 is the primary interface and eth1 is the secondary +interface. To provide simple failover functionality. If eth0 fails, eth1 takes over. Create interface weight based configuration ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The configuration steps are the same as in the previous example, except -rule 10 so we keep the configuration, remove rule 10 and add a new rule +rule 10. So we keep the configuration, remove rule 10 and add a new rule for the failover mode: .. code-block:: none @@ -93,8 +94,8 @@ for the failover mode: Example 3: Failover based on rule order --------------------------------------- -The previous example used the failover command to send traffic thorugh -eth1 if eth0 fails. In this example failover functionality is provided +The previous example used the failover command to send traffic through +eth1 if eth0 fails. In this example, failover functionality is provided by rule order. .. _wan:example3_overwiew: @@ -108,7 +109,7 @@ directing traffic to eth1. Create rule order based configuration ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -We keep the configurtation from the previous example, delete rule 10 +We keep the configuration from the previous example, delete rule 10 and create the two new rules as described: .. code-block:: none @@ -122,20 +123,20 @@ and create the two new rules as described: Example 4: Failover based on rule order - priority traffic ---------------------------------------------------------- -A rule order for prioritising traffic is useful in scenarios where the +A rule order for prioritizing traffic is useful in scenarios where the secondary link has a lower speed and should only carry high priority traffic. It is assumed for this example that eth1 is connected to a -slower connection than eth0 and should prioritise VoIP traffic. +slower connection than eth0 and should prioritize VoIP traffic. .. _wan:example4_overwiew: Overview ^^^^^^^^ -A rule order for prioritising traffic is useful in scenarios where the +A rule order for prioritizing traffic is useful in scenarios where the secondary link has a lower speed and should only carry high priority traffic. It is assumed for this example that eth1 is connected to a -slower connection than eth0 and should prioritise VoIP traffic. +slower connection than eth0 and should prioritize VoIP traffic. Create rule order based configuration with low speed secondary link ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- cgit v1.2.3 From 3730a3d4101e7b3667697825e349946a9d319e78 Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 29 Jun 2021 11:45:33 +0200 Subject: zone-policy: correct spelling and grammar --- docs/configexamples/zone-policy.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/configexamples/zone-policy.rst b/docs/configexamples/zone-policy.rst index bfe77c2e..cf11a01e 100644 --- a/docs/configexamples/zone-policy.rst +++ b/docs/configexamples/zone-policy.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-29 + .. _examples-zone-policy: Zone-Policy example @@ -132,7 +134,7 @@ To add logging to the default rule, do: set firewall name enable-default-log -By default, iptables does not allow traffic for established session to +By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the @@ -367,7 +369,7 @@ IPv6 Tunnel ^^^^^^^^^^^ If you are using a IPv6 tunnel from HE.net or someone else, the basis is -the same except you have two WAN interface. One for v4 and one for v6. +the same except you have two WAN interfaces. One for v4 and one for v6. You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of -- cgit v1.2.3 From f0c1ad02e79a2fe6b9afa637b0625c446a5ec448 Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 29 Jun 2021 21:22:49 +0200 Subject: firewall: correct spelling and grammar --- docs/configuration/firewall/index.rst | 60 ++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 667a4653..d52d6f2a 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-06-29 + .. _firewall: ######## @@ -29,7 +31,7 @@ or zone based firewall policy. Global settings *************** -Some firewall settings are global and have a affect on the whole system. +Some firewall settings are global and have an affect on the whole system. .. cfgcmd:: set firewall all-ping [enable | disable] @@ -89,7 +91,7 @@ Some firewall settings are global and have a affect on the whole system. .. cfgcmd:: set firewall send-redirects [enable | disable] - enable or disable of ICMPv4 redirect messages send by VyOS + enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered: * ``net.ipv4.conf.all.send_redirects`` @@ -127,7 +129,7 @@ Some firewall settings are global and have a affect on the whole system. .. cfgcmd:: set firewall state-policy established log enable - Set the global setting for a established connections. + Set the global setting for an established connection. .. cfgcmd:: set firewall state-policy invalid action [accept | drop | reject] @@ -163,8 +165,8 @@ names. Address Groups ============== -In a **address group** a single IP adresses or IP address ranges are -definded. +In an **address group** a single IP address or IP address ranges are +defined. .. cfgcmd:: set firewall group address-group address [address | address range] @@ -221,7 +223,7 @@ filtering unnecessary ports. Ranges of ports can be specified by using .. cfgcmd:: set firewall group port-group port [portname | portnumber | startport-endport] - Define a port group. A port name are any name defined in + Define a port group. A port name can be any name defined in /etc/services. e.g.: http .. code-block:: none @@ -240,10 +242,10 @@ Rule-Sets ********* A rule-set is a named collection of firewall rules that can be applied -to an interface or zone. Each rule is numbered, has an action to apply +to an interface or a zone. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify the criteria to match. Data packets go through the rules from 1 - 9999, at the first match -the action of the rule will executed. +the action of the rule will be executed. .. cfgcmd:: set firewall name description .. cfgcmd:: set firewall ipv6-name description @@ -267,7 +269,7 @@ the action of the rule will executed. .. cfgcmd:: set firewall ipv6-name rule <1-9999> action [drop | reject | accept] - This required setting define the action of the current rule. + This required setting defines the action of the current rule. .. cfgcmd:: set firewall name rule <1-9999> description .. cfgcmd:: set firewall ipv6-name rule <1-9999> description @@ -287,7 +289,7 @@ the action of the rule will executed. Matching criteria ================= -There are a lot of matching criteria gainst which the package can be tested. +There are a lot of matching criteria against which the package can be tested. .. cfgcmd:: set firewall name rule <1-9999> source address @@ -299,7 +301,7 @@ There are a lot of matching criteria gainst which the package can be tested. .. cfgcmd:: set firewall ipv6-name rule <1-9999> destination address [address | addressrange | CIDR] - This is similiar to the network groups part, but here you are able to negate + This is similar to the network groups part, but here you are able to negate the matching addresses. .. code-block:: none @@ -315,7 +317,7 @@ There are a lot of matching criteria gainst which the package can be tested. .. cfgcmd:: set firewall ipv6-name rule <1-9999> source mac-address - Only in the source criteria you can specify a mac-address + Only in the source criteria, you can specify a mac-address. .. code-block:: none @@ -331,7 +333,7 @@ There are a lot of matching criteria gainst which the package can be tested. .. cfgcmd:: set firewall ipv6-name rule <1-9999> destination port [1-65535 | portname | start-end] - A port can be set with a portnumber or a name which is here + A port can be set with a port number or a name which is here defined: ``/etc/services``. .. code-block:: none @@ -410,9 +412,9 @@ There are a lot of matching criteria gainst which the package can be tested. set firewall name WAN-IN-v4 rule 13 tcp flags 'SYN,!ACK,!FIN,!RST' .. cfgcmd:: set firewall name rule <1-9999> state [established | - invalid | new | related] [enable | disable ] + invalid | new | related] [enable | disable] .. cfgcmd:: set firewall ipv6-name rule <1-9999> state [established | - invalid | new | related] [enable | disable ] + invalid | new | related] [enable | disable] Match against the state of a packet. @@ -423,8 +425,8 @@ Applying a Rule-Set to an Interface A Rule-Set can be applied to every interface: -* ``in``: Ruleset for forwarded packets on inbound interface -* ``out``: Ruleset for forwarded packets on outbound interface +* ``in``: Ruleset for forwarded packets on an inbound interface +* ``out``: Ruleset for forwarded packets on an outbound interface * ``local``: Ruleset for packets destined for this router .. cfgcmd:: set interface ethernet firewall [in | out | local] @@ -451,7 +453,7 @@ Zone-based Firewall Policy As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of -applying rulesets to interfaces, they are applied to source +applying rule-sets to interfaces, they are applied to source zone-destination zone pairs. An basic introduction to zone-based firewalls can be found `here @@ -465,12 +467,12 @@ To define a zone setup either one with interfaces or a local zone. .. cfgcmd:: set zone-policy zone interface - Set a interfaces to a zone. A zone can have multiple interfaces. - But a interface can only be member in one zone. + Set interfaces to a zone. A zone can have multiple interfaces. + But an interface can only be a member in one zone. .. cfgcmd:: set zone-policy zone local-zone - Define the Zone as a local zone. A local zone have no interfaces and + Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself. .. cfgcmd:: set zone-policy zone default-action [drop | reject] @@ -486,14 +488,14 @@ Applying a Rule-Set to a Zone ============================= Before you are able to apply a rule-set to a zone you have to create the zones -first. +first. .. cfgcmd:: set zone-policy zone from firewall name .. cfgcmd:: set zone-policy zone from firewall ipv6-name - You apply a rule-set always to a zone from a other zone, it is recommended + You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair. .. code-block:: none @@ -577,7 +579,7 @@ Rule-set overview .. opcmd:: show firewall summary - This will show you a summary about rule-sets and groups + This will show you a summary of rule-sets and groups .. code-block:: none @@ -630,7 +632,7 @@ Rule-set overview .. opcmd:: show firewall [name | ipv6name] rule <1-9999> - This command will give an overview about a rule in a single rule-set + This command will give an overview of a rule in a single rule-set .. opcmd:: show firewall group @@ -658,7 +660,7 @@ Rule-set overview .. opcmd:: show firewall [name | ipv6name] - This command will give an overview about a single rule-set + This command will give an overview of a single rule-set. .. opcmd:: show firewall [name | ipv6name] statistics @@ -666,7 +668,7 @@ Rule-set overview .. opcmd:: show firewall [name | ipv6name] rule <1-9999> - This command will give an overview about a rule in a single rule-set + This command will give an overview of a rule in a single rule-set. Zone-Policy Overview @@ -674,7 +676,7 @@ Zone-Policy Overview .. opcmd:: show zone-policy zone - Use this command to get an overview about a zone + Use this command to get an overview of a zone. .. code-block:: none @@ -695,7 +697,7 @@ Show Firewall log .. opcmd:: show log firewall [name | ipv6name] - Show the logs of a specific Rule-Set + Show the logs of a specific Rule-Set. .. note:: At the moment it not possible to look at the whole firewall log with VyOS -- cgit v1.2.3 From e7b7a238818134de814b3028a9bad406dc5d0cbb Mon Sep 17 00:00:00 2001 From: Ganawa Juanah Date: Tue, 29 Jun 2021 14:55:59 -0500 Subject: alphabetized index.rst to place container at top --- docs/configuration/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/index.rst b/docs/configuration/index.rst index d6004cad..0fe481da 100644 --- a/docs/configuration/index.rst +++ b/docs/configuration/index.rst @@ -8,6 +8,7 @@ The following structure respresent the cli structure. :maxdepth: 1 :includehidden: + container/index firewall/index highavailability/index interfaces/index @@ -21,4 +22,3 @@ The following structure respresent the cli structure. vpn/index vrf/index zonepolicy/index - container/index \ No newline at end of file -- cgit v1.2.3