From 4d94f2aea9812ef311696e8c09c8f717d1a44514 Mon Sep 17 00:00:00 2001 From: Bryan Killian Date: Thu, 13 Apr 2023 03:27:06 -0400 Subject: updating network name to reflect new limitation from 11 to 9 --- docs/configuration/container/index.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index c23a6184..0487f863 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -182,11 +182,11 @@ Example Configuration .. code-block:: none - set container network zabbix-net prefix 172.20.0.0/16 - set container network zabbix-net description 'Network for Zabbix component containers' + set container network zabbix prefix 172.20.0.0/16 + set container network zabbix description 'Network for Zabbix component containers' set container name mysql-server image mysql:8.0 - set container name mysql-server network zabbix-net + set container name mysql-server network zabbix set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix' set container name mysql-server environment 'MYSQL_USER' value 'zabbix' @@ -194,10 +194,10 @@ Example Configuration set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd' set container name zabbix-java-gateway image zabbix/zabbix-java-gateway:alpine-5.2-latest - set container name zabbix-java-gateway network zabbix-net + set container name zabbix-java-gateway network zabbix set container name zabbix-server-mysql image zabbix/zabbix-server-mysql:alpine-5.2-latest - set container name zabbix-server-mysql network zabbix-net + set container name zabbix-server-mysql network zabbix set container name zabbix-server-mysql environment 'DB_SERVER_HOST' value 'mysql-server' set container name zabbix-server-mysql environment 'MYSQL_DATABASE' value 'zabbix' @@ -210,7 +210,7 @@ Example Configuration set container name zabbix-server-mysql port zabbix destination 10051 set container name zabbix-web-nginx-mysql image zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest - set container name zabbix-web-nginx-mysql network zabbix-net + set container name zabbix-web-nginx-mysql network zabbix set container name zabbix-web-nginx-mysql environment 'MYSQL_DATABASE' value 'zabbix' set container name zabbix-web-nginx-mysql environment 'ZBX_SERVER_HOST' value 'zabbix-server-mysql' -- cgit v1.2.3 From 742838edda1738160f6dd7cbebd35c97e9a1a00d Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 18 Dec 2023 06:05:48 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.3.rst | 13 +++++++++++++ docs/changelog/1.4.rst | 39 +++++++++++++++++++++++++++++++++++++++ docs/changelog/1.5.rst | 39 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 92 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index 5b2ee47e..f991faab 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit 5b2ee47e85b536800897e4f4a475ca3167238254 +Subproject commit f991faab2c0d95cbec5d46996b154145955572d7 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 11d3be91..4d5d802d 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,19 @@ _ext/releasenotes.py +2023-12-15 +========== + +* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` + + +2023-12-12 +========== + +* :vytask:`T5817` ``(bug): Show openvpn server fails in some cases`` +* :vytask:`T5413` ``(default): Deny the opportunity to use one public/private key pair on both wireguard peers.`` + + 2023-11-30 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index b6c901b4..1db86da5 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,45 @@ _ext/releasenotes.py +2023-12-15 +========== + +* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` +* :vytask:`T5803` ``(default): git/github: Adjust configuration for safe and baseline defaults`` + + +2023-12-14 +========== + +* :vytask:`T5773` ``(bug): Unable to load config via HTTP`` +* :vytask:`T5816` ``(bug): BGP Large Community List Validation Broken`` +* :vytask:`T5812` ``(bug): rollback check max revision number does not work`` +* :vytask:`T5749` ``(feature): Show MAC address VRF and MTU by default for "show interfaces"`` +* :vytask:`T5774` ``(bug): commit-archive to FTP server broken after update (VyOS 1.5-rolling)`` +* :vytask:`T5826` ``(default): Add dmicode as an explicit dependency`` +* :vytask:`T5793` ``(default): mdns-repeater: Cleanup avahi-daemon configuration in /etc`` + + +2023-12-13 +========== + +* :vytask:`T591` ``(feature): Support SRv6`` + + +2023-12-12 +========== + +* :vytask:`T4704` ``(feature): Allow to set metric (MED) to rtt with rtt,+rtt or -rtt`` +* :vytask:`T5815` ``(enhancment): Add load_config module`` +* :vytask:`T5413` ``(default): Deny the opportunity to use one public/private key pair on both wireguard peers.`` + + +2023-12-11 +========== + +* :vytask:`T5741` ``(bug): WAN Load Balancing failover route tables aren't created`` + + 2023-12-10 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index 1deedc72..f8207e80 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,45 @@ _ext/releasenotes.py +2023-12-15 +========== + +* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` +* :vytask:`T5770` ``(bug): MACsec not encrypting`` +* :vytask:`T5803` ``(default): git/github: Adjust configuration for safe and baseline defaults`` + + +2023-12-14 +========== + +* :vytask:`T5773` ``(bug): Unable to load config via HTTP`` +* :vytask:`T5816` ``(bug): BGP Large Community List Validation Broken`` +* :vytask:`T5812` ``(bug): rollback check max revision number does not work`` +* :vytask:`T5749` ``(feature): Show MAC address VRF and MTU by default for "show interfaces"`` +* :vytask:`T5774` ``(bug): commit-archive to FTP server broken after update (VyOS 1.5-rolling)`` +* :vytask:`T5826` ``(default): Add dmicode as an explicit dependency`` +* :vytask:`T5793` ``(default): mdns-repeater: Cleanup avahi-daemon configuration in /etc`` + + +2023-12-13 +========== + +* :vytask:`T5688` ``(default): Create the same view of pool configuration for all accel-ppp services`` +* :vytask:`T591` ``(feature): Support SRv6`` + + +2023-12-12 +========== + +* :vytask:`T5815` ``(enhancment): Add load_config module`` + + +2023-12-11 +========== + +* :vytask:`T5741` ``(bug): WAN Load Balancing failover route tables aren't created`` + + 2023-12-10 ========== -- cgit v1.2.3 From ad4a92eb9823654abb4acc38549b771f5a7212e9 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Fri, 22 Dec 2023 12:29:55 +0100 Subject: testing: fix typo --- docs/contributing/testing.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'docs') diff --git a/docs/contributing/testing.rst b/docs/contributing/testing.rst index d5df9d59..772ff04a 100644 --- a/docs/contributing/testing.rst +++ b/docs/contributing/testing.rst @@ -4,10 +4,11 @@ Testing ####### -One of the major advantages introduced in VyOS 1.3 is an autmated test framework. -When assembling an ISO image multiple things can go wrong badly and publishing -a faulty ISO makes no sense. The user is disappointed by the quality of the image -and the developers get flodded with bug reports over and over again. +One of the major advantages introduced in VyOS 1.3 is an automated test +framework. When assembling an ISO image multiple things can go wrong badly and +publishing a faulty ISO makes no sense. The user is disappointed by the quality +of the image and the developers get flodded with bug reports over and over +again. As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated -- cgit v1.2.3 From 983a7de9865bd08ceb080ae906c87009a2e07e5a Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 25 Dec 2023 06:05:34 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.3.rst | 28 +++++++++++++++++++++++++++ docs/changelog/1.4.rst | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ docs/changelog/1.5.rst | 49 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 130 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index f991faab..b1a35b8a 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit f991faab2c0d95cbec5d46996b154145955572d7 +Subproject commit b1a35b8ae02c7a72ee29bf3e1595fedf254479ee diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 4d5d802d..5960cd58 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,34 @@ _ext/releasenotes.py +2023-12-22 +========== + +* :vytask:`T4760` ``(bug): VyOS does not support running multiple instances of DHCPv6 clients`` + + +2023-12-21 +========== + +* :vytask:`T5714` ``(bug): IPSec VPN: op-mode: "show log vpn" does not show results`` +* :vytask:`T3039` ``(feature): Resize a root partition and filesystem automatically during deployment in virtual environments`` +* :vytask:`T2404` ``(bug): Cannot change MTU`` +* :vytask:`T2353` ``(bug): Interface [conf_mode] errors parent task`` +* :vytask:`T5796` ``(bug): Openconnect - HTTPS security headers are missing`` + + +2023-12-19 +========== + +* :vytask:`T2116` ``(feature): Processing configuration via Cloud-init User-Data`` + + +2023-12-18 +========== + +* :vytask:`T2191` ``(feature): Using tallow to block sshd probes`` + + 2023-12-15 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 1db86da5..385d1d63 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,58 @@ _ext/releasenotes.py +2023-12-24 +========== + +* :vytask:`T5853` ``(default): Typo interfaces-virtual-ethernet.xml.in`` + + +2023-12-22 +========== + +* :vytask:`T5811` ``(bug): static dhcp-interface routes not installed`` +* :vytask:`T5804` ``(bug): SNAT "any" interface error`` +* :vytask:`T4760` ``(bug): VyOS does not support running multiple instances of DHCPv6 clients`` + + +2023-12-21 +========== + +* :vytask:`T5778` ``(bug): The show dhcp server leases operation mode command does not work as expected`` +* :vytask:`T5775` ``(default): Migrated Firewall Global State Policy ineffective on latest firewall zone config`` +* :vytask:`T5637` ``(bug): Firewall default-action log`` +* :vytask:`T5796` ``(bug): Openconnect - HTTPS security headers are missing`` +* :vytask:`T3580` ``(feature): Refactoring firewall ipv6 rule icmpv6`` +* :vytask:`T2898` ``(feature): Support NDP proxy`` +* :vytask:`T2229` ``(feature): PPPOE Default Queue type selection`` + + +2023-12-20 +========== + +* :vytask:`T5823` ``(feature): Protocol BGP add default values for config dictionary`` +* :vytask:`T5798` ``(enhancment): reverse-proxy load-balancing service should support multiple certificates for frontend`` + + +2023-12-19 +========== + +* :vytask:`T5828` ``(default): Fix GRUB installation on arm64`` + + +2023-12-18 +========== + +* :vytask:`T5751` ``(feature): Adjust new image tools for non-interactive use`` +* :vytask:`T5831` ``(feature): show system image should reverse order by addition date`` +* :vytask:`T5825` ``(bug): image-tools: restore authentication on 'add system image'`` +* :vytask:`T5821` ``(bug): image-tools: restore vrf-aware 'add system image'`` +* :vytask:`T5819` ``(bug): Don't echo password on install image`` +* :vytask:`T5806` ``(bug): Clear old raid data on new install image`` +* :vytask:`T5789` ``(bug): image-tools should copy ssh host keys on image update`` +* :vytask:`T5758` ``(default): Restore scanning configs when live installing`` + + 2023-12-15 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index f8207e80..4ef32704 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,55 @@ _ext/releasenotes.py +2023-12-23 +========== + +* :vytask:`T5678` ``(feature): Improvements in PPPoE configuration`` + + +2023-12-22 +========== + +* :vytask:`T5804` ``(bug): SNAT "any" interface error`` + + +2023-12-21 +========== + +* :vytask:`T5807` ``(bug): NAT66 op-mode bugs`` +* :vytask:`T5778` ``(bug): The show dhcp server leases operation mode command does not work as expected`` +* :vytask:`T5775` ``(default): Migrated Firewall Global State Policy ineffective on latest firewall zone config`` +* :vytask:`T5676` ``(bug): NAT66 source rule with negation source/destination prefix causes TypeError`` +* :vytask:`T5637` ``(bug): Firewall default-action log`` +* :vytask:`T5796` ``(bug): Openconnect - HTTPS security headers are missing`` + + +2023-12-20 +========== + +* :vytask:`T5823` ``(feature): Protocol BGP add default values for config dictionary`` +* :vytask:`T5798` ``(enhancment): reverse-proxy load-balancing service should support multiple certificates for frontend`` + + +2023-12-19 +========== + +* :vytask:`T5828` ``(default): Fix GRUB installation on arm64`` + + +2023-12-18 +========== + +* :vytask:`T5751` ``(feature): Adjust new image tools for non-interactive use`` +* :vytask:`T5831` ``(feature): show system image should reverse order by addition date`` +* :vytask:`T5825` ``(bug): image-tools: restore authentication on 'add system image'`` +* :vytask:`T5821` ``(bug): image-tools: restore vrf-aware 'add system image'`` +* :vytask:`T5819` ``(bug): Don't echo password on install image`` +* :vytask:`T5806` ``(bug): Clear old raid data on new install image`` +* :vytask:`T5789` ``(bug): image-tools should copy ssh host keys on image update`` +* :vytask:`T5758` ``(default): Restore scanning configs when live installing`` + + 2023-12-15 ========== -- cgit v1.2.3 From 0ed155b05523c755a9eb777c49a3a0fd4b56149e Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 25 Dec 2023 09:14:05 +0100 Subject: snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp" --- docs/configuration/service/lldp.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/configuration/service/lldp.rst b/docs/configuration/service/lldp.rst index aa357211..12a9e0b6 100644 --- a/docs/configuration/service/lldp.rst +++ b/docs/configuration/service/lldp.rst @@ -54,7 +54,7 @@ Configuration Disable transmit of LLDP frames on given ``. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled. -.. cfgcmd:: set service lldp snmp enable +.. cfgcmd:: set service lldp snmp Enable SNMP queries of the LLDP database -- cgit v1.2.3 From fd3073eef7bcbd64112e0581ba10afb58100b30d Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Mon, 25 Dec 2023 17:23:32 +0200 Subject: Add system update-check example Add an example of online checking for updates ``` set system update-check auto-check set system update-check url ``` --- docs/configuration/system/index.rst | 1 + docs/configuration/system/updates.rst | 37 +++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 docs/configuration/system/updates.rst (limited to 'docs') diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst index bfda7747..dbb63d09 100644 --- a/docs/configuration/system/index.rst +++ b/docs/configuration/system/index.rst @@ -25,6 +25,7 @@ System sysctl task-scheduler time-zone + updates .. toctree:: diff --git a/docs/configuration/system/updates.rst b/docs/configuration/system/updates.rst new file mode 100644 index 00000000..a55bfa9a --- /dev/null +++ b/docs/configuration/system/updates.rst @@ -0,0 +1,37 @@ +####### +Updates +####### + +VyOS supports online checking for updates + +Configuration +============= + +.. cfgcmd:: set system update-check auto-check + + Configure auto-checking for new images + + +.. cfgcmd:: set system update-check url + + Configure a URL that contains information about images. + + +Example +======= + +.. code-block:: none + + set system update-check auto-check + set system update-check url 'https://raw.githubusercontent.com/vyos/vyos-rolling-nightly-builds/main/version.json' + +Check: + +.. code-block:: none + + vyos@r4:~$ show system updates + Current version: 1.5-rolling-202312220023 + + Update available: 1.5-rolling-202312250024 + Update URL: https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/1.5-rolling-202312250024/1.5-rolling-202312250024-amd64.iso + vyos@r4:~$ -- cgit v1.2.3 From 0c5e77aea59cbb50af527c59770584d232c97f52 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Tue, 26 Dec 2023 08:55:02 -0300 Subject: Add configuration commands and brief example of firewall Flowtables. Also re-add commands for firewall state policies, which now can eb found under section --- docs/configuration/firewall/flowtables.rst | 140 ++++++++++++++++++++++++- docs/configuration/firewall/global-options.rst | 34 +++++- 2 files changed, 170 insertions(+), 4 deletions(-) (limited to 'docs') diff --git a/docs/configuration/firewall/flowtables.rst b/docs/configuration/firewall/flowtables.rst index 8b44a9b9..bc7b9212 100644 --- a/docs/configuration/firewall/flowtables.rst +++ b/docs/configuration/firewall/flowtables.rst @@ -1,4 +1,4 @@ -:lastproofread: 2023-11-08 +:lastproofread: 2023-12-26 .. _firewall-flowtables-configuration: @@ -13,7 +13,7 @@ Overview ******** In this section there's useful information of all firewall configuration that -can be done regarding flowtables +can be done regarding flowtables. .. cfgcmd:: set firewall flowtables ... @@ -50,3 +50,139 @@ flowtable (flowtable miss), the packet follows the classic IP forwarding path. .. note:: **Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html + + +*********************** +Flowtable Configuration +*********************** + +In order to use flowtables, the minimal configuration needed includes: + + * Create flowtable: create flowtable, which includes the interfaces + that are going to be used by the flowtable. + + * Create firewall rule: create a firewall rule, setting action to + ``offload`` and using desired flowtable for ``offload-target``. + +Creating a flow table: + +.. cfgcmd:: set firewall flowtable interface + + Define interfaces to be used in the flowtable. + +.. cfgcmd:: set firewall flowtable description + +Provide a description to the flow table. + +.. cfgcmd:: set firewall flowtable offload + + + Define type of offload to be used by the flowtable: ``hardware`` or + ``software``. By default, ``software`` offload is used. + +.. note:: **Hardware offload:** should be supported by the NICs used. + +Creating rules for using flow tables: + +.. cfgcmd:: set firewall [ipv4 | ipv4] forward filter rule <1-999999> + action offload + + Create firewall rule in forward chain, and set action to ``offload``. + +.. cfgcmd:: set firewall [ipv4 | ipv4] forward filter rule <1-999999> + offload-target + + Create firewall rule in forward chain, and define which flowtbale + should be used. Only applicable if action is ``offload``. + +********************* +Configuration Example +********************* + +Things to be considred in this setup: + + * Two interfaces are going to be used in the flowtables: eth0 and eth1 + + * Minumum firewall ruleset is provided, which includes some filtering rules, + and appropiate rules for using flowtable offload capabilities. + +As described, first packet will be evaluated by all the firewall path, so +desired connection should be explicitely accepted. Same thing should be taken +into account for traffic in reverse order. In most cases state policies are +used in order to accept connection in reverse patch. + +We will only accept traffic comming from interface eth0, protocol tcp and +destination port 1122. All other traffic traspassing the router should be +blocked. + +Commands +-------- + +.. code-block:: none + + set firewall flowtable FT01 interface 'eth0' + set firewall flowtable FT01 interface 'eth1' + set firewall ipv4 forward filter default-action 'drop' + set firewall ipv4 forward filter rule 10 action 'offload' + set firewall ipv4 forward filter rule 10 offload-target 'FT01' + set firewall ipv4 forward filter rule 10 state 'established' + set firewall ipv4 forward filter rule 10 state 'related' + set firewall ipv4 forward filter rule 20 action 'accept' + set firewall ipv4 forward filter rule 20 state 'established' + set firewall ipv4 forward filter rule 20 state 'related' + set firewall ipv4 forward filter rule 110 action 'accept' + set firewall ipv4 forward filter rule 110 destination address '192.0.2.100' + set firewall ipv4 forward filter rule 110 destination port '1122' + set firewall ipv4 forward filter rule 110 inbound-interface name 'eth0' + set firewall ipv4 forward filter rule 110 protocol 'tcp' + +Explanation +----------- + +Analysis on what happens for desired connection: + + 1. First packet is received on eht0, with destination address 192.0.2.100, + protocol tcp and destination port 1122. Assume such destination address is + reachable through interface eth1. + + 2. Since this is the first packet, connection status of this connection, + so far is **new**. So neither rule 10 nor 20 are valid. + + 3. Rule 110 is hit, so connection is accepted. + + 4. Once answer from server 192.0.2.100 is seen in opposite direction, + connection state will be triggered to **established**, so this reply is + accepted in rule 10. + + 5. Second packet for this connection is received by the router. Since + connection state is **established**, then rule 10 is hit, and a new entry + in the flowtable FT01 is added for this connection. + + 6. All subsecuent packets will skip traditional path, and will be offloaded + and will use the **Fast Path**. + +Checks +------ + +It's time to check conntrack table, to see if any connection was accepted, +and if was properly offloaded + +.. code-block:: none + + vyos@FlowTables:~$ show firewall ipv4 forward filter + Ruleset Information + + --------------------------------- + ipv4 Firewall "forward filter" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ---------------------------------------------------------------- + 10 offload all 8 468 ct state { established, related } flow add @VYOS_FLOWTABLE_FT01 + 20 accept all 8 468 ct state { established, related } accept + 110 accept tcp 2 120 ip daddr 192.0.2.100 tcp dport 1122 iifname "eth0" accept + default drop all 7 420 + + vyos@FlowTables:~$ sudo conntrack -L | grep tcp + conntrack v1.4.6 (conntrack-tools): 5 flow entries have been shown. + tcp 6 src=198.51.100.100 dst=192.0.2.100 sport=41676 dport=1122 src=192.0.2.100 dst=198.51.100.100 sport=1122 dport=41676 [OFFLOAD] mark=0 use=2 + vyos@FlowTables:~$ diff --git a/docs/configuration/firewall/global-options.rst b/docs/configuration/firewall/global-options.rst index 316e0802..455e530b 100644 --- a/docs/configuration/firewall/global-options.rst +++ b/docs/configuration/firewall/global-options.rst @@ -1,4 +1,4 @@ -:lastproofread: 2023-11-07 +:lastproofread: 2023-12-026 .. _firewall-global-options-configuration: @@ -114,4 +114,34 @@ Configuration Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered: - * ``net.ipv4.tcp_rfc1337`` \ No newline at end of file + * ``net.ipv4.tcp_rfc1337`` + +.. cfgcmd:: set firewall global-options state-policy established action + [accept | drop | reject] + +.. cfgcmd:: set firewall global-options state-policy established log + +.. cfgcmd:: set firewall global-options state-policy established log-level + [emerg | alert | crit | err | warn | notice | info | debug] + + Set the global setting for an established connection. + +.. cfgcmd:: set firewall global-options state-policy invalid action + [accept | drop | reject] + +.. cfgcmd:: set firewall global-options state-policy invalid log + +.. cfgcmd:: set firewall global-options state-policy invalid log-level + [emerg | alert | crit | err | warn | notice | info | debug] + + Set the global setting for invalid packets. + +.. cfgcmd:: set firewall global-options state-policy related action + [accept | drop | reject] + +.. cfgcmd:: set firewall global-options state-policy related log + +.. cfgcmd:: set firewall global-options state-policy related log-level + [emerg | alert | crit | err | warn | notice | info | debug] + + Set the global setting for related connections. -- cgit v1.2.3 From 0893ca769b1796d2d61dc26a0c0c13d1eda56f5e Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Wed, 27 Dec 2023 06:52:57 -0300 Subject: dhcp-server: update docs for op-mode command --- docs/configuration/firewall/global-options.rst | 2 +- docs/configuration/service/dhcp-server.rst | 34 ++++++++++++++++++++++---- 2 files changed, 30 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/configuration/firewall/global-options.rst b/docs/configuration/firewall/global-options.rst index 455e530b..b3f311aa 100644 --- a/docs/configuration/firewall/global-options.rst +++ b/docs/configuration/firewall/global-options.rst @@ -1,4 +1,4 @@ -:lastproofread: 2023-12-026 +:lastproofread: 2023-12-26 .. _firewall-global-options-configuration: diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index b5b12a5b..0cc10feb 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -549,18 +549,43 @@ Operation Mode .. code-block:: none vyos@vyos:~$ show dhcp server leases - IP address Hardware address State Lease start Lease expiration Remaining Pool Hostname - -------------- ------------------ ------- ------------------- ------------------- ---------- ----------- --------- - 192.0.2.104 00:53:01:dd:ee:ff active 2019/12/05 14:24:23 2019/12/06 02:24:23 6:05:35 dhcpexample test1 - 192.0.2.115 00:53:01:ae:af:bf active 2019/12/05 18:02:37 2019/12/06 06:02:37 9:43:49 dhcpexample test2 + IP Address MAC address State Lease start Lease expiration Remaining Pool Hostname Origin + -------------- ----------------- ------- ------------------- ------------------- ----------- -------- ---------- -------- + 192.168.11.134 00:50:79:66:68:09 active 2023/11/29 09:51:05 2023/11/29 10:21:05 0:24:10 LAN VPCS1 local + 192.168.11.133 50:00:00:06:00:00 active 2023/11/29 09:51:38 2023/11/29 10:21:38 0:24:43 LAN VYOS-6 local + 10.11.11.108 50:00:00:05:00:00 active 2023/11/29 09:51:43 2023/11/29 10:21:43 0:24:48 VIF-1001 VYOS5 local + 192.168.11.135 00:50:79:66:68:07 active 2023/11/29 09:55:16 2023/11/29 09:59:16 0:02:21 remote + vyos@vyos:~$ .. hint:: Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``. +.. opcmd:: show dhcp server leases origin [local | remote] + + Show statuses of all active leases granted by local (this server) or + remote (failover server): + +.. code-block:: none + + vyos@vyos:~$ show dhcp server leases origin remote + IP Address MAC address State Lease start Lease expiration Remaining Pool Hostname Origin + -------------- ----------------- ------- ------------------- ------------------- ----------- -------- ---------- -------- + 192.168.11.135 00:50:79:66:68:07 active 2023/11/29 09:55:16 2023/11/29 09:59:16 0:02:21 remote + vyos@vyos:~$ + .. opcmd:: show dhcp server leases pool Show only leases in the specified pool. +.. code-block:: none + + vyos@vyos:~$ show dhcp server leases pool LAN + IP Address MAC address State Lease start Lease expiration Remaining Pool Hostname Origin + -------------- ----------------- ------- ------------------- ------------------- ----------- ------ ---------- -------- + 192.168.11.134 00:50:79:66:68:09 active 2023/11/29 09:51:05 2023/11/29 10:21:05 0:23:55 LAN VPCS1 local + 192.168.11.133 50:00:00:06:00:00 active 2023/11/29 09:51:38 2023/11/29 10:21:38 0:24:28 LAN VYOS-6 local + vyos@vyos:~$ + .. opcmd:: show dhcp server leases sort Sort the output by the specified key. Possible keys: ip, hardware_address, @@ -572,7 +597,6 @@ Operation Mode free, expired, released, abandoned, reset, backup (default = active) - *********** IPv6 server *********** -- cgit v1.2.3 From 3c4d9ec2e93740eb9bd398736b228af356d2b2a8 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Wed, 27 Dec 2023 07:45:07 -0300 Subject: System Conntrack: update commands for timeout rules; update commands for ignore rules, since both ipv4 and ipv6 rules are supported. --- docs/configuration/system/conntrack.rst | 149 ++++++++++++++++++++------------ 1 file changed, 93 insertions(+), 56 deletions(-) (limited to 'docs') diff --git a/docs/configuration/system/conntrack.rst b/docs/configuration/system/conntrack.rst index 68a4f2b8..6ed5fef7 100644 --- a/docs/configuration/system/conntrack.rst +++ b/docs/configuration/system/conntrack.rst @@ -46,9 +46,23 @@ Configure | Use `delete system conntrack modules` to deactive all modules. | Or, for example ftp, `delete system conntrack modules ftp`. +.. cfgcmd:: set system conntrack tcp half-open-connections <1-21474836> + :defaultvalue: -Define Conection Timeouts -========================= + Set the maximum number of TCP half-open connections. + +.. cfgcmd:: set system conntrack tcp loose + :defaultvalue: + + Policy to track previously established connections. + +.. cfgcmd:: set system conntrack tcp max-retrans <1-2147483647> + :defaultvalue: + + Set the number of TCP maximum retransmit attempts. + +Contrack Timeouts +================= VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP @@ -82,34 +96,48 @@ states. Set the timeout in secounds for a protocol or state. - You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector. -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> description +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + description Set a rule description. +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + destination address +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + source address -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> destination address -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> source address - - set a destination and/or source address. Accepted input: + Set a destination and/or source address. Accepted input for ipv4: .. code-block:: none - IP address to match - Subnet to match - - - IP range to match - ! Match everything except the specified address - ! Match everything except the specified subnet - !- - Match everything except the specified range - -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> destination port -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> source port + set system conntrack timeout custom ipv4 rule <1-999999> [source | destination] address + Possible completions: + IPv4 address to match + IPv4 prefix to match + - IPv4 address range to match + ! Match everything except the specified address + ! Match everything except the specified prefix + !- Match everything except the specified range + + set system conntrack timeout custom ipv6 rule <1-999999> [source | destination] address + Possible completions: + IP address to match + Subnet to match + - + IP range to match + ! Match everything except the specified address + ! Match everything except the specified prefix + !- + Match everything except the specified range + +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + destination port +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + source port Set a destination and/or source port. Accepted input: @@ -123,49 +151,58 @@ create a rule defining the packet and flow selector. The whole list can also be "negated" using '!'. For example: `!22,telnet,http,123,1001-1005`` - - -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol icmp <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol other <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp close <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp close-wait <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp established <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp fin-wait <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp last-ack <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp syn-recv <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp syn-sent <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp time-wait <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol udp other <1-21474836> -.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol udp stream <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp close <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp close-wait <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp established <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp fin-wait <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp last-ack <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp syn-recv <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp syn-sent <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol tcp time-wait <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol udp replied <1-21474836> +.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> + protocol udp unreplied <1-21474836> Set the timeout in secounds for a protocol or state in a custom rule. - -.. cfgcmd:: set system conntrack tcp half-open-connections <1-21474836> - :defaultvalue: - - Set the maximum number of TCP half-open connections. - -.. cfgcmd:: set system conntrack tcp loose - :defaultvalue: - - Policy to track previously established connections. - -.. cfgcmd:: set system conntrack tcp max-retrans <1-2147483647> - :defaultvalue: - - Set the number of TCP maximum retransmit attempts. - -.. cfgcmd:: set system conntrack ignore rule <1-9999> description -.. cfgcmd:: set system conntrack ignore rule <1-9999> destination address -.. cfgcmd:: set system conntrack ignore rule <1-9999> destination port -.. cfgcmd:: set system conntrack ignore rule <1-9999> inbound-interface -.. cfgcmd:: set system conntrack ignore rule <1-9999> protocol -.. cfgcmd:: set system conntrack ignore rule <1-9999> source address -.. cfgcmd:: set system conntrack ignore rule <1-9999> source port +Conntrack ignore rules +====================== Customized ignore rules, based on a packet and flow selector. +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + description +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + destination address +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + destination port +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + inbound-interface +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + protocol +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + source address +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + source port +.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> + tcp flags [not] + + Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, + ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for + inverted selection use ``not``, as shown in the example. + +Conntrack log +============= + .. cfgcmd:: set system conntrack log icmp destroy .. cfgcmd:: set system conntrack log icmp new .. cfgcmd:: set system conntrack log icmp update -- cgit v1.2.3 From 5933ffbe44c626b77c93af68e18123a66dd12b63 Mon Sep 17 00:00:00 2001 From: fett0 Date: Wed, 27 Dec 2023 16:37:24 -0300 Subject: ocserv: add http-security-headers documentation --- docs/configuration/vpn/openconnect.rst | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'docs') diff --git a/docs/configuration/vpn/openconnect.rst b/docs/configuration/vpn/openconnect.rst index 1cc197e9..845d9196 100644 --- a/docs/configuration/vpn/openconnect.rst +++ b/docs/configuration/vpn/openconnect.rst @@ -165,6 +165,13 @@ Simple setup with one user added and password authentication: set vpn openconnect ssl ca-certificate 'ca-ocserv' set vpn openconnect ssl certificate 'srv-ocserv' +To enable the HTTP security headers in the configuration file, use the command: + +.. code-block:: none + + set vpn openconnect http-security-headers + + Adding a 2FA with an OTP-key ============================ -- cgit v1.2.3 From 05215848a5df37a4cc4075a58b05f19871a56306 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 30 Dec 2023 10:44:58 +0100 Subject: system: T5877: Shorten system domain-search config path Documentation pdate for https://github.com/vyos/vyos-1x/pull/2718 --- docs/configuration/system/name-server.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'docs') diff --git a/docs/configuration/system/name-server.rst b/docs/configuration/system/name-server.rst index f18cb5a3..5d08dbc5 100644 --- a/docs/configuration/system/name-server.rst +++ b/docs/configuration/system/name-server.rst @@ -48,7 +48,7 @@ In order for the system to use and complete unqualified host names, a list can be defined which will be used for domain searches. -.. cfgcmd:: set system domain-search domain +.. cfgcmd:: set system domain-search Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries. @@ -68,7 +68,7 @@ order: vyos.io (first), vyos.net (second) and vyos.network (last): .. code-block:: none - set system domain-search domain vyos.io - set system domain-search domain vyos.net - set system domain-search domain vyos.network + set system domain-search vyos.io + set system domain-search vyos.net + set system domain-search vyos.network -- cgit v1.2.3 From 878aa0bd85a206afd4a0bd58535ba250748e1c8c Mon Sep 17 00:00:00 2001 From: sofukong <130022807+sofukong@users.noreply.github.com> Date: Sat, 30 Dec 2023 17:49:10 +0800 Subject: build: improve documentation of current versions and how to build them --- docs/contributing/build-vyos.rst | 140 +++++++++++++++++++++++++-------------- 1 file changed, 90 insertions(+), 50 deletions(-) (limited to 'docs') diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index bb212e2f..919f30bf 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -23,10 +23,60 @@ also set up your own build machine and run a :ref:`build_native`. The source code remains public and an ISO can be built using the process outlined in this chapter. + The following includes the build process for VyOS 1.2 to the latest version. + This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster. +.. _build_native: + +Native Build +============ + +To build VyOS natively you require a properly configured build host with the +following Debian versions installed: + +- Debian Jessie for VyOS 1.2 (crux) +- Debian Buster for VyOS 1.3 (equuleus) +- Debian Bookworm for VyOS 1.4 (sagitta) +- Debian Bookworm for the upcoming VyOS 1.5/circinus/current + (subject to change) - aka the rolling release + +To start, clone the repository to your local machine: + +.. code-block:: none + + # For VyOS 1.2 (crux) + $ git clone -b crux --single-branch https://github.com/vyos/vyos-build + + # For VyOS 1.3 (equuleus) + $ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build + + # For VyOS 1.4 (sagitta) + $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build + + # For VyOS 1.5 (circinus,current) + $ git clone -b current --single-branch https://github.com/vyos/vyos-build + + $ cd vyos-build + + # For VyOS 1.2 (crux) and VyOS 1.3 (equuleus) + $ ./configure --architecture amd64 --build-by "j.randomhacker@vyos.io" + $ sudo make iso + + # For VyOS 1.4 (sagitta) and VyOS 1.5 (circinus,current) + $ sudo make clean + $ sudo ./build-vyos-image iso --architecture amd64 --build-by "j.randomhacker@vyos.io" + +For the packages required, you can refer to the ``docker/Dockerfile`` file +in the repository_. The ``./build-vyos-image`` script will also warn you if any +dependencies are missing. + +This will guide you through the process of building a VyOS ISO using Docker. +This process has been tested on clean installs of Debian Bullseye (11) and +Bookworm (12). + .. _build_docker: Docker @@ -34,14 +84,26 @@ Docker Installing Docker_ and prerequisites: +.. hint:: Due to the updated version of Docker, the following examples may + become invalid. + .. code-block:: none - $ sudo apt-get update - $ sudo apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common - $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - - $ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" - $ sudo apt-get update - $ sudo apt-get install -y docker-ce + # Add Docker's official GPG key: + sudo apt-get update + sudo apt-get install ca-certificates curl gnupg + sudo install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + sudo chmod a+r /etc/apt/keyrings/docker.gpg + + # Add the repository to Apt sources: + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + + sudo apt-get update + sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker @@ -79,7 +141,7 @@ To manually download the container from DockerHub, run: $ docker pull vyos/vyos-build:crux # For VyOS 1.2 $ docker pull vyos/vyos-build:equuleus # For VyOS 1.3 $ docker pull vyos/vyos-build:sagitta # For VyOS 1.4 - $ docker pull vyos/vyos-build:current # For rolling release + $ docker pull vyos/vyos-build:current # For VyOS 1.5 rolling release Build from source ^^^^^^^^^^^^^^^^^ @@ -94,15 +156,19 @@ The container can also be built directly from source: $ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build # For VyOS 1.4 (sagitta) $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build + # For VyOS 1.5 (circinus,current) + $ git clone -b current --single-branch https://github.com/vyos/vyos-build $ cd vyos-build - $ docker build -t vyos/vyos-build:crux docker # For VyOS 1.2 - $ docker build -t vyos/vyos-build:current docker # For rolling release - -.. note:: Since VyOS has switched to Debian (11) Bullseye in its ``current`` - branch, you will require individual container for `current`, `equuleus` and - `crux` builds. - + $ docker build -t vyos/vyos-build:crux docker # For VyOS 1.2 + $ docker build -t vyos/vyos-build:equuleus docker # For VyOS 1.3 + $ docker build -t vyos/vyos-build:sagitta docker # For VyOS 1.4 + $ docker build -t vyos/vyos-build:current docker # For VyOS 1.5 rolling release + +.. note:: VyOS has switched to Debian (12) Bookworm in its ``current`` branch, + Due to software version updates, it is recommended to use the official + Docker Hub image to build VyOS ISO. + Tips and Tricks --------------- @@ -141,39 +207,6 @@ your development containers in your current working directory. ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail. -.. _build_native: - -Native Build -============ - -To build VyOS natively you require a properly configured build host with the -following Debian versions installed: - -- Debian Jessie for VyOS 1.2 (crux) -- Debian Buster for VyOS 1.3 (equuleus) -- Debian Bullseye for VyOS 1.4 (sagitta) - -To start, clone the repository to your local machine: - -.. code-block:: none - - # For VyOS 1.2 (crux) - $ git clone -b crux --single-branch https://github.com/vyos/vyos-build - - # For VyOS 1.3 (equuleus) - $ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build - - # For VyOS 1.4 (sagitta) - $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build - - -For the packages required, you can refer to the ``docker/Dockerfile`` file -in the repository_. The ``./build-vyos-image`` script will also warn you if any -dependencies are missing. - -Once you have the required dependencies installed, you may proceed with the -steps described in :ref:`build_iso`. - .. _build_iso: @@ -196,6 +229,10 @@ Please note as this will differ for both `current` and `crux`. # For VyOS 1.4 (sagitta) $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build + # For VyOS 1.5 (circinus,current) + $ git clone -b current --single-branch https://github.com/vyos/vyos-build + + Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run: @@ -210,7 +247,10 @@ Now a fresh build of the VyOS ISO can begin. Change directory to the # For VyOS 1.4 (sagitta) $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:sagitta bash - + + # For VyOS 1.5 (current) + $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:current bash + .. code-block:: none # For MacOS (crux, equuleus, sagitta) @@ -234,7 +274,7 @@ Start the build: vyos_bld@8153428c7e1f:/vyos$ ./configure --architecture amd64 --build-by "j.randomhacker@vyos.io" vyos_bld@8153428c7e1f:/vyos$ sudo make iso - # For VyOS 1.4 (sagitta) + # For VyOS 1.4 (sagitta) For VyOS 1.5 (circinus,current) vyos_bld@8153428c7e1f:/vyos$ sudo make clean vyos_bld@8153428c7e1f:/vyos$ sudo ./build-vyos-image iso --architecture amd64 --build-by "j.randomhacker@vyos.io" @@ -836,7 +876,7 @@ information. .. stop_vyoslinter -.. _Docker: https://www.docker.com +.. _Docker: https://docs.docker.com/engine/install/debian/ .. _`Docker as non-root`: https://docs.docker.com/engine/install/linux-postinstall .. _VyOS DockerHub organisation: https://hub.docker.com/u/vyos .. _repository: https://github.com/vyos/vyos-build -- cgit v1.2.3 From 706930834f21f503dbb4b3cae52afad486854541 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 1 Jan 2024 06:06:30 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.3.rst | 6 ++++++ docs/changelog/1.4.rst | 35 +++++++++++++++++++++++++++++++++++ docs/changelog/1.5.rst | 37 ++++++++++++++++++++++++++++++++++++- 4 files changed, 78 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index b1a35b8a..20782531 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit b1a35b8ae02c7a72ee29bf3e1595fedf254479ee +Subproject commit 2078253176046ea4d07e69caeb7932ea439b5614 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 5960cd58..d0d71d55 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,12 @@ _ext/releasenotes.py +2023-12-29 +========== + +* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface`` + + 2023-12-22 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 385d1d63..cf8e22ab 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,41 @@ _ext/releasenotes.py +2023-12-30 +========== + +* :vytask:`T5875` ``(bug): login: removing and re-adding a user keeps the home directory but UID will change, thus SSH keys no longer work`` +* :vytask:`T5653` ``(feature): Command to display fingerprint`` + + +2023-12-29 +========== + +* :vytask:`T5829` ``(bug): Can't Add IPv6 Address to Containers`` +* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface`` +* :vytask:`T5869` ``(bug): vyos.template.first_host_address() does not honor RFC4291 section 2.6.1`` + + +2023-12-28 +========== + +* :vytask:`T4163` ``(feature): [BMP-BGP] Routing monitoring feature`` +* :vytask:`T5867` ``(feature): Upgrade podman to Debian Trixie version 4.7.x`` +* :vytask:`T5866` ``(feature): Add op-mode command to restart IPv6 RA daemon`` +* :vytask:`T5861` ``(bug): Flavor build system fails with third-party packages`` +* :vytask:`T5854` ``(feature): Extend override-default script to allow embedded defaultValue settings`` +* :vytask:`T5566` ``(feature): Be able to disable 802.3az/EEE (energy efficient ethernet) for a particular interface`` +* :vytask:`T5792` ``(default): Upgrade ddclient 3.11.2 release`` + + +2023-12-25 +========== + +* :vytask:`T5855` ``(feature): Migrate "set service lldp snmp enable" -> `set service lldp snmp"`` +* :vytask:`T5837` ``(bug): vyos.configdict.node_changed does not return keys per adding`` +* :vytask:`T5856` ``(bug): SNMP service removal fails`` + + 2023-12-24 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index 4ef32704..3749e53a 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,42 @@ _ext/releasenotes.py +2023-12-30 +========== + +* :vytask:`T5875` ``(bug): login: removing and re-adding a user keeps the home directory but UID will change, thus SSH keys no longer work`` +* :vytask:`T5653` ``(feature): Command to display fingerprint`` + + +2023-12-29 +========== + +* :vytask:`T5829` ``(bug): Can't Add IPv6 Address to Containers`` +* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface`` +* :vytask:`T5869` ``(bug): vyos.template.first_host_address() does not honor RFC4291 section 2.6.1`` + + +2023-12-28 +========== + +* :vytask:`T5827` ``(bug): image-tools: 'show system image' Command Not in Order`` +* :vytask:`T4163` ``(feature): [BMP-BGP] Routing monitoring feature`` +* :vytask:`T5867` ``(feature): Upgrade podman to Debian Trixie version 4.7.x`` +* :vytask:`T5866` ``(feature): Add op-mode command to restart IPv6 RA daemon`` +* :vytask:`T5861` ``(bug): Flavor build system fails with third-party packages`` +* :vytask:`T5854` ``(feature): Extend override-default script to allow embedded defaultValue settings`` +* :vytask:`T5566` ``(feature): Be able to disable 802.3az/EEE (energy efficient ethernet) for a particular interface`` +* :vytask:`T5792` ``(default): Upgrade ddclient 3.11.2 release`` + + +2023-12-25 +========== + +* :vytask:`T5855` ``(feature): Migrate "set service lldp snmp enable" -> `set service lldp snmp"`` +* :vytask:`T5837` ``(bug): vyos.configdict.node_changed does not return keys per adding`` +* :vytask:`T5856` ``(bug): SNMP service removal fails`` + + 2023-12-23 ========== @@ -80,7 +116,6 @@ 2023-12-13 ========== -* :vytask:`T5688` ``(default): Create the same view of pool configuration for all accel-ppp services`` * :vytask:`T591` ``(feature): Support SRv6`` -- cgit v1.2.3 From d74d2f6a400a5740e8e1438bcec6d72d604d745f Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Tue, 2 Jan 2024 22:25:43 +0100 Subject: Fix firewall syntax for refactor in PPPoE IPv6 example --- docs/configexamples/pppoe-ipv6-basic.rst | 40 ++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 18 deletions(-) (limited to 'docs') diff --git a/docs/configexamples/pppoe-ipv6-basic.rst b/docs/configexamples/pppoe-ipv6-basic.rst index f569d9c3..ad588def 100644 --- a/docs/configexamples/pppoe-ipv6-basic.rst +++ b/docs/configexamples/pppoe-ipv6-basic.rst @@ -89,24 +89,28 @@ To have basic protection while keeping IPv6 network functional, we need to: .. code-block:: none - set firewall ipv6-name WAN_IN default-action 'drop' - set firewall ipv6-name WAN_IN rule 10 action 'accept' - set firewall ipv6-name WAN_IN rule 10 state established 'enable' - set firewall ipv6-name WAN_IN rule 10 state related 'enable' - set firewall ipv6-name WAN_IN rule 20 action 'accept' - set firewall ipv6-name WAN_IN rule 20 protocol 'icmpv6' - set firewall ipv6-name WAN_LOCAL default-action 'drop' - set firewall ipv6-name WAN_LOCAL rule 10 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 10 state established 'enable' - set firewall ipv6-name WAN_LOCAL rule 10 state related 'enable' - set firewall ipv6-name WAN_LOCAL rule 20 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 20 protocol 'icmpv6' - set firewall ipv6-name WAN_LOCAL rule 30 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 30 destination port '546' - set firewall ipv6-name WAN_LOCAL rule 30 protocol 'udp' - set firewall ipv6-name WAN_LOCAL rule 30 source port '547' - set interfaces pppoe pppoe0 firewall in ipv6-name 'WAN_IN' - set interfaces pppoe pppoe0 firewall local ipv6-name 'WAN_LOCAL' + set firewall ipv6 name WAN_IN default-action 'drop' + set firewall ipv6 name WAN_IN rule 10 action 'accept' + set firewall ipv6 name WAN_IN rule 10 state established 'enable' + set firewall ipv6 name WAN_IN rule 10 state related 'enable' + set firewall ipv6 name WAN_IN rule 20 action 'accept' + set firewall ipv6 name WAN_IN rule 20 protocol 'icmpv6' + set firewall ipv6 name WAN_LOCAL default-action 'drop' + set firewall ipv6 name WAN_LOCAL rule 10 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 10 state established 'enable' + set firewall ipv6 name WAN_LOCAL rule 10 state related 'enable' + set firewall ipv6 name WAN_LOCAL rule 20 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 20 protocol 'icmpv6' + set firewall ipv6 name WAN_LOCAL rule 30 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 30 destination port '546' + set firewall ipv6 name WAN_LOCAL rule 30 protocol 'udp' + set firewall ipv6 name WAN_LOCAL rule 30 source port '547' + set firewall ipv6 forward filter rule 10 action jump + set firewall ipv6 forward filter rule 10 jump-target 'WAN_IN' + set firewall ipv6 forward filter rule 10 inbound-interface name 'pppoe0' + set firewall ipv6 input filter rule 10 action jump + set firewall ipv6 input filter rule 10 jump-target 'WAN_LOCAL' + set firewall ipv6 input filter rule 10 inbound-interface name 'pppoe0' Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client). -- cgit v1.2.3 From e39d7d8990dd0f107b328258ecf67e3e4a1b179e Mon Sep 17 00:00:00 2001 From: Giggum <152240782+Giggum@users.noreply.github.com> Date: Fri, 5 Jan 2024 00:29:03 -0500 Subject: docs: fix to improve readability and correct typos. --- docs/configuration/firewall/index.rst | 40 +++++++++++++++++------------------ 1 file changed, 20 insertions(+), 20 deletions(-) (limited to 'docs') diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 3887e26a..bdfc2069 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -5,30 +5,30 @@ Firewall ######## With VyOS being based on top of Linux and its kernel, the Netfilter project -created the iptables and now the successor nftables for the Linux kernel to +created iptables and its successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the -destination (e.g. a web server OR another device). +destination (e.g., a web server OR another device). -A simplified traffic flow, based on Netfilter packet flow, is shown next, in +A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and -what possible paths can take. +what possible paths traffic can take. .. figure:: /_static/images/firewall-gral-packet-flow.png -Main notes regarding this packet flow and terminology used in VyOS firewall: +Main points regarding this packet flow and terminology used in VyOS firewall are below: - * **Bridge Port?**: choose appropiate path based on if interface were the + * **Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not. -If interface were the packet was received isn't part of a bridge, then packet +If interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**: * **Prerouting**: several actions can be done in this stage, and currently - these actions are defined in different parts in vyos configuration. Order + these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions - define under ``firewall`` section. Relevant configuration that acts in + defined under ``firewall`` section. Relevant configuration that acts in this stage are: * **Conntrack Ignore**: rules defined under ``set system conntrack ignore @@ -40,12 +40,12 @@ is processed at the **IP Layer**: * **Destination NAT**: rules defined under ``set [nat | nat66] destination...``. - * **Destination is the router?**: choose appropiate path based on - destination IP address. Transit forward continunes to **forward**, + * **Destination is the router?**: choose appropriate path based on + destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**. - * **Input**: stage where traffic destinated to the router itself can be + * **Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in: @@ -61,10 +61,10 @@ is processed at the **IP Layer**: * ``set firewall ipv6 forward filter ...``. - * **Output**: stage where traffic that is originated by the router itself - can be filtered and controlled. Bare in mind that this traffic can be a - new connection originted by a internal process running on VyOS router, - such as NTP, or can be a response to traffic received externaly through + * **Output**: stage where traffic that originates from the router itself + can be filtered and controlled. Bear in mind that this traffic can be a + new connection originated by a internal process running on VyOS router, + such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in: @@ -79,11 +79,11 @@ is processed at the **IP Layer**: * **Source NAT**: rules defined under ``set [nat | nat66] destination...``. -If interface were the packet was received is part of a bridge, then packet -is processed at the **Bridge Layer**, which contains a ver basic setup where -for bridge filtering: +If interface where the packet was received is part of a bridge, then packet +is processed at the **Bridge Layer**, which contains a basic setup for +bridge filtering: - * **Forward (Bridge)**: stage where traffic that is trasspasing through the + * **Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled: * ``set firewall bridge forward filter ...``. -- cgit v1.2.3 From 59ed69455cea99d5d905ffdef51690eb85de5e13 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Wed, 3 Jan 2024 13:42:54 +0200 Subject: updates: add system image latest If we configure "update-check url" we can use `latest` option to update system image. ``` add system image latest ``` --- docs/configuration/system/updates.rst | 2 ++ docs/installation/update.rst | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/configuration/system/updates.rst b/docs/configuration/system/updates.rst index a55bfa9a..505d9318 100644 --- a/docs/configuration/system/updates.rst +++ b/docs/configuration/system/updates.rst @@ -35,3 +35,5 @@ Check: Update available: 1.5-rolling-202312250024 Update URL: https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/1.5-rolling-202312250024/1.5-rolling-202312250024-amd64.iso vyos@r4:~$ + + vyos@r4:~$ add system image latest diff --git a/docs/installation/update.rst b/docs/installation/update.rst index 5f75f9db..b0b43836 100644 --- a/docs/installation/update.rst +++ b/docs/installation/update.rst @@ -10,7 +10,7 @@ for the new image to boot using the current configuration. .. note:: Only LTS releases are PGP-signed. -.. opcmd:: add system image [vrf name] +.. opcmd:: add system image | [latest] [vrf name] [username user [password pass]] Use this command to install a new system image. You can reach the @@ -72,6 +72,13 @@ Example OK. This image will be named: vyos-1.3-rolling-201912201452 +You can use ``latest`` option. It loads the latest available Rolling release. + +.. code-block:: none + + vyos@vyos:~$ add system image latest + +.. note:: To use the `latest` option the "system update-check url" must be configured. .. hint:: The most up-do-date Rolling Release for AMD64 can be accessed using the following URL: -- cgit v1.2.3 From 8e2932ebb426534b6727836c51395077ed8ed490 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Fri, 5 Jan 2024 22:55:37 +0100 Subject: pki: T5886: add support for ACME protocol (LetsEncrypt) --- docs/configuration/pki/index.rst | 44 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/configuration/pki/index.rst b/docs/configuration/pki/index.rst index 66ad84a3..1fea13ac 100644 --- a/docs/configuration/pki/index.rst +++ b/docs/configuration/pki/index.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-09-01 +:lastproofread: 2024-01-05 .. include:: /_include/need_improvement.txt @@ -248,6 +248,44 @@ certificates used by services on this router. If CA is present, this certificate will be included in generated CRLs +ACME +^^^^ + +The VyOS PKI subsystem can also be used to automatically retrieve Certificates +using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol. + +.. cfgcmd:: set pki certificate acme domain-name + + Domain names to apply, multiple domain-names can be specified. + + This is a mandatory option + +.. cfgcmd:: set pki certificate acme email
