flow-accounting: T4277: support sending flow-data via VRF interface

It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.

set system flow-accounting vrf <name>

5 files changed, 24 insertions, 11 deletions

diff --git a/src/etc/systemd/system/uacctd.service.d/override.conf b/data/templates/pmacct/override.conf.tmpl
index 38bcce515..216927666 100644
--- a/src/etc/systemd/system/uacctd.service.d/override.conf
+++ b/data/templates/pmacct/override.conf.tmpl
@@ -1,3 +1,4 @@
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
 [Unit]
 After=
 After=vyos-router.service
@@ -7,8 +8,10 @@ ConditionPathExists=/run/pmacct/uacctd.conf
 [Service]
 EnvironmentFile=
 ExecStart=
-ExecStart=/usr/sbin/uacctd -f /run/pmacct/uacctd.conf
+ExecStart={{vrf_command}}/usr/sbin/uacctd -f /run/pmacct/uacctd.conf
 WorkingDirectory=
 WorkingDirectory=/run/pmacct
 PIDFile=
 PIDFile=/run/pmacct/uacctd.pid
+Restart=always
+RestartSec=10
diff --git a/data/templates/netflow/uacctd.conf.tmpl b/data/templates/pmacct/uacctd.conf.tmpl
index f81002dc1..b58f7c796 100644
--- a/data/templates/netflow/uacctd.conf.tmpl
+++ b/data/templates/pmacct/uacctd.conf.tmpl
@@ -19,19 +19,19 @@ imt_mem_pools_number: 169
 {% endif %}
 
 {% set plugin = [] %}
-{% if disable_imt is not defined %}
-{%   set plugin = ['memory'] %}
-{% endif %}
 {% if netflow is defined and netflow.server is defined and netflow.server is not none %}
 {%   for server in netflow.server %}
-{%     set plugin = plugin.append('nfprobe[nf_' ~ server ~ ']') %}
+{%     set _ = plugin.append('nfprobe[nf_' ~ server ~ ']') %}
 {%   endfor %}
 {% endif %}
 {% if sflow is defined and sflow.server is defined and sflow.server is not none %}
 {%   for server in sflow.server %}
-{%     set plugin = plugin.append('sfprobe[sf_' ~ server ~ ']') %}
+{%     set _ = plugin.append('sfprobe[sf_' ~ server ~ ']') %}
 {%   endfor %}
 {% endif %}
+{% if disable_imt is not defined %}
+{%     set _ = plugin.append('memory') %}
+{% endif %}
 plugins: {{ plugin | join(',') }}
 
 {% if netflow is defined and netflow.server is defined and netflow.server is not none %}
diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in
index 05cf5e170..133e45c72 100644
--- a/interface-definitions/flow-accounting-conf.xml.in
+++ b/interface-definitions/flow-accounting-conf.xml.in
@@ -431,6 +431,7 @@
               #include <include/source-address-ipv4-ipv6.xml.i>
             </children>
           </node>
+          #include <include/interface/vrf.xml.i>
         </children>
       </node>
     </children>
diff --git a/smoketest/scripts/cli/test_system_flow-accounting.py b/smoketest/scripts/cli/test_system_flow-accounting.py
index 857df1be6..84f17bcb0 100755
--- a/smoketest/scripts/cli/test_system_flow-accounting.py
+++ b/smoketest/scripts/cli/test_system_flow-accounting.py
@@ -39,6 +39,9 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
         cls.cli_delete(cls, base_path)
 
     def tearDown(self):
+        # after service removal process must no longer run
+        self.assertTrue(process_named_running(PROCESS_NAME))
+
         self.cli_delete(base_path)
         self.cli_commit()
 
@@ -213,9 +216,9 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
         uacctd = read_file(uacctd_conf)
 
         tmp = []
-        tmp.append('memory')
         for server, server_config in netflow_server.items():
             tmp.append(f'nfprobe[nf_{server}]')
+        tmp.append('memory')
         self.assertIn('plugins: ' + ','.join(tmp), uacctd)
 
         for server, server_config in netflow_server.items():
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py
index 975f19acf..25bf54790 100755
--- a/src/conf_mode/flow_accounting_conf.py
+++ b/src/conf_mode/flow_accounting_conf.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2021 VyOS maintainers and contributors
+# Copyright (C) 2018-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -27,6 +27,7 @@ from vyos.configdict import dict_merge
 from vyos.ifconfig import Section
 from vyos.ifconfig import Interface
 from vyos.template import render
+from vyos.util import call
 from vyos.util import cmd
 from vyos.validate import is_addr_assigned
 from vyos.xml import defaults
@@ -35,6 +36,8 @@ from vyos import airbag
 airbag.enable()
 
 uacctd_conf_path = '/run/pmacct/uacctd.conf'
+systemd_service = 'uacctd.service'
+systemd_override = f'/etc/systemd/system/{systemd_service}.d/override.conf'
 nftables_nflog_table = 'raw'
 nftables_nflog_chain = 'VYOS_CT_PREROUTING_HOOK'
 egress_nftables_nflog_table = 'inet mangle'
@@ -236,7 +239,10 @@ def generate(flow_config):
     if not flow_config:
         return None
 
-    render(uacctd_conf_path, 'netflow/uacctd.conf.tmpl', flow_config)
+    render(uacctd_conf_path, 'pmacct/uacctd.conf.tmpl', flow_config)
+    render(systemd_override, 'pmacct/override.conf.tmpl', flow_config)
+    # Reload systemd manager configuration
+    call('systemctl daemon-reload')
 
 def apply(flow_config):
     action = 'restart'
@@ -246,13 +252,13 @@ def apply(flow_config):
         _nftables_config([], 'egress')
 
         # Stop flow-accounting daemon and remove configuration file
-        cmd('systemctl stop uacctd.service')
+        call(f'systemctl stop {systemd_service}')
         if os.path.exists(uacctd_conf_path):
             os.unlink(uacctd_conf_path)
         return
 
     # Start/reload flow-accounting daemon
-    cmd(f'systemctl restart uacctd.service')
+    call(f'systemctl restart {systemd_service}')
 
     # configure nftables rules for defined interfaces
     if 'interface' in flow_config: