diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-22 08:12:21 +0100 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-01-22 07:32:48 +0000 |
commit | d8a151eafbc7f87bd82f19439e37e8c87ca48d6f (patch) | |
tree | 1c8b37f68d5b761dfedd2106d3ed38132856a50c | |
parent | 39d0464616be1fc12be201223a84937b43c19382 (diff) | |
download | vyos-1x-d8a151eafbc7f87bd82f19439e37e8c87ca48d6f.tar.gz vyos-1x-d8a151eafbc7f87bd82f19439e37e8c87ca48d6f.zip |
sflow: T5968: add VRF support
Add support to run hsflowd in a dedicated (e.g. management) VRF.
Command will be "set system sflow vrf <name>" like with any other service
(cherry picked from commit 64473fa6f320375fb3d3de4de9e729f456ee5ae2)
-rw-r--r-- | data/templates/sflow/override.conf.j2 | 3 | ||||
-rw-r--r-- | interface-definitions/system_sflow.xml.in | 1 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_system_sflow.py | 28 | ||||
-rwxr-xr-x | src/conf_mode/system_sflow.py | 11 |
4 files changed, 32 insertions, 11 deletions
diff --git a/data/templates/sflow/override.conf.j2 b/data/templates/sflow/override.conf.j2 index f2a982528..73588fdb2 100644 --- a/data/templates/sflow/override.conf.j2 +++ b/data/templates/sflow/override.conf.j2 @@ -1,3 +1,4 @@ +{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} [Unit] After= After=vyos-router.service @@ -7,7 +8,7 @@ ConditionPathExists=/run/sflow/hsflowd.conf [Service] EnvironmentFile= ExecStart= -ExecStart=/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf +ExecStart={{ vrf_command }}/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf WorkingDirectory= WorkingDirectory=/run/sflow PIDFile= diff --git a/interface-definitions/system_sflow.xml.in b/interface-definitions/system_sflow.xml.in index c5152abe9..aaf4033d8 100644 --- a/interface-definitions/system_sflow.xml.in +++ b/interface-definitions/system_sflow.xml.in @@ -106,6 +106,7 @@ </leafNode> </children> </tagNode> + #include <include/interface/vrf.xml.i> </children> </node> </children> diff --git a/smoketest/scripts/cli/test_system_sflow.py b/smoketest/scripts/cli/test_system_sflow.py index 63262db69..c0424d915 100755 --- a/smoketest/scripts/cli/test_system_sflow.py +++ b/smoketest/scripts/cli/test_system_sflow.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,7 @@ import unittest from base_vyostest_shim import VyOSUnitTestSHIM +from time import sleep from vyos.configsession import ConfigSessionError from vyos.ifconfig import Section @@ -26,12 +27,11 @@ from vyos.utils.file import read_file PROCESS_NAME = 'hsflowd' base_path = ['system', 'sflow'] +vrf = 'mgmt' hsflowd_conf = '/run/sflow/hsflowd.conf' - class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase): - @classmethod def setUpClass(cls): super(TestSystemFlowAccounting, cls).setUpClass() @@ -45,6 +45,7 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase): self.assertTrue(process_named_running(PROCESS_NAME)) self.cli_delete(base_path) + self.cli_delete(['vrf', 'name', vrf]) self.cli_commit() # after service removal process must no longer run @@ -96,6 +97,27 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase): for interface in Section.interfaces('ethernet'): self.assertIn(f'pcap {{ dev={interface} }}', hsflowd) + def test_vrf(self): + interface = 'eth0' + server = '192.0.2.1' + + # Check if sFlow service can be bound to given VRF + self.cli_set(['vrf', 'name', vrf, 'table', '10100']) + self.cli_set(base_path + ['interface', interface]) + self.cli_set(base_path + ['server', server]) + self.cli_set(base_path + ['vrf', vrf]) + + # commit changes + self.cli_commit() + + # verify configuration + hsflowd = read_file(hsflowd_conf) + self.assertIn(f'collector {{ ip = {server} udpport = 6343 }}', hsflowd) # default port + self.assertIn(f'pcap {{ dev=eth0 }}', hsflowd) + + # Check for process in VRF + tmp = cmd(f'ip vrf pids {vrf}') + self.assertIn(PROCESS_NAME, tmp) if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/system_sflow.py b/src/conf_mode/system_sflow.py index 2df1bbb7a..41119b494 100755 --- a/src/conf_mode/system_sflow.py +++ b/src/conf_mode/system_sflow.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -19,6 +19,7 @@ import os from sys import exit from vyos.config import Config +from vyos.configverify import verify_vrf from vyos.template import render from vyos.utils.process import call from vyos.utils.network import is_addr_assigned @@ -46,7 +47,6 @@ def get_config(config=None): return sflow - def verify(sflow): if not sflow: return None @@ -68,9 +68,8 @@ def verify(sflow): if 'server' not in sflow: raise ConfigError('You need to configure at least one sFlow server!') - # return True if all checks were passed - return True - + verify_vrf(sflow) + return None def generate(sflow): if not sflow: @@ -81,7 +80,6 @@ def generate(sflow): # Reload systemd manager configuration call('systemctl daemon-reload') - def apply(sflow): if not sflow: # Stop flow-accounting daemon and remove configuration file @@ -93,7 +91,6 @@ def apply(sflow): # Start/reload flow-accounting daemon call(f'systemctl restart {systemd_service}') - if __name__ == '__main__': try: config = get_config() |