+ + Email used for registration and recovery contact. + + This is a mandatory option + +.. cfgcmd:: set pki certificate acme listen-address
+ + The address the server listens to during http-01 challenge + +.. cfgcmd:: set pki certificate acme rsa-key-size <2048 | 3072 | 4096> + + Size of the RSA key. + + This options defaults to 2048 + +.. cfgcmd:: set pki certificate acme url + + ACME Directory Resource URI. + + This defaults to https://acme-v02.api.letsencrypt.org/directory + + .. note:: During initial deployment we recommend using the staging API + of LetsEncrypt to prevent and blacklisting of your system. The API + endpoint is https://acme-staging-v02.api.letsencrypt.org/directory + Operation ========= @@ -292,3 +330,7 @@ also to display them. .. opcmd:: show pki crl Show a list of installed :abbr:`CRLs (Certificate Revocation List)`. + +.. opcmd:: renew certbot + + Manually trigger certificate renewal. This will be done twice a day. -- cgit v1.2.3 From 7132481c92e169348ac3f6750be8ce45c2f2b5dd Mon Sep 17 00:00:00 2001 From: Giggum <152240782+Giggum@users.noreply.github.com> Date: Fri, 5 Jan 2024 22:40:42 -0500 Subject: fix to add more fixes on top of previous pull request --- docs/configuration/firewall/index.rst | 35 +++---- docs/configuration/firewall/index.rst~ | 179 +++++++++++++++++++++++++++++++++ 2 files changed, 197 insertions(+), 17 deletions(-) create mode 100644 docs/configuration/firewall/index.rst~ (limited to 'docs') diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index bdfc2069..74d5bc20 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -4,26 +4,27 @@ Firewall ######## -With VyOS being based on top of Linux and its kernel, the Netfilter project +As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to -work directly on the data flows. This now extends the concept of zone-based -security to allow for manipulating the data at multiple stages once accepted -by the network interface and the driver before being handed off to the -destination (e.g., a web server OR another device). +work directly on packet data flows. This now extends the concept of +zone-based security to allow for manipulating the data at multiple stages once +accepted by the network interface and the driver before being handed off to +the destination (e.g., a web server OR another device). -A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in -order to have a full view and understanding of how packets are processed, and -what possible paths traffic can take. +A simplified traffic flow diagram, based on Netfilter packet flow, is shown +next, in order to have a full view and understanding of how packets are +processed, and what possible paths traffic can take. .. figure:: /_static/images/firewall-gral-packet-flow.png -Main points regarding this packet flow and terminology used in VyOS firewall are below: +The main points regarding this packet flow and terminology used in VyOS +firewall are covered below: - * **Bridge Port?**: choose appropriate path based on whether interface where the - packet was received is part of a bridge, or not. + * **Bridge Port?**: choose appropriate path based on whether interface + where the packet was received is part of a bridge, or not. -If interface where the packet was received isn't part of a bridge, then packet -is processed at the **IP Layer**: +If the interface where the packet was received isn't part of a bridge, then +packetis processed at the **IP Layer**: * **Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order @@ -79,8 +80,8 @@ is processed at the **IP Layer**: * **Source NAT**: rules defined under ``set [nat | nat66] destination...``. -If interface where the packet was received is part of a bridge, then packet -is processed at the **Bridge Layer**, which contains a basic setup for +If the interface where the packet was received is part of a bridge, then +packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering: * **Forward (Bridge)**: stage where traffic that is trespasing through the @@ -88,7 +89,7 @@ bridge filtering: * ``set firewall bridge forward filter ...``. -Main structure VyOS firewall cli is shown next: +The main structure VyOS firewall cli is shown next: .. code-block:: none @@ -134,7 +135,7 @@ Main structure VyOS firewall cli is shown next: - custom_zone_name + ... -Please, refer to appropiate section for more information about firewall +Please, refer to appropriate section for more information about firewall configuration: .. toctree:: diff --git a/docs/configuration/firewall/index.rst~ b/docs/configuration/firewall/index.rst~ new file mode 100644 index 00000000..bdfc2069 --- /dev/null +++ b/docs/configuration/firewall/index.rst~ @@ -0,0 +1,179 @@ +:lastproofread: 2023-11-23 + +######## +Firewall +######## + +With VyOS being based on top of Linux and its kernel, the Netfilter project +created iptables and its successor nftables for the Linux kernel to +work directly on the data flows. This now extends the concept of zone-based +security to allow for manipulating the data at multiple stages once accepted +by the network interface and the driver before being handed off to the +destination (e.g., a web server OR another device). + +A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in +order to have a full view and understanding of how packets are processed, and +what possible paths traffic can take. + +.. figure:: /_static/images/firewall-gral-packet-flow.png + +Main points regarding this packet flow and terminology used in VyOS firewall are below: + + * **Bridge Port?**: choose appropriate path based on whether interface where the + packet was received is part of a bridge, or not. + +If interface where the packet was received isn't part of a bridge, then packet +is processed at the **IP Layer**: + + * **Prerouting**: several actions can be done in this stage, and currently + these actions are defined in different parts in VyOS configuration. Order + is important, and all these actions are performed before any actions + defined under ``firewall`` section. Relevant configuration that acts in + this stage are: + + * **Conntrack Ignore**: rules defined under ``set system conntrack ignore + [ipv4 | ipv6] ...``. + + * **Policy Route**: rules defined under ``set policy [route | route6] + ...``. + + * **Destination NAT**: rules defined under ``set [nat | nat66] + destination...``. + + * **Destination is the router?**: choose appropriate path based on + destination IP address. Transit forward continues to **forward**, + while traffic that destination IP address is configured on the router + continues to **input**. + + * **Input**: stage where traffic destined for the router itself can be + filtered and controlled. This is where all rules for securing the router + should take place. This includes ipv4 and ipv6 filtering rules, defined + in: + + * ``set firewall ipv4 input filter ...``. + + * ``set firewall ipv6 input filter ...``. + + * **Forward**: stage where transit traffic can be filtered and controlled. + This includes ipv4 and ipv6 filtering rules, defined in: + + * ``set firewall ipv4 forward filter ...``. + + * ``set firewall ipv6 forward filter ...``. + + * **Output**: stage where traffic that originates from the router itself + can be filtered and controlled. Bear in mind that this traffic can be a + new connection originated by a internal process running on VyOS router, + such as NTP, or a response to traffic received externaly through + **inputt** (for example response to an ssh login attempt to the router). + This includes ipv4 and ipv6 filtering rules, defined in: + + * ``set firewall ipv4 input filter ...``. + + * ``set firewall ipv6 output filter ...``. + + * **Postrouting**: as in **Prerouting**, several actions defined in + different parts of VyOS configuration are performed in this + stage. This includes: + + * **Source NAT**: rules defined under ``set [nat | nat66] + destination...``. + +If interface where the packet was received is part of a bridge, then packet +is processed at the **Bridge Layer**, which contains a basic setup for +bridge filtering: + + * **Forward (Bridge)**: stage where traffic that is trespasing through the + bridge is filtered and controlled: + + * ``set firewall bridge forward filter ...``. + +Main structure VyOS firewall cli is shown next: + +.. code-block:: none + + - set firewall + * bridge + - forward + + filter + * flowtable + - custom_flow_table + + ... + * global-options + + all-ping + + broadcast-ping + + ... + * group + - address-group + - ipv6-address-group + - network-group + - ipv6-network-group + - interface-group + - mac-group + - port-group + - domain-group + * ipv4 + - forward + + filter + - input + + filter + - output + + filter + - name + + custom_name + * ipv6 + - forward + + filter + - input + + filter + - output + + filter + - ipv6-name + + custom_name + * zone + - custom_zone_name + + ... + +Please, refer to appropiate section for more information about firewall +configuration: + +.. toctree:: + :maxdepth: 1 + :includehidden: + + global-options + groups + bridge + ipv4 + ipv6 + flowtables + +.. note:: **For more information** + of Netfilter hooks and Linux networking packet flows can be + found in `Netfilter-Hooks + `_ + + +Zone-based firewall +^^^^^^^^^^^^^^^^^^^ +.. toctree:: + :maxdepth: 1 + :includehidden: + + zone + +With zone-based firewalls a new concept was implemented, in addtion to the +standard in and out traffic flows, a local flow was added. This local was for +traffic originating and destined to the router itself. Which means additional +rules were required to secure the firewall itself from the network, in +addition to the existing inbound and outbound rules from the traditional +concept above. + +To configure VyOS with the +:doc:`zone-based firewall configuration ` + +As the example image below shows, the device now needs rules to allow/block +traffic to or from the services running on the device that have open +connections on that interface. + +.. figure:: /_static/images/firewall-zonebased.png -- cgit v1.2.3 From 9ca5e9dd89eabda161d974e7359ab2716fe56464 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 6 Jan 2024 20:54:08 +0100 Subject: dns: T5900: add dont-throttle-netmasks and serve-stale-extensions powerdns features --- docs/configuration/service/dns.rst | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index 2caeb22d..7624d309 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -143,6 +143,19 @@ avoid being tracked by the provider of your upstream DNS server. 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones. +.. cfgcmd:: set service dns forwarding serve-stale-extension <0-65535> + + Maximum number of times an expired record’s TTL is extended by 30s when + serving stale. Extension only occurs if a record cannot be refreshed. A + value of 0 means the Serve Stale mechanism is not used. To allow records + becoming stale to be served for an hour, use a value of 120. + +.. cfgcmd:: set service dns forwarding exclude-throttle-address + + When an authoritative server does not answer a query or sends a reply the + recursor does not like, it is throttled. Any servers matching the supplied + netmasks will never be throttled. + Example ======= @@ -381,12 +394,12 @@ By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP. -Above, command syntax isn noted to configure dynamic dns on a specific interface. -It is possible to overlook the additional address option, web, when completeing -those commands. ddclient_ has another way to determine the WAN IP address, using -a web-based url to determine the external IP. Each of the commands above will -need to be modified to use 'web' as the 'interface' specified if this functionality -is to be utilized. +Above, command syntax isn noted to configure dynamic dns on a specific interface. +It is possible to overlook the additional address option, web, when completeing +those commands. ddclient_ has another way to determine the WAN IP address, using +a web-based url to determine the external IP. Each of the commands above will +need to be modified to use 'web' as the 'interface' specified if this functionality +is to be utilized. This functionality is controlled by adding the following configuration: -- cgit v1.2.3 From caa86c76390ea8e97def1416da16696e55cc059c Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 8 Jan 2024 06:05:52 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.4.rst | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ docs/changelog/1.5.rst | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index 20782531..48c09cb9 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit 2078253176046ea4d07e69caeb7932ea439b5614 +Subproject commit 48c09cb91079733e4c5517a22b5345ff14d66059 diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index cf8e22ab..7a4c96c0 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,54 @@ _ext/releasenotes.py +2024-01-07 +========== + +* :vytask:`T5891` ``(bug): OpenVPN IPv6 config issue with 1.4-rc1`` +* :vytask:`T5887` ``(feature): Upgrade Linux Kernel to 6.6.y (2023 LTS edition)`` + + +2024-01-06 +========== + +* :vytask:`T3670` ``(feature): Option to disable HTTP port 80 redirect`` + + +2024-01-05 +========== + +* :vytask:`T3642` ``(feature): PKI configuration`` +* :vytask:`T5894` ``(feature): Extend get_config_dict() with additional parameter with_pki that defaults to False`` + + +2024-01-04 +========== + +* :vytask:`T4072` ``(feature): Feature Request: Firewall on bridge interfaces`` +* :vytask:`T3459` ``(default): Inform the user when unable to install outdated image`` + + +2024-01-03 +========== + +* :vytask:`T5880` ``(bug): verify_source_interface should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces`` +* :vytask:`T5879` ``(bug): tunnel: sourceing from dynamic pppoe0 interface will fail on reboots`` +* :vytask:`T4500` ``(bug): Missing firewall logs`` + + +2024-01-02 +========== + +* :vytask:`T5885` ``(default): image-tools: relax restriction on image-name length from 32 to 64`` + + +2024-01-01 +========== + +* :vytask:`T5883` ``(bug): Preserve file ownership in /config subdirs on add system image`` +* :vytask:`T5474` ``(feature): Establish common file name pattern for XML conf mode commands`` + + 2023-12-30 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index 3749e53a..631ccf91 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,45 @@ _ext/releasenotes.py +2024-01-07 +========== + +* :vytask:`T5899` ``(feature): VyOS vm images use bookworm repo`` +* :vytask:`T5887` ``(feature): Upgrade Linux Kernel to 6.6.y (2023 LTS edition)`` + + +2024-01-06 +========== + +* :vytask:`T3214` ``(bug): OpenVPN IPv6 fixes`` + + +2024-01-05 +========== + +* :vytask:`T5894` ``(feature): Extend get_config_dict() with additional parameter with_pki that defaults to False`` + + +2024-01-03 +========== + +* :vytask:`T5880` ``(bug): verify_source_interface should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces`` +* :vytask:`T5879` ``(bug): tunnel: sourceing from dynamic pppoe0 interface will fail on reboots`` + + +2024-01-02 +========== + +* :vytask:`T5885` ``(default): image-tools: relax restriction on image-name length from 32 to 64`` + + +2024-01-01 +========== + +* :vytask:`T5883` ``(bug): Preserve file ownership in /config subdirs on add system image`` +* :vytask:`T5474` ``(feature): Establish common file name pattern for XML conf mode commands`` + + 2023-12-30 ========== -- cgit v1.2.3 From 8628ad46eb25d5e165cf2e03f52c2b7c7bc7b6ca Mon Sep 17 00:00:00 2001 From: Bubun Das Date: Mon, 8 Jan 2024 23:48:19 +0530 Subject: Update monitoring.rst Updated docs for influxdb --- docs/configuration/service/monitoring.rst | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'docs') diff --git a/docs/configuration/service/monitoring.rst b/docs/configuration/service/monitoring.rst index 0aa93e71..245af067 100644 --- a/docs/configuration/service/monitoring.rst +++ b/docs/configuration/service/monitoring.rst @@ -109,11 +109,11 @@ Monitoring functionality with ``telegraf`` and ``InfluxDB 2`` is provided. Telegraf is the open source server agent to help you collect metrics, events and logs from your routers. -.. cfgcmd:: set service monitoring telegraf authentication organization +.. cfgcmd:: set service monitoring telegraf influxdb authentication organization Authentication organization name -.. cfgcmd:: set service monitoring telegraf authentication token +.. cfgcmd:: set service monitoring telegraf influxdb authentication token Authentication token @@ -121,11 +121,11 @@ and logs from your routers. Remote ``InfluxDB`` bucket name -.. cfgcmd:: set service monitoring port +.. cfgcmd:: set service monitoring telegraf influxdb port Remote port -.. cfgcmd:: set service monitoring telegraf url +.. cfgcmd:: set service monitoring telegraf influxdb url Remote URL @@ -138,12 +138,11 @@ An example of a configuration that sends ``telegraf`` metrics to remote .. code-block:: none - set service monitoring telegraf authentication organization 'vyos' - set service monitoring telegraf authentication token 'ZAml9Uy5wrhA...==' - set service monitoring telegraf bucket 'bucket_vyos' - set service monitoring telegraf port '8086' - set service monitoring telegraf source 'all' - set service monitoring telegraf url 'http://r1.influxdb2.local' + set service monitoring telegraf influxdb authentication organization 'vyos' + set service monitoring telegraf influxdb authentication token 'ZAml9Uy5wrhA...==' + set service monitoring telegraf influxdb bucket 'bucket_vyos' + set service monitoring telegraf influxdb port '8086' + set service monitoring telegraf influxdb url 'http://r1.influxdb2.local' .. _azure-data-explorer: https://github.com/influxdata/telegraf/tree/master/plugins/outputs/azure_data_explorer .. _prometheus-client: https://github.com/influxdata/telegraf/tree/master/plugins/outputs/prometheus_client -- cgit v1.2.3 From dfa516d63e38eadc5e57dd143b17022c6ff2c092 Mon Sep 17 00:00:00 2001 From: Robert Göhler Date: Mon, 8 Jan 2024 21:23:37 +0100 Subject: Delete docs/configuration/firewall/index.rst~ --- docs/configuration/firewall/index.rst~ | 179 --------------------------------- 1 file changed, 179 deletions(-) delete mode 100644 docs/configuration/firewall/index.rst~ (limited to 'docs') diff --git a/docs/configuration/firewall/index.rst~ b/docs/configuration/firewall/index.rst~ deleted file mode 100644 index bdfc2069..00000000 --- a/docs/configuration/firewall/index.rst~ +++ /dev/null @@ -1,179 +0,0 @@ -:lastproofread: 2023-11-23 - -######## -Firewall -######## - -With VyOS being based on top of Linux and its kernel, the Netfilter project -created iptables and its successor nftables for the Linux kernel to -work directly on the data flows. This now extends the concept of zone-based -security to allow for manipulating the data at multiple stages once accepted -by the network interface and the driver before being handed off to the -destination (e.g., a web server OR another device). - -A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in -order to have a full view and understanding of how packets are processed, and -what possible paths traffic can take. - -.. figure:: /_static/images/firewall-gral-packet-flow.png - -Main points regarding this packet flow and terminology used in VyOS firewall are below: - - * **Bridge Port?**: choose appropriate path based on whether interface where the - packet was received is part of a bridge, or not. - -If interface where the packet was received isn't part of a bridge, then packet -is processed at the **IP Layer**: - - * **Prerouting**: several actions can be done in this stage, and currently - these actions are defined in different parts in VyOS configuration. Order - is important, and all these actions are performed before any actions - defined under ``firewall`` section. Relevant configuration that acts in - this stage are: - - * **Conntrack Ignore**: rules defined under ``set system conntrack ignore - [ipv4 | ipv6] ...``. - - * **Policy Route**: rules defined under ``set policy [route | route6] - ...``. - - * **Destination NAT**: rules defined under ``set [nat | nat66] - destination...``. - - * **Destination is the router?**: choose appropriate path based on - destination IP address. Transit forward continues to **forward**, - while traffic that destination IP address is configured on the router - continues to **input**. - - * **Input**: stage where traffic destined for the router itself can be - filtered and controlled. This is where all rules for securing the router - should take place. This includes ipv4 and ipv6 filtering rules, defined - in: - - * ``set firewall ipv4 input filter ...``. - - * ``set firewall ipv6 input filter ...``. - - * **Forward**: stage where transit traffic can be filtered and controlled. - This includes ipv4 and ipv6 filtering rules, defined in: - - * ``set firewall ipv4 forward filter ...``. - - * ``set firewall ipv6 forward filter ...``. - - * **Output**: stage where traffic that originates from the router itself - can be filtered and controlled. Bear in mind that this traffic can be a - new connection originated by a internal process running on VyOS router, - such as NTP, or a response to traffic received externaly through - **inputt** (for example response to an ssh login attempt to the router). - This includes ipv4 and ipv6 filtering rules, defined in: - - * ``set firewall ipv4 input filter ...``. - - * ``set firewall ipv6 output filter ...``. - - * **Postrouting**: as in **Prerouting**, several actions defined in - different parts of VyOS configuration are performed in this - stage. This includes: - - * **Source NAT**: rules defined under ``set [nat | nat66] - destination...``. - -If interface where the packet was received is part of a bridge, then packet -is processed at the **Bridge Layer**, which contains a basic setup for -bridge filtering: - - * **Forward (Bridge)**: stage where traffic that is trespasing through the - bridge is filtered and controlled: - - * ``set firewall bridge forward filter ...``. - -Main structure VyOS firewall cli is shown next: - -.. code-block:: none - - - set firewall - * bridge - - forward - + filter - * flowtable - - custom_flow_table - + ... - * global-options - + all-ping - + broadcast-ping - + ... - * group - - address-group - - ipv6-address-group - - network-group - - ipv6-network-group - - interface-group - - mac-group - - port-group - - domain-group - * ipv4 - - forward - + filter - - input - + filter - - output - + filter - - name - + custom_name - * ipv6 - - forward - + filter - - input - + filter - - output - + filter - - ipv6-name - + custom_name - * zone - - custom_zone_name - + ... - -Please, refer to appropiate section for more information about firewall -configuration: - -.. toctree:: - :maxdepth: 1 - :includehidden: - - global-options - groups - bridge - ipv4 - ipv6 - flowtables - -.. note:: **For more information** - of Netfilter hooks and Linux networking packet flows can be - found in `Netfilter-Hooks - `_ - - -Zone-based firewall -^^^^^^^^^^^^^^^^^^^ -.. toctree:: - :maxdepth: 1 - :includehidden: - - zone - -With zone-based firewalls a new concept was implemented, in addtion to the -standard in and out traffic flows, a local flow was added. This local was for -traffic originating and destined to the router itself. Which means additional -rules were required to secure the firewall itself from the network, in -addition to the existing inbound and outbound rules from the traditional -concept above. - -To configure VyOS with the -:doc:`zone-based firewall configuration ` - -As the example image below shows, the device now needs rules to allow/block -traffic to or from the services running on the device that have open -connections on that interface. - -.. figure:: /_static/images/firewall-zonebased.png -- cgit v1.2.3 From cecc0f3c32afb455ddb006b35faf343877061443 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 8 Jan 2024 21:29:11 +0100 Subject: https: add latest CLI changes --- docs/configuration/service/https.rst | 78 +++++++++++++++++------------------- 1 file changed, 37 insertions(+), 41 deletions(-) (limited to 'docs') diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index eb2e30eb..973c5355 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -1,7 +1,7 @@ .. _http-api: ######## -HTTP-API +HTTP API ######## VyOS provide an HTTP API. You can use it to execute op-mode commands, @@ -13,75 +13,71 @@ Please take a look at the :ref:`vyosapi` page for an detailed how-to. Configuration ************* -.. cfgcmd:: set service https api keys id key +.. cfgcmd:: set service https allow-client address
- Set a named api key. Every key has the same, full permissions - on the system. + Only allow certain IP addresses or prefixes to access the https + webserver. -.. cfgcmd:: set service https api debug +.. cfgcmd:: set service https certificates ca-certificate - To enable debug messages. Available via :opcmd:`show log` or - :opcmd:`monitor log` + Use CA certificate from PKI subsystem -.. cfgcmd:: set service https api strict +.. cfgcmd:: set service https certificates certificate - Enforce strict path checking + Use certificate from PKI subsystem -.. cfgcmd:: set service https virtual-host listen-address - +.. cfgcmd:: set service https certificates dh-params - Address to listen for HTTPS requests + Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. + Must be at least 2048 bits in length. -.. cfgcmd:: set service https virtual-host port <1-65535> +.. cfgcmd:: set service https listen-address
- Port to listen for HTTPS requests; default 443 + Webserver should only listen on specified IP address -.. cfgcmd:: set service https virtual-host server-name +.. cfgcmd:: set service https port - Server names for virtual hosts it can be exact, wildcard or regex. + Webserver should listen on specified port. -.. cfgcmd:: set service https api-restrict virtual-host + Default: 443 - By default, nginx exposes the local API on all virtual servers. - Use this to restrict nginx to one or more virtual hosts. +.. cfgcmd:: set service https enable-http-redirect -.. cfgcmd:: set service https certificates certbot domain-name + Enable automatic redirect from http to https. - Domain name(s) for which to obtain certificate +.. cfgcmd:: set service https tls-version <1.2 | 1.3> -.. cfgcmd:: set service https certificates certbot email + Select TLS version used. - Email address to associate with certificate + This defaults to both 1.2 and 1.3. -.. cfgcmd:: set service https certificates system-generated-certificate +.. cfgcmd:: set service https vrf - Use an automatically generated self-signed certificate + Start Webserver in given VRF. -.. cfgcmd:: set service https certificates system-generated-certificate - lifetime +API +=== - Lifetime in days; default is 365 +.. cfgcmd:: set service https api keys id key + Set a named api key. Every key has the same, full permissions + on the system. -********************* -Example Configuration -********************* +.. cfgcmd:: set service https api debug -Set an API-KEY is the minimal configuration to get a working API Endpoint. + To enable debug messages. Available via :opcmd:`show log` or + :opcmd:`monitor log` -.. code-block:: none +.. cfgcmd:: set service https api strict - set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY + Enforce strict path checking +********************* +Example Configuration +********************* -To use this full configuration we asume a public accessible hostname. +Set an API-KEY is the minimal configuration to get a working API Endpoint. .. code-block:: none set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY - set service https certificates certbot domain-name rtr01.example.com - set service https certificates certbot email mail@example.com - set service https virtual-host rtr01 listen-address 198.51.100.2 - set service https virtual-host rtr01 port 11443 - set service https virtual-host rtr01 server-name rtr01.example.com - set service https api-restrict virtual-host rtr01 -- cgit v1.2.3 From a2666e8e13b01b7becef274dd97f77f4ce39a91b Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Wed, 10 Jan 2024 08:51:08 +0100 Subject: fix spelling --- docs/_locale/de/configuration.pot | 4 ++-- docs/_locale/es/configuration.pot | 2 +- docs/_locale/ja/configuration.pot | 4 ++-- docs/_locale/pt/configuration.pot | 4 ++-- docs/_locale/uk/configuration.pot | 4 ++-- docs/configuration/loadbalancing/reverse-proxy.rst | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) (limited to 'docs') diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index 6641dd72..df607936 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -19468,8 +19468,8 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" +msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" #: ../../configuration/vpn/ipsec.rst:125 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" diff --git a/docs/_locale/es/configuration.pot b/docs/_locale/es/configuration.pot index 88324a87..0f90f6ac 100644 --- a/docs/_locale/es/configuration.pot +++ b/docs/_locale/es/configuration.pot @@ -19468,7 +19468,7 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: un perfil de servidor centrado en reducir la latencia de la red. Este perfil favorece el rendimiento sobre el ahorro de energía configurando ``intel_pstate`` y ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" msgstr "``least-connection`` Distribuye las solicitudes al servidor con la menor cantidad de conexiones activas" #: ../../configuration/vpn/ipsec.rst:125 diff --git a/docs/_locale/ja/configuration.pot b/docs/_locale/ja/configuration.pot index b76eeeb0..7a5f67f1 100644 --- a/docs/_locale/ja/configuration.pot +++ b/docs/_locale/ja/configuration.pot @@ -19468,8 +19468,8 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" +msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" #: ../../configuration/vpn/ipsec.rst:125 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" diff --git a/docs/_locale/pt/configuration.pot b/docs/_locale/pt/configuration.pot index dbe8970c..8b7aff49 100644 --- a/docs/_locale/pt/configuration.pot +++ b/docs/_locale/pt/configuration.pot @@ -19468,8 +19468,8 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" +msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" #: ../../configuration/vpn/ipsec.rst:125 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" diff --git a/docs/_locale/uk/configuration.pot b/docs/_locale/uk/configuration.pot index a3a1a512..1a912c61 100644 --- a/docs/_locale/uk/configuration.pot +++ b/docs/_locale/uk/configuration.pot @@ -19468,8 +19468,8 @@ msgid "``latency``: A server profile focused on lowering network latency. This p msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." #: ../../configuration/loadbalancing/reverse-proxy.rst:108 -msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgid "``least-connection`` Distributes requests to the server with the fewest active connections" +msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" #: ../../configuration/vpn/ipsec.rst:125 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 04b612f5..19ef3773 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -105,7 +105,7 @@ Backend of the client * ``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line - * ``least-connection`` Distributes requests tp tje server wotj the fewest + * ``least-connection`` Distributes requests to the server with the fewest active connections .. cfgcmd:: set load-balancing reverse-proxy backend mode -- cgit v1.2.3 From 1b1cc7986813c65b608ace38bf497622eb74f1cf Mon Sep 17 00:00:00 2001 From: Trae Santiago Date: Wed, 10 Jan 2024 11:13:38 -0600 Subject: added new NPTv6/DHCPv6 example --- .../images/vyos_1_5_nat66_dhcpv6_wdummy.png | Bin 0 -> 349078 bytes docs/configuration/nat/nat66.rst | 97 +++++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100644 docs/_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png (limited to 'docs') diff --git a/docs/_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png b/docs/_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png new file mode 100644 index 00000000..297fdd11 Binary files /dev/null and b/docs/_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png differ diff --git a/docs/configuration/nat/nat66.rst b/docs/configuration/nat/nat66.rst index 66cceb0a..9345e708 100644 --- a/docs/configuration/nat/nat66.rst +++ b/docs/configuration/nat/nat66.rst @@ -137,3 +137,100 @@ R2: set interfaces bridge br1 member interface eth1 set protocols static route6 ::/0 next-hop fc01::1 set service router-advert interface br1 prefix ::/0 + + +Use the following topology to translate internal user local addresses (``fc::/7``) +to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair. + +.. figure:: /_static/images/vyos_1_5_nat66_dhcpv6_wdummy.png + :alt: VyOS NAT66 DHCPv6 using a dummy interface + +Configure both routers (a and b) for DHCPv6-PD via dummy interface: + +.. code-block:: none + + set interfaces dummy dum1 description 'DHCPv6-PD NPT dummy' + set interfaces bonding bond0 vif 20 dhcpv6-options pd 0 interface dum1 address '0' + set interfaces bonding bond0 vif 20 dhcpv6-options pd 1 interface dum1 address '0' + set interfaces bonding bond0 vif 20 dhcpv6-options pd 2 interface dum1 address '0' + set interfaces bonding bond0 vif 20 dhcpv6-options pd 3 interface dum1 address '0' + set interfaces bonding bond0 vif 20 dhcpv6-options rapid-commit + commit + +Get the DHCPv6-PD prefixes from both routers: + +.. code-block:: none + + trae@cr01a-vyos# run show interfaces dummy dum1 br + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + dum1 2001:db8:123:b008::/64 u/u DHCPv6-PD NPT dummy + 2001:db8:123:b00a::/64 + 2001:db8:123:b00b::/64 + 2001:db8:123:b009::/64 + + trae@cr01b-vyos# run show int dummy dum1 brief + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + dum1 2001:db8:123:b00d::/64 u/u DHCPv6-PD NPT dummy + 2001:db8:123:b00c::/64 + 2001:db8:123:b00e::/64 + 2001:db8:123:b00f::/64 + +Configure the A-side router for NPTv6 using the prefixes above: + +.. code-block:: none + + set nat66 source rule 10 description 'NPT to VLAN 10' + set nat66 source rule 10 outbound-interface name 'bond0.20' + set nat66 source rule 10 source prefix 'fd52:d62e:8011:a::/64' + set nat66 source rule 10 translation address '2001:db8:123:b008::/64' + set nat66 source rule 20 description 'NPT to VLAN 70' + set nat66 source rule 20 outbound-interface name 'bond0.20' + set nat66 source rule 20 source prefix 'fd52:d62e:8011:46::/64' + set nat66 source rule 20 translation address '2001:db8:123:b009::/64' + set nat66 source rule 30 description 'NPT to VLAN 200' + set nat66 source rule 30 outbound-interface name 'bond0.20' + set nat66 source rule 30 source prefix 'fd52:d62e:8011:c8::/64' + set nat66 source rule 30 translation address '2001:db8:123:b00a::/64' + set nat66 source rule 40 description 'NPT to VLAN 240' + set nat66 source rule 40 outbound-interface name 'bond0.20' + set nat66 source rule 40 source prefix 'fd52:d62e:8011:f0::/64' + set nat66 source rule 40 translation address '2001:db8:123:b00b::/64' + commit + +Configure the B-side router for NPTv6 using the prefixes above: + +.. code-block:: none + + set nat66 source rule 10 description 'NPT to VLAN 10' + set nat66 source rule 10 outbound-interface name 'bond0.20' + set nat66 source rule 10 source prefix 'fd52:d62e:8011:a::/64' + set nat66 source rule 10 translation address '2001:db8:123:b00c::/64' + set nat66 source rule 20 description 'NPT to VLAN 70' + set nat66 source rule 20 outbound-interface name 'bond0.20' + set nat66 source rule 20 source prefix 'fd52:d62e:8011:46::/64' + set nat66 source rule 20 translation address '2001:db8:123:b00d::/64' + set nat66 source rule 30 description 'NPT to VLAN 200' + set nat66 source rule 30 outbound-interface name 'bond0.20' + set nat66 source rule 30 source prefix 'fd52:d62e:8011:c8::/64' + set nat66 source rule 30 translation address '2001:db8:123:b00e::/64' + set nat66 source rule 40 description 'NPT to VLAN 240' + set nat66 source rule 40 outbound-interface name 'bond0.20' + set nat66 source rule 40 source prefix 'fd52:d62e:8011:f0::/64' + set nat66 source rule 40 translation address '2001:db8:123:b00f::/64' + commit + +Verify that connections are hitting the rule on both sides: + +.. code-block:: none + + trae@cr01a-vyos# run show nat66 source statistics + Rule Packets Bytes Interface + ------ --------- ------- ----------- + 10 1 104 bond0.20 + 20 1 104 bond0.20 + 30 8093 669445 bond0.20 + 40 2446 216912 bond0.20 -- cgit v1.2.3 From ad7eaafed56898ddc0377d37efa57f6339d8ef9f Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Wed, 10 Jan 2024 12:53:01 +0100 Subject: dhcp: T3316: Update documentation for Kea implementation --- .../_include/dhcp-server.conf | 2 +- docs/configuration/service/dhcp-server.rst | 131 ++------------------- docs/installation/install.rst | 8 +- docs/quick-start.rst | 6 +- 4 files changed, 20 insertions(+), 127 deletions(-) (limited to 'docs') diff --git a/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf b/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf index 9c4b612a..a3a7f27e 100644 --- a/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf +++ b/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf @@ -8,6 +8,6 @@ set protocols static route 10.0.10.0/24 next-hop 10.0.20.254 set protocols static route 192.168.0.0/24 next-hop 127.16.0.2 set service dhcp-server listen-address '172.16.0.1' set service dhcp-server shared-network-name DHCPTun100 authoritative -set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 default-router '192.168.0.254' +set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 option default-router '192.168.0.254' set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 range 0 start '192.168.0.30' set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 range 0 stop '192.168.0.30' \ No newline at end of file diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index 0cc10feb..e20fc251 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -4,7 +4,7 @@ DHCP Server ########### -VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment. +VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment. *********** IPv4 server @@ -26,12 +26,7 @@ Configuration Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `_.` -.. cfgcmd:: set service dhcp-server host-decl-name - - Will drop `_` from client DNS record, using only the - host declaration name and domain: `.` - -.. cfgcmd:: set service dhcp-server shared-network-name domain-name +.. cfgcmd:: set service dhcp-server shared-network-name option domain-name The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP @@ -40,7 +35,7 @@ Configuration This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally. -.. cfgcmd:: set service dhcp-server shared-network-name domain-search +.. cfgcmd:: set service dhcp-server shared-network-name option domain-search The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times @@ -49,7 +44,7 @@ Configuration This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally. -.. cfgcmd:: set service dhcp-server shared-network-name name-server
+.. cfgcmd:: set service dhcp-server shared-network-name option name-server
Inform client that the DNS server can be found at `
`. @@ -58,21 +53,6 @@ Configuration Multiple DNS servers can be defined. -.. cfgcmd:: set service dhcp-server shared-network-name ping-check - - When the DHCP server is considering dynamically allocating an IP address to a - client, it first sends an ICMP Echo request (a ping) to the address being - assigned. It waits for a second, and if no ICMP Echo response has been heard, - it assigns the address. - - If a response is heard, the lease is abandoned, and the server does not - respond to the client. The lease will remain abandoned for a minimum of - abandon-lease-time seconds (defaults to 24 hours). - - If there are no free addresses but there are abandoned IP addresses, the - DHCP server will attempt to reclaim an abandoned IP address regardless of the - value of abandon-lease-time. - .. cfgcmd:: set service dhcp-server listen-address
This configuration parameter lets the DHCP server to listen for DHCP @@ -91,14 +71,14 @@ Individual Client Subnet network. .. cfgcmd:: set service dhcp-server shared-network-name subnet - default-router
+ option default-router
This is a configuration parameter for the ``, saying that as part of the response, tell the client that the default gateway can be reached at `
`. .. cfgcmd:: set service dhcp-server shared-network-name subnet - name-server
+ option name-server
This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `
`. @@ -133,40 +113,19 @@ Individual Client Subnet This option can be specified multiple times. .. cfgcmd:: set service dhcp-server shared-network-name subnet - domain-name + option domain-name The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015). .. cfgcmd:: set service dhcp-server shared-network-name subnet - domain-search + option domain-search The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119). -.. cfgcmd:: set service dhcp-server shared-network-name subnet - ping-check - - When the DHCP server is considering dynamically allocating an IP address to a - client, it first sends an ICMP Echo request (a ping) to the address being - assigned. It waits for a second, and if no ICMP Echo response has been heard, - it assigns the address. - - If a response is heard, the lease is abandoned, and the server does not - respond to the client. The lease will remain abandoned for a minimum of - abandon-lease-time seconds (defaults to 24 hours). - - If a there are no free addresses but there are abandoned IP addresses, the - DHCP server will attempt to reclaim an abandoned IP address regardless of the - value of abandon-lease-time. - -.. cfgcmd:: set service dhcp-server shared-network-name subnet - enable-failover - - Enable DHCP failover configuration for this address pool. - Failover -------- @@ -391,32 +350,6 @@ Options Multi: can be specified multiple times. -Raw Parameters -============== - -Raw parameters can be passed to shared-network-name, subnet and static-mapping: - -.. code-block:: none - - set service dhcp-server shared-network-name shared-network-parameters - Additional shared-network parameters for DHCP server. - set service dhcp-server shared-network-name subnet subnet-parameters - Additional subnet parameters for DHCP server. - set service dhcp-server shared-network-name subnet static-mapping static-mapping-parameters - Additional static-mapping parameters for DHCP server. - Will be placed inside the "host" block of the mapping. - -These parameters are passed as-is to isc-dhcp's dhcpd.conf under the -configuration node they are defined in. They are not validated so an error in -the raw parameters won't be caught by vyos's scripts and will cause dhcpd to -fail to start. Always verify that the parameters are correct before committing -the configuration. Refer to isc-dhcp's dhcpd.conf manual for more information: -https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpdconf - -Quotes can be used inside parameter values by replacing all quote characters -with the string ``"``. They will be replaced with literal quote characters -when generating dhcpd.conf. - Example ======= @@ -439,12 +372,11 @@ Common configuration, valid for both primary and secondary node. .. code-block:: none - set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 default-router '192.0.2.254' - set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 name-server '192.0.2.254' - set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 domain-name 'vyos.net' + set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option default-router '192.0.2.254' + set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option name-server '192.0.2.254' + set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option domain-name 'vyos.net' set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 start '192.0.2.10' set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 stop '192.0.2.250' - set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 enable-failover **Primary** @@ -467,47 +399,6 @@ Common configuration, valid for both primary and secondary node. .. _dhcp-server:v4_example_raw: -Raw Parameters --------------- - -* Override static-mapping's name-server with a custom one that will be sent only - to this host. -* An option that takes a quoted string is set by replacing all quote characters - with the string ``"`` inside the static-mapping-parameters value. - The resulting line in dhcpd.conf will be - ``option pxelinux.configfile "pxelinux.cfg/01-00-15-17-44-2d-aa";``. - - -.. code-block:: none - - set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option domain-name-servers 192.0.2.11, 192.0.2.12;" - set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option pxelinux.configfile "pxelinux.cfg/01-00-15-17-44-2d-aa";" - -Option 43 for UniFI -------------------- - -* These parameters need to be part of the DHCP global options. - They stay unchanged. - - -.. code-block:: none - - set service dhcp-server global-parameters 'option space ubnt;' - set service dhcp-server global-parameters 'option ubnt.unifi-address code 1 = ip-address;' - set service dhcp-server global-parameters 'class "ubnt" {' - set service dhcp-server global-parameters 'match if substring (option vendor-class-identifier, 0, 4) = "ubnt";' - set service dhcp-server global-parameters 'option vendor-class-identifier "ubnt";' - set service dhcp-server global-parameters 'vendor-option-space ubnt;' - set service dhcp-server global-parameters '}' - -* Now we add the option to the scope, adapt to your setup - - -.. code-block:: none - - set service dhcp-server shared-network-name example-scope subnet 10.1.1.0/24 subnet-parameters 'option ubnt.unifi-address 172.16.1.10;' - - Operation Mode ============== diff --git a/docs/installation/install.rst b/docs/installation/install.rst index 2bbce8ee..bf0f11fe 100644 --- a/docs/installation/install.rst +++ b/docs/installation/install.rst @@ -458,9 +458,11 @@ In this example we configured an existent VyOS as the DHCP server: vyos@vyos# show service dhcp-server shared-network-name mydhcp { subnet 192.168.1.0/24 { - bootfile-name pxelinux.0 - bootfile-server 192.168.1.50 - default-router 192.168.1.50 + option { + bootfile-name pxelinux.0 + bootfile-server 192.168.1.50 + default-router 192.168.1.50 + } range 0 { start 192.168.1.70 stop 192.168.1.100 diff --git a/docs/quick-start.rst b/docs/quick-start.rst index c8bb3f04..44ff99ff 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -93,9 +93,9 @@ DNS server. .. code-block:: none - set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1' - set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 name-server '192.168.0.1' - set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name 'vyos.net' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option default-router '192.168.0.1' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option name-server '192.168.0.1' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option domain-name 'vyos.net' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 start '192.168.0.9' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 stop '192.168.0.254' -- cgit v1.2.3 From 3864aa6aafd592e5d8b93dbede9004ccbf001e88 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Thu, 11 Jan 2024 02:12:07 +0100 Subject: dhcp: dhcpv6: T3316: Update documentation for inclusion of `subnet-id` --- .../DHCPRelay_through_GRE/_include/dhcp-server.conf | 3 ++- docs/configuration/service/dhcp-server.rst | 17 +++++++++++++++++ docs/installation/install.rst | 1 + docs/quick-start.rst | 1 + 4 files changed, 21 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf b/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf index a3a7f27e..20c8dd10 100644 --- a/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf +++ b/docs/configexamples/autotest/DHCPRelay_through_GRE/_include/dhcp-server.conf @@ -10,4 +10,5 @@ set service dhcp-server listen-address '172.16.0.1' set service dhcp-server shared-network-name DHCPTun100 authoritative set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 option default-router '192.168.0.254' set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 range 0 start '192.168.0.30' -set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 range 0 stop '192.168.0.30' \ No newline at end of file +set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 range 0 stop '192.168.0.30' +set service dhcp-server shared-network-name DHCPTun100 subnet 192.168.0.0/24 subnet-id '1' \ No newline at end of file diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index e20fc251..c51a0aff 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -70,6 +70,12 @@ Individual Client Subnet any device trying to request an IP address that is not valid for this network. +.. cfgcmd:: set service dhcp-server shared-network-name subnet + subnet-id + + This configuration parameter is required and must be unique to each subnet. + It is required to map subnets to lease file entries. + .. cfgcmd:: set service dhcp-server shared-network-name subnet option default-router
@@ -197,6 +203,7 @@ inside the subnet definition but can be outside of the range statement. .. code-block:: none + set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 subnet-id 1 set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 ip-address 192.168.1.100 set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 mac-address aa:bb:11:22:33:00 @@ -210,6 +217,7 @@ The configuration will look as follows: ip-address 192.168.1.100 mac-address aa:bb:11:22:33:00 } + subnet-id 1 } Options @@ -377,6 +385,7 @@ Common configuration, valid for both primary and secondary node. set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option domain-name 'vyos.net' set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 start '192.0.2.10' set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 stop '192.0.2.250' + set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 subnet-id '1' **Primary** @@ -505,6 +514,12 @@ Configuration Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``. +.. cfgcmd:: set service dhcpv6-server shared-network-name subnet + subnet-id + + This configuration parameter is required and must be unique to each subnet. + It is required to map subnets to lease file entries. + .. cfgcmd:: set service dhcpv6-server shared-network-name subnet lease-time {default | maximum | minimum} @@ -581,6 +596,7 @@ server. The following example describes a common scenario. set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 address-range start 2001:db8::100 stop 2001:db8::199 set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 name-server 2001:db8::ffff + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 subnet-id 1 The configuration will look as follows: @@ -595,6 +611,7 @@ The configuration will look as follows: } } name-server 2001:db8::ffff + subnet-id 1 } } diff --git a/docs/installation/install.rst b/docs/installation/install.rst index bf0f11fe..17bccfbd 100644 --- a/docs/installation/install.rst +++ b/docs/installation/install.rst @@ -467,6 +467,7 @@ In this example we configured an existent VyOS as the DHCP server: start 192.168.1.70 stop 192.168.1.100 } + subnet-id 1 } } diff --git a/docs/quick-start.rst b/docs/quick-start.rst index 44ff99ff..05e278ad 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -99,6 +99,7 @@ DNS server. set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 start '192.168.0.9' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 stop '192.168.0.254' + set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 subnet-id '1' set service dns forwarding cache-size '0' set service dns forwarding listen-address '192.168.0.1' -- cgit v1.2.3 From 85ef13b14fa37b8780f6e6c8220bc54366c72741 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Thu, 11 Jan 2024 09:46:26 -0300 Subject: Add opmode commands for firewall zones, and add global state-policies in quick-start --- docs/configuration/firewall/zone.rst | 38 ++++++++++++++++++++++++++++++++++++ docs/quick-start.rst | 31 +++++++++++++++++++++-------- 2 files changed, 61 insertions(+), 8 deletions(-) (limited to 'docs') diff --git a/docs/configuration/firewall/zone.rst b/docs/configuration/firewall/zone.rst index 1ab9c630..059b029d 100644 --- a/docs/configuration/firewall/zone.rst +++ b/docs/configuration/firewall/zone.rst @@ -123,3 +123,41 @@ written from the perspective of: *Source Zone*-to->*Destination Zone* set firewall zone DMZ from LAN firewall name LANv4-to-DMZv4 set firewall zone LAN from DMZ firewall name DMZv4-to-LANv4 +************** +Operation-mode +************** + +.. opcmd:: show firewall zone-policy + + This will show you a basic summary of zones configuration. + + .. code-block:: none + + vyos@vyos:~$ show firewall zone-policy + Zone Interfaces From Zone Firewall IPv4 Firewall IPv6 + ------ ------------ ----------- --------------- --------------- + LAN eth1 WAN WAN_to_LAN + eth2 + LOCAL LOCAL LAN LAN_to_LOCAL + WAN WAN_to_LOCAL WAN_to_LOCAL_v6 + WAN eth3 LAN LAN_to_WAN + eth0 LOCAL LOCAL_to_WAN + vyos@vyos:~$ + +.. opcmd:: show firewall zone-policy zone + + This will show you a basic summary of a particular zone. + + .. code-block:: none + + vyos@vyos:~$ show firewall zone-policy zone WAN + Zone Interfaces From Zone Firewall IPv4 Firewall IPv6 + ------ ------------ ----------- --------------- --------------- + WAN eth3 LAN LAN_to_WAN + eth0 LOCAL LOCAL_to_WAN + vyos@vyos:~$ show firewall zone-policy zone LOCAL + Zone Interfaces From Zone Firewall IPv4 Firewall IPv6 + ------ ------------ ----------- --------------- --------------- + LOCAL LOCAL LAN LAN_to_LOCAL + WAN WAN_to_LOCAL WAN_to_LOCAL_v6 + vyos@vyos:~$ diff --git a/docs/quick-start.rst b/docs/quick-start.rst index c8bb3f04..bbd7ab77 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -141,7 +141,7 @@ networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration. -In this case, we will create two interface groups—a ``WAN`` group for our +In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet. @@ -156,10 +156,26 @@ Configure Stateful Packet Filtering ----------------------------------- With the new firewall structure, we have have a lot of flexibility in how we -group and order our rules, as shown by the two alternative approaches below. +group and order our rules, as shown by the three alternative approaches below. -Option 1: Common Chain -^^^^^^^^^^^^^^^^^^^^^^ +Option 1: Global State Policies +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Using options defined in ``set firewall global-options state-policy``, state +policy rules that applies for both IPv4 and IPv6 are created. These global +state policies also applies for all traffic that passes through the router +(transit) and for traffic originated/destinated to/from the router itself, and +will be avaluated before any other rule defined in the firewall. + +Most installations would choose this option, and will contain: + +.. code-block:: none + + set firewall global-options state-policy established action accept + set firewall global-options state-policy related action accept + set firewall global-options state-policy invalid action drop + +Option 2: Common/Custom Chain +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual @@ -196,12 +212,11 @@ hooks as the first filtering rule in the respective chains: set firewall ipv4 input filter rule 10 action 'jump' set firewall ipv4 input filter rule 10 jump-target CONN_FILTER -Option 2: Per-Hook Chain +Option 3: Per-Hook Chain ^^^^^^^^^^^^^^^^^^^^^^^^ -Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, -you can take the more traditional stateful connection filtering approach by -creating rules on each hook's chain: +Alternatively, you can take the more traditional stateful connection +filtering approach by creating rules on each base hook's chain: .. code-block:: none -- cgit v1.2.3 From 3b50e4600a2db1abaff3d4049bd6627a272b00dc Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Sat, 13 Jan 2024 00:53:52 +0100 Subject: Update syntax for Kea option change --- docs/configuration/service/dhcp-server.rst | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) (limited to 'docs') diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index c51a0aff..b99e5baa 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -528,35 +528,35 @@ Configuration values need to be supplied in seconds. .. cfgcmd:: set service dhcpv6-server shared-network-name subnet - nis-domain + option nis-domain A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients. .. cfgcmd:: set service dhcpv6-server shared-network-name subnet - nisplus-domain + option nisplus-domain The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one: .. cfgcmd:: set service dhcpv6-server shared-network-name subnet - nis-server
+ option nis-server
Specify a NIS server address for DHCPv6 clients. .. cfgcmd:: set service dhcpv6-server shared-network-name subnet - nisplus-server
+ option nisplus-server
Specify a NIS+ server address for DHCPv6 clients. .. cfgcmd:: set service dhcpv6-server shared-network-name subnet - sip-server
+ option sip-server
Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients. .. cfgcmd:: set service dhcpv6-server shared-network-name subnet - sntp-server-address
+ option sntp-server-address
A SNTP server address can be specified for DHCPv6 clients. @@ -594,8 +594,9 @@ server. The following example describes a common scenario. .. code-block:: none - set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 address-range start 2001:db8::100 stop 2001:db8::199 - set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 name-server 2001:db8::ffff + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 range 1 start 2001:db8::100 stop 2001:db8::199 + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 range 1 stop 2001:db8::199 + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 option name-server 2001:db8::ffff set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 subnet-id 1 The configuration will look as follows: @@ -605,12 +606,13 @@ The configuration will look as follows: show service dhcpv6-server shared-network-name NET1 { subnet 2001:db8::/64 { - address-range { - start 2001:db8::100 { - stop 2001:db8::199 - } + range 1 { + start 2001:db8::100 + stop 2001:db8::199 + } + option { + name-server 2001:db8::ffff } - name-server 2001:db8::ffff subnet-id 1 } } -- cgit v1.2.3 From 27432429e0ee86fafbba4017f57a9b2adc32809c Mon Sep 17 00:00:00 2001 From: rebortg Date: Sat, 13 Jan 2024 13:51:06 +0100 Subject: Update autotest labs with 1.5-rolling-202401121239 --- .../autotest/Wireguard/Wireguard.log | 1499 ++++++++++---------- .../autotest/Wireguard/Wireguard.rst | 22 +- .../autotest/Wireguard/_include/branch.conf | 4 +- .../autotest/Wireguard/_include/central.conf | 4 +- .../autotest/tunnelbroker/tunnelbroker.log | 1458 +++++++++---------- .../autotest/tunnelbroker/tunnelbroker.rst | 36 +- 6 files changed, 1530 insertions(+), 1493 deletions(-) (limited to 'docs') diff --git a/docs/configexamples/autotest/Wireguard/Wireguard.log b/docs/configexamples/autotest/Wireguard/Wireguard.log index 25bde79c..483b0e86 100644 --- a/docs/configexamples/autotest/Wireguard/Wireguard.log +++ b/docs/configexamples/autotest/Wireguard/Wireguard.log @@ -1,752 +1,767 @@ -2023-08-31 21:36:47,446 p=71926 u=rob n=ansible | PLAY [Automatic VyOS Lab test] ********************************************************************************************************************************************************************* -2023-08-31 21:36:47,487 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: fail if node_template_iso is empty] ************************************************************************************************************************** -2023-08-31 21:36:47,501 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:36:47,507 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:47,508 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:47,512 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:47,515 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: fail if node_template_version is empty] ********************************************************************************************************************** -2023-08-31 21:36:47,528 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:36:47,535 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:47,537 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:47,542 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:47,545 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: install requirements] **************************************************************************************************************************************** -2023-08-31 21:36:47,563 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:47,566 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:47,570 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:55,614 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:36:55,628 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:36:55,658 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:55,662 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:55,668 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:56,520 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:36:56,528 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: get template facts] ****************************************************************************************************************************************** -2023-08-31 21:36:56,555 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:56,558 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:56,563 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:57,042 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:36:57,050 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Register path status] **************************************************************************************************************************************** -2023-08-31 21:36:57,080 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:57,081 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:57,087 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:57,290 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:36:57,294 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create path] ************************************************************************************************************************************************* -2023-08-31 21:36:57,316 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:57,317 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:57,322 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:36:57,559 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:36:57,564 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Upload iso to eve-ng] **************************************************************************************************************************************** -2023-08-31 21:36:57,587 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:36:57,590 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:36:57,597 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:45,806 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:37:45,818 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create virtioa.qcow2 file] *********************************************************************************************************************************** -2023-08-31 21:37:45,849 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:45,852 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:45,857 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:46,082 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:37:46,087 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:37:46,113 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:46,113 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:46,119 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:46,825 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:46,834 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create lab for node install] ********************************************************************************************************************************* -2023-08-31 21:37:46,868 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:46,871 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:46,876 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:47,520 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:47,529 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: open lab] **************************************************************************************************************************************************** -2023-08-31 21:37:47,558 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:47,562 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:47,567 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:48,030 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:48,039 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] *************************************************************************************************************************************************************** -2023-08-31 21:37:48,070 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:48,073 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:48,073 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:48,078 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:48,082 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: add node to lab] ********************************************************************************************************************************************* -2023-08-31 21:37:48,103 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:48,106 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:48,110 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:48,677 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:48,686 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: start node] ************************************************************************************************************************************************** -2023-08-31 21:37:48,717 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:48,721 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:48,726 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:50,314 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:50,323 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : debug] ****************************************************************************************************************************************************************** -2023-08-31 21:37:50,356 p=71926 u=rob n=ansible | ok: [eveng] => { - "msg": { - "cache_control": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0", - "changed": false, - "connection": "close", - "content": "{\"code\":200,\"status\":\"success\",\"message\":\"Node started (80049).\"}", - "content_length": "65", - "content_type": "application/json", - "cookies": {}, - "cookies_string": "", - "date": "Thu, 31 Aug 2023 19:37:49 GMT", - "elapsed": 1, - "expires": "Thu, 19 Nov 1981 08:52:00 GMT", - "failed": false, - "json": { - "code": 200, - "message": "Node started (80049).", - "status": "success" - }, - "msg": "OK (65 bytes)", - "pragma": "no-cache, no-cache", - "redirected": false, - "server": "Apache/2.4.41 (Ubuntu)", - "status": 200, - "url": "https://127.0.0.1/api/labs/node_create_lab_name.unl/nodes/1/start", - "x_powered_by": "Unified Networking Lab API" - } -} -2023-08-31 21:37:50,357 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:50,357 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:50,363 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:50,366 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: get node infos] ********************************************************************************************************************************************** -2023-08-31 21:37:50,385 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:50,388 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:50,393 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:50,931 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:50,938 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] *************************************************************************************************************************************************************** -2023-08-31 21:37:50,970 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:37:50,972 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:50,972 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:50,978 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:50,982 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: copy file] *************************************************************************************************************************************************** -2023-08-31 21:37:51,001 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:51,003 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:51,008 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:37:51,541 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:37:51,547 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: run expect script] ******************************************************************************************************************************************* -2023-08-31 21:37:51,569 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:37:51,571 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:37:51,576 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:38:52,093 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:38:52,096 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie (due timeout)] **************************************************************************************************************** -2023-08-31 21:38:52,115 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:38:52,118 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:38:52,123 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:38:52,887 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:38:52,895 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: stop node] *************************************************************************************************************************************************** -2023-08-31 21:38:52,927 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:38:52,930 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:38:52,936 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:38:54,029 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:38:54,039 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Pause to wait node is shutdown] ****************************************************************************************************************************** -2023-08-31 21:38:54,065 p=71926 u=rob n=ansible | Pausing for 10 seconds -2023-08-31 21:38:54,065 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:39:04,082 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:04,093 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: delete iso] ************************************************************************************************************************************************** -2023-08-31 21:39:04,120 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:04,124 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:04,130 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:04,361 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:39:04,373 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: commit virtioa.qcow2] **************************************************************************************************************************************** -2023-08-31 21:39:04,408 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:04,411 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:04,417 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:05,745 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:39:05,757 p=71926 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: delete lab for node install] ********************************************************************************************************************************* -2023-08-31 21:39:05,789 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:05,792 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:05,798 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:06,467 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:06,486 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Get env file content] ****************************************************************************************************************************************************** -2023-08-31 21:39:06,735 p=71926 u=rob n=ansible | ok: [vyos-oobm -> localhost] -2023-08-31 21:39:06,735 p=71926 u=rob n=ansible | ok: [branch -> localhost] -2023-08-31 21:39:06,735 p=71926 u=rob n=ansible | ok: [central -> localhost] -2023-08-31 21:39:06,735 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:39:06,738 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Load facts] ***************************************************************************************************************************************************** -2023-08-31 21:39:06,760 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:07,757 p=71926 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:39:07,763 p=71926 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko +2024-01-13 13:43:51,001 p=4891 u=rob n=ansible | PLAY [Automatic VyOS Lab test] ******************************************************************************************* +2024-01-13 13:43:51,019 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: fail if node_template_iso is empty] ************************************************ +2024-01-13 13:43:51,032 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:51,033 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:51,033 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:51,036 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:51,038 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: fail if node_template_version is empty] ******************************************** +2024-01-13 13:43:51,046 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:51,050 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:51,052 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:51,055 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:51,056 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: install requirements] ************************************************************** +2024-01-13 13:43:51,068 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:51,068 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:51,071 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:54,278 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:54,280 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:43:54,290 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:54,292 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:54,295 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:55,292 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:55,294 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: get template facts] **************************************************************** +2024-01-13 13:43:55,305 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:55,307 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:55,309 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:55,857 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:55,859 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Register path status] ************************************************************** +2024-01-13 13:43:55,870 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:55,871 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:55,874 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,154 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:56,156 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create path] *********************************************************************** +2024-01-13 13:43:56,168 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,168 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,169 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,172 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,174 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Upload iso to eve-ng] ************************************************************** +2024-01-13 13:43:56,184 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,185 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,186 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,188 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,190 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create virtioa.qcow2 file] ********************************************************* +2024-01-13 13:43:56,201 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,202 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,202 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,206 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,208 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:43:56,218 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,218 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,219 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,223 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,224 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: create lab for node install] ******************************************************* +2024-01-13 13:43:56,236 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,236 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,238 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,240 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,242 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: open lab] ************************************************************************** +2024-01-13 13:43:56,252 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,252 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,254 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,256 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,257 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] ************************************************************************************* +2024-01-13 13:43:56,267 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,268 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,269 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,272 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,273 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: add node to lab] ******************************************************************* +2024-01-13 13:43:56,284 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,284 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,285 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,288 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,290 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: start node] ************************************************************************ +2024-01-13 13:43:56,301 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,302 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,302 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,305 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,306 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : debug] **************************************************************************************** +2024-01-13 13:43:56,316 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,317 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,318 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,321 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,323 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: get node infos] ******************************************************************** +2024-01-13 13:43:56,333 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,334 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,335 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,338 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,339 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] ************************************************************************************* +2024-01-13 13:43:56,349 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,349 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,351 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,353 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,356 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: copy file] ************************************************************************* +2024-01-13 13:43:56,367 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,368 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,368 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,370 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,372 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: run expect script] ***************************************************************** +2024-01-13 13:43:56,382 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,382 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,383 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,386 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,387 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Login to EVE-NG and get Cookie (due timeout)] ************************************** +2024-01-13 13:43:56,397 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,398 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,398 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,401 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,403 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: stop node] ************************************************************************* +2024-01-13 13:43:56,413 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,413 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,414 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,417 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,419 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: Pause to wait node is shutdown] **************************************************** +2024-01-13 13:43:56,425 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,426 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: delete iso] ************************************************************************ +2024-01-13 13:43:56,437 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,437 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,438 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,441 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,443 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: commit virtioa.qcow2] ************************************************************** +2024-01-13 13:43:56,454 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,454 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,455 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,458 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,460 p=4891 u=rob n=ansible | TASK [eve-ng-create-node : Wireguard: delete lab for node install] ******************************************************* +2024-01-13 13:43:56,470 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,470 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,471 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,474 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,477 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Get env file content] **************************************************************************** +2024-01-13 13:43:56,693 p=4891 u=rob n=ansible | ok: [central -> localhost] +2024-01-13 13:43:56,693 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:43:56,693 p=4891 u=rob n=ansible | ok: [branch -> localhost] +2024-01-13 13:43:56,693 p=4891 u=rob n=ansible | ok: [oobm-xcnelw -> localhost] +2024-01-13 13:43:56,695 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Load facts] *************************************************************************** +2024-01-13 13:43:56,709 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:56,729 p=4891 u=rob n=ansible | ok: [oobm-xcnelw] +2024-01-13 13:43:56,731 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:43:56,734 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:43:56,735 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : decode oobm default startupconfig] *************************************************************** +2024-01-13 13:43:56,746 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,748 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,751 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,752 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:56,754 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: fail if node_template_version is empty] *********************************************** +2024-01-13 13:43:56,762 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:56,766 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,767 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,770 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:56,771 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:43:56,784 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:56,784 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:56,787 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:57,729 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:57,731 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: get running lab list] ***************************************************************** +2024-01-13 13:43:57,742 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:57,743 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:57,746 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:58,334 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:58,336 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: kill running lab] ********************************************************************* +2024-01-13 13:43:58,344 p=4891 u=rob n=ansible | [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: +(response.json.message != "No nodes running (60071).") and (item.labname == "{{ eve_ng_folder_name }}/{{ lab }}") -2023-08-31 21:39:07,763 p=71926 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:39:07,777 p=71926 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko +2024-01-13 13:43:58,346 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:58,347 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': '118775ba-26f6-434a-8dd5-62b0edaa4cd1', 'size': 0.0726, 'sat': '0', 'sat_name': 'master', 'labid': '2', 'labname': '/labtest/DHCPRelay_through_GRE', 'cpu': 0.5, 'mem': 3.01}) +2024-01-13 13:43:58,348 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '588b9164-a3b7-4522-8058-0f6ff6286564', 'size': 0.1878, 'sat': '0', 'sat_name': 'master', 'labid': 1002, 'labname': '/Common\n', 'cpu': 0, 'mem': 0}) +2024-01-13 13:43:58,348 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:58,350 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '61cc6cd0-78f4-4302-830b-482b642a5e74', 'size': 0.534, 'sat': '0', 'sat_name': 'master', 'labid': 1003, 'labname': '/MSS-Clambing\n', 'cpu': 0, 'mem': 0}) +2024-01-13 13:43:58,352 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': 'a0e4e4ed-9da3-4c84-9947-144e76edaa6b', 'size': 0.0791, 'sat': '0', 'sat_name': 'master', 'labid': '1', 'labname': '/labtest/L3VPN_EVPN', 'cpu': 2.33, 'mem': 0.02}) +2024-01-13 13:43:58,352 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:58,354 p=4891 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': 'd5888368-28aa-4e0a-91b0-e4a068bce911', 'size': 0.322, 'sat': '0', 'sat_name': 'master', 'labid': '3', 'labname': '/labtest/OpenVPN_with_LDAP', 'cpu': 22.33, 'mem': 10.75}) +2024-01-13 13:43:58,355 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:43:58,357 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: delete existing lab] ****************************************************************** +2024-01-13 13:43:58,368 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:58,368 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:58,371 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:58,948 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:58,950 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Ensure labtest is present] ************************************************************ +2024-01-13 13:43:58,961 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:58,963 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:58,966 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:43:59,245 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:43:59,247 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Create Wireguard Lab] ***************************************************************** +2024-01-13 13:43:59,258 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:43:59,259 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:43:59,262 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:44:00,058 p=4891 u=rob n=ansible | changed: [eveng] +2024-01-13 13:44:00,060 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:44:00,075 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:44:00,076 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:44:00,079 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:44:00,911 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:44:00,914 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start vyos-oobm] ********************************************************************** +2024-01-13 13:44:00,927 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:44:00,928 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:44:00,933 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:44:02,451 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:44:02,453 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos-oobm] ******************************************************************* +2024-01-13 13:44:02,465 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:44:02,466 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:44:02,470 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:44:03,354 p=4891 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:44:03,355 p=4891 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko -2023-08-31 21:39:07,777 p=71926 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:39:07,779 p=71926 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko - -2023-08-31 21:39:07,779 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:39:07,781 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:39:07,781 p=71926 u=rob n=ansible | ok: [vyos-oobm] -2023-08-31 21:39:07,785 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : debug] ********************************************************************************************************************************************************************* -2023-08-31 21:39:07,814 p=71926 u=rob n=ansible | ok: [eveng] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:39:08,761 p=71926 u=rob n=ansible | ok: [branch] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:39:08,761 p=71926 u=rob n=ansible | ok: [central] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:39:08,762 p=71926 u=rob n=ansible | ok: [vyos-oobm] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:39:08,769 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: fail if node_template_version is empty] ************************************************************************************************************************* -2023-08-31 21:39:08,794 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:39:08,804 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:08,807 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:08,811 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:08,815 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:39:08,833 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:08,836 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:08,841 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:09,569 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:09,579 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: get running lab list] ******************************************************************************************************************************************* -2023-08-31 21:39:09,611 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:09,612 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:09,618 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:10,083 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:10,093 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: kill running lab] *********************************************************************************************************************************************** -2023-08-31 21:39:10,126 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:10,127 p=71926 u=rob n=ansible | [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item.labname == "{{ eve_ng_folder_name }}/{{ lab }}" - -2023-08-31 21:39:10,130 p=71926 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '0fc5edef-8cf2-4400-9a1c-0c4c41a1a881', 'size': 0.1996, 'sat': '0', 'sat_name': 'master', 'labid': 1001, 'labname': '/ecmp wireguard\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:39:10,132 p=71926 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '588b9164-a3b7-4522-8058-0f6ff6286564', 'size': 1.0595, 'sat': '0', 'sat_name': 'master', 'labid': 1002, 'labname': '/Common\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:39:10,134 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:10,134 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:10,137 p=71926 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '9785926c-63ec-42c0-a1ca-a386b9013151', 'size': 0.4469, 'sat': '0', 'sat_name': 'master', 'labid': 1003, 'labname': '/layer2 via IPSec\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:39:10,139 p=71926 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': 'aa98095e-3b64-45aa-b883-e2b7fdfac08c', 'size': 0.5229, 'sat': '0', 'sat_name': 'master', 'labid': 1004, 'labname': '/ospf\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:39:10,140 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:39:10,144 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: delete existing lab] ******************************************************************************************************************************************** -2023-08-31 21:39:10,162 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:10,164 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:10,170 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:10,600 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:10,611 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Ensure labtest is present] ************************************************************************************************************************************** -2023-08-31 21:39:10,640 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:10,643 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:10,650 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:10,798 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:10,807 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Create Wireguard Lab] ******************************************************************************************************************************************* -2023-08-31 21:39:10,837 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:10,840 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:10,846 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:11,322 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:39:11,331 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:39:11,362 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:11,365 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:11,370 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:12,042 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:12,049 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start vyos-oobm] ************************************************************************************************************************************************ -2023-08-31 21:39:12,079 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:39:12,082 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:12,091 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:13,161 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:39:13,172 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos-oobm] ********************************************************************************************************************************************* -2023-08-31 21:39:13,201 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:39:13,204 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:39:13,210 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:39:14,088 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:39:44,102 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:39:44,107 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:39:44,107 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:39:44,107 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:39:44,107 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:39:44,108 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:39:44,109 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:39:44,110 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:39:44,110 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:15,137 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:40:15,138 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:40:15,138 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:40:15,139 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:40:15,140 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:40:15,141 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:40:15,141 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:40:15,141 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:40:15,141 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:46,155 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:40:46,156 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:40:46,157 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:46,158 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:40:46,159 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:40:47,928 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:40:48,182 p=72425 u=rob n=p=72425 u=rob | paramiko [vyos-oobm] | Authentication (publickey) successful! -2023-08-31 21:40:49,243 p=71926 u=rob n=ansible | ok: [vyos-oobm] -2023-08-31 21:40:49,246 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:40:49,266 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:40:49,269 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:40:49,275 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:40:50,220 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:40:50,224 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: get lab status] ************************************************************************************************************************************************* -2023-08-31 21:40:50,252 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:40:50,255 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:40:50,261 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:40:50,772 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:40:50,776 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start all nodes] ************************************************************************************************************************************************ -2023-08-31 21:40:50,795 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:40:50,799 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:40:50,803 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:40:51,376 p=71926 u=rob n=ansible | ok: [eveng] => (item=1) -2023-08-31 21:40:52,420 p=71926 u=rob n=ansible | ok: [eveng] => (item=4) -2023-08-31 21:40:53,681 p=71926 u=rob n=ansible | ok: [eveng] => (item=6) -2023-08-31 21:40:54,642 p=71926 u=rob n=ansible | ok: [eveng] => (item=2) -2023-08-31 21:40:55,580 p=71926 u=rob n=ansible | ok: [eveng] => (item=3) -2023-08-31 21:40:55,598 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ******************************************************************************************************************************************** -2023-08-31 21:40:55,628 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:40:55,628 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:40:56,551 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:40:56,552 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:41:13,459 p=72315 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs. +2024-01-13 13:44:03,357 p=4891 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This +feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in +ansible.cfg. +2024-01-13 13:46:02,775 p=5217 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs. See the timeout setting options in the Network Debug and Troubleshooting Guide. -2023-08-31 21:41:13,567 p=72315 u=rob n=ansible | shutdown complete -2023-08-31 21:41:26,577 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:41:26,583 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:41:26,583 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:41:26,583 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf += self._read_timeout(timeout) -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise socket.timeout() -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | socket.timeout -2023-08-31 21:41:26,584 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: -2023-08-31 21:41:26,584 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:41:26,585 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | self._check_banner() -2023-08-31 21:41:26,586 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:41:26,586 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise SSHException( -2023-08-31 21:41:26,586 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:41:26,586 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:26,588 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:41:26,588 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:41:26,588 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise socket.timeout() -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | socket.timeout -2023-08-31 21:41:26,589 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | self._check_banner() -2023-08-31 21:41:26,590 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:41:26,591 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise SSHException( -2023-08-31 21:41:26,591 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:41:26,591 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:57,640 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:41:57,641 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:41:57,641 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise socket.timeout() -2023-08-31 21:41:57,642 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:41:57,642 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | socket.timeout -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:41:57,643 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:41:57,643 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf += self._read_timeout(timeout) -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | self._check_banner() -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise socket.timeout() -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise SSHException( -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | socket.timeout -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:57,644 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: -2023-08-31 21:41:57,644 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | self._check_banner() -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise SSHException( -2023-08-31 21:41:57,645 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:41:57,646 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:42:28,697 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:42:28,697 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:42:28,698 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:42:28,698 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | buf += self._read_timeout(timeout) -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:42:28,699 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:42:28,699 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise socket.timeout() -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise socket.timeout() -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | socket.timeout -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | socket.timeout -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:42:28,700 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Traceback (most recent call last): -2023-08-31 21:42:28,700 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Traceback (most recent call last): -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | self._check_banner() -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | self._check_banner() -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | raise SSHException( -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | raise SSHException( -2023-08-31 21:42:28,701 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:42:28,701 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:42:28,702 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | -2023-08-31 21:42:28,702 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | -2023-08-31 21:42:30,750 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:42:30,753 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:42:31,019 p=72617 u=rob n=p=72617 u=rob | paramiko [branch] | Authentication (publickey) successful! -2023-08-31 21:42:31,024 p=72616 u=rob n=p=72616 u=rob | paramiko [central] | Authentication (publickey) successful! -2023-08-31 21:42:32,367 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:42:32,367 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:42:32,369 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : generate pki wireguard key-pair] ******************************************************************************************************************************************* -2023-08-31 21:42:32,386 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:32,393 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:33,327 p=72314 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use +2024-01-13 13:46:02,887 p=5217 u=rob n=ansible | shutdown complete +2024-01-13 13:46:38,493 p=5211 u=rob n=p=5211 u=rob | paramiko [oobm-xcnelw] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:46:38,800 p=5211 u=rob n=p=5211 u=rob | paramiko [oobm-xcnelw] | Authentication (publickey) successful! +2024-01-13 13:46:40,108 p=4891 u=rob n=ansible | ok: [oobm-xcnelw] +2024-01-13 13:46:40,110 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:46:40,121 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:46:40,121 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:46:40,124 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:46:41,244 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:46:41,249 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: get lab status] *********************************************************************** +2024-01-13 13:46:41,267 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:46:41,269 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:46:41,273 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:46:41,842 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:46:41,847 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start all nodes] ********************************************************************** +2024-01-13 13:46:41,867 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:46:41,869 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:46:41,872 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:46:42,373 p=4891 u=rob n=ansible | ok: [eveng] => (item=1) +2024-01-13 13:46:43,474 p=4891 u=rob n=ansible | ok: [eveng] => (item=4) +2024-01-13 13:46:44,793 p=4891 u=rob n=ansible | ok: [eveng] => (item=6) +2024-01-13 13:46:45,990 p=4891 u=rob n=ansible | ok: [eveng] => (item=2) +2024-01-13 13:46:46,917 p=4891 u=rob n=ansible | ok: [eveng] => (item=3) +2024-01-13 13:46:46,924 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ****************************************************************** +2024-01-13 13:46:46,940 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:46:46,944 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:46:47,861 p=4891 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:46:47,861 p=4891 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:47:17,890 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:17,892 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:17,893 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:17,893 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:17,894 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:17,894 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:17,894 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:47:17,895 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:17,895 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:17,895 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:17,895 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:47:17,895 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:47:17,896 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:17,896 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:17,896 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:17,896 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:17,896 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:17,897 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:17,897 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:17,897 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:17,897 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:47:17,897 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:47:17,898 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:17,898 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:17,898 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:17,898 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:17,898 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:47:17,898 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:47:17,899 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:17,899 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:17,899 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:17,899 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:17,900 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:17,900 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:47:17,900 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:17,901 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:47:17,901 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:17,901 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:29,000 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:29,001 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:29,001 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:29,002 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:29,002 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:29,002 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:29,002 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:47:29,003 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:29,003 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:29,004 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:29,004 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:29,004 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:29,004 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:29,004 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:29,004 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:29,005 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:29,005 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:47:29,005 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:29,005 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:29,005 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:29,006 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:47:29,006 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:47:29,006 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:29,006 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:29,006 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:29,006 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:29,007 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:47:29,007 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:47:29,007 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:29,008 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:47:29,009 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:29,009 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:47:29,009 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:29,009 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:40,094 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:40,095 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:40,095 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:40,095 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:40,096 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:40,096 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:40,096 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:47:40,097 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:40,097 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:40,097 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:47:40,097 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:47:40,098 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:40,098 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:40,098 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:40,098 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:40,099 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:40,099 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:47:40,099 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:40,099 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:47:40,100 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:40,100 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:40,106 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:40,107 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:40,107 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:40,107 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:40,107 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:40,108 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:47:40,109 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:47:40,109 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:40,109 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:40,110 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:40,110 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:40,110 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:40,110 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:47:40,111 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:40,111 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:47:40,111 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:40,111 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:51,194 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:51,195 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:51,196 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:51,196 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:51,196 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:51,196 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:51,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:47:51,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:51,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:51,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:47:51,198 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:47:51,198 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:51,198 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:51,199 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:51,199 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:47:51,199 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:51,199 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:47:51,200 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:51,200 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:47:51,200 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:51,200 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:47:51,203 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:47:51,204 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:51,204 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:47:51,204 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:47:51,205 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:51,205 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:47:51,205 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:47:51,205 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:47:51,206 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:47:51,206 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:47:51,206 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:47:51,206 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:51,207 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:47:51,207 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:47:51,207 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:47:51,207 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:47:51,208 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:48:02,304 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:48:02,306 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:48:02,306 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:48:02,306 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:48:02,307 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:02,307 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:48:02,307 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:48:02,307 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:02,308 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:48:02,308 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:48:02,308 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:48:02,308 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:02,309 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:48:02,309 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:02,309 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:48:02,309 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:48:02,310 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:02,315 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:48:02,316 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:48:02,316 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:48:02,316 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf = self.packetizer.readline(timeout) +2024-01-13 13:48:02,317 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:02,317 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:48:02,317 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | buf += self._read_timeout(timeout) +2024-01-13 13:48:02,318 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:02,318 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:48:02,318 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise socket.timeout() +2024-01-13 13:48:02,318 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | TimeoutError +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | During handling of the above exception, another exception occurred: +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Traceback (most recent call last): +2024-01-13 13:48:02,319 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:48:02,320 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | self._check_banner() +2024-01-13 13:48:02,320 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:48:02,320 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | raise SSHException( +2024-01-13 13:48:02,320 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:48:02,321 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | +2024-01-13 13:48:06,492 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:48:06,763 p=5476 u=rob n=p=5476 u=rob | paramiko [branch] | Authentication (publickey) successful! +2024-01-13 13:48:08,056 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:48:13,399 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:48:13,399 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:48:13,400 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:48:13,400 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf = self.packetizer.readline(timeout) +2024-01-13 13:48:13,400 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:13,400 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | buf += self._read_timeout(timeout) +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise socket.timeout() +2024-01-13 13:48:13,401 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | TimeoutError +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | During handling of the above exception, another exception occurred: +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Traceback (most recent call last): +2024-01-13 13:48:13,402 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | self._check_banner() +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | raise SSHException( +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:48:13,403 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | +2024-01-13 13:48:17,197 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:48:17,452 p=5475 u=rob n=p=5475 u=rob | paramiko [central] | Authentication (publickey) successful! +2024-01-13 13:48:18,609 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:48:18,611 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : generate pki wireguard key-pair] ***************************************************************** +2024-01-13 13:48:18,619 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:18,624 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:19,490 p=5484 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:42:33,328 p=72313 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use +2024-01-13 13:48:19,490 p=5483 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:42:33,985 p=72314 u=rob n=p=72314 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:42:33,991 p=72313 u=rob n=p=72313 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:42:34,239 p=72313 u=rob n=p=72313 u=rob | paramiko [branch] | Authentication (publickey) successful! -2023-08-31 21:42:34,241 p=72314 u=rob n=p=72314 u=rob | paramiko [central] | Authentication (publickey) successful! -2023-08-31 21:42:36,595 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:42:36,596 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:42:36,603 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : set pub and private key] *************************************************************************************************************************************************** -2023-08-31 21:42:36,638 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:36,639 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:37,566 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:42:37,567 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:42:37,575 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : setup nodes] *************************************************************************************************************************************************************** -2023-08-31 21:42:37,609 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:37,610 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:47,693 p=71926 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation +2024-01-13 13:48:20,262 p=5483 u=rob n=p=5483 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:48:20,285 p=5484 u=rob n=p=5484 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:48:20,531 p=5483 u=rob n=p=5483 u=rob | paramiko [central] | Authentication (publickey) successful! +2024-01-13 13:48:20,577 p=5484 u=rob n=p=5484 u=rob | paramiko [branch] | Authentication (publickey) successful! +2024-01-13 13:48:22,964 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:48:23,374 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:48:23,377 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : set pub and private key] ************************************************************************* +2024-01-13 13:48:23,385 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:23,388 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:23,414 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:48:23,415 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:48:23,416 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : setup nodes] ************************************************************************************* +2024-01-13 13:48:23,427 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:23,427 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:36,229 p=4891 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if +present in the running configuration on device including the indentation -2023-08-31 21:42:47,693 p=71926 u=rob n=ansible | changed: [central] -2023-08-31 21:42:47,694 p=71926 u=rob n=ansible | changed: [branch] -2023-08-31 21:42:47,704 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:42:47,736 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:47,739 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:42:47,746 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:42:48,806 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:42:48,816 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************************************************************************************** -2023-08-31 21:42:48,848 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:48,852 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:48,857 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:42:48,863 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:42:48,866 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ************************************************************************************************************************************************ -2023-08-31 21:42:48,880 p=71926 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:42:48,880 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:42:53,894 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:42:53,910 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] ************************************************************************************************************************************************* -2023-08-31 21:42:53,948 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:42:53,950 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:42:53,957 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:42:53,959 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:42:53,963 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] *********************************************************************************************************************************************** -2023-08-31 21:42:53,974 p=71926 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:42:53,975 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:42:58,992 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:42:59,006 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ********************************************************************************************************** -2023-08-31 21:42:59,028 p=71926 u=rob n=ansible | Pausing for 30 seconds -2023-08-31 21:42:59,029 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:43:29,046 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:43:29,060 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] *************************************************************************************************************************************************** -2023-08-31 21:43:29,094 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:29,094 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:34,654 p=71926 u=rob n=ansible | ok: [central] => (item=10.0.2.100) -2023-08-31 21:43:34,672 p=71926 u=rob n=ansible | ok: [branch] => (item=10.0.1.100) -2023-08-31 21:43:34,679 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] ****************************************************************************************************************************************** -2023-08-31 21:43:34,700 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:34,711 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:35,790 p=71926 u=rob n=ansible | ok: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) -2023-08-31 21:43:36,170 p=71926 u=rob n=ansible | ok: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) -2023-08-31 21:43:37,255 p=71926 u=rob n=ansible | ok: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) -2023-08-31 21:43:37,274 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] *************************************************************************************************************************************** -2023-08-31 21:43:37,310 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:37,315 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:38,670 p=71926 u=rob n=ansible | ok: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:43:38,677 p=71926 u=rob n=ansible | ok: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:43:42,942 p=71926 u=rob n=ansible | ok: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) -2023-08-31 21:43:42,963 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************************************************************************************** -2023-08-31 21:43:42,994 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:42,997 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:43,921 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:43:43,922 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:43:43,931 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Reboot vyos] **************************************************************************************************************************************************** -2023-08-31 21:43:43,965 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:43,966 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:45,100 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:43:45,100 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:43:45,105 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait while shutdown] ******************************************************************************************************************************************** -2023-08-31 21:43:45,120 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:45,123 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ******************************************************************************************************************************************** -2023-08-31 21:43:45,141 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:45,151 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:46,074 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:43:46,076 p=71926 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:43:46,892 p=72849 u=rob n=p=72849 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:43:46,895 p=72848 u=rob n=p=72848 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:43:47,166 p=72848 u=rob n=p=72848 u=rob | paramiko [central] | Authentication (publickey) successful! -2023-08-31 21:43:47,173 p=72849 u=rob n=p=72849 u=rob | paramiko [branch] | Authentication (publickey) successful! -2023-08-31 21:43:48,250 p=71926 u=rob n=ansible | ok: [branch] -2023-08-31 21:43:48,250 p=71926 u=rob n=ansible | ok: [central] -2023-08-31 21:43:48,254 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:43:48,277 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:48,277 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:43:48,282 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:43:50,659 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:43:50,668 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************************************************************************************** -2023-08-31 21:43:50,700 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:50,705 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:50,709 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:43:50,715 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:43:50,718 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ************************************************************************************************************************************************ -2023-08-31 21:43:50,732 p=71926 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:43:50,732 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:43:55,754 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:43:55,764 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] ************************************************************************************************************************************************* -2023-08-31 21:43:55,807 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:43:55,811 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:43:55,817 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:43:55,822 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:43:55,826 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] *********************************************************************************************************************************************** -2023-08-31 21:43:55,839 p=71926 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:43:55,839 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:44:00,859 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:44:00,872 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ********************************************************************************************************** -2023-08-31 21:44:00,894 p=71926 u=rob n=ansible | Pausing for 30 seconds -2023-08-31 21:44:00,894 p=71926 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:44:30,910 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:44:30,924 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] *************************************************************************************************************************************************** -2023-08-31 21:44:30,961 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:30,962 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:36,294 p=71926 u=rob n=ansible | ok: [central] => (item=10.0.2.100) -2023-08-31 21:44:36,301 p=71926 u=rob n=ansible | ok: [branch] => (item=10.0.1.100) -2023-08-31 21:44:36,310 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] ****************************************************************************************************************************************** -2023-08-31 21:44:36,339 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:36,343 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:37,426 p=71926 u=rob n=ansible | ok: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) -2023-08-31 21:44:37,644 p=71926 u=rob n=ansible | ok: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) -2023-08-31 21:44:38,706 p=71926 u=rob n=ansible | ok: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) -2023-08-31 21:44:38,731 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] *************************************************************************************************************************************** -2023-08-31 21:44:38,771 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,775 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,783 p=71926 u=rob n=ansible | skipping: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:44:38,788 p=71926 u=rob n=ansible | skipping: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:44:38,791 p=71926 u=rob n=ansible | skipping: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) -2023-08-31 21:44:38,792 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,792 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,796 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************************************************************************************** -2023-08-31 21:44:38,817 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,819 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,824 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,828 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,833 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: ake sure tmp dir exist] ***************************************************************************************************************************************** -2023-08-31 21:44:38,849 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,857 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,859 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,864 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,867 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register status of tmp/] **************************************************************************************************************************************** -2023-08-31 21:44:38,881 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,889 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,891 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,896 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,900 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: ownload upgrade_iso] ******************************************************************************************************************************************** -2023-08-31 21:44:38,916 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,925 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,925 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,932 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,937 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Copy iso to host] *********************************************************************************************************************************************** -2023-08-31 21:44:38,959 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,960 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,961 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,966 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:38,969 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: upgrade vyos] *************************************************************************************************************************************************** -2023-08-31 21:44:38,983 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:38,991 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:38,993 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:38,998 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,001 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Reboot vyos] **************************************************************************************************************************************************** -2023-08-31 21:44:39,014 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,021 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,024 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,028 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,031 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait while shutdown] ******************************************************************************************************************************************** -2023-08-31 21:44:39,043 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,046 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ******************************************************************************************************************************************** -2023-08-31 21:44:39,067 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,067 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,069 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,074 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,079 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: clear tmp dir] ************************************************************************************************************************************************** -2023-08-31 21:44:39,090 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,094 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ********************************************************************************************************************************* -2023-08-31 21:44:39,114 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,115 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,117 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,121 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,124 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************************************************************************************** -2023-08-31 21:44:39,145 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,148 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,153 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,158 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,161 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ************************************************************************************************************************************************ -2023-08-31 21:44:39,173 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,175 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] ************************************************************************************************************************************************* -2023-08-31 21:44:39,195 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,199 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,203 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,209 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,212 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] *********************************************************************************************************************************************** -2023-08-31 21:44:39,224 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,227 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ********************************************************************************************************** -2023-08-31 21:44:39,237 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,239 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] *************************************************************************************************************************************************** -2023-08-31 21:44:39,259 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,259 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,262 p=71926 u=rob n=ansible | skipping: [central] => (item=10.0.2.100) -2023-08-31 21:44:39,264 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,269 p=71926 u=rob n=ansible | skipping: [branch] => (item=10.0.1.100) -2023-08-31 21:44:39,270 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,273 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] ****************************************************************************************************************************************** -2023-08-31 21:44:39,287 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,295 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,301 p=71926 u=rob n=ansible | skipping: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) -2023-08-31 21:44:39,303 p=71926 u=rob n=ansible | skipping: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) -2023-08-31 21:44:39,304 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,305 p=71926 u=rob n=ansible | skipping: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) -2023-08-31 21:44:39,307 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,310 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] *************************************************************************************************************************************** -2023-08-31 21:44:39,324 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,332 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,338 p=71926 u=rob n=ansible | skipping: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:44:39,340 p=71926 u=rob n=ansible | skipping: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) -2023-08-31 21:44:39,341 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,343 p=71926 u=rob n=ansible | skipping: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) -2023-08-31 21:44:39,344 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,347 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************************************************************************************** -2023-08-31 21:44:39,361 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:39,369 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,372 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,377 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,381 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: make sure output dir exist] ************************************************************************************************************************************* -2023-08-31 21:44:39,404 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,406 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,411 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,531 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:39,535 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: make sure output include dir exist] ***************************************************************************************************************************** -2023-08-31 21:44:39,558 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,561 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,567 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,688 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:39,691 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Get timestamp from the system] ********************************************************************************************************************************** -2023-08-31 21:44:39,710 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,712 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,717 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,855 p=71926 u=rob n=ansible | changed: [eveng] -2023-08-31 21:44:39,862 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************************************************************************************** -2023-08-31 21:44:39,889 p=71926 u=rob n=ansible | ok: [eveng] -2023-08-31 21:44:39,892 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,892 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,897 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:39,901 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: generate lab rst file] ****************************************************************************************************************************************** -2023-08-31 21:44:39,925 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:39,927 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:39,933 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:40,186 p=71926 u=rob n=ansible | changed: [eveng -> localhost] -2023-08-31 21:44:40,190 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.conf files in Lab] *********************************************************************************************************************************** -2023-08-31 21:44:40,213 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:40,216 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:40,221 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:40,413 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:40,420 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.conf files] ****************************************************************************************************************************************** -2023-08-31 21:44:40,445 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:40,447 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:40,455 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:40,700 p=71926 u=rob n=ansible | changed: [eveng -> localhost] => (item={'path': 'labs/Wireguard/branch.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 736, 'inode': 11076329, 'dev': 16777229, 'nlink': 1, 'atime': 1686132323.93998, 'mtime': 1686132322.6753035, 'ctime': 1686132322.6753035, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:44:40,952 p=71926 u=rob n=ansible | changed: [eveng -> localhost] => (item={'path': 'labs/Wireguard/central.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 730, 'inode': 11076330, 'dev': 16777229, 'nlink': 1, 'atime': 1686132323.972668, 'mtime': 1686132322.6754813, 'ctime': 1686132322.6754813, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:44:40,957 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.config files in Lab] ********************************************************************************************************************************* -2023-08-31 21:44:40,980 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:40,982 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:40,988 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:41,104 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:41,108 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.config files] **************************************************************************************************************************************** -2023-08-31 21:44:41,126 p=71926 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:44:41,135 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:41,137 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:41,142 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:41,146 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.png files in Lab] ************************************************************************************************************************************ -2023-08-31 21:44:41,169 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:41,172 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:41,178 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:41,296 p=71926 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:44:41,301 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.png files] ******************************************************************************************************************************************* -2023-08-31 21:44:41,326 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:41,329 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:41,336 p=71926 u=rob n=ansible | skipping: [branch] -2023-08-31 21:44:41,560 p=71926 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/Wireguard/topology.png', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 158227, 'inode': 362576, 'dev': 16777229, 'nlink': 1, 'atime': 1676403697.132659, 'mtime': 1648155110.0, 'ctime': 1675368464.81138, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:44:41,566 p=71926 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy ansible log files] ***************************************************************************************************************************************** -2023-08-31 21:44:41,588 p=71926 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:44:41,590 p=71926 u=rob n=ansible | skipping: [central] -2023-08-31 21:44:41,595 p=71926 u=rob n=ansible | skipping: [branch] +2024-01-13 13:48:36,229 p=4891 u=rob n=ansible | changed: [central] +2024-01-13 13:48:36,610 p=4891 u=rob n=ansible | changed: [branch] +2024-01-13 13:48:36,615 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:48:36,629 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:36,631 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:48:36,633 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:48:37,835 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:48:37,837 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************ +2024-01-13 13:48:37,851 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:37,852 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:37,854 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:48:37,857 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:48:37,859 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ********************************************************************** +2024-01-13 13:48:37,867 p=4891 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:48:37,867 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:48:42,871 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:48:42,875 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] *********************************************************************** +2024-01-13 13:48:42,887 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:48:42,888 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:48:42,891 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:48:42,894 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:48:42,896 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] ********************************************************************* +2024-01-13 13:48:42,904 p=4891 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:48:42,904 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:48:47,909 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:48:47,913 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ******************************** +2024-01-13 13:48:47,922 p=4891 u=rob n=ansible | Pausing for 30 seconds +2024-01-13 13:48:47,922 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:49:17,926 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:49:17,938 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] ************************************************************************* +2024-01-13 13:49:17,971 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:17,985 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:23,418 p=4891 u=rob n=ansible | ok: [branch] => (item=10.0.1.100) +2024-01-13 13:49:23,450 p=4891 u=rob n=ansible | ok: [central] => (item=10.0.2.100) +2024-01-13 13:49:23,455 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] **************************************************************** +2024-01-13 13:49:23,474 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:23,475 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:24,499 p=4891 u=rob n=ansible | ok: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) +2024-01-13 13:49:24,939 p=4891 u=rob n=ansible | ok: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) +2024-01-13 13:49:25,888 p=4891 u=rob n=ansible | ok: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) +2024-01-13 13:49:25,895 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] ************************************************************* +2024-01-13 13:49:25,915 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:25,918 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:27,311 p=4891 u=rob n=ansible | ok: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:49:27,321 p=4891 u=rob n=ansible | ok: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:49:31,485 p=4891 u=rob n=ansible | ok: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) +2024-01-13 13:49:31,492 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************ +2024-01-13 13:49:31,513 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:31,513 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:31,538 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:49:31,539 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:49:31,541 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Reboot vyos] ************************************************************************** +2024-01-13 13:49:31,551 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:31,552 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:32,676 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:49:32,677 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:49:32,681 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait while shutdown] ****************************************************************** +2024-01-13 13:49:32,690 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:32,692 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ****************************************************************** +2024-01-13 13:49:32,705 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:32,706 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:34,320 p=5647 u=rob n=p=5647 u=rob | paramiko [branch] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:49:34,321 p=5646 u=rob n=p=5646 u=rob | paramiko [central] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:49:34,562 p=5647 u=rob n=p=5647 u=rob | paramiko [branch] | Authentication (publickey) successful! +2024-01-13 13:49:34,562 p=5646 u=rob n=p=5646 u=rob | paramiko [central] | Authentication (publickey) successful! +2024-01-13 13:49:35,798 p=4891 u=rob n=ansible | ok: [central] +2024-01-13 13:49:35,798 p=4891 u=rob n=ansible | ok: [branch] +2024-01-13 13:49:35,800 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:49:35,811 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:35,811 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:49:35,815 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:49:36,531 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:49:36,535 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************ +2024-01-13 13:49:36,554 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:36,555 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:36,558 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:49:36,562 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:49:36,564 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ********************************************************************** +2024-01-13 13:49:36,572 p=4891 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:49:36,573 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:49:41,582 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:49:41,587 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] *********************************************************************** +2024-01-13 13:49:41,609 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:49:41,612 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:49:41,615 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:49:41,619 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:49:41,621 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] ********************************************************************* +2024-01-13 13:49:41,630 p=4891 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:49:41,631 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:49:46,638 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:49:46,643 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ******************************** +2024-01-13 13:49:46,655 p=4891 u=rob n=ansible | Pausing for 30 seconds +2024-01-13 13:49:46,655 p=4891 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:50:16,661 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:50:16,665 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] ************************************************************************* +2024-01-13 13:50:16,683 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:16,684 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:22,047 p=4891 u=rob n=ansible | ok: [branch] => (item=10.0.1.100) +2024-01-13 13:50:22,070 p=4891 u=rob n=ansible | ok: [central] => (item=10.0.2.100) +2024-01-13 13:50:22,076 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] **************************************************************** +2024-01-13 13:50:22,097 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:22,098 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:23,111 p=4891 u=rob n=ansible | ok: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) +2024-01-13 13:50:23,453 p=4891 u=rob n=ansible | ok: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) +2024-01-13 13:50:24,378 p=4891 u=rob n=ansible | ok: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) +2024-01-13 13:50:24,393 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] ************************************************************* +2024-01-13 13:50:24,428 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,438 p=4891 u=rob n=ansible | skipping: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:50:24,445 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,446 p=4891 u=rob n=ansible | skipping: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) +2024-01-13 13:50:24,448 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,454 p=4891 u=rob n=ansible | skipping: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:50:24,455 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,466 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************ +2024-01-13 13:50:24,488 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,504 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,518 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,528 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,541 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: ake sure tmp dir exist] *************************************************************** +2024-01-13 13:50:24,562 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,575 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,590 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,595 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,610 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register status of tmp/] ************************************************************** +2024-01-13 13:50:24,632 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,651 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,668 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,672 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,684 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: download upgrade_iso] ***************************************************************** +2024-01-13 13:50:24,706 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,721 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,736 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,745 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,771 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Copy iso to host] ********************************************************************* +2024-01-13 13:50:24,793 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,804 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,809 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,812 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,814 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: upgrade vyos] ************************************************************************* +2024-01-13 13:50:24,825 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,826 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,827 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,830 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,831 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Reboot vyos] ************************************************************************** +2024-01-13 13:50:24,839 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,844 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,844 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,848 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,850 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait while shutdown] ****************************************************************** +2024-01-13 13:50:24,855 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,857 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Wait for vyos nodes] ****************************************************************** +2024-01-13 13:50:24,865 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,869 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,871 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,875 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,876 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: clear tmp dir] ************************************************************************ +2024-01-13 13:50:24,883 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,884 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Login to EVE-NG and get Cookie] ******************************************************* +2024-01-13 13:50:24,895 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,895 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,897 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,899 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,901 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: stop nodes id] ************************************************************************ +2024-01-13 13:50:24,913 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,914 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,917 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,921 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,922 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after stop] ********************************************************************** +2024-01-13 13:50:24,929 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,931 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: start nodes id] *********************************************************************** +2024-01-13 13:50:24,943 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,944 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,948 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,951 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,953 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait after start] ********************************************************************* +2024-01-13 13:50:24,958 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,960 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: wait, b/c the ping often failed without a short break] ******************************** +2024-01-13 13:50:24,966 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,968 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: do ping test] ************************************************************************* +2024-01-13 13:50:24,982 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:24,982 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:24,985 p=4891 u=rob n=ansible | skipping: [central] => (item=10.0.2.100) +2024-01-13 13:50:24,985 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:24,988 p=4891 u=rob n=ansible | skipping: [branch] => (item=10.0.1.100) +2024-01-13 13:50:24,988 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:24,990 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: execute test commands] **************************************************************** +2024-01-13 13:50:25,002 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:25,003 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,005 p=4891 u=rob n=ansible | skipping: [central] => (item={'desc': 'Test if IP is set to interface', 'command': "ip -4 addr show dev eth2 | grep inet | tr -s ' ' | cut -d' ' -f3 | head -n 1", 'wait_for': ['result[0] contains "10.0.1.254/24"']}) +2024-01-13 13:50:25,005 p=4891 u=rob n=ansible | skipping: [central] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.1/24 u/u VPN-to-Branch"']}) +2024-01-13 13:50:25,006 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,008 p=4891 u=rob n=ansible | skipping: [branch] => (item={'desc': 'show interfaces wireguard', 'command': 'show interfaces wireguard', 'wait_for': ['result[0] contains "S - State, L - Link, u - Up, D - Down, A - Admin Down"', 'result[0] contains "Interface IP Address S/L Description"', 'result[0] contains "--------- ---------- --- -----------"', 'result[0] contains "wg01 192.168.0.2/24 u/u VPN-to-central"']}) +2024-01-13 13:50:25,009 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,011 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: register stdout commands] ************************************************************* +2024-01-13 13:50:25,022 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:25,023 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,024 p=4891 u=rob n=ansible | skipping: [central] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:50:25,025 p=4891 u=rob n=ansible | skipping: [central] => (item={'name': 'ping_branch_pc', 'command': 'ping 10.0.2.100 count 4'}) +2024-01-13 13:50:25,025 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,028 p=4891 u=rob n=ansible | skipping: [branch] => (item={'name': 'show_interfaces_wireguard', 'command': 'show interfaces wireguard'}) +2024-01-13 13:50:25,028 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,030 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************ +2024-01-13 13:50:25,041 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:25,041 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,043 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,045 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,047 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: make sure output dir exist] *********************************************************** +2024-01-13 13:50:25,058 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,059 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,064 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,205 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:25,207 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: make sure output include dir exist] *************************************************** +2024-01-13 13:50:25,219 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,221 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,223 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,380 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:25,397 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Get timestamp from the system] ******************************************************** +2024-01-13 13:50:25,435 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,454 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,462 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,694 p=4891 u=rob n=ansible | changed: [eveng] +2024-01-13 13:50:25,697 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: Set variables] ************************************************************************ +2024-01-13 13:50:25,709 p=4891 u=rob n=ansible | ok: [eveng] +2024-01-13 13:50:25,709 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,711 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,715 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:25,717 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: generate lab rst file] **************************************************************** +2024-01-13 13:50:25,729 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:25,731 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:25,734 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,007 p=4891 u=rob n=ansible | changed: [eveng -> localhost] +2024-01-13 13:50:26,009 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.conf files in Lab] ********************************************************* +2024-01-13 13:50:26,020 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,021 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,025 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,209 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:26,210 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.conf files] **************************************************************** +2024-01-13 13:50:26,222 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,224 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,226 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,505 p=4891 u=rob n=ansible | changed: [eveng -> localhost] => (item={'path': 'labs/master/Wireguard/branch.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 736, 'inode': 22902870, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4573534, 'mtime': 1701342323.3212438, 'ctime': 1701346520.0276117, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:50:26,776 p=4891 u=rob n=ansible | changed: [eveng -> localhost] => (item={'path': 'labs/master/Wireguard/central.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 730, 'inode': 22902871, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4573667, 'mtime': 1701342323.3214147, 'ctime': 1701346520.0279238, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:50:26,779 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.config files in Lab] ******************************************************* +2024-01-13 13:50:26,791 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,792 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,795 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,929 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:26,931 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.config files] ************************************************************** +2024-01-13 13:50:26,942 p=4891 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:50:26,943 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,944 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,948 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:26,950 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: find all *.png files in Lab] ********************************************************** +2024-01-13 13:50:26,960 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:26,962 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:26,966 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:27,103 p=4891 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:50:27,105 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy all *.png files] ***************************************************************** +2024-01-13 13:50:27,116 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:27,117 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:27,120 p=4891 u=rob n=ansible | skipping: [branch] +2024-01-13 13:50:27,377 p=4891 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/Wireguard/topology.png', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 158227, 'inode': 22902868, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4574172, 'mtime': 1648155110.0, 'ctime': 1701346520.0270474, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:50:27,380 p=4891 u=rob n=ansible | TASK [eve-ng-lab-test : Wireguard: copy ansible log files] *************************************************************** +2024-01-13 13:50:27,391 p=4891 u=rob n=ansible | skipping: [oobm-xcnelw] +2024-01-13 13:50:27,393 p=4891 u=rob n=ansible | skipping: [central] +2024-01-13 13:50:27,395 p=4891 u=rob n=ansible | skipping: [branch] diff --git a/docs/configexamples/autotest/Wireguard/Wireguard.rst b/docs/configexamples/autotest/Wireguard/Wireguard.rst index 7e287bcf..1feb03e8 100644 --- a/docs/configexamples/autotest/Wireguard/Wireguard.rst +++ b/docs/configexamples/autotest/Wireguard/Wireguard.rst @@ -3,8 +3,8 @@ Wireguard ######### -| Testdate: 2023-08-31 -| Version: 1.4-rolling-202308240020 +| Testdate: 2024-01-13 +| Version: 1.5-rolling-202401121239 This simple structure show how to connect two offices. One remote branch and the @@ -44,9 +44,9 @@ After this, the public key can be displayed, to save for later. .. code-block:: none - vyos@central:~$ generate pki wireguard key-pair - Private key: cMNGHtb5dW92ORG3HS8JJlvQF8pmVGt2Ydny8hTBLnY= - Public key: WyfLCTXi31gL+YbYOwoAHCl2RgS+y56cYHEK6pQsTQ8= + vyos@central:~$ generate pki wireguard + Private key: wHQS+ib3eMIp2DxRiAeXfFVaSCMMP1YHBaKfSR1xfV8= + Public key: RCMy6BAER0uEcPvspUb3K38MHyHJpK5kiV5IOX943HI= After you have each public key. The wireguard interfaces can be setup. @@ -102,11 +102,11 @@ And ping the Branch PC from your central router to check the response. vyos@central:~$ ping 10.0.2.100 count 4 PING 10.0.2.100 (10.0.2.100) 56(84) bytes of data. - 64 bytes from 10.0.2.100: icmp_seq=1 ttl=63 time=0.641 ms - 64 bytes from 10.0.2.100: icmp_seq=2 ttl=63 time=0.836 ms - 64 bytes from 10.0.2.100: icmp_seq=3 ttl=63 time=0.792 ms - 64 bytes from 10.0.2.100: icmp_seq=4 ttl=63 time=1.09 ms + 64 bytes from 10.0.2.100: icmp_seq=1 ttl=63 time=0.894 ms + 64 bytes from 10.0.2.100: icmp_seq=2 ttl=63 time=0.869 ms + 64 bytes from 10.0.2.100: icmp_seq=3 ttl=63 time=0.966 ms + 64 bytes from 10.0.2.100: icmp_seq=4 ttl=63 time=0.998 ms --- 10.0.2.100 ping statistics --- - 4 packets transmitted, 4 received, 0% packet loss, time 3013ms - rtt min/avg/max/mdev = 0.641/0.838/1.086/0.160 ms + 4 packets transmitted, 4 received, 0% packet loss, time 3004ms + rtt min/avg/max/mdev = 0.869/0.931/0.998/0.052 ms diff --git a/docs/configexamples/autotest/Wireguard/_include/branch.conf b/docs/configexamples/autotest/Wireguard/_include/branch.conf index b995ad04..f66c3687 100644 --- a/docs/configexamples/autotest/Wireguard/_include/branch.conf +++ b/docs/configexamples/autotest/Wireguard/_include/branch.conf @@ -1,14 +1,14 @@ set interface ethernet eth2 address 10.0.2.254/24 set interface ethernet eth1 address 198.51.100.2/24 -set interfaces wireguard wg01 private-key 'oDZ2S/4S6UEuhOyk0MvNSQTebugihX5RKCrI3exmHV8=' +set interfaces wireguard wg01 private-key 'QM3ZtmaxstxIDoz00AVLE/F/UVjmdcrOvfKYW/TVw18=' set interfaces wireguard wg01 address 192.168.0.2/24 set interfaces wireguard wg01 description 'VPN-to-central' set interfaces wireguard wg01 peer central allowed-ips 10.0.1.0/24 set interfaces wireguard wg01 peer central allowed-ips 192.168.0.0/24 set interfaces wireguard wg01 peer central address 198.51.100.1 set interfaces wireguard wg01 peer central port 51820 -set interfaces wireguard wg01 peer central public-key 'WyfLCTXi31gL+YbYOwoAHCl2RgS+y56cYHEK6pQsTQ8=' +set interfaces wireguard wg01 peer central public-key 'RCMy6BAER0uEcPvspUb3K38MHyHJpK5kiV5IOX943HI=' set interfaces wireguard wg01 port 51820 set protocols static route 10.0.1.0/24 interface wg01 \ No newline at end of file diff --git a/docs/configexamples/autotest/Wireguard/_include/central.conf b/docs/configexamples/autotest/Wireguard/_include/central.conf index 7bfd9fb0..df6e4002 100644 --- a/docs/configexamples/autotest/Wireguard/_include/central.conf +++ b/docs/configexamples/autotest/Wireguard/_include/central.conf @@ -1,14 +1,14 @@ set interface ethernet eth2 address 10.0.1.254/24 set interface ethernet eth1 address 198.51.100.1/24 -set interfaces wireguard wg01 private-key 'cMNGHtb5dW92ORG3HS8JJlvQF8pmVGt2Ydny8hTBLnY=' +set interfaces wireguard wg01 private-key 'wHQS+ib3eMIp2DxRiAeXfFVaSCMMP1YHBaKfSR1xfV8=' set interfaces wireguard wg01 address 192.168.0.1/24 set interfaces wireguard wg01 description 'VPN-to-Branch' set interfaces wireguard wg01 peer branch allowed-ips 10.0.2.0/24 set interfaces wireguard wg01 peer branch allowed-ips 192.168.0.0/24 set interfaces wireguard wg01 peer branch address 198.51.100.2 set interfaces wireguard wg01 peer branch port 51820 -set interfaces wireguard wg01 peer branch public-key '9ySVcjER2cY1tG/L7598zHg8g1xyggjxALqzeCxLgw4=' +set interfaces wireguard wg01 peer branch public-key 'nWhMTjGQbQiJwaNqHpZ/p8+iAH29HaJDNsdfsRdW9As=' set interfaces wireguard wg01 port 51820 set protocols static route 10.0.2.0/24 interface wg01 \ No newline at end of file diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log index e67e82cb..c1496e16 100644 --- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log +++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log @@ -1,728 +1,750 @@ -2023-08-31 21:48:26,936 p=73753 u=rob n=ansible | PLAY [Automatic VyOS Lab test] ********************************************************************************************************************************************************************* -2023-08-31 21:48:26,975 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: fail if node_template_iso is empty] *********************************************************************************************************************** -2023-08-31 21:48:26,993 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:26,994 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:26,995 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:26,999 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:27,002 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: fail if node_template_version is empty] ******************************************************************************************************************* -2023-08-31 21:48:27,015 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:27,023 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:27,025 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:27,030 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:27,033 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: install requirements] ************************************************************************************************************************************* -2023-08-31 21:48:27,052 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:27,055 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:27,060 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:28,942 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:28,960 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie] *************************************************************************************************************************** -2023-08-31 21:48:28,994 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:28,996 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:29,000 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:29,700 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:29,704 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: get template facts] *************************************************************************************************************************************** -2023-08-31 21:48:29,722 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:29,725 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:29,734 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,220 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:30,225 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Register path status] ************************************************************************************************************************************* -2023-08-31 21:48:30,250 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,253 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,260 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,472 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:30,477 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create path] ********************************************************************************************************************************************** -2023-08-31 21:48:30,498 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,500 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,501 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,505 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,508 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Upload iso to eve-ng] ************************************************************************************************************************************* -2023-08-31 21:48:30,520 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,527 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,530 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,535 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,538 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create virtioa.qcow2 file] ******************************************************************************************************************************** -2023-08-31 21:48:30,557 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,557 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,559 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,563 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,566 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie] *************************************************************************************************************************** -2023-08-31 21:48:30,579 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,585 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,587 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,591 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,594 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create lab for node install] ****************************************************************************************************************************** -2023-08-31 21:48:30,612 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,613 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,615 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,619 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,622 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: open lab] ************************************************************************************************************************************************* -2023-08-31 21:48:30,636 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,642 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,645 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,649 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,652 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] *************************************************************************************************************************************************************** -2023-08-31 21:48:30,664 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,671 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,673 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,678 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,681 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: add node to lab] ****************************************************************************************************************************************** -2023-08-31 21:48:30,694 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,701 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,703 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,707 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,710 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: start node] *********************************************************************************************************************************************** -2023-08-31 21:48:30,728 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,728 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,730 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,734 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,737 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : debug] ****************************************************************************************************************************************************************** -2023-08-31 21:48:30,755 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,756 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,758 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,761 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,764 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: get node infos] ******************************************************************************************************************************************* -2023-08-31 21:48:30,777 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,783 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,785 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,789 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,791 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] *************************************************************************************************************************************************************** -2023-08-31 21:48:30,809 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,811 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,811 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,815 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,818 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: copy file] ************************************************************************************************************************************************ -2023-08-31 21:48:30,836 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,837 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,838 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,842 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,846 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: run expect script] **************************************************************************************************************************************** -2023-08-31 21:48:30,866 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,866 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,868 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,872 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,875 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie (due timeout)] ************************************************************************************************************* -2023-08-31 21:48:30,893 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,893 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,895 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,899 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,902 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: stop node] ************************************************************************************************************************************************ -2023-08-31 21:48:30,915 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,921 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,923 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,927 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,930 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Pause to wait node is shutdown] *************************************************************************************************************************** -2023-08-31 21:48:30,940 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,943 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: delete iso] *********************************************************************************************************************************************** -2023-08-31 21:48:30,962 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,962 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,964 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,968 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,971 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: commit virtioa.qcow2] ************************************************************************************************************************************* -2023-08-31 21:48:30,990 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:30,991 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:30,992 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:30,996 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:30,999 p=73753 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: delete lab for node install] ****************************************************************************************************************************** -2023-08-31 21:48:31,017 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:31,018 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:31,019 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:31,023 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:31,031 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : Get env file content] ****************************************************************************************************************************************************** -2023-08-31 21:48:31,258 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:48:31,259 p=73753 u=rob n=ansible | ok: [vyos-oobm -> localhost] -2023-08-31 21:48:31,259 p=73753 u=rob n=ansible | ok: [vyos-wan -> localhost] -2023-08-31 21:48:31,259 p=73753 u=rob n=ansible | ok: [client -> localhost] -2023-08-31 21:48:31,262 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Load facts] ************************************************************************************************************************************************** -2023-08-31 21:48:31,281 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:32,232 p=73753 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:48:32,233 p=73753 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:48:32,234 p=73753 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko +2024-01-13 13:34:01,981 p=3127 u=rob n=ansible | PLAY [Automatic VyOS Lab test] ******************************************************************************************* +2024-01-13 13:34:01,999 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: fail if node_template_iso is empty] ********************************************* +2024-01-13 13:34:02,011 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:02,012 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:02,012 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:02,015 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:02,016 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: fail if node_template_version is empty] ***************************************** +2024-01-13 13:34:02,027 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:02,027 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:02,028 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:02,031 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:02,033 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: install requirements] *********************************************************** +2024-01-13 13:34:02,044 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:02,046 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:02,049 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:04,434 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:04,440 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie] ************************************************* +2024-01-13 13:34:04,467 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:04,468 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:04,471 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,222 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:05,227 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: get template facts] ************************************************************* +2024-01-13 13:34:05,247 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:05,249 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:05,253 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,690 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:05,693 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Register path status] *********************************************************** +2024-01-13 13:34:05,704 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:05,706 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:05,709 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,904 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:05,906 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create path] ******************************************************************** +2024-01-13 13:34:05,923 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:05,925 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:05,928 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:05,933 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,936 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Upload iso to eve-ng] *********************************************************** +2024-01-13 13:34:05,961 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:05,962 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:05,964 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:05,970 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:05,974 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create virtioa.qcow2 file] ****************************************************** +2024-01-13 13:34:05,998 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:05,999 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,001 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,007 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,011 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie] ************************************************* +2024-01-13 13:34:06,035 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,036 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,038 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,046 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,048 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: create lab for node install] **************************************************** +2024-01-13 13:34:06,074 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,075 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,076 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,082 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,084 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: open lab] *********************************************************************** +2024-01-13 13:34:06,111 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,112 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,115 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,120 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,123 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] ************************************************************************************* +2024-01-13 13:34:06,147 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,148 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,151 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,156 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,158 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: add node to lab] **************************************************************** +2024-01-13 13:34:06,182 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,183 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,187 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,190 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,192 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: start node] ********************************************************************* +2024-01-13 13:34:06,222 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,223 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,225 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,231 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,234 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : debug] **************************************************************************************** +2024-01-13 13:34:06,251 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,259 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,264 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,271 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,274 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: get node infos] ***************************************************************** +2024-01-13 13:34:06,298 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,299 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,302 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,306 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,308 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : set_fact] ************************************************************************************* +2024-01-13 13:34:06,331 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,332 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,335 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,339 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,342 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: copy file] ********************************************************************** +2024-01-13 13:34:06,367 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,370 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,371 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,378 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,380 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: run expect script] ************************************************************** +2024-01-13 13:34:06,391 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,392 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,393 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,397 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,399 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Login to EVE-NG and get Cookie (due timeout)] *********************************** +2024-01-13 13:34:06,410 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,410 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,411 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,414 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,416 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: stop node] ********************************************************************** +2024-01-13 13:34:06,427 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,428 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,428 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,432 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,434 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: Pause to wait node is shutdown] ************************************************* +2024-01-13 13:34:06,441 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,443 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: delete iso] ********************************************************************* +2024-01-13 13:34:06,453 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,454 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,455 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,458 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,459 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: commit virtioa.qcow2] *********************************************************** +2024-01-13 13:34:06,471 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,472 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,473 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,476 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,477 p=3127 u=rob n=ansible | TASK [eve-ng-create-node : tunnelbroker: delete lab for node install] **************************************************** +2024-01-13 13:34:06,488 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,488 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,489 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,492 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,495 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : Get env file content] **************************************************************************** +2024-01-13 13:34:06,715 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:34:06,715 p=3127 u=rob n=ansible | ok: [vyos-wan -> localhost] +2024-01-13 13:34:06,715 p=3127 u=rob n=ansible | ok: [client -> localhost] +2024-01-13 13:34:06,716 p=3127 u=rob n=ansible | ok: [oobm-z65ole -> localhost] +2024-01-13 13:34:06,718 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Load facts] ************************************************************************ +2024-01-13 13:34:06,734 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:06,752 p=3127 u=rob n=ansible | ok: [oobm-z65ole] +2024-01-13 13:34:06,755 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:34:06,759 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:34:06,760 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : decode oobm default startupconfig] *************************************************************** +2024-01-13 13:34:06,771 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,772 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,775 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,776 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:06,778 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: fail if node_template_version is empty] ******************************************** +2024-01-13 13:34:06,786 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:06,790 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,791 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,794 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:06,796 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:34:06,806 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:06,808 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:06,811 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:07,416 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:07,421 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: get running lab list] ************************************************************** +2024-01-13 13:34:07,433 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:07,434 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:07,436 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:07,842 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:07,844 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: kill running lab] ****************************************************************** +2024-01-13 13:34:07,852 p=3127 u=rob n=ansible | [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: +(response.json.message != "No nodes running (60071).") and (item.labname == "{{ eve_ng_folder_name }}/{{ lab }}") -2023-08-31 21:48:32,234 p=73753 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko +2024-01-13 13:34:07,854 p=3127 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': '118775ba-26f6-434a-8dd5-62b0edaa4cd1', 'size': 0.0709, 'sat': '0', 'sat_name': 'master', 'labid': '2', 'labname': '/labtest/DHCPRelay_through_GRE', 'cpu': 0.5, 'mem': 4.51}) +2024-01-13 13:34:07,855 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:07,857 p=3127 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '588b9164-a3b7-4522-8058-0f6ff6286564', 'size': 0.1878, 'sat': '0', 'sat_name': 'master', 'labid': 1002, 'labname': '/Common\n', 'cpu': 0, 'mem': 0}) +2024-01-13 13:34:07,858 p=3127 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '61cc6cd0-78f4-4302-830b-482b642a5e74', 'size': 0.534, 'sat': '0', 'sat_name': 'master', 'labid': 1003, 'labname': '/MSS-Clambing\n', 'cpu': 0, 'mem': 0}) +2024-01-13 13:34:07,858 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:07,860 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:07,860 p=3127 u=rob n=ansible | skipping: [eveng] => (item={'podid': '1', 'username': 'ansible', 'online': '1', 'uuid': 'a0e4e4ed-9da3-4c84-9947-144e76edaa6b', 'size': 0.0755, 'sat': '0', 'sat_name': 'master', 'labid': '1', 'labname': '/labtest/L3VPN_EVPN', 'cpu': 1.5, 'mem': 5.21}) +2024-01-13 13:34:07,861 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:07,863 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: delete existing lab] *************************************************************** +2024-01-13 13:34:07,875 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:07,875 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:07,878 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:08,287 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:08,290 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Ensure labtest is present] ********************************************************* +2024-01-13 13:34:08,302 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:08,303 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:08,306 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:08,518 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:08,520 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Create tunnelbroker Lab] *********************************************************** +2024-01-13 13:34:08,531 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:08,531 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:08,534 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:09,028 p=3127 u=rob n=ansible | changed: [eveng] +2024-01-13 13:34:09,032 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:34:09,060 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:09,067 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:09,076 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:09,725 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:09,730 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start vyos-oobm] ******************************************************************* +2024-01-13 13:34:09,742 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:34:09,744 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:09,746 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:10,872 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:34:10,874 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos-oobm] **************************************************************** +2024-01-13 13:34:10,885 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:34:10,886 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:34:10,890 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:34:11,770 p=3127 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:34:11,771 p=3127 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko -2023-08-31 21:48:32,244 p=73753 u=rob n=ansible | network_os is set to vyos -2023-08-31 21:48:32,248 p=73753 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko - -2023-08-31 21:48:32,254 p=73753 u=rob n=ansible | ok: [vyos-oobm] -2023-08-31 21:48:32,255 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:48:32,257 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:48:32,265 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : debug] ********************************************************************************************************************************************************************* -2023-08-31 21:48:32,295 p=73753 u=rob n=ansible | ok: [eveng] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:48:33,243 p=73753 u=rob n=ansible | ok: [vyos-wan] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:48:33,243 p=73753 u=rob n=ansible | ok: [client] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:48:33,244 p=73753 u=rob n=ansible | ok: [vyos-oobm] => { - "msg": "vyos-1.4-rolling-202308240020-amd64" -} -2023-08-31 21:48:33,252 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: fail if node_template_version is empty] ********************************************************************************************************************** -2023-08-31 21:48:33,276 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:33,284 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:33,287 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:33,293 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:33,297 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:48:33,317 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:33,319 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:33,326 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:33,956 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:33,966 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: get running lab list] **************************************************************************************************************************************** -2023-08-31 21:48:34,000 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:34,001 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:34,005 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:34,447 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:34,455 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: kill running lab] ******************************************************************************************************************************************** -2023-08-31 21:48:34,481 p=73753 u=rob n=ansible | [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item.labname == "{{ eve_ng_folder_name }}/{{ lab }}" - -2023-08-31 21:48:34,482 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:34,486 p=73753 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '0fc5edef-8cf2-4400-9a1c-0c4c41a1a881', 'size': 0.1996, 'sat': '0', 'sat_name': 'master', 'labid': 1001, 'labname': '/ecmp wireguard\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:48:34,487 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:34,489 p=73753 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '588b9164-a3b7-4522-8058-0f6ff6286564', 'size': 1.0595, 'sat': '0', 'sat_name': 'master', 'labid': 1002, 'labname': '/Common\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:48:34,491 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:34,494 p=73753 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': '9785926c-63ec-42c0-a1ca-a386b9013151', 'size': 0.4469, 'sat': '0', 'sat_name': 'master', 'labid': 1003, 'labname': '/layer2 via IPSec\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:48:34,496 p=73753 u=rob n=ansible | skipping: [eveng] => (item={'podid': '0', 'username': 'admin', 'online': '1', 'uuid': 'aa98095e-3b64-45aa-b883-e2b7fdfac08c', 'size': 0.5229, 'sat': '0', 'sat_name': 'master', 'labid': 1004, 'labname': '/ospf\n', 'cpu': 0, 'mem': 0}) -2023-08-31 21:48:34,498 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:34,501 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: delete existing lab] ***************************************************************************************************************************************** -2023-08-31 21:48:34,519 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:34,522 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:34,527 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:34,959 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:34,970 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Ensure labtest is present] *********************************************************************************************************************************** -2023-08-31 21:48:35,001 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:35,002 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:35,006 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:35,208 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:35,213 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Create tunnelbroker Lab] ************************************************************************************************************************************* -2023-08-31 21:48:35,234 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:35,236 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:35,243 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:35,753 p=73753 u=rob n=ansible | changed: [eveng] -2023-08-31 21:48:35,758 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:48:35,778 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:35,781 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:35,785 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:36,447 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:36,456 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start vyos-oobm] ********************************************************************************************************************************************* -2023-08-31 21:48:36,486 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:48:36,487 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:36,491 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:37,502 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:48:37,513 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos-oobm] ****************************************************************************************************************************************** -2023-08-31 21:48:37,536 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:48:37,547 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:48:37,553 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:48:38,430 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:49:08,523 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:49:08,539 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:49:08,540 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:49:08,541 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:49:08,541 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:49:08,542 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:49:08,543 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:49:08,543 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:49:08,544 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:49:08,545 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:08,545 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:49:08,546 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:08,547 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:49:08,547 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:49:08,548 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:49:08,548 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:49:08,549 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:49:08,549 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:49:08,550 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:39,569 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:49:39,571 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:49:39,571 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:49:39,572 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:49:39,573 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:49:39,574 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:49:39,574 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:49:39,574 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:49:39,574 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:50:10,677 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:50:10,681 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:50:10,682 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:50:10,684 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf = self.packetizer.readline(timeout) -2023-08-31 21:50:10,685 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:50:10,686 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | buf += self._read_timeout(timeout) -2023-08-31 21:50:10,687 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:50:10,688 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise socket.timeout() -2023-08-31 21:50:10,688 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | socket.timeout -2023-08-31 21:50:10,689 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:50:10,690 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | During handling of the above exception, another exception occurred: -2023-08-31 21:50:10,691 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:50:10,691 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Traceback (most recent call last): -2023-08-31 21:50:10,692 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:50:10,692 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | self._check_banner() -2023-08-31 21:50:10,693 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:50:10,694 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | raise SSHException( -2023-08-31 21:50:10,694 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:50:10,695 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | -2023-08-31 21:50:12,568 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:50:12,825 p=74113 u=rob n=p=74113 u=rob | paramiko [vyos-oobm] | Authentication (publickey) successful! -2023-08-31 21:50:13,908 p=73753 u=rob n=ansible | ok: [vyos-oobm] -2023-08-31 21:50:13,910 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:50:13,929 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:50:13,932 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:50:13,939 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:50:14,868 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:50:14,877 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: get lab status] ********************************************************************************************************************************************** -2023-08-31 21:50:14,908 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:50:14,910 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:50:14,916 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:50:15,380 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:50:15,389 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start all nodes] ********************************************************************************************************************************************* -2023-08-31 21:50:15,417 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:50:15,420 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:50:15,427 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:50:16,519 p=73753 u=rob n=ansible | ok: [eveng] => (item=4) -2023-08-31 21:50:17,120 p=73753 u=rob n=ansible | ok: [eveng] => (item=1) -2023-08-31 21:50:18,354 p=73753 u=rob n=ansible | ok: [eveng] => (item=2) -2023-08-31 21:50:18,367 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] ***************************************************************************************************************************************** -2023-08-31 21:50:18,390 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:50:18,399 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:50:19,313 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:50:19,317 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:50:37,800 p=73997 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs. +2024-01-13 13:34:11,773 p=3127 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This +feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in +ansible.cfg. +2024-01-13 13:35:27,263 p=3449 u=rob n=p=3449 u=rob | paramiko [oobm-z65ole] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:35:27,563 p=3449 u=rob n=p=3449 u=rob | paramiko [oobm-z65ole] | Authentication (publickey) successful! +2024-01-13 13:35:28,840 p=3127 u=rob n=ansible | ok: [oobm-z65ole] +2024-01-13 13:35:28,842 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:35:28,854 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:35:28,854 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:35:28,857 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:35:30,040 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:35:30,046 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: get lab status] ******************************************************************** +2024-01-13 13:35:30,064 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:35:30,064 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:35:30,067 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:35:30,516 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:35:30,520 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start all nodes] ******************************************************************* +2024-01-13 13:35:30,531 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:35:30,533 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:35:30,535 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:35:31,563 p=3127 u=rob n=ansible | ok: [eveng] => (item=4) +2024-01-13 13:35:32,108 p=3127 u=rob n=ansible | ok: [eveng] => (item=1) +2024-01-13 13:35:33,376 p=3127 u=rob n=ansible | ok: [eveng] => (item=2) +2024-01-13 13:35:33,381 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] *************************************************************** +2024-01-13 13:35:33,388 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:35:33,392 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:35:34,286 p=3127 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:35:34,286 p=3127 u=rob n=ansible | network_os is set to vyos +2024-01-13 13:36:04,323 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:04,325 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:04,325 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:04,326 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:04,326 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:04,326 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:04,326 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:04,327 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:04,327 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:04,327 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:04,328 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:04,328 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:04,328 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:04,328 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:04,328 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:04,328 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:04,329 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:04,329 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:04,329 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:04,329 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:04,329 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:04,329 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:04,330 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:04,330 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:04,330 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:04,330 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:04,330 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:04,331 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:04,331 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:04,331 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:04,331 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:04,331 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:04,331 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:04,332 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:04,332 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:04,332 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:04,332 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:04,333 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:04,333 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:04,333 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:04,334 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:04,334 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:11,143 p=3455 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs. See the timeout setting options in the Network Debug and Troubleshooting Guide. -2023-08-31 21:50:37,906 p=73997 u=rob n=ansible | shutdown complete -2023-08-31 21:50:49,351 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:50:49,353 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:50:49,357 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:50:49,357 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:50:49,358 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) -2023-08-31 21:50:49,358 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:50:49,358 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) -2023-08-31 21:50:49,358 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise socket.timeout() -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | socket.timeout -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf += self._read_timeout(timeout) -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise socket.timeout() -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:50:49,359 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | socket.timeout -2023-08-31 21:50:49,359 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | self._check_banner() -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise SSHException( -2023-08-31 21:50:49,360 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:50:49,360 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | self._check_banner() -2023-08-31 21:50:49,361 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise SSHException( -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:50:49,361 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:20,413 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:51:20,414 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf += self._read_timeout(timeout) -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise socket.timeout() -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | socket.timeout -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:20,415 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | self._check_banner() -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:51:20,416 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise SSHException( -2023-08-31 21:51:20,417 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:51:20,417 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:20,420 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:51:20,421 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:51:20,421 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:51:20,421 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) -2023-08-31 21:51:20,421 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise socket.timeout() -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | socket.timeout -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:20,422 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | self._check_banner() -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:51:20,423 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise SSHException( -2023-08-31 21:51:20,424 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:51:20,424 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:51,470 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) -2023-08-31 21:51:51,471 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:51:51,471 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | buf += self._read_timeout(timeout) -2023-08-31 21:51:51,471 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2270, in _check_banner -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise socket.timeout() -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | socket.timeout -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 374, in readline -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: -2023-08-31 21:51:51,472 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/packet.py", line 611, in _read_timeout -2023-08-31 21:51:51,472 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise socket.timeout() -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Traceback (most recent call last): -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | socket.timeout -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | self._check_banner() -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:51,473 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | raise SSHException( -2023-08-31 21:51:51,473 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): -2023-08-31 21:51:51,474 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2093, in run -2023-08-31 21:51:51,474 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | self._check_banner() -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.9/site-packages/paramiko/transport.py", line 2274, in _check_banner -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | raise SSHException( -2023-08-31 21:51:51,474 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner -2023-08-31 21:51:51,475 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | -2023-08-31 21:51:53,546 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:51:53,564 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:51:53,817 p=74223 u=rob n=p=74223 u=rob | paramiko [client] | Authentication (publickey) successful! -2023-08-31 21:51:53,836 p=74222 u=rob n=p=74222 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! -2023-08-31 21:51:55,165 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:51:55,165 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:51:55,168 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : setup nodes] *************************************************************************************************************************************************************** -2023-08-31 21:51:55,190 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:51:55,190 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:51:56,125 p=74000 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use +2024-01-13 13:36:11,246 p=3455 u=rob n=ansible | shutdown complete +2024-01-13 13:36:15,421 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:15,422 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:15,423 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:15,423 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:15,423 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:15,423 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:15,424 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:15,424 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:15,424 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:15,425 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:15,425 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:15,425 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:15,425 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:15,426 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:15,426 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:15,426 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:15,427 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:15,427 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:15,427 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:15,427 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:15,428 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:15,433 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:15,433 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:15,434 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:15,434 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:15,434 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:15,434 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:15,435 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:15,435 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:15,435 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:15,436 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:15,436 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:15,436 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:15,436 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:15,437 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:15,437 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:15,437 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:15,438 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:15,438 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:15,438 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:15,438 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:15,439 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:26,523 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:26,524 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:26,524 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:26,525 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:26,525 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:26,525 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:26,526 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:26,526 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:26,526 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:26,526 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:26,527 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:26,527 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:26,527 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:26,527 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:26,528 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:26,528 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:26,528 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:26,528 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:26,528 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:26,528 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:26,528 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:26,528 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:26,529 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:26,529 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:26,529 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:26,529 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:26,529 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:26,529 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:26,529 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:26,530 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:26,530 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:26,530 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:26,530 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:26,531 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:26,531 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:26,531 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:26,531 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:26,532 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:37,625 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:37,627 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:37,629 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:37,630 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:37,630 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:37,631 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:37,631 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:37,632 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:37,632 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:37,632 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:37,633 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:37,634 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:37,634 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:37,634 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:37,635 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:37,635 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:37,635 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:37,636 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:37,636 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:37,636 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:37,637 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:37,637 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:37,637 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:37,638 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:37,638 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:37,639 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:37,639 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:37,639 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:37,639 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:37,640 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:37,640 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:37,641 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:37,641 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:37,642 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:37,642 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:37,642 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:37,643 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:37,643 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:37,644 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:37,644 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:37,644 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:37,644 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:48,770 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:48,773 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Exception (client): Error reading SSH protocol banner +2024-01-13 13:36:48,777 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:48,777 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:48,778 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:48,778 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2327, in _check_banner +2024-01-13 13:36:48,779 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:48,780 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf = self.packetizer.readline(timeout) +2024-01-13 13:36:48,780 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:48,782 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:48,783 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:48,783 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 381, in readline +2024-01-13 13:36:48,785 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | buf += self._read_timeout(timeout) +2024-01-13 13:36:48,785 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | buf += self._read_timeout(timeout) +2024-01-13 13:36:48,786 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:48,786 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2024-01-13 13:36:48,787 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:48,787 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/packet.py", line 626, in _read_timeout +2024-01-13 13:36:48,788 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise socket.timeout() +2024-01-13 13:36:48,788 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise socket.timeout() +2024-01-13 13:36:48,789 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | TimeoutError +2024-01-13 13:36:48,789 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | TimeoutError +2024-01-13 13:36:48,789 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:48,789 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:48,790 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:48,790 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | During handling of the above exception, another exception occurred: +2024-01-13 13:36:48,791 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:48,791 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:48,791 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Traceback (most recent call last): +2024-01-13 13:36:48,792 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Traceback (most recent call last): +2024-01-13 13:36:48,792 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:48,793 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2143, in run +2024-01-13 13:36:48,793 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | self._check_banner() +2024-01-13 13:36:48,794 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | self._check_banner() +2024-01-13 13:36:48,794 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:48,794 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | File "/Users/rob/.local/share/virtualenvs/vyos-eveng-b9X2mBdh/lib/python3.12/site-packages/paramiko/transport.py", line 2331, in _check_banner +2024-01-13 13:36:48,795 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | raise SSHException( +2024-01-13 13:36:48,796 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | raise SSHException( +2024-01-13 13:36:48,796 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:48,798 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | paramiko.ssh_exception.SSHException: Error reading SSH protocol banner +2024-01-13 13:36:48,798 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | +2024-01-13 13:36:48,798 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | +2024-01-13 13:36:52,514 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:36:52,577 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:36:53,797 p=3541 u=rob n=p=3541 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! +2024-01-13 13:36:53,923 p=3542 u=rob n=p=3542 u=rob | paramiko [client] | Authentication (publickey) successful! +2024-01-13 13:36:55,449 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:36:55,665 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:36:55,669 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : setup nodes] ************************************************************************************* +2024-01-13 13:36:55,706 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:36:55,707 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:36:57,437 p=3549 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:51:56,125 p=74001 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use +2024-01-13 13:36:57,440 p=3550 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:51:57,018 p=74000 u=rob n=p=74000 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:51:57,025 p=74001 u=rob n=p=74001 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:51:57,267 p=74000 u=rob n=p=74000 u=rob | paramiko [client] | Authentication (publickey) successful! -2023-08-31 21:51:57,271 p=74001 u=rob n=p=74001 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! -2023-08-31 21:52:03,730 p=73753 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation +2024-01-13 13:36:58,058 p=3550 u=rob n=p=3550 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:36:58,072 p=3549 u=rob n=p=3549 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:36:58,735 p=3550 u=rob n=p=3550 u=rob | paramiko [client] | Authentication (publickey) successful! +2024-01-13 13:36:58,770 p=3549 u=rob n=p=3549 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! +2024-01-13 13:37:07,037 p=3127 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if +present in the running configuration on device including the indentation -2023-08-31 21:52:03,731 p=73753 u=rob n=ansible | changed: [client] -2023-08-31 21:52:04,862 p=73753 u=rob n=ansible | changed: [vyos-wan] -2023-08-31 21:52:04,879 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : Register external IP in Tunnelbroker] ************************************************************************************************************************************** -2023-08-31 21:52:04,905 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:04,913 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:04,923 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:17,562 p=73753 u=rob n=ansible | ok: [vyos-wan -> eveng(eve-ng)] -2023-08-31 21:52:17,569 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : get ipv4 address of vyos-wan (eth1)] *************************************************************************************************************************************** -2023-08-31 21:52:17,597 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:17,606 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:17,617 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:18,676 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:52:18,688 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : Set variables] ************************************************************************************************************************************************************* -2023-08-31 21:52:18,717 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:18,727 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:18,738 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:19,628 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:52:19,641 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : setup vyos-wan] ************************************************************************************************************************************************************ -2023-08-31 21:52:19,671 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:19,682 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:19,691 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:27,796 p=73753 u=rob n=ansible | changed: [vyos-wan] -2023-08-31 21:52:27,813 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:52:27,842 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:27,845 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:52:27,851 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:28,511 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:52:28,521 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] *********************************************************************************************************************************************** -2023-08-31 21:52:28,553 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:28,556 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:28,560 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:52:28,566 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:28,570 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ********************************************************************************************************************************************* -2023-08-31 21:52:28,583 p=73753 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:52:28,584 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:52:33,601 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:52:33,618 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ********************************************************************************************************************************************** -2023-08-31 21:52:33,650 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:52:33,652 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:52:33,659 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:52:33,666 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:52:33,670 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ******************************************************************************************************************************************** -2023-08-31 21:52:33,682 p=73753 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:52:33,683 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:52:38,701 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:52:38,719 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ******************************************************************************************************* -2023-08-31 21:52:38,736 p=73753 u=rob n=ansible | Pausing for 30 seconds -2023-08-31 21:52:38,736 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:53:08,754 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:53:08,768 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ************************************************************************************************************************************************ -2023-08-31 21:53:08,802 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:08,805 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:14,549 p=73753 u=rob n=ansible | ok: [vyos-wan] => (item=tunnelbroker.net) -2023-08-31 21:53:15,162 p=73753 u=rob n=ansible | ok: [client] => (item=2001:470:20::2) -2023-08-31 21:53:15,177 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] *************************************************************************************************************************************** -2023-08-31 21:53:15,210 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:15,211 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:15,216 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:53:15,222 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:53:15,226 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ************************************************************************************************************************************ -2023-08-31 21:53:15,248 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:15,251 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:19,509 p=73753 u=rob n=ansible | ok: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:53:19,515 p=73753 u=rob n=ansible | ok: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:53:24,065 p=73753 u=rob n=ansible | ok: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) -2023-08-31 21:53:24,080 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] *********************************************************************************************************************************************** -2023-08-31 21:53:24,110 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:24,113 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:25,039 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:53:25,040 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:53:25,049 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Reboot vyos] ************************************************************************************************************************************************* -2023-08-31 21:53:25,079 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:25,080 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:26,212 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:53:26,212 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:53:26,223 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait while shutdown] ***************************************************************************************************************************************** -2023-08-31 21:53:26,246 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:26,251 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] ***************************************************************************************************************************************** -2023-08-31 21:53:26,268 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:26,277 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:27,200 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:53:27,200 p=73753 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use ansible.utils.display.Display.verbosity instead. This feature will be removed in version 2.18. Deprecation warnings can be disabled - by setting deprecation_warnings=False in ansible.cfg. -2023-08-31 21:53:28,164 p=74415 u=rob n=p=74415 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:53:28,164 p=74414 u=rob n=p=74414 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) -2023-08-31 21:53:28,454 p=74415 u=rob n=p=74415 u=rob | paramiko [client] | Authentication (publickey) successful! -2023-08-31 21:53:28,489 p=74414 u=rob n=p=74414 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! -2023-08-31 21:53:29,492 p=73753 u=rob n=ansible | ok: [client] -2023-08-31 21:53:29,493 p=73753 u=rob n=ansible | ok: [vyos-wan] -2023-08-31 21:53:29,496 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:53:29,516 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:29,519 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:53:29,525 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:53:30,437 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:53:30,443 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] *********************************************************************************************************************************************** -2023-08-31 21:53:30,474 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:30,479 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:30,485 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:53:30,491 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:53:30,495 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ********************************************************************************************************************************************* -2023-08-31 21:53:30,510 p=73753 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:53:30,510 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:53:35,527 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:53:35,546 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ********************************************************************************************************************************************** -2023-08-31 21:53:35,573 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:53:35,577 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:53:35,584 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:53:35,590 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:53:35,594 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ******************************************************************************************************************************************** -2023-08-31 21:53:35,608 p=73753 u=rob n=ansible | Pausing for 5 seconds -2023-08-31 21:53:35,609 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:53:40,634 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:53:40,643 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ******************************************************************************************************* -2023-08-31 21:53:40,664 p=73753 u=rob n=ansible | Pausing for 30 seconds -2023-08-31 21:53:40,665 p=73753 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) -2023-08-31 21:54:10,684 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:54:10,700 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ************************************************************************************************************************************************ -2023-08-31 21:54:10,738 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:10,741 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,091 p=73753 u=rob n=ansible | ok: [client] => (item=2001:470:20::2) -2023-08-31 21:54:16,273 p=73753 u=rob n=ansible | ok: [vyos-wan] => (item=tunnelbroker.net) -2023-08-31 21:54:16,283 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] *************************************************************************************************************************************** -2023-08-31 21:54:16,316 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,318 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,325 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,330 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,335 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ************************************************************************************************************************************ -2023-08-31 21:54:16,358 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,361 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,367 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:54:16,370 p=73753 u=rob n=ansible | skipping: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:54:16,373 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) -2023-08-31 21:54:16,374 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,374 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,378 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] *********************************************************************************************************************************************** -2023-08-31 21:54:16,398 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,401 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,405 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,409 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,413 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: ake sure tmp dir exist] ************************************************************************************************************************************** -2023-08-31 21:54:16,430 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,439 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,439 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,446 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,449 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register status of tmp/] ************************************************************************************************************************************* -2023-08-31 21:54:16,463 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,472 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,474 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,479 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,483 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: ownload upgrade_iso] ***************************************************************************************************************************************** -2023-08-31 21:54:16,500 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,508 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,510 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,515 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,519 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Copy iso to host] ******************************************************************************************************************************************** -2023-08-31 21:54:16,533 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,541 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,544 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,549 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,553 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: upgrade vyos] ************************************************************************************************************************************************ -2023-08-31 21:54:16,574 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,575 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,577 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,582 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,585 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Reboot vyos] ************************************************************************************************************************************************* -2023-08-31 21:54:16,607 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,607 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,609 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,613 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,616 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait while shutdown] ***************************************************************************************************************************************** -2023-08-31 21:54:16,627 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,630 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] ***************************************************************************************************************************************** -2023-08-31 21:54:16,652 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,652 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,654 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,659 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,663 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: clear tmp dir] *********************************************************************************************************************************************** -2023-08-31 21:54:16,673 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,676 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] ****************************************************************************************************************************** -2023-08-31 21:54:16,696 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,697 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,699 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,704 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,707 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] *********************************************************************************************************************************************** -2023-08-31 21:54:16,727 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,730 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,735 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,740 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,744 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ********************************************************************************************************************************************* -2023-08-31 21:54:16,754 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,757 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ********************************************************************************************************************************************** -2023-08-31 21:54:16,777 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,780 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,785 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,790 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,793 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ******************************************************************************************************************************************** -2023-08-31 21:54:16,806 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,809 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ******************************************************************************************************* -2023-08-31 21:54:16,819 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,822 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ************************************************************************************************************************************************ -2023-08-31 21:54:16,842 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,842 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,845 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item=tunnelbroker.net) -2023-08-31 21:54:16,847 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,852 p=73753 u=rob n=ansible | skipping: [client] => (item=2001:470:20::2) -2023-08-31 21:54:16,854 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,857 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] *************************************************************************************************************************************** -2023-08-31 21:54:16,878 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,880 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,880 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,885 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,888 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ************************************************************************************************************************************ -2023-08-31 21:54:16,908 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,908 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,915 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:54:16,917 p=73753 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) -2023-08-31 21:54:16,919 p=73753 u=rob n=ansible | skipping: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) -2023-08-31 21:54:16,920 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,920 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,924 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] *********************************************************************************************************************************************** -2023-08-31 21:54:16,943 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:16,944 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,946 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,952 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:16,956 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: make sure output dir exist] ********************************************************************************************************************************** -2023-08-31 21:54:16,979 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:16,981 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:16,987 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,109 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:17,114 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: make sure output include dir exist] ************************************************************************************************************************** -2023-08-31 21:54:17,136 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,139 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,145 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,270 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:17,272 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Get timestamp from the system] ******************************************************************************************************************************* -2023-08-31 21:54:17,291 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,294 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,300 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,489 p=73753 u=rob n=ansible | changed: [eveng] -2023-08-31 21:54:17,495 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] *********************************************************************************************************************************************** -2023-08-31 21:54:17,520 p=73753 u=rob n=ansible | ok: [eveng] -2023-08-31 21:54:17,523 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,523 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,529 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,533 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: generate lab rst file] *************************************************************************************************************************************** -2023-08-31 21:54:17,555 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,557 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,563 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:17,814 p=73753 u=rob n=ansible | changed: [eveng -> localhost] -2023-08-31 21:54:17,819 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.conf files in Lab] ******************************************************************************************************************************** -2023-08-31 21:54:17,841 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:17,843 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:17,849 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:18,021 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:18,027 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.conf files] *************************************************************************************************************************************** -2023-08-31 21:54:18,055 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:18,055 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:18,062 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:18,307 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/vyos-wan_tun0.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 931, 'inode': 11076333, 'dev': 16777229, 'nlink': 1, 'atime': 1686132323.9467034, 'mtime': 1686132322.67604, 'ctime': 1686132322.67604, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:18,553 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/client.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 50, 'inode': 362570, 'dev': 16777229, 'nlink': 1, 'atime': 1675370047.0673313, 'mtime': 1648155110.0, 'ctime': 1675368464.8110585, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:18,810 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/vyos-wan.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 42, 'inode': 362571, 'dev': 16777229, 'nlink': 1, 'atime': 1675370047.0698297, 'mtime': 1648155110.0, 'ctime': 1675368464.8110874, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:19,050 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/transport.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 107, 'inode': 362574, 'dev': 16777229, 'nlink': 1, 'atime': 1675370047.104907, 'mtime': 1648155110.0, 'ctime': 1675368464.8111699, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:19,056 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.config files in Lab] ****************************************************************************************************************************** -2023-08-31 21:54:19,079 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,081 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,087 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:19,204 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:19,207 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.config files] ************************************************************************************************************************************* -2023-08-31 21:54:19,226 p=73753 u=rob n=ansible | skipping: [eveng] -2023-08-31 21:54:19,235 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,237 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,243 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:19,247 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.png files in Lab] ********************************************************************************************************************************* -2023-08-31 21:54:19,270 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,272 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,279 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:19,400 p=73753 u=rob n=ansible | ok: [eveng -> localhost] -2023-08-31 21:54:19,406 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.png files] **************************************************************************************************************************************** -2023-08-31 21:54:19,431 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,434 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,440 p=73753 u=rob n=ansible | skipping: [client] -2023-08-31 21:54:19,671 p=73753 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/tunnelbroker/topology.png', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 34614, 'inode': 362567, 'dev': 16777229, 'nlink': 1, 'atime': 1676403697.1329076, 'mtime': 1648155110.0, 'ctime': 1675368464.8109767, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) -2023-08-31 21:54:19,676 p=73753 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy ansible log files] ************************************************************************************************************************************** -2023-08-31 21:54:19,698 p=73753 u=rob n=ansible | skipping: [vyos-oobm] -2023-08-31 21:54:19,701 p=73753 u=rob n=ansible | skipping: [vyos-wan] -2023-08-31 21:54:19,708 p=73753 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:07,038 p=3127 u=rob n=ansible | changed: [client] +2024-01-13 13:37:07,164 p=3127 u=rob n=ansible | changed: [vyos-wan] +2024-01-13 13:37:07,169 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : Register external IP in Tunnelbroker] ************************************************************ +2024-01-13 13:37:07,209 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:07,210 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:07,228 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:09,588 p=3127 u=rob n=ansible | ok: [vyos-wan -> eveng(eve-ng)] +2024-01-13 13:37:09,593 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : get ipv4 address of vyos-wan (eth1)] ************************************************************* +2024-01-13 13:37:09,608 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:09,608 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:09,612 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:10,606 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:37:10,607 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : Set variables] *********************************************************************************** +2024-01-13 13:37:10,620 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:10,620 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:10,624 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:10,642 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:37:10,644 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : setup vyos-wan] ********************************************************************************** +2024-01-13 13:37:10,656 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:10,656 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:10,661 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:19,755 p=3127 u=rob n=ansible | changed: [vyos-wan] +2024-01-13 13:37:19,760 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:37:19,782 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:19,783 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:37:19,787 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:20,518 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:37:20,521 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] ********************************************************************* +2024-01-13 13:37:20,536 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:20,536 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:20,541 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:37:20,545 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:20,547 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ******************************************************************* +2024-01-13 13:37:20,555 p=3127 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:37:20,556 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:37:25,561 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:37:25,566 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ******************************************************************** +2024-01-13 13:37:25,600 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:37:25,606 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:37:25,611 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:37:25,619 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:37:25,624 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ****************************************************************** +2024-01-13 13:37:25,640 p=3127 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:37:25,641 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:37:30,650 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:37:30,658 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ***************************** +2024-01-13 13:37:30,676 p=3127 u=rob n=ansible | Pausing for 30 seconds +2024-01-13 13:37:30,677 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:38:00,688 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:38:00,701 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ********************************************************************** +2024-01-13 13:38:00,727 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:00,729 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:06,158 p=3127 u=rob n=ansible | ok: [client] => (item=2001:470:20::2) +2024-01-13 13:38:06,448 p=3127 u=rob n=ansible | ok: [vyos-wan] => (item=tunnelbroker.net) +2024-01-13 13:38:06,456 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] ************************************************************* +2024-01-13 13:38:06,480 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:06,482 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:06,486 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:38:06,489 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:38:06,491 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ********************************************************** +2024-01-13 13:38:06,505 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:06,507 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:10,858 p=3127 u=rob n=ansible | ok: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:38:10,869 p=3127 u=rob n=ansible | ok: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:38:15,465 p=3127 u=rob n=ansible | ok: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) +2024-01-13 13:38:15,476 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] ********************************************************************* +2024-01-13 13:38:15,491 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:15,493 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:15,516 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:38:15,520 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:38:15,522 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Reboot vyos] *********************************************************************** +2024-01-13 13:38:15,534 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:15,534 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:16,652 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:38:16,656 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:38:16,662 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait while shutdown] *************************************************************** +2024-01-13 13:38:16,674 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:16,676 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] *************************************************************** +2024-01-13 13:38:16,688 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:16,688 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:18,405 p=3721 u=rob n=p=3721 u=rob | paramiko [vyos-wan] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:38:18,450 p=3722 u=rob n=p=3722 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1) +2024-01-13 13:38:18,742 p=3722 u=rob n=p=3722 u=rob | paramiko [client] | Authentication (publickey) successful! +2024-01-13 13:38:18,745 p=3721 u=rob n=p=3721 u=rob | paramiko [vyos-wan] | Authentication (publickey) successful! +2024-01-13 13:38:20,109 p=3127 u=rob n=ansible | ok: [client] +2024-01-13 13:38:20,111 p=3127 u=rob n=ansible | ok: [vyos-wan] +2024-01-13 13:38:20,112 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:38:20,124 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:20,124 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:38:20,129 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:38:21,472 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:38:21,474 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] ********************************************************************* +2024-01-13 13:38:21,487 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:21,488 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:21,491 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:38:21,495 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:38:21,497 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ******************************************************************* +2024-01-13 13:38:21,505 p=3127 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:38:21,506 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:38:26,515 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:38:26,526 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ******************************************************************** +2024-01-13 13:38:26,549 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:38:26,551 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:38:26,556 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:38:26,560 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:38:26,562 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ****************************************************************** +2024-01-13 13:38:26,573 p=3127 u=rob n=ansible | Pausing for 5 seconds +2024-01-13 13:38:26,573 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:38:31,582 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:38:31,588 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ***************************** +2024-01-13 13:38:31,605 p=3127 u=rob n=ansible | Pausing for 30 seconds +2024-01-13 13:38:31,605 p=3127 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) +2024-01-13 13:39:01,610 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:39:01,615 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ********************************************************************** +2024-01-13 13:39:01,630 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:01,634 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:06,919 p=3127 u=rob n=ansible | ok: [client] => (item=2001:470:20::2) +2024-01-13 13:39:07,332 p=3127 u=rob n=ansible | ok: [vyos-wan] => (item=tunnelbroker.net) +2024-01-13 13:39:07,335 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] ************************************************************* +2024-01-13 13:39:07,348 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,348 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,352 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,355 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,357 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ********************************************************** +2024-01-13 13:39:07,371 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,372 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,376 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:39:07,377 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) +2024-01-13 13:39:07,378 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,380 p=3127 u=rob n=ansible | skipping: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:39:07,382 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,383 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] ********************************************************************* +2024-01-13 13:39:07,395 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,397 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,398 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,402 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,404 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: ake sure tmp dir exist] ************************************************************ +2024-01-13 13:39:07,416 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,416 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,417 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,421 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,423 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register status of tmp/] *********************************************************** +2024-01-13 13:39:07,432 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,436 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,438 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,440 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,442 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: download upgrade_iso] ************************************************************** +2024-01-13 13:39:07,450 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,454 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,456 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,459 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,463 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Copy iso to host] ****************************************************************** +2024-01-13 13:39:07,472 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,477 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,477 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,481 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,483 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: upgrade vyos] ********************************************************************** +2024-01-13 13:39:07,491 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,495 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,496 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,500 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,501 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Reboot vyos] *********************************************************************** +2024-01-13 13:39:07,513 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,514 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,515 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,518 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,519 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait while shutdown] *************************************************************** +2024-01-13 13:39:07,525 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,527 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Wait for vyos nodes] *************************************************************** +2024-01-13 13:39:07,534 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,538 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,540 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,543 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,544 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: clear tmp dir] ********************************************************************* +2024-01-13 13:39:07,551 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,553 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Login to EVE-NG and get Cookie] **************************************************** +2024-01-13 13:39:07,564 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,565 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,565 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,569 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,571 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: stop nodes id] ********************************************************************* +2024-01-13 13:39:07,583 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,585 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,587 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,591 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,593 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after stop] ******************************************************************* +2024-01-13 13:39:07,600 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,601 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: start nodes id] ******************************************************************** +2024-01-13 13:39:07,613 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,615 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,618 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,621 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,622 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait after start] ****************************************************************** +2024-01-13 13:39:07,629 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,631 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: wait, b/c the ping often failed without a short break] ***************************** +2024-01-13 13:39:07,638 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,639 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: do ping test] ********************************************************************** +2024-01-13 13:39:07,648 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,652 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,654 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item=tunnelbroker.net) +2024-01-13 13:39:07,655 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,658 p=3127 u=rob n=ansible | skipping: [client] => (item=2001:470:20::2) +2024-01-13 13:39:07,659 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,661 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: execute test commands] ************************************************************* +2024-01-13 13:39:07,669 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,673 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,675 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,677 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,679 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: register stdout commands] ********************************************************** +2024-01-13 13:39:07,692 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,692 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,694 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:39:07,695 p=3127 u=rob n=ansible | skipping: [vyos-wan] => (item={'name': 'ping_name', 'command': 'ping tunnelbroker.net count 4'}) +2024-01-13 13:39:07,696 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,698 p=3127 u=rob n=ansible | skipping: [client] => (item={'name': 'ping_ip', 'command': 'ping 2001:470:20::2 count 4'}) +2024-01-13 13:39:07,698 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,700 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] ********************************************************************* +2024-01-13 13:39:07,712 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:07,713 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,713 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,717 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,720 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: make sure output dir exist] ******************************************************** +2024-01-13 13:39:07,731 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,732 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,735 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:07,883 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:07,885 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: make sure output include dir exist] ************************************************ +2024-01-13 13:39:07,898 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:07,898 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:07,901 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,048 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:08,050 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Get timestamp from the system] ***************************************************** +2024-01-13 13:39:08,061 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,063 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,066 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,320 p=3127 u=rob n=ansible | changed: [eveng] +2024-01-13 13:39:08,322 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: Set variables] ********************************************************************* +2024-01-13 13:39:08,334 p=3127 u=rob n=ansible | ok: [eveng] +2024-01-13 13:39:08,334 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,336 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,339 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,341 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: generate lab rst file] ************************************************************* +2024-01-13 13:39:08,354 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,355 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,359 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,652 p=3127 u=rob n=ansible | changed: [eveng -> localhost] +2024-01-13 13:39:08,654 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.conf files in Lab] ****************************************************** +2024-01-13 13:39:08,666 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,667 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,670 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:08,866 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:08,868 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.conf files] ************************************************************* +2024-01-13 13:39:08,880 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:08,881 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:08,884 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:09,164 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/vyos-wan_tun0.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 931, 'inode': 22902859, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4576929, 'mtime': 1701342323.3234093, 'ctime': 1701346519.9683046, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:09,444 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/client.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 50, 'inode': 22902860, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4575586, 'mtime': 1648155110.0, 'ctime': 1701346519.9686172, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:09,723 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/vyos-wan.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 42, 'inode': 22902861, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4576807, 'mtime': 1648155110.0, 'ctime': 1701346519.9688697, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:10,002 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/transport.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 107, 'inode': 22902864, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4576118, 'mtime': 1648155110.0, 'ctime': 1701346519.9698136, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:10,005 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.config files in Lab] **************************************************** +2024-01-13 13:39:10,017 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,018 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,021 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:10,164 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:10,166 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.config files] *********************************************************** +2024-01-13 13:39:10,177 p=3127 u=rob n=ansible | skipping: [eveng] +2024-01-13 13:39:10,178 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,179 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,182 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:10,184 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: find all *.png files in Lab] ******************************************************* +2024-01-13 13:39:10,196 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,198 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,202 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:10,346 p=3127 u=rob n=ansible | ok: [eveng -> localhost] +2024-01-13 13:39:10,348 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy all *.png files] ************************************************************** +2024-01-13 13:39:10,360 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,361 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,364 p=3127 u=rob n=ansible | skipping: [client] +2024-01-13 13:39:10,637 p=3127 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/master/tunnelbroker/topology.png', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 34614, 'inode': 22902857, 'dev': 16777229, 'nlink': 1, 'atime': 1703974425.4576008, 'mtime': 1648155110.0, 'ctime': 1701346519.9677274, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +2024-01-13 13:39:10,640 p=3127 u=rob n=ansible | TASK [eve-ng-lab-test : tunnelbroker: copy ansible log files] ************************************************************ +2024-01-13 13:39:10,653 p=3127 u=rob n=ansible | skipping: [oobm-z65ole] +2024-01-13 13:39:10,653 p=3127 u=rob n=ansible | skipping: [vyos-wan] +2024-01-13 13:39:10,656 p=3127 u=rob n=ansible | skipping: [client] diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst index 4a822b04..96c2e1af 100644 --- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst +++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst @@ -4,8 +4,8 @@ Tunnelbroker.net (IPv6) ####################### -| Testdate: 2023-08-31 -| Version: 1.4-rolling-202308240020 +| Testdate: 2024-01-13 +| Version: 1.5-rolling-202401121239 This guide walks through the setup of https://www.tunnelbroker.net/ for an IPv6 Tunnel. @@ -61,14 +61,14 @@ Now you should be able to ping a public IPv6 Address vyos@vyos-wan:~$ ping 2001:470:20::2 count 4 PING 2001:470:20::2(2001:470:20::2) 56 data bytes - 64 bytes from 2001:470:20::2: icmp_seq=1 ttl=64 time=39.4 ms - 64 bytes from 2001:470:20::2: icmp_seq=2 ttl=64 time=29.9 ms - 64 bytes from 2001:470:20::2: icmp_seq=3 ttl=64 time=30.0 ms - 64 bytes from 2001:470:20::2: icmp_seq=4 ttl=64 time=29.9 ms + 64 bytes from 2001:470:20::2: icmp_seq=1 ttl=64 time=33.8 ms + 64 bytes from 2001:470:20::2: icmp_seq=2 ttl=64 time=43.9 ms + 64 bytes from 2001:470:20::2: icmp_seq=3 ttl=64 time=43.4 ms + 64 bytes from 2001:470:20::2: icmp_seq=4 ttl=64 time=42.5 ms --- 2001:470:20::2 ping statistics --- - 4 packets transmitted, 4 received, 0% packet loss, time 3005ms - rtt min/avg/max/mdev = 29.885/32.293/39.371/4.086 ms + 4 packets transmitted, 4 received, 0% packet loss, time 2999ms + rtt min/avg/max/mdev = 33.802/40.920/43.924/4.139 ms Assuming the pings are successful, you need to add some DNS servers. @@ -85,14 +85,14 @@ You should now be able to ping something by IPv6 DNS name: vyos@vyos-wan:~$ ping tunnelbroker.net count 4 PING tunnelbroker.net(tunnelbroker.net (2001:470:0:63::2)) 56 data bytes - 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=1 ttl=46 time=200 ms - 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=2 ttl=46 time=176 ms - 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=3 ttl=46 time=244 ms - 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=4 ttl=46 time=176 ms + 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=1 ttl=48 time=285 ms + 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=2 ttl=48 time=186 ms + 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=3 ttl=48 time=178 ms + 64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=4 ttl=48 time=177 ms --- tunnelbroker.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3002ms - rtt min/avg/max/mdev = 175.737/198.653/243.621/27.714 ms + rtt min/avg/max/mdev = 176.707/206.638/285.128/45.457 ms ***************** @@ -148,14 +148,14 @@ Now the Client is able to ping a public IPv6 address vyos@client:~$ ping 2001:470:20::2 count 4 PING 2001:470:20::2(2001:470:20::2) 56 data bytes - 64 bytes from 2001:470:20::2: icmp_seq=1 ttl=63 time=30.5 ms - 64 bytes from 2001:470:20::2: icmp_seq=2 ttl=63 time=29.6 ms - 64 bytes from 2001:470:20::2: icmp_seq=3 ttl=63 time=29.9 ms - 64 bytes from 2001:470:20::2: icmp_seq=4 ttl=63 time=29.8 ms + 64 bytes from 2001:470:20::2: icmp_seq=1 ttl=63 time=32.1 ms + 64 bytes from 2001:470:20::2: icmp_seq=2 ttl=63 time=41.8 ms + 64 bytes from 2001:470:20::2: icmp_seq=3 ttl=63 time=41.7 ms + 64 bytes from 2001:470:20::2: icmp_seq=4 ttl=63 time=47.1 ms --- 2001:470:20::2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3005ms - rtt min/avg/max/mdev = 29.578/29.959/30.490/0.333 ms + rtt min/avg/max/mdev = 32.128/40.688/47.107/5.403 ms Multiple LAN/DMZ Setup -- cgit v1.2.3 From 0740593f13225ad72a127e99aaa49d5a32ba5325 Mon Sep 17 00:00:00 2001 From: rebortg Date: Sat, 13 Jan 2024 23:11:49 +0100 Subject: update sphinx and dependencies --- Pipfile | 18 ------------ docs/conf.py | 2 +- docs/index.rst | 86 +++++++++++++++++++++++++++++--------------------------- requirements.txt | 14 ++++----- 4 files changed, 52 insertions(+), 68 deletions(-) delete mode 100644 Pipfile (limited to 'docs') diff --git a/Pipfile b/Pipfile deleted file mode 100644 index 0d7f836f..00000000 --- a/Pipfile +++ /dev/null @@ -1,18 +0,0 @@ -[[source]] -url = "https://pypi.org/simple" -verify_ssl = true -name = "pypi" - -[packages] -sphinx-rtd-theme = "*" -docutils = "*" -lxml = "*" -sphinx-notfound-page = "*" -Sphinx = ">=1.4.3" -sphinx-panels = "*" -transifex-client = "*" - -[dev-packages] - -[requires] -python_version = "3.9" diff --git a/docs/conf.py b/docs/conf.py index 3fe1c6e1..4414286d 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -47,7 +47,7 @@ extensions = ['sphinx.ext.intersphinx', 'notfound.extension', 'autosectionlabel', 'myst_parser', - 'sphinx_panels', + 'sphinx_design', 'vyos' ] diff --git a/docs/index.rst b/docs/index.rst index c1ac38ed..4db014a9 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -4,49 +4,51 @@ VyOS User Guide ############### -.. panels:: - :container: container-lg pb-3 - :column: col-lg-4 col-md-4 col-sm-6 col-xs-12 p-2 + + +.. grid:: 3 + :gutter: 2 + + .. grid-item-card:: Get / Build VyOS + + + Quickly :ref:`Build` your own Image or take a look at how to :ref:`download` a free or supported version. - Get / Build VyOS - ^^^^^^^^^^^^^^^^ - Quickly :ref:`Build` your own Image or take a look at how to :ref:`download` a free or supported version. - --- - - Install VyOS - ^^^^^^^^^^^^ - Read about how to install VyOS on :ref:`Bare Metal` or in a - :ref:`Virtual Environment` and - how to use an image with the usual :ref:`cloud` providers - --- - - Configuration and Operation - ^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Use the :ref:`Quickstart Guide`, to have a fast overview. Or go deeper and - set up :ref:`advanced routing`, - :ref:`VRFs`, or - :ref:`VPNs` for example. - --- - - Automate - ^^^^^^^^ - Integrate VyOS in your automation Workflow with - :ref:`Ansible`, - have your own :ref:`local scripts`, or configure VyOS with the :ref:`HTTPS-API`. - --- - - Examples - ^^^^^^^^ - Get some inspiration from the :ref:`Configuration Blueprints` - to build your infrastructure. - --- - - Contribute and Community - ^^^^^^^^^^^^^^^^^^^^^^^^ - | There are many ways to contribute to the project. - | Add missing parts or improve the :ref:`Documentation`. - | Discuss in `Slack `_ or the `Forum `_. - | Or you can pick up a `Task `_ and fix the :ref:`code`. + + .. grid-item-card:: Install VyOS + + Read about how to install VyOS on :ref:`Bare Metal` or in a + :ref:`Virtual Environment` and + how to use an image with the usual :ref:`cloud` providers + + + .. grid-item-card:: Configuration and Operation + + Use the :ref:`Quickstart Guide`, to have a fast overview. Or go deeper and + set up :ref:`advanced routing`, + :ref:`VRFs`, or + :ref:`VPNs` for example. + + + .. grid-item-card:: Automate + + Integrate VyOS in your automation Workflow with + :ref:`Ansible`, + have your own :ref:`local scripts`, or configure VyOS with the :ref:`HTTPS-API`. + + + .. grid-item-card:: Examples + + Get some inspiration from the :ref:`Configuration Blueprints` + to build your infrastructure. + + + .. grid-item-card:: Contribute and Community + + | There are many ways to contribute to the project. + | Add missing parts or improve the :ref:`Documentation`. + | Discuss in `Slack `_ or the `Forum `_. + | Or you can pick up a `Task `_ and fix the :ref:`code`. .. toctree:: diff --git a/requirements.txt b/requirements.txt index 9ca1cac2..08a1fd15 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,8 +1,8 @@ -urllib3==1.26.18 -Sphinx==4.5.0 -sphinx-rtd-theme==1.0.0 +urllib3==2.1.0 +Sphinx==7.2.6 +sphinx-rtd-theme==2.0.0 sphinx-autobuild==2021.3.14 -sphinx-notfound-page==0.8 -lxml==4.9.1 -myst-parser==0.17.1 -sphinx-panels==0.6.0 +sphinx-notfound-page==1.0.0 +lxml==5.1.0 +myst-parser==2.0.0 +sphinx_design==0.5.0 \ No newline at end of file -- cgit v1.2.3 From e6ade0470d59cf0ed45101f525e80d575f3a08d4 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Sun, 14 Jan 2024 17:40:18 +0100 Subject: dhcp: T3316: Update documentation for changes in PR vyos/vyos-1x#2650 --- docs/configuration/service/dhcp-server.rst | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index b99e5baa..6813d2c0 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -178,11 +178,17 @@ MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement. .. cfgcmd:: set service dhcp-server shared-network-name subnet - static-mapping mac-address
+ static-mapping mac
Create a new DHCP static mapping named `` which is valid for the host identified by its MAC `
`. +.. cfgcmd:: set service dhcp-server shared-network-name subnet + static-mapping duid + + Create a new DHCP static mapping named `` which is valid for + the host identified by its DHCP unique identifier (DUID) ``. + .. cfgcmd:: set service dhcp-server shared-network-name subnet static-mapping ip-address
@@ -205,7 +211,7 @@ inside the subnet definition but can be outside of the range statement. set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 subnet-id 1 set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 ip-address 192.168.1.100 - set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 mac-address aa:bb:11:22:33:00 + set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 mac aa:bb:11:22:33:00 The configuration will look as follows: @@ -215,7 +221,7 @@ The configuration will look as follows: subnet 192.168.1.0/24 { static-mapping client1 { ip-address 192.168.1.100 - mac-address aa:bb:11:22:33:00 + mac aa:bb:11:22:33:00 } subnet-id 1 } @@ -641,7 +647,7 @@ be created. The following example explains the process. set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 ipv6-address 2001:db8::101 set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 ipv6-prefix 2001:db8:0:101::/64 - set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 identifier 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff + set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 static-mapping client1 duid 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff The configuration will look as follows: @@ -652,7 +658,7 @@ The configuration will look as follows: show service dhcpv6-server shared-network-name NET1 subnet 2001:db8::/64 { static-mapping client1 { - identifier 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff + duid 00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff ipv6-address 2001:db8::101 ipv6-prefix 2001:db8:0:101::/64 } -- cgit v1.2.3 From a11428c495ebd75eb7351f2e3becaad915c9d3cc Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 15 Jan 2024 06:02:35 +0000 Subject: Github: update translations --- docs/_locale/de/404.pot | 8 + docs/_locale/de/LC_MESSAGES/404.mo | Bin 984 -> 1252 bytes docs/_locale/de/LC_MESSAGES/automation.mo | Bin 35418 -> 37840 bytes docs/_locale/de/LC_MESSAGES/cli.mo | Bin 29208 -> 30414 bytes docs/_locale/de/LC_MESSAGES/configexamples.mo | Bin 123543 -> 127575 bytes docs/_locale/de/LC_MESSAGES/configuration.mo | Bin 1067443 -> 1148357 bytes docs/_locale/de/LC_MESSAGES/contributing.mo | Bin 109457 -> 111651 bytes docs/_locale/de/LC_MESSAGES/installation.mo | Bin 102022 -> 102388 bytes docs/_locale/de/LC_MESSAGES/quick-start.mo | Bin 19890 -> 22278 bytes docs/_locale/de/automation.pot | 130 +- docs/_locale/de/cli.pot | 48 +- docs/_locale/de/configexamples.pot | 194 +- docs/_locale/de/configuration.pot | 5713 +++++++++++-------------- docs/_locale/de/contributing.pot | 288 +- docs/_locale/de/index.pot | 30 +- docs/_locale/de/installation.pot | 114 +- docs/_locale/de/quick-start.pot | 110 +- docs/_locale/en/LC_MESSAGES/404.mo | Bin 930 -> 1198 bytes docs/_locale/en/LC_MESSAGES/automation.mo | Bin 35418 -> 37840 bytes docs/_locale/en/LC_MESSAGES/cli.mo | Bin 29208 -> 30414 bytes docs/_locale/en/LC_MESSAGES/configexamples.mo | Bin 123532 -> 127564 bytes docs/_locale/en/LC_MESSAGES/configuration.mo | Bin 1067404 -> 1148318 bytes docs/_locale/en/LC_MESSAGES/contributing.mo | Bin 107118 -> 109312 bytes docs/_locale/en/LC_MESSAGES/installation.mo | Bin 102022 -> 102388 bytes docs/_locale/en/LC_MESSAGES/quick-start.mo | Bin 19890 -> 22278 bytes docs/_locale/es/404.pot | 8 + docs/_locale/es/LC_MESSAGES/404.mo | Bin 979 -> 1247 bytes docs/_locale/es/LC_MESSAGES/automation.mo | Bin 38270 -> 40692 bytes docs/_locale/es/LC_MESSAGES/cli.mo | Bin 31126 -> 32332 bytes docs/_locale/es/LC_MESSAGES/configexamples.mo | Bin 131348 -> 135380 bytes docs/_locale/es/LC_MESSAGES/configuration.mo | Bin 1147773 -> 1228687 bytes docs/_locale/es/LC_MESSAGES/contributing.mo | Bin 114847 -> 117041 bytes docs/_locale/es/LC_MESSAGES/installation.mo | Bin 109558 -> 109924 bytes docs/_locale/es/LC_MESSAGES/quick-start.mo | Bin 20335 -> 22723 bytes docs/_locale/es/automation.pot | 130 +- docs/_locale/es/cli.pot | 48 +- docs/_locale/es/configexamples.pot | 194 +- docs/_locale/es/configuration.pot | 5713 +++++++++++-------------- docs/_locale/es/contributing.pot | 288 +- docs/_locale/es/index.pot | 30 +- docs/_locale/es/installation.pot | 114 +- docs/_locale/es/quick-start.pot | 110 +- docs/_locale/ja/404.pot | 8 + docs/_locale/ja/LC_MESSAGES/404.mo | Bin 917 -> 1185 bytes docs/_locale/ja/LC_MESSAGES/automation.mo | Bin 35405 -> 37827 bytes docs/_locale/ja/LC_MESSAGES/cli.mo | Bin 29195 -> 30401 bytes docs/_locale/ja/LC_MESSAGES/configexamples.mo | Bin 123519 -> 127551 bytes docs/_locale/ja/LC_MESSAGES/configuration.mo | Bin 1067391 -> 1148305 bytes docs/_locale/ja/LC_MESSAGES/contributing.mo | Bin 107105 -> 109299 bytes docs/_locale/ja/LC_MESSAGES/installation.mo | Bin 102009 -> 102375 bytes docs/_locale/ja/LC_MESSAGES/quick-start.mo | Bin 19877 -> 22265 bytes docs/_locale/ja/automation.pot | 130 +- docs/_locale/ja/cli.pot | 48 +- docs/_locale/ja/configexamples.pot | 194 +- docs/_locale/ja/configuration.pot | 5713 +++++++++++-------------- docs/_locale/ja/contributing.pot | 288 +- docs/_locale/ja/index.pot | 30 +- docs/_locale/ja/installation.pot | 114 +- docs/_locale/ja/quick-start.pot | 110 +- docs/_locale/pt/404.pot | 8 + docs/_locale/pt/LC_MESSAGES/404.mo | Bin 938 -> 1206 bytes docs/_locale/pt/LC_MESSAGES/automation.mo | Bin 35426 -> 37848 bytes docs/_locale/pt/LC_MESSAGES/cli.mo | Bin 29216 -> 30422 bytes docs/_locale/pt/LC_MESSAGES/configexamples.mo | Bin 123540 -> 127572 bytes docs/_locale/pt/LC_MESSAGES/configuration.mo | Bin 1067412 -> 1148326 bytes docs/_locale/pt/LC_MESSAGES/contributing.mo | Bin 107126 -> 109320 bytes docs/_locale/pt/LC_MESSAGES/installation.mo | Bin 102030 -> 102396 bytes docs/_locale/pt/LC_MESSAGES/quick-start.mo | Bin 19898 -> 22286 bytes docs/_locale/pt/automation.pot | 130 +- docs/_locale/pt/cli.pot | 48 +- docs/_locale/pt/configexamples.pot | 194 +- docs/_locale/pt/configuration.pot | 5713 +++++++++++-------------- docs/_locale/pt/contributing.pot | 288 +- docs/_locale/pt/index.pot | 30 +- docs/_locale/pt/installation.pot | 114 +- docs/_locale/pt/quick-start.pot | 110 +- docs/_locale/uk/404.pot | 8 + docs/_locale/uk/LC_MESSAGES/404.mo | Bin 1007 -> 1275 bytes docs/_locale/uk/LC_MESSAGES/automation.mo | Bin 35495 -> 37917 bytes docs/_locale/uk/LC_MESSAGES/cli.mo | Bin 29285 -> 30491 bytes docs/_locale/uk/LC_MESSAGES/configexamples.mo | Bin 123609 -> 127641 bytes docs/_locale/uk/LC_MESSAGES/configuration.mo | Bin 1067481 -> 1148395 bytes docs/_locale/uk/LC_MESSAGES/contributing.mo | Bin 107195 -> 109389 bytes docs/_locale/uk/LC_MESSAGES/installation.mo | Bin 102099 -> 102465 bytes docs/_locale/uk/LC_MESSAGES/quick-start.mo | Bin 19967 -> 22355 bytes docs/_locale/uk/automation.pot | 130 +- docs/_locale/uk/cli.pot | 48 +- docs/_locale/uk/configexamples.pot | 194 +- docs/_locale/uk/configuration.pot | 5713 +++++++++++-------------- docs/_locale/uk/contributing.pot | 288 +- docs/_locale/uk/index.pot | 30 +- docs/_locale/uk/installation.pot | 114 +- docs/_locale/uk/quick-start.pot | 110 +- 93 files changed, 15185 insertions(+), 17990 deletions(-) (limited to 'docs') diff --git a/docs/_locale/de/404.pot b/docs/_locale/de/404.pot index 7ef03f50..57b3b68d 100644 --- a/docs/_locale/de/404.pot +++ b/docs/_locale/de/404.pot @@ -24,6 +24,14 @@ msgstr "`1.2.x (crux) `_" msgid "`1.3.x (equuleus) `_" msgstr "`1.3.x (equuleus) `_" +#: ../../404.rst:11 +msgid "`1.4.x (sagitta) `_" +msgstr "`1.4.x (sagitta) `_" + +#: ../../404.rst:12 +msgid "`rolling release (circinus) `_" +msgstr "`rolling release (circinus) `_" + #: ../../404.rst:11 msgid "`rolling release (sagitta) `_" msgstr "`Rolling Release (Sagitta) `_" diff --git a/docs/_locale/de/LC_MESSAGES/404.mo b/docs/_locale/de/LC_MESSAGES/404.mo index 5cfb6e0c..e992b14f 100644 Binary files a/docs/_locale/de/LC_MESSAGES/404.mo and b/docs/_locale/de/LC_MESSAGES/404.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/automation.mo b/docs/_locale/de/LC_MESSAGES/automation.mo index 0c571a2e..cb431fe9 100644 Binary files a/docs/_locale/de/LC_MESSAGES/automation.mo and b/docs/_locale/de/LC_MESSAGES/automation.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/cli.mo b/docs/_locale/de/LC_MESSAGES/cli.mo index efb26dae..1722898e 100644 Binary files a/docs/_locale/de/LC_MESSAGES/cli.mo and b/docs/_locale/de/LC_MESSAGES/cli.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/configexamples.mo b/docs/_locale/de/LC_MESSAGES/configexamples.mo index 44d8467f..4c237a80 100644 Binary files a/docs/_locale/de/LC_MESSAGES/configexamples.mo and b/docs/_locale/de/LC_MESSAGES/configexamples.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/configuration.mo b/docs/_locale/de/LC_MESSAGES/configuration.mo index 0bbe8f6c..5d09f4b5 100644 Binary files a/docs/_locale/de/LC_MESSAGES/configuration.mo and b/docs/_locale/de/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/contributing.mo b/docs/_locale/de/LC_MESSAGES/contributing.mo index 98e048cc..affcbb27 100644 Binary files a/docs/_locale/de/LC_MESSAGES/contributing.mo and b/docs/_locale/de/LC_MESSAGES/contributing.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/installation.mo b/docs/_locale/de/LC_MESSAGES/installation.mo index e3d86879..d04f2532 100644 Binary files a/docs/_locale/de/LC_MESSAGES/installation.mo and b/docs/_locale/de/LC_MESSAGES/installation.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/quick-start.mo b/docs/_locale/de/LC_MESSAGES/quick-start.mo index 6988da10..c14e354d 100644 Binary files a/docs/_locale/de/LC_MESSAGES/quick-start.mo and b/docs/_locale/de/LC_MESSAGES/quick-start.mo differ diff --git a/docs/_locale/de/automation.pot b/docs/_locale/de/automation.pot index 6d0be2c4..efd67b47 100644 --- a/docs/_locale/de/automation.pot +++ b/docs/_locale/de/automation.pot @@ -32,22 +32,30 @@ msgstr "**user-data**: includes vyos-commands." msgid "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:" msgstr "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:" -#: ../../automation/vyos-api.rst:285 +#: ../../automation/vyos-api.rst:322 msgid "/config-file" msgstr "/config-file" -#: ../../automation/vyos-api.rst:228 +#: ../../automation/vyos-api.rst:265 msgid "/configure" msgstr "/configure" -#: ../../automation/vyos-api.rst:209 +#: ../../automation/vyos-api.rst:246 msgid "/generate" msgstr "/generate" -#: ../../automation/vyos-api.rst:147 +#: ../../automation/vyos-api.rst:184 msgid "/image" msgstr "/image" +#: ../../automation/vyos-api.rst:165 +msgid "/poweroff" +msgstr "/poweroff" + +#: ../../automation/vyos-api.rst:147 +msgid "/reboot" +msgstr "/reboot" + #: ../../automation/vyos-api.rst:129 msgid "/reset" msgstr "/reset" @@ -56,7 +64,7 @@ msgstr "/reset" msgid "/retrieve" msgstr "/retrieve" -#: ../../automation/vyos-api.rst:185 +#: ../../automation/vyos-api.rst:222 msgid "/show" msgstr "/show" @@ -178,6 +186,34 @@ msgstr "Configuration" msgid "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:" msgstr "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:" +#: ../../automation/vyos-pyvyos.rst:94 +msgid "Configure, then Delete Object" +msgstr "Configure, then Delete Object" + +#: ../../automation/vyos-pyvyos.rst:141 +msgid "Configure, then Load File" +msgstr "Configure, then Load File" + +#: ../../automation/vyos-pyvyos.rst:101 +msgid "Configure, then Save" +msgstr "Configure, then Save" + +#: ../../automation/vyos-pyvyos.rst:108 +msgid "Configure, then Save File" +msgstr "Configure, then Save File" + +#: ../../automation/vyos-pyvyos.rst:68 +msgid "Configure, then Set" +msgstr "Configure, then Set" + +#: ../../automation/vyos-pyvyos.rst:85 +msgid "Configure, then Show Object" +msgstr "Configure, then Show Object" + +#: ../../automation/vyos-pyvyos.rst:77 +msgid "Configure, then Show a Single Object Value" +msgstr "Configure, then Show a Single Object Value" + #: ../../automation/vyos-napalm.rst:89 msgid "Content of commands.conf" msgstr "Content of commands.conf" @@ -258,7 +294,7 @@ msgstr "For configuration and enabling the API see :ref:`http-api`" msgid "For example, get the addresses of a ``dum0`` interface." msgstr "For example, get the addresses of a ``dum0`` interface." -#: ../../automation/vyos-api.rst:189 +#: ../../automation/vyos-api.rst:226 msgid "For example, show which images are installed." msgstr "For example, show which images are installed." @@ -270,10 +306,18 @@ msgstr "For more information on the NoCloud data source, visit its `page :@/``" msgstr "``ftp://:@/``" +#: ../../cli.rst:870 +msgid "``git+https://:@/``" +msgstr "``git+https://:@/``" + +#: ../../cli.rst:864 +msgid "``http://:@:/``" +msgstr "``http://:@:/``" + +#: ../../cli.rst:865 +msgid "``https://:@:/``" +msgstr "``https://:@:/``" + #: ../../cli.rst:71 msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." @@ -416,11 +436,11 @@ msgstr "``q`` key can be used to cancel output" msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:864 +#: ../../cli.rst:868 msgid "``scp://:@:/``" msgstr "``scp://:@:/``" -#: ../../cli.rst:865 +#: ../../cli.rst:867 msgid "``sftp://:@/``" msgstr "``sftp://:@/``" @@ -428,7 +448,7 @@ msgstr "``sftp://:@/``" msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:867 +#: ../../cli.rst:869 msgid "``tftp:///``" msgstr "``tftp:///``" diff --git a/docs/_locale/de/configexamples.pot b/docs/_locale/de/configexamples.pot index 22c08587..d7dd346f 100644 --- a/docs/_locale/de/configexamples.pot +++ b/docs/_locale/de/configexamples.pot @@ -210,22 +210,18 @@ msgstr "4 x Provider routers (VyOS-Px)" msgid "50: Upstream, using the 192.0.2.0/24 network allocated by them." msgstr "50: Upstream, using the 192.0.2.0/24 network allocated by them." -#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102 msgid "64496:1" msgstr "64496:1" -#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108 msgid "64496:100" msgstr "64496:100" -#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104 msgid "64496:2" msgstr "64496:2" -#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106 msgid "64496:50" msgstr "64496:50" @@ -276,7 +272,7 @@ msgstr "A brief excursion into VRFs: This has been one of the longest-standing f msgid "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device." msgstr "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device." -#: ../../configexamples/index.rst:35 +#: ../../configexamples/index.rst:37 msgid "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test." msgstr "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test." @@ -322,10 +318,22 @@ msgstr "Active Directory on Windows server" msgid "Add (temporary) default route" msgstr "Add (temporary) default route" +#: ../../configexamples/ansible.rst:73 +msgid "Add all the hosts of VyOS:" +msgstr "Add all the hosts of VyOS:" + +#: ../../configexamples/ansible.rst:85 +msgid "Add general variables:" +msgstr "Add general variables:" + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:47 msgid "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`" msgstr "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`" +#: ../../configexamples/ansible.rst:99 +msgid "Add the simple playbook with the tasks for each router:" +msgstr "Add the simple playbook with the tasks for each router:" + #: ../../configexamples/wan-load-balancing.rst:167 msgid "Adding a rule for the second interface" msgstr "Adding a rule for the second interface" @@ -426,11 +434,15 @@ msgstr "And show all DHCP Leases" msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig." msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig." -#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:None -#: ../../configexamples/autotest/Wireguard/Wireguard.rst:None +#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1 +#: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1 msgid "Ansible Example topology image" msgstr "Ansible Example topology image" +#: ../../configexamples/ansible.rst:7 +msgid "Ansible example" +msgstr "Ansible example" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:10 msgid "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**." msgstr "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**." @@ -559,6 +571,10 @@ msgstr "Basic Firewall" msgid "Basic Setup (via console)" msgstr "Basic Setup (via console)" +#: ../../configexamples/ansible.rst:64 +msgid "Basik configuration of the ansible.cfg:" +msgstr "Basik configuration of the ansible.cfg:" + #: ../../configexamples/qos.rst:74 msgid "Before the interface eth0 on router VyOS3" msgstr "Before the interface eth0 on router VyOS3" @@ -611,6 +627,14 @@ msgstr "Check the result" msgid "Check the result." msgstr "Check the result." +#: ../../configexamples/ansible.rst:142 +msgid "Check the result on the vyos10 router:" +msgstr "Check the result on the vyos10 router:" + +#: ../../configexamples/ansible.rst:51 +msgid "Check the version:" +msgstr "Check the version:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:164 msgid "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF." msgstr "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF." @@ -619,6 +643,10 @@ msgstr "Checking the routing table of the VRF should reveal both static and conn msgid "Checking through op-mode commands" msgstr "Checking through op-mode commands" +#: ../../configexamples/site-2-site-cisco.rst:71 +msgid "Cisco" +msgstr "Cisco" + #: ../../configexamples/ha.rst:90 msgid "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch" msgstr "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch" @@ -652,6 +680,7 @@ msgstr "Conclusions" #: ../../configexamples/ospf-unnumbered.rst:12 #: ../../configexamples/policy-based-ipsec-and-firewall.rst:47 #: ../../configexamples/segment-routing-isis.rst:24 +#: ../../configexamples/site-2-site-cisco.rst:18 msgid "Configuration" msgstr "Configuration" @@ -675,7 +704,7 @@ msgstr "Configuration 'dcsp' and shaper using QoS" msgid "Configuration Blueprints" msgstr "Configuration Blueprints" -#: ../../configexamples/index.rst:28 +#: ../../configexamples/index.rst:30 msgid "Configuration Blueprints (autotest)" msgstr "Configuration Blueprints (autotest)" @@ -856,7 +885,7 @@ msgstr "Dynamic routing used between CE and PE nodes and eBGP peering establishe msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." -#: ../../configexamples/index.rst:32 +#: ../../configexamples/index.rst:34 msgid "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect." msgstr "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect." @@ -962,6 +991,10 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." +#: ../../configexamples/site-2-site-cisco.rst:9 +msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." +msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." + #: ../../configexamples/ha.rst:60 msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" @@ -998,6 +1031,10 @@ msgstr "From Management to Outside (fails as intended)" msgid "Full configuration from all devices" msgstr "Full configuration from all devices" +#: ../../configexamples/site-2-site-cisco.rst:23 +msgid "GRE:" +msgstr "GRE:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:19 msgid "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter." msgstr "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter." @@ -1062,6 +1099,10 @@ msgstr "IPSec configuration:" msgid "IP Schema" msgstr "IP Schema" +#: ../../configexamples/site-2-site-cisco.rst:34 +msgid "IPsec:" +msgstr "IPsec:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv4 Network" msgstr "IPv4 Network" @@ -1171,6 +1212,10 @@ msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS sys msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." +#: ../../configexamples/ansible.rst:216 +msgid "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables." +msgstr "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables." + #: ../../configexamples/ha.rst:154 msgid "In this case, the hardware router has a different IP, so it would be" msgstr "In this case, the hardware router has a different IP, so it would be" @@ -1191,6 +1236,10 @@ msgstr "In this document, we have been allocated 203.0.113.0/24 by our upstream msgid "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over." msgstr "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over." +#: ../../configexamples/ansible.rst:12 +msgid "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:" +msgstr "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:" + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:42 msgid "In this example OpenVPN will be setup with a client certificate and username / password authentication." msgstr "In this example OpenVPN will be setup with a client certificate and username / password authentication." @@ -1215,6 +1264,14 @@ msgstr "Information about Ethernet Virtual Private Networks" msgid "Information about prefix-sid and label-operation from VyOS" msgstr "Information about prefix-sid and label-operation from VyOS" +#: ../../configexamples/ansible.rst:37 +msgid "Install the Ansible:" +msgstr "Install the Ansible:" + +#: ../../configexamples/ansible.rst:44 +msgid "Install the paramiko:" +msgstr "Install the paramiko:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:3 msgid "Inter-VRF Routing over VRF Lite" msgstr "Inter-VRF Routing over VRF Lite" @@ -1276,7 +1333,7 @@ msgstr "Keep networks isolated is -in general- a good principle, but there are c msgid "L3VPN EVPN with VyOS" msgstr "L3VPN EVPN with VyOS" -#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:None +#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:-1 msgid "L3VPN EVPN with VyOS topology image" msgstr "L3VPN EVPN with VyOS topology image" @@ -1403,29 +1460,14 @@ msgstr "Network Cabling" msgid "Network Topology" msgstr "Network Topology" -#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:None -#: ../../configexamples/l3vpn-hub-and-spoke.rst:None -#: ../../configexamples/nmp.rst:None -#: ../../configexamples/nmp.rst:None -#: ../../configexamples/nmp.rst:None -#: ../../configexamples/nmp.rst:None -#: ../../configexamples/nmp.rst:None -#: ../../configexamples/nmp.rst:None -#: ../../configexamples/nmp.rst:None -#: ../../configexamples/pppoe-ipv6-basic.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/qos.rst:None -#: ../../configexamples/wan-load-balancing.rst:None -#: ../../configexamples/wan-load-balancing.rst:None -#: ../../configexamples/zone-policy.rst:None +#: ../../configexamples/ansible.rst:-1 +#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1 +#: ../../configexamples/l3vpn-hub-and-spoke.rst:-1 +#: ../../configexamples/nmp.rst:-1 +#: ../../configexamples/pppoe-ipv6-basic.rst:-1 +#: ../../configexamples/qos.rst:-1 +#: ../../configexamples/wan-load-balancing.rst:-1 +#: ../../configexamples/zone-policy.rst:-1 msgid "Network Topology Diagram" msgstr "Network Topology Diagram" @@ -1457,7 +1499,7 @@ msgstr "Node" msgid "Note that router1 is a VM that runs on one of the compute nodes." msgstr "Note that router1 is a VM that runs on one of the compute nodes." -#: ../../configexamples/pppoe-ipv6-basic.rst:111 +#: ../../configexamples/pppoe-ipv6-basic.rst:115 msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." @@ -1554,7 +1596,7 @@ msgstr "One cable/logical connection between LAN2 and Management" msgid "OpenVPN with LDAP" msgstr "OpenVPN with LDAP" -#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:None +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:-1 msgid "OpenVPN with LDAP topology image" msgstr "OpenVPN with LDAP topology image" @@ -1793,6 +1835,10 @@ msgstr "Sets your LAN interface's IP address" msgid "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF." msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF." +#: ../../configexamples/ansible.rst:10 +msgid "Setting up Ansible on a server running the Debian operating system." +msgstr "Setting up Ansible on a server running the Debian operating system." + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "Setup the ipv6 default route to the tunnel interface" msgstr "Setup the ipv6 default route to the tunnel interface" @@ -1809,6 +1855,10 @@ msgstr "Similarly, to attach the firewall, you would use `set interfaces etherne msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." +#: ../../configexamples/site-2-site-cisco.rst:128 +msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" +msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" + #: ../../configexamples/zone-policy.rst:236 msgid "Since we have 4 zones, we need to setup the following rulesets." msgstr "Since we have 4 zones, we need to setup the following rulesets." @@ -1821,6 +1871,10 @@ msgstr "Single LAN Setup" msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" +#: ../../configexamples/site-2-site-cisco.rst:4 +msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN" +msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" @@ -1838,6 +1892,10 @@ msgstr "Spoke" msgid "Start by setting the interface and default action for each zone." msgstr "Start by setting the interface and default action for each zone." +#: ../../configexamples/ansible.rst:122 +msgid "Start the playbook:" +msgstr "Start the playbook:" + #: ../../configexamples/zone-policy.rst:8 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." @@ -1909,6 +1967,11 @@ msgstr "Testdate: 2023-05-11" msgid "Testdate: 2023-08-31" msgstr "Testdate: 2023-08-31" +#: ../../configexamples/autotest/Wireguard/Wireguard.rst:6 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:7 +msgid "Testdate: 2024-01-13" +msgstr "Testdate: 2024-01-13" + #: ../../configexamples/ha.rst:276 #: ../../configexamples/ha.rst:337 msgid "Testing" @@ -1979,7 +2042,11 @@ msgstr "The format of these addresses:" msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." -#: ../../configexamples/index.rst:30 +#: ../../configexamples/site-2-site-cisco.rst:14 +msgid "The lab was built using EVE-NG." +msgstr "The lab was built using EVE-NG." + +#: ../../configexamples/index.rst:32 msgid "The next pages contains automatic full tested configuration examples." msgstr "The next pages contains automatic full tested configuration examples." @@ -1987,7 +2054,7 @@ msgstr "The next pages contains automatic full tested configuration examples." msgid "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order." msgstr "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order." -#: ../../configexamples/index.rst:38 +#: ../../configexamples/index.rst:40 msgid "The process will do the following steps:" msgstr "The process will do the following steps:" @@ -1999,6 +2066,10 @@ msgstr "The scope of this document is to cover such cases in a dynamic way witho msgid "The setup used in this example is shown in the following diagram:" msgstr "The setup used in this example is shown in the following diagram:" +#: ../../configexamples/ansible.rst:161 +msgid "The simple way without configuration of the hostname (one task for all routers):" +msgstr "The simple way without configuration of the hostname (one task for all routers):" + #: ../../configexamples/ha.rst:339 msgid "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router." msgstr "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router." @@ -2079,6 +2150,10 @@ msgstr "This example uses the failover mode." msgid "This gives us MPLS segment routing enabled and labels forwarding :" msgstr "This gives us MPLS segment routing enabled and labels forwarding :" +#: ../../configexamples/site-2-site-cisco.rst:6 +msgid "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel." +msgstr "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel." + #: ../../configexamples/azure-vpn-dual-bgp.rst:8 msgid "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates." msgstr "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates." @@ -2196,7 +2271,7 @@ msgstr "Transport:" msgid "Tunnelbroker.net (IPv6)" msgstr "Tunnelbroker.net (IPv6)" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:None +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:-1 msgid "Tunnelbroker topology image" msgstr "Tunnelbroker topology image" @@ -2212,6 +2287,7 @@ msgstr "Two rules will be created, the first rule directs traffic coming in from msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." +#: ../../configexamples/ansible.rst:15 #: ../../configexamples/qos.rst:16 msgid "Using the general schema for example:" msgstr "Using the general schema for example:" @@ -2245,6 +2321,7 @@ msgstr "VRRP Configuration" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:829 +#: ../../configexamples/site-2-site-cisco.rst:134 msgid "Verification" msgstr "Verification" @@ -2263,10 +2340,19 @@ msgstr "Version: 1.4-rolling-202305100734" msgid "Version: 1.4-rolling-202308240020" msgstr "Version: 1.4-rolling-202308240020" +#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:8 +msgid "Version: 1.5-rolling-202401121239" +msgstr "Version: 1.5-rolling-202401121239" + #: ../../configexamples/autotest/Wireguard/Wireguard.rst:7 msgid "Version: vyos-1.4-rolling-202302150317" msgstr "Version: vyos-1.4-rolling-202302150317" +#: ../../configexamples/site-2-site-cisco.rst:21 +msgid "VyOS" +msgstr "VyOS" + #: ../../configexamples/l3vpn-hub-and-spoke.rst:1025 msgid "VyOS-CE-HUB -------> VyOS-CE1-SPOKE" msgstr "VyOS-CE-HUB -------> VyOS-CE1-SPOKE" @@ -2434,6 +2520,10 @@ msgstr "We explicitly exclude the primary upstream network so that BGP or OSPF t msgid "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources." msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources." +#: ../../configexamples/ansible.rst:22 +msgid "We have four pre-configured routers with this configuration:" +msgstr "We have four pre-configured routers with this configuration:" + #: ../../configexamples/zone-policy.rst:25 msgid "We have three networks." msgstr "We have three networks." @@ -2623,15 +2713,15 @@ msgstr "compute3 - Port 11 of each switch" msgid "compute3 (VMware ESXi 6.5)" msgstr "compute3 (VMware ESXi 6.5)" -#: ../../configexamples/index.rst:41 +#: ../../configexamples/index.rst:43 msgid "configure each host in the lab" msgstr "configure each host in the lab" -#: ../../configexamples/index.rst:40 +#: ../../configexamples/index.rst:42 msgid "create the lab on a eve-ng server" msgstr "create the lab on a eve-ng server" -#: ../../configexamples/index.rst:42 +#: ../../configexamples/index.rst:44 msgid "do some defined tests" msgstr "do some defined tests" @@ -2652,7 +2742,7 @@ msgstr "extended community and remote label of specific destination" msgid "first the PCA" msgstr "first the PCA" -#: ../../configexamples/index.rst:44 +#: ../../configexamples/index.rst:46 msgid "generate the documentation and include files" msgstr "generate the documentation and include files" @@ -2664,7 +2754,7 @@ msgstr "green uses local routing table id and VNI 4000" msgid "information between PE and CE:" msgstr "information between PE and CE:" -#: ../../configexamples/index.rst:43 +#: ../../configexamples/index.rst:45 msgid "optional do an upgrade to a higher version and do step 3 again." msgstr "optional do an upgrade to a higher version and do step 3 again." @@ -2680,7 +2770,7 @@ msgstr "router2 (Random 1RU machine with 4 NICs)" msgid "save the output to a file and import it in nearly all openvpn clients." msgstr "save the output to a file and import it in nearly all openvpn clients." -#: ../../configexamples/index.rst:45 +#: ../../configexamples/index.rst:47 msgid "shutdown and destroy the lab, if there is no error" msgstr "shutdown and destroy the lab, if there is no error" @@ -2700,6 +2790,22 @@ msgstr "switch2 (Nexus 10gb Switch)" msgid "v6 pairs would be:" msgstr "v6 pairs would be:" +#: ../../configexamples/ansible.rst:34 +msgid "vyos10 - 192.0.2.108" +msgstr "vyos10 - 192.0.2.108" + +#: ../../configexamples/ansible.rst:31 +msgid "vyos7 - 192.0.2.105" +msgstr "vyos7 - 192.0.2.105" + +#: ../../configexamples/ansible.rst:32 +msgid "vyos8 - 192.0.2.106" +msgstr "vyos8 - 192.0.2.106" + +#: ../../configexamples/ansible.rst:33 +msgid "vyos9 - 192.0.2.107" +msgstr "vyos9 - 192.0.2.107" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:571 msgid "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail." msgstr "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail." diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index df607936..cc30affb 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -40,6 +40,10 @@ msgstr "\"Managed address configuration\" flag" msgid "\"Other configuration\" flag" msgstr "\"Other configuration\" flag" +#: ../../configuration/firewall/flowtables.rst:5 +msgid "###################ä############# Flowtables Firewall Configuration #################################" +msgstr "###################ä############# Flowtables Firewall Configuration #################################" + #: ../../configuration/protocols/babel.rst:146 msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." @@ -100,11 +104,19 @@ msgstr "**Applies to:** Outbound traffic." msgid "**Apply the traffic policy to an interface ingress or egress**." msgstr "**Apply the traffic policy to an interface ingress or egress**." +#: ../../configuration/firewall/index.rst:22 +msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." +msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." + +#: ../../configuration/firewall/index.rst:23 +msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." +msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." + #: ../../configuration/interfaces/tunnel.rst:137 msgid "**Cisco IOS Router:**" msgstr "**Cisco IOS Router:**" -#: ../../configuration/service/pppoe-server.rst:69 +#: ../../configuration/service/pppoe-server.rst:66 msgid "**Client IP address via IP range definition**" msgstr "**Client IP address via IP range definition**" @@ -116,56 +128,49 @@ msgstr "**Client IP subnets via CIDR notation**" msgid "**Cluster-List length check**" msgstr "**Cluster-List length check**" +#: ../../configuration/firewall/index.rst:35 +msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." +msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." + #: ../../configuration/trafficpolicy/index.rst:30 msgid "**Create a traffic policy**." msgstr "**Create a traffic policy**." +#: ../../configuration/interfaces/wwan.rst:53 #: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-vlan-8021ad.txt:121 -#: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-vlan-8021q.txt:97 #: ../../_include/interface-vlan-8021ad.txt:121 -#: ../../_include/interface-common-with-dhcp.txt:9 #: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-vlan-8021ad.txt:121 -#: ../../configuration/interfaces/wwan.rst:53 msgid "**DHCP(v6)**" msgstr "**DHCP(v6)**" -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 #: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 msgid "**DHCPv6 Prefix Delegation (PD)**" msgstr "**DHCPv6 Prefix Delegation (PD)**" +#: ../../configuration/firewall/index.rst:41 +msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." +msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." + +#: ../../configuration/firewall/index.rst:43 +msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." + +#: ../../configuration/firewall/index.rst:44 +msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." + +#: ../../configuration/firewall/bridge.rst:9 +#: ../../configuration/firewall/flowtables.rst:9 +msgid "**Documentation under development**" +msgstr "**Documentation under development**" + #: ../../configuration/trafficpolicy/index.rst:169 msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (protocol, destination address or source address)**" -#: ../../configuration/service/dhcp-server.rst:235 -#: ../../configuration/service/dhcp-server.rst:657 -#: ../../configuration/service/dhcp-server.rst:694 +#: ../../configuration/service/dhcp-server.rst:200 +#: ../../configuration/service/dhcp-server.rst:587 +#: ../../configuration/service/dhcp-server.rst:626 msgid "**Example:**" msgstr "**Example:**" @@ -177,10 +182,30 @@ msgstr "**External check**" msgid "**Firewall mark**" msgstr "**Firewall mark**" -#: ../../configuration/firewall/index.rst:41 +#: ../../configuration/firewall/flowtables.rst:51 +msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" +msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" + +#: ../../configuration/firewall/index.rst:152 msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks `_" msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks `_" +#: ../../configuration/firewall/index.rst:58 +msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:86 +msgid "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/index.rst:87 +msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/flowtables.rst:83 +msgid "**Hardware offload:** should be supported by the NICs used." +msgstr "**Hardware offload:** should be supported by the NICs used." + #: ../../configuration/protocols/bgp.rst:94 msgid "**IGP cost check**" msgstr "**IGP cost check**" @@ -205,6 +230,17 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" msgstr "**Wichtiger Hinweis: ** Diese Dokumentation ist nur für VyOS Sagitta vor 1.4-Rolling-YYYYMMDDHHMM gültig" +#: ../../configuration/firewall/ipv4.rst:60 +#: ../../configuration/firewall/ipv6.rst:60 +msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" +msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" + +#: ../../configuration/firewall/bridge.rst:143 +#: ../../configuration/firewall/ipv4.rst:190 +#: ../../configuration/firewall/ipv6.rst:190 +msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." + #: ../../configuration/firewall/general.rst:72 msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**." msgstr "**Wichtiger Hinweis zu Standardaktionen: ** Wenn die Standardaktion für eine Kette nicht definiert ist, ist die Standardaktion für diese Kette auf ** accept** gesetzt. Nur für benutzerdefinierte Ketten ist die Standardaktion auf **drop** gesetzt." @@ -221,23 +257,35 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term msgid "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface." msgstr "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface." +#: ../../configuration/firewall/index.rst:48 +msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:49 +msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" + #: ../../configuration/trafficpolicy/index.rst:170 msgid "**Interface name**" msgstr "**Interface name**" -#: ../../configuration/vpn/site2site_ipsec.rst:299 +#: ../../configuration/vpn/site2site_ipsec.rst:303 msgid "**LEFT**" msgstr "**LEFT**" -#: ../../configuration/vpn/site2site_ipsec.rst:283 +#: ../../configuration/vpn/site2site_ipsec.rst:287 msgid "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)" msgstr "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)" -#: ../../configuration/interfaces/vxlan.rst:214 +#: ../../configuration/firewall/bridge.rst:48 +msgid "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**." +msgstr "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**." + +#: ../../configuration/interfaces/vxlan.rst:235 msgid "**Leaf2 configuration:**" msgstr "**Leaf2 configuration:**" -#: ../../configuration/interfaces/vxlan.rst:239 +#: ../../configuration/interfaces/vxlan.rst:260 msgid "**Leaf3 configuration:**" msgstr "**Leaf3 configuration:**" @@ -261,33 +309,33 @@ msgstr "**MED check**" msgid "**Multi-path check**" msgstr "**Multi-path check**" -#: ../../configuration/protocols/bgp.rst:1192 +#: ../../configuration/protocols/bgp.rst:1193 msgid "**Node1:**" msgstr "**Node1:**" -#: ../../configuration/protocols/bgp.rst:1220 +#: ../../configuration/protocols/bgp.rst:1221 msgid "**Node2:**" msgstr "**Node2:**" #: ../../configuration/protocols/ospf.rst:840 #: ../../configuration/protocols/ospf.rst:913 #: ../../configuration/protocols/ospf.rst:985 -#: ../../configuration/protocols/ospf.rst:1348 +#: ../../configuration/protocols/ospf.rst:1350 #: ../../configuration/protocols/segment-routing.rst:281 msgid "**Node 1**" msgstr "**Node 1**" #: ../../configuration/protocols/babel.rst:192 -#: ../../configuration/protocols/bgp.rst:1102 -#: ../../configuration/protocols/bgp.rst:1129 -#: ../../configuration/protocols/bgp.rst:1147 -#: ../../configuration/protocols/bgp.rst:1175 -#: ../../configuration/protocols/isis.rst:313 -#: ../../configuration/protocols/isis.rst:388 -#: ../../configuration/protocols/isis.rst:429 -#: ../../configuration/protocols/isis.rst:467 +#: ../../configuration/protocols/bgp.rst:1103 +#: ../../configuration/protocols/bgp.rst:1130 +#: ../../configuration/protocols/bgp.rst:1148 +#: ../../configuration/protocols/bgp.rst:1176 +#: ../../configuration/protocols/isis.rst:341 +#: ../../configuration/protocols/isis.rst:416 +#: ../../configuration/protocols/isis.rst:457 +#: ../../configuration/protocols/isis.rst:495 #: ../../configuration/protocols/ospf.rst:948 -#: ../../configuration/protocols/ospf.rst:1318 +#: ../../configuration/protocols/ospf.rst:1320 #: ../../configuration/protocols/rip.rst:243 #: ../../configuration/protocols/segment-routing.rst:195 msgid "**Node 1:**" @@ -296,20 +344,20 @@ msgstr "**Node 1:**" #: ../../configuration/protocols/ospf.rst:850 #: ../../configuration/protocols/ospf.rst:930 #: ../../configuration/protocols/ospf.rst:1001 -#: ../../configuration/protocols/ospf.rst:1363 +#: ../../configuration/protocols/ospf.rst:1365 #: ../../configuration/protocols/segment-routing.rst:296 msgid "**Node 2**" msgstr "**Node 2**" #: ../../configuration/protocols/babel.rst:202 -#: ../../configuration/protocols/bgp.rst:1113 -#: ../../configuration/protocols/bgp.rst:1135 -#: ../../configuration/protocols/bgp.rst:1159 -#: ../../configuration/protocols/bgp.rst:1181 -#: ../../configuration/protocols/isis.rst:324 -#: ../../configuration/protocols/isis.rst:404 -#: ../../configuration/protocols/isis.rst:483 -#: ../../configuration/protocols/ospf.rst:1327 +#: ../../configuration/protocols/bgp.rst:1114 +#: ../../configuration/protocols/bgp.rst:1136 +#: ../../configuration/protocols/bgp.rst:1160 +#: ../../configuration/protocols/bgp.rst:1182 +#: ../../configuration/protocols/isis.rst:352 +#: ../../configuration/protocols/isis.rst:432 +#: ../../configuration/protocols/isis.rst:511 +#: ../../configuration/protocols/ospf.rst:1329 #: ../../configuration/protocols/rip.rst:251 #: ../../configuration/protocols/segment-routing.rst:211 msgid "**Node 2:**" @@ -331,15 +379,39 @@ msgstr "**One gateway:**" msgid "**Origin check**" msgstr "**Origin check**" +#: ../../configuration/firewall/index.rst:64 +msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + #: ../../configuration/protocols/bgp.rst:125 msgid "**Peer address**" msgstr "**Peer address**" +#: ../../configuration/firewall/index.rst:38 +msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``." +msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``." + #: ../../configuration/policy/examples.rst:5 msgid "**Policy definition:**" msgstr "**Policy definition:**" -#: ../../configuration/service/dhcp-server.rst:450 +#: ../../configuration/firewall/index.rst:76 +msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" +msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" + +#: ../../configuration/firewall/index.rst:29 +msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:28 +msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" + +#: ../../configuration/service/dhcp-server.rst:391 msgid "**Primary**" msgstr "**Primary**" @@ -401,19 +473,19 @@ msgstr "**R2**" msgid "**R2 Static Key**" msgstr "**R2 Static Key**" -#: ../../configuration/service/pppoe-server.rst:104 +#: ../../configuration/service/pppoe-server.rst:91 msgid "**RADIUS based IP pools (Framed-IP-Address)**" msgstr "**RADIUS based IP pools (Framed-IP-Address)**" -#: ../../configuration/service/pppoe-server.rst:128 +#: ../../configuration/service/pppoe-server.rst:115 msgid "**RADIUS sessions management DM/CoA**" msgstr "**RADIUS sessions management DM/CoA**" -#: ../../configuration/vpn/site2site_ipsec.rst:335 +#: ../../configuration/vpn/site2site_ipsec.rst:343 msgid "**RIGHT**" msgstr "**RIGHT**" -#: ../../configuration/vpn/site2site_ipsec.rst:289 +#: ../../configuration/vpn/site2site_ipsec.rst:293 msgid "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)" msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)" @@ -421,15 +493,15 @@ msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172 msgid "**Router-ID check**" msgstr "**Router-ID check**" -#: ../../configuration/protocols/igmp.rst:46 +#: ../../configuration/protocols/pim.rst:228 msgid "**Router 1**" msgstr "**Router 1**" -#: ../../configuration/protocols/igmp.rst:74 +#: ../../configuration/protocols/pim.rst:256 msgid "**Router 2**" msgstr "**Router 2**" -#: ../../configuration/protocols/igmp.rst:59 +#: ../../configuration/protocols/pim.rst:241 msgid "**Router 3**" msgstr "**Router 3**" @@ -449,7 +521,7 @@ msgstr "**SW1**" msgid "**SW2**" msgstr "**SW2**" -#: ../../configuration/service/dhcp-server.rst:459 +#: ../../configuration/service/dhcp-server.rst:400 msgid "**Secondary**" msgstr "**Secondary**" @@ -461,15 +533,19 @@ msgstr "**Setting up IPSec**" msgid "**Setting up the GRE tunnel**" msgstr "**Setting up the GRE tunnel**" -#: ../../configuration/interfaces/vxlan.rst:191 +#: ../../configuration/firewall/index.rst:80 +msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." +msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." + +#: ../../configuration/interfaces/vxlan.rst:212 msgid "**Spine1 Configuration:**" msgstr "**Spine1 Configuration:**" -#: ../../configuration/protocols/ospf.rst:1378 +#: ../../configuration/protocols/ospf.rst:1380 msgid "**Status**" msgstr "**Status**" -#: ../../configuration/protocols/ospf.rst:1336 +#: ../../configuration/protocols/ospf.rst:1338 msgid "**To see the redistributed routes:**" msgstr "**To see the redistributed routes:**" @@ -490,48 +566,12 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 +#: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 #: ../../_include/interface-address-with-dhcp.txt:7 #: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" @@ -579,50 +619,18 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." -#: ../../configuration/vpn/sstp.rst:188 +#: ../../configuration/vpn/sstp.rst:199 msgid "**deny** - deny mppe" msgstr "**deny** - deny mppe" -#: ../../configuration/nat/nat44.rst:201 +#: ../../configuration/nat/nat44.rst:213 msgid "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured." msgstr "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured." -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 #: ../../_include/interface-address-with-dhcp.txt:9 msgid "**dhcp** interface address is received by DHCP from a DHCP server on this segment." msgstr "**dhcp** interface address is received by DHCP from a DHCP server on this segment." -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 #: ../../_include/interface-address-with-dhcp.txt:11 msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." @@ -631,7 +639,7 @@ msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server msgid "**discard:** Received packets which already contain relay information will be discarded." msgstr "**discard:** Received packets which already contain relay information will be discarded." -#: ../../configuration/protocols/igmp.rst:195 +#: ../../configuration/protocols/igmp-proxy.rst:23 msgid "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured." msgstr "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured." @@ -643,7 +651,7 @@ msgstr "**exporter**: aggregates packets into flows and exports flow records tow msgid "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way" msgstr "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way" -#: ../../configuration/firewall/general.rst:99 +#: ../../configuration/firewall/global-options.rst:36 msgid "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way" msgstr "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way" @@ -655,6 +663,10 @@ msgstr "**forward:** All packets are forwarded, relay information already presen msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to." +#: ../../configuration/nat/nat44.rst:165 +msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." +msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." + #: ../../configuration/interfaces/bonding.rst:161 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" @@ -739,7 +751,11 @@ msgstr "**on-failure**: Restart containers when they exit with a non-zero exit c msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to." -#: ../../configuration/vpn/sstp.rst:187 +#: ../../configuration/nat/nat44.rst:149 +msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." +msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." + +#: ../../configuration/vpn/sstp.rst:198 msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**prefer** - ask client for mppe, if it rejects don't fail" @@ -751,7 +767,7 @@ msgstr "**process** When dnssec is set to process the behavior is similar to pro msgid "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client." msgstr "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client." -#: ../../configuration/nat/nat44.rst:169 +#: ../../configuration/nat/nat44.rst:181 msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols." msgstr "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols." @@ -767,7 +783,7 @@ msgstr "**remote side - commands**" msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set." msgstr "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set." -#: ../../configuration/vpn/sstp.rst:186 +#: ../../configuration/vpn/sstp.rst:197 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - ask client for mppe, if it rejects drop connection" @@ -779,7 +795,7 @@ msgstr "**right**" msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: Capability sets (from bounded or inherited set)" -#: ../../configuration/nat/nat44.rst:183 +#: ../../configuration/nat/nat44.rst:195 msgid "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT." msgstr "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT." @@ -795,7 +811,7 @@ msgstr "**sys-time**: Permission to set system clock" msgid "**transition** - Send and accept both styles of TLVs during transition." msgstr "**transition** - Send and accept both styles of TLVs during transition." -#: ../../configuration/protocols/igmp.rst:191 +#: ../../configuration/protocols/igmp-proxy.rst:19 msgid "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface." msgstr "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface." @@ -859,25 +875,6 @@ msgstr "011100" msgid "011110" msgstr "011110" -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 #: ../../_include/interface-ipv6.txt:79 msgid "0: Disable DAD" msgstr "0: Disable DAD" @@ -890,7 +887,7 @@ msgstr "0 if not defined, which means no refreshing." msgid "0 if not defined." msgstr "0 if not defined." -#: ../../configuration/service/dhcp-server.rst:270 +#: ../../configuration/service/dhcp-server.rst:237 #: ../../configuration/system/syslog.rst:114 #: ../../configuration/system/syslog.rst:173 #: ../../configuration/trafficpolicy/index.rst:801 @@ -898,7 +895,7 @@ msgstr "0 if not defined." msgid "1" msgstr "1" -#: ../../configuration/nat/nat44.rst:588 +#: ../../configuration/nat/nat44.rst:612 msgid "1-to-1 NAT" msgstr "1-to-1 NAT" @@ -953,7 +950,7 @@ msgstr "10 - 10 MBit/s" msgid "11" msgstr "11" -#: ../../configuration/service/dhcp-server.rst:352 +#: ../../configuration/service/dhcp-server.rst:319 msgid "119" msgstr "119" @@ -963,11 +960,11 @@ msgstr "119" msgid "12" msgstr "12" -#: ../../configuration/service/dhcp-server.rst:357 +#: ../../configuration/service/dhcp-server.rst:324 msgid "121, 249" msgstr "121, 249" -#: ../../configuration/service/dhcp-server.rst:337 +#: ../../configuration/service/dhcp-server.rst:304 #: ../../configuration/system/syslog.rst:138 #: ../../configuration/trafficpolicy/index.rst:870 msgid "13" @@ -979,7 +976,7 @@ msgstr "13" msgid "14" msgstr "14" -#: ../../configuration/service/dhcp-server.rst:297 +#: ../../configuration/service/dhcp-server.rst:264 #: ../../configuration/system/syslog.rst:142 #: ../../configuration/trafficpolicy/index.rst:866 msgid "15" @@ -1003,7 +1000,7 @@ msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgid "18" msgstr "18" -#: ../../configuration/service/dhcp-server.rst:302 +#: ../../configuration/service/dhcp-server.rst:269 #: ../../configuration/system/syslog.rst:150 msgid "19" msgstr "19" @@ -1016,25 +1013,10 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)" msgid "1. Create an event handler" msgstr "1. Create an event handler" -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 +#: ../../configuration/firewall/flowtables.rst:144 +msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + #: ../../_include/interface-ipv6.txt:80 msgid "1: Enable DAD (default)" msgstr "1: Enable DAD (default)" @@ -1043,7 +1025,7 @@ msgstr "1: Enable DAD (default)" msgid "1 if not defined." msgstr "1 if not defined." -#: ../../configuration/service/dhcp-server.rst:276 +#: ../../configuration/service/dhcp-server.rst:243 #: ../../configuration/system/syslog.rst:116 #: ../../configuration/system/syslog.rst:178 #: ../../configuration/trafficpolicy/index.rst:799 @@ -1077,7 +1059,7 @@ msgstr "25000 - 25 GBit/s" msgid "2500 - 2.5 GBit/s" msgstr "2500 - 2.5 GBit/s" -#: ../../configuration/service/dhcp-server.rst:362 +#: ../../configuration/service/dhcp-server.rst:329 msgid "252" msgstr "252" @@ -1097,30 +1079,15 @@ msgstr "2FA OTP support" msgid "2. Add regex to the script" msgstr "2. Add regex to the script" -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 +#: ../../configuration/firewall/flowtables.rst:148 +msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." +msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." + #: ../../_include/interface-ipv6.txt:81 msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." -#: ../../configuration/service/dhcp-server.rst:282 +#: ../../configuration/service/dhcp-server.rst:249 #: ../../configuration/system/syslog.rst:118 #: ../../configuration/system/syslog.rst:181 #: ../../configuration/trafficpolicy/index.rst:797 @@ -1148,7 +1115,7 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Add a full path to the script" -#: ../../configuration/service/dhcp-server.rst:287 +#: ../../configuration/service/dhcp-server.rst:254 #: ../../configuration/system/syslog.rst:120 #: ../../configuration/system/syslog.rst:183 #: ../../configuration/trafficpolicy/index.rst:795 @@ -1164,11 +1131,11 @@ msgstr "40000 - 40 GBit/s" msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." -#: ../../configuration/service/dhcp-server.rst:307 +#: ../../configuration/service/dhcp-server.rst:274 msgid "42" msgstr "42" -#: ../../configuration/service/dhcp-server.rst:312 +#: ../../configuration/service/dhcp-server.rst:279 msgid "44" msgstr "44" @@ -1180,6 +1147,10 @@ msgstr "46" msgid "4. Add optional parameters" msgstr "4. Add optional parameters" +#: ../../configuration/firewall/flowtables.rst:153 +msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." +msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." + #: ../../configuration/system/syslog.rst:122 #: ../../configuration/system/syslog.rst:185 #: ../../configuration/trafficpolicy/index.rst:793 @@ -1195,16 +1166,20 @@ msgstr "50000 - 50 GBit/s" msgid "5000 - 5 GBit/s" msgstr "5000 - 5 GBit/s" -#: ../../configuration/service/dhcp-server.rst:317 +#: ../../configuration/service/dhcp-server.rst:284 msgid "54" msgstr "54" +#: ../../configuration/firewall/flowtables.rst:157 +msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." +msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." + #: ../../configuration/highavailability/index.rst:257 #: ../../configuration/highavailability/index.rst:288 msgid "5 if not defined." msgstr "5 if not defined." -#: ../../configuration/service/dhcp-server.rst:292 +#: ../../configuration/service/dhcp-server.rst:259 #: ../../configuration/system/syslog.rst:124 #: ../../configuration/system/syslog.rst:189 #: ../../configuration/trafficpolicy/index.rst:791 @@ -1212,7 +1187,7 @@ msgstr "5 if not defined." msgid "6" msgstr "6" -#: ../../configuration/service/dhcp-server.rst:327 +#: ../../configuration/service/dhcp-server.rst:294 msgid "66" msgstr "66" @@ -1220,14 +1195,18 @@ msgstr "66" msgid "66% of traffic is routed to eth0, eth1 gets 33% of traffic." msgstr "66% of traffic is routed to eth0, eth1 gets 33% of traffic." -#: ../../configuration/service/dhcp-server.rst:332 +#: ../../configuration/service/dhcp-server.rst:299 msgid "67" msgstr "67" -#: ../../configuration/service/dhcp-server.rst:342 +#: ../../configuration/service/dhcp-server.rst:309 msgid "69" msgstr "69" +#: ../../configuration/firewall/flowtables.rst:161 +msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." + #: ../../configuration/interfaces/tunnel.rst:81 msgid "6in4 (SIT)" msgstr "6in4 (SIT)" @@ -1243,7 +1222,7 @@ msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defin msgid "7" msgstr "7" -#: ../../configuration/service/dhcp-server.rst:347 +#: ../../configuration/service/dhcp-server.rst:314 msgid "70" msgstr "70" @@ -1251,11 +1230,6 @@ msgstr "70" msgid "8" msgstr "8" -#: ../../_include/interface-vlan-8021q.txt:21 -#: ../../_include/interface-vlan-8021q.txt:21 -#: ../../_include/interface-vlan-8021q.txt:21 -#: ../../_include/interface-vlan-8021q.txt:21 -#: ../../_include/interface-vlan-8021q.txt:21 #: ../../_include/interface-vlan-8021q.txt:21 msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." @@ -1325,22 +1299,31 @@ msgstr "-: IP range to match." msgid ": IP address to match." msgstr ": IP address to match." +#: ../../configuration/pki/index.rst:252 +msgid "ACME" +msgstr "ACME" + +#: ../../configuration/pki/index.rst:281 +msgid "ACME Directory Resource URI." +msgstr "ACME Directory Resource URI." + +#: ../../configuration/service/https.rst:59 +msgid "API" +msgstr "API" + #: ../../configuration/protocols/static.rst:150 msgid "ARP" msgstr "ARP" -#: ../../configuration/firewall/general.rst:302 -#: ../../configuration/firewall/general-legacy.rst:257 +#: ../../configuration/firewall/groups.rst:129 msgid "A **domain group** represents a collection of domains." msgstr "A **domain group** represents a collection of domains." -#: ../../configuration/firewall/general.rst:284 -#: ../../configuration/firewall/general-legacy.rst:242 +#: ../../configuration/firewall/groups.rst:111 msgid "A **mac group** represents a collection of mac addresses." msgstr "A **mac group** represents a collection of mac addresses." -#: ../../configuration/firewall/general.rst:259 -#: ../../configuration/firewall/general-legacy.rst:217 +#: ../../configuration/firewall/groups.rst:86 msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." @@ -1368,7 +1351,7 @@ msgstr "A GRE tunnel operates at layer 3 of the OSI model and is represented by msgid "A Rule-Set can be applied to every interface:" msgstr "A Rule-Set can be applied to every interface:" -#: ../../configuration/service/dhcp-server.rst:631 +#: ../../configuration/service/dhcp-server.rst:561 msgid "A SNTP server address can be specified for DHCPv6 clients." msgstr "A SNTP server address can be specified for DHCPv6 clients." @@ -1380,11 +1363,11 @@ msgstr "A VRF device is created with an associated route table. Network interfac msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)." msgstr "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)." -#: ../../configuration/service/dns.rst:149 +#: ../../configuration/service/dns.rst:162 msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com." msgstr "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com." -#: ../../configuration/service/dhcp-server.rst:603 +#: ../../configuration/service/dhcp-server.rst:533 msgid "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients." msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients." @@ -1392,7 +1375,7 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." -#: ../../configuration/firewall/zone.rst:54 +#: ../../configuration/firewall/zone.rst:73 msgid "A basic introduction to zone-based firewalls can be found `here `_, and an example at :ref:`examples-zone-policy`." msgstr "A basic introduction to zone-based firewalls can be found `here `_, and an example at :ref:`examples-zone-policy`." @@ -1413,7 +1396,7 @@ msgstr "A common example is the case of some policies which, in order to be effe msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:" -#: ../../configuration/vpn/sstp.rst:323 +#: ../../configuration/vpn/sstp.rst:335 msgid "A connection attempt will be shown as:" msgstr "A connection attempt will be shown as:" @@ -1433,7 +1416,7 @@ msgstr "A disabled group will be removed from the VRRP process and your router w msgid "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`." msgstr "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`." -#: ../../configuration/nat/nat44.rst:685 +#: ../../configuration/nat/nat44.rst:709 msgid "A dummy interface for the provider-assigned IP;" msgstr "A dummy interface for the provider-assigned IP;" @@ -1445,7 +1428,7 @@ msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availabi msgid "A full example of a Tunnelbroker.net config can be found at :ref:`here `." msgstr "A full example of a Tunnelbroker.net config can be found at :ref:`here `." -#: ../../configuration/service/dhcp-server.rst:187 +#: ../../configuration/service/dhcp-server.rst:152 msgid "A generic `` referencing this sync service." msgstr "A generic `` referencing this sync service." @@ -1489,6 +1472,10 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" +#: ../../configuration/firewall/flowtables.rst:44 +msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." +msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." + #: ../../configuration/protocols/bgp.rst:698 msgid "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route." msgstr "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route." @@ -1497,12 +1484,12 @@ msgstr "A penalty of 1000 is assessed each time the route fails. When the penalt msgid "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted." msgstr "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted." -#: ../../configuration/nat/nat44.rst:360 +#: ../../configuration/nat/nat44.rst:374 msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:" -#: ../../configuration/firewall/general.rst:761 -#: ../../configuration/firewall/general-legacy.rst:506 +#: ../../configuration/firewall/ipv4.rst:485 +#: ../../configuration/firewall/ipv6.rst:491 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``." @@ -1535,24 +1522,15 @@ msgstr "A script can be run when an interface state change occurs. Scripts are r msgid "A segment ID that contains an IP address prefix calculated by an IGP in the service provider core network. Prefix SIDs are globally unique, this value indentify it" msgstr "A segment ID that contains an IP address prefix calculated by an IGP in the service provider core network. Prefix SIDs are globally unique, this value indentify it" -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 #: ../../_include/interface-disable-flow-control.txt:11 msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." -#: ../../configuration/service/dhcp-server.rst:659 +#: ../../configuration/service/dhcp-server.rst:589 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" -#: ../../configuration/protocols/bgp.rst:1145 +#: ../../configuration/protocols/bgp.rst:1146 msgid "A simple BGP configuration via IPv6." msgstr "A simple BGP configuration via IPv6." @@ -1560,7 +1538,7 @@ msgstr "A simple BGP configuration via IPv6." msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." -#: ../../configuration/protocols/bgp.rst:1100 +#: ../../configuration/protocols/bgp.rst:1101 msgid "A simple eBGP configuration:" msgstr "A simple eBGP configuration:" @@ -1572,6 +1550,14 @@ msgstr "A simple example of Shaper using priorities." msgid "A simple example of an FQ-CoDel policy working inside a Shaper one." msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." +#: ../../configuration/firewall/index.rst:14 +msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." +msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." + +#: ../../configuration/firewall/index.rst:14 +msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." +msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." + #: ../../configuration/nat/nat66.rst:28 msgid "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device." msgstr "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device." @@ -1584,11 +1570,11 @@ msgstr "A station acts as a Wi-Fi client accessing the network through an availa msgid "A sync group allows VRRP groups to transition together." msgstr "A sync group allows VRRP groups to transition together." -#: ../../configuration/protocols/ospf.rst:1316 +#: ../../configuration/protocols/ospf.rst:1318 msgid "A typical configuration using 2 nodes." msgstr "A typical configuration using 2 nodes." -#: ../../configuration/nat/nat44.rst:400 +#: ../../configuration/nat/nat44.rst:414 msgid "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall." msgstr "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall." @@ -1612,11 +1598,11 @@ msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header msgid "A very small buffer will soon start dropping packets." msgstr "A very small buffer will soon start dropping packets." -#: ../../configuration/firewall/zone.rst:33 +#: ../../configuration/firewall/zone.rst:52 msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." -#: ../../configuration/service/dns.rst:384 +#: ../../configuration/service/dns.rst:397 msgid "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized." msgstr "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized." @@ -1652,12 +1638,14 @@ msgstr "Action must be taken immediately - A condition that should be corrected msgid "Action which will be run once the ctrl-alt-del keystroke is received." msgstr "Action which will be run once the ctrl-alt-del keystroke is received." -#: ../../configuration/firewall/general.rst:327 +#: ../../configuration/firewall/bridge.rst:65 +#: ../../configuration/firewall/ipv4.rst:81 +#: ../../configuration/firewall/ipv6.rst:81 #: ../../configuration/policy/route.rst:238 msgid "Actions" msgstr "Actions" -#: ../../configuration/interfaces/openvpn.rst:431 +#: ../../configuration/interfaces/openvpn.rst:483 msgid "Active Directory" msgstr "Active Directory" @@ -1737,7 +1725,7 @@ msgstr "Add the private key portion of this certificate to the CLI. This should msgid "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." -#: ../../configuration/vpn/openconnect.rst:169 +#: ../../configuration/vpn/openconnect.rst:176 msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" @@ -1753,7 +1741,7 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." -#: ../../configuration/nat/nat44.rst:738 +#: ../../configuration/nat/nat44.rst:760 msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" @@ -1765,7 +1753,7 @@ msgstr "Additionally you should keep in mind that this feature fundamentally dis msgid "Address" msgstr "Address" -#: ../../configuration/nat/nat44.rst:219 +#: ../../configuration/nat/nat44.rst:231 msgid "Address Conversion" msgstr "Address Conversion" @@ -1773,20 +1761,19 @@ msgstr "Address Conversion" msgid "Address Families" msgstr "Address Families" -#: ../../configuration/firewall/general.rst:192 -#: ../../configuration/firewall/general-legacy.rst:168 +#: ../../configuration/firewall/groups.rst:19 msgid "Address Groups" msgstr "Address Groups" -#: ../../configuration/service/dhcp-server.rst:662 +#: ../../configuration/service/dhcp-server.rst:592 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:582 msgid "Address pools" msgstr "Address pools" -#: ../../configuration/service/https.rst:42 +#: ../../configuration/service/https.rst:33 msgid "Address to listen for HTTPS requests" msgstr "Address to listen for HTTPS requests" @@ -1798,7 +1785,7 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for msgid "Administrative Distance" msgstr "Administrative Distance" -#: ../../configuration/nat/nat44.rst:289 +#: ../../configuration/nat/nat44.rst:301 msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." @@ -1818,7 +1805,7 @@ msgstr "Advertising a Prefix" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" -#: ../../configuration/vrf/index.rst:323 +#: ../../configuration/vrf/index.rst:325 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." @@ -1846,7 +1833,7 @@ msgstr "Algorithm" msgid "Aliases" msgstr "Aliases" -#: ../../configuration/service/dns.rst:154 +#: ../../configuration/service/dns.rst:167 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" @@ -1874,7 +1861,7 @@ msgstr "All interfaces used for the DHCP relay must be configured. This includes msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop." msgstr "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop." -#: ../../configuration/service/dns.rst:156 +#: ../../configuration/service/dns.rst:169 msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff" msgstr "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff" @@ -1882,6 +1869,10 @@ msgstr "All other DNS requests will be forwarded to a different set of DNS serve msgid "All reply sizes are accepted by default." msgstr "All reply sizes are accepted by default." +#: ../../configuration/protocols/pim.rst:91 +msgid "All routers in the PIM network must agree on these values." +msgstr "All routers in the PIM network must agree on these values." + #: ../../configuration/system/task-scheduler.rst:10 msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." @@ -1894,11 +1885,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." -#: ../../configuration/firewall/zone.rst:36 +#: ../../configuration/firewall/zone.rst:55 msgid "All traffic between zones is affected by existing policies" msgstr "All traffic between zones is affected by existing policies" -#: ../../configuration/firewall/zone.rst:35 +#: ../../configuration/firewall/zone.rst:54 msgid "All traffic to and from an interface within a zone is permitted." msgstr "All traffic to and from an interface within a zone is permitted." @@ -1922,7 +1913,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." -#: ../../configuration/service/dns.rst:346 +#: ../../configuration/service/dns.rst:359 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -1930,15 +1921,24 @@ msgstr "Allow explicit IPv6 address for the interface." msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." +#: ../../configuration/service/mdns.rst:43 +msgid "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected." +msgstr "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected." + #: ../../configuration/protocols/bfd.rst:34 msgid "Allow this BFD peer to not be directly connected" msgstr "Allow this BFD peer to not be directly connected" -#: ../../configuration/firewall/general.rst:1137 #: ../../configuration/firewall/general-legacy.rst:694 msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." +#: ../../configuration/firewall/ipv4.rst:812 +#: ../../configuration/firewall/ipv6.rst:821 +#: ../../configuration/system/conntrack.rst:199 +msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." +msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." + #: ../../configuration/interfaces/bridge.rst:162 msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." @@ -1959,7 +1959,9 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP msgid "Already learned known_hosts files of clients need an update as the public key will change." msgstr "Already learned known_hosts files of clients need an update as the public key will change." -#: ../../configuration/firewall/general.rst:377 +#: ../../configuration/firewall/bridge.rst:123 +#: ../../configuration/firewall/ipv4.rst:166 +#: ../../configuration/firewall/ipv6.rst:166 msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." @@ -1971,7 +1973,7 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" -#: ../../configuration/nat/nat44.rst:276 +#: ../../configuration/nat/nat44.rst:288 msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." @@ -1983,15 +1985,15 @@ msgstr "Alternate Routing Tables" msgid "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`." msgstr "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`." -#: ../../configuration/interfaces/vxlan.rst:321 +#: ../../configuration/interfaces/vxlan.rst:342 msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" -#: ../../configuration/service/dhcp-server.rst:130 +#: ../../configuration/service/dhcp-server.rst:116 msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." -#: ../../configuration/firewall/general.rst:241 +#: ../../configuration/firewall/groups.rst:68 msgid "An **interface group** represents a collection of interfaces." msgstr "An **interface group** represents a collection of interfaces." @@ -2035,6 +2037,10 @@ msgstr "An agent is a network-management software module that resides on a manag msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)" +#: ../../configuration/firewall/ipv4.rst:373 +msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." +msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." + #: ../../configuration/firewall/general-legacy.rst:424 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)" @@ -2043,7 +2049,7 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)." -#: ../../configuration/firewall/general.rst:619 +#: ../../configuration/firewall/ipv6.rst:371 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)" @@ -2072,7 +2078,7 @@ msgstr "An example of creating a VLAN-aware bridge is as follows:" msgid "An example of key generation:" msgstr "An example of key generation:" -#: ../../configuration/vpn/openconnect.rst:291 +#: ../../configuration/vpn/openconnect.rst:298 msgid "An example of the data captured by a FREERADIUS server with sql accounting:" msgstr "An example of the data captured by a FREERADIUS server with sql accounting:" @@ -2080,10 +2086,34 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." +#: ../../configuration/firewall/flowtables.rst:142 +msgid "Analysis on what happens for desired connection:" +msgstr "Analysis on what happens for desired connection:" + +#: ../../configuration/firewall/bridge.rst:297 +msgid "And, to print only bridge firewall information:" +msgstr "And, to print only bridge firewall information:" + +#: ../../configuration/firewall/ipv4.rst:57 +msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" + +#: ../../configuration/firewall/ipv6.rst:57 +msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" + #: ../../configuration/policy/route.rst:76 msgid "And for ipv6:" msgstr "And for ipv6:" +#: ../../configuration/firewall/groups.rst:165 +msgid "And next, some configuration example where groups are used:" +msgstr "And next, some configuration example where groups are used:" + +#: ../../configuration/firewall/bridge.rst:349 +msgid "And op-mode commands:" +msgstr "And op-mode commands:" + #: ../../configuration/system/ip.rst:84 msgid "And the different IPv4 **reset** commands available:" msgstr "And the different IPv4 **reset** commands available:" @@ -2093,7 +2123,7 @@ msgstr "And the different IPv4 **reset** commands available:" msgid "And then hash is reduced modulo slave count." msgstr "And then hash is reduced modulo slave count." -#: ../../configuration/nat/nat44.rst:590 +#: ../../configuration/nat/nat44.rst:614 msgid "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa." msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa." @@ -2118,7 +2148,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo msgid "Apply routing policy to **inbound** direction of out VLAN interfaces" msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces" -#: ../../configuration/firewall/zone.rst:82 +#: ../../configuration/firewall/zone.rst:101 msgid "Applying a Rule-Set to a Zone" msgstr "Applying a Rule-Set to a Zone" @@ -2151,49 +2181,11 @@ msgstr "Arista EOS" msgid "Aruba/HP" msgstr "Aruba/HP" -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 #: ../../configuration/interfaces/pppoe.rst:207 #: ../../configuration/interfaces/pppoe.rst:253 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 #: ../../configuration/interfaces/sstp-client.rst:79 #: ../../_include/interface-ip.txt:4 #: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 msgid "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'." msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'." @@ -2209,6 +2201,10 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." +#: ../../configuration/firewall/index.rst:7 +msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." +msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." + #: ../../configuration/interfaces/wwan.rst:326 msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." @@ -2221,10 +2217,14 @@ msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte b msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." -#: ../../configuration/firewall/zone.rst:49 +#: ../../configuration/firewall/zone.rst:68 msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." +#: ../../configuration/firewall/flowtables.rst:109 +msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." +msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." + #: ../../configuration/system/option.rst:80 msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." @@ -2241,6 +2241,10 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." +#: ../../configuration/firewall/groups.rst:147 +msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." +msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." + #: ../../configuration/trafficpolicy/index.rst:196 msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." @@ -2249,11 +2253,11 @@ msgstr "As shown in the example above, one of the possibilities to match packets msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." -#: ../../configuration/firewall/index.rst:81 +#: ../../configuration/firewall/index.rst:176 msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." -#: ../../configuration/firewall/index.rst:60 +#: ../../configuration/firewall/index.rst:182 msgid "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface." msgstr "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface." @@ -2281,7 +2285,7 @@ msgstr "As with other policies, you can define different type of matching rules msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" -#: ../../configuration/interfaces/vxlan.rst:264 +#: ../../configuration/interfaces/vxlan.rst:285 msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" @@ -2309,7 +2313,7 @@ msgstr "Assign member interfaces to PortChannel" msgid "Assign static IP address to `` account." msgstr "Assign static IP address to `` account." -#: ../../configuration/service/dhcp-server.rst:111 +#: ../../configuration/service/dhcp-server.rst:97 msgid "Assign the IP address to this machine for `