Merge pull request #4398 from jestabro/commitdHEADcurrent

T7121: Set up communication vyconfd to vyos-commitd

14 files changed, 727 insertions, 17 deletions

diff --git a/.gitignore b/.gitignore
index d1bfc91d7..27ed8000f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -151,6 +151,9 @@ data/reftree.cache
 # autogenerated vyos-configd JSON definition
 data/configd-include.json
 
+# autogenerated vyos-commitd protobuf files
+python/vyos/proto/*pb2.py
+
 # We do not use pip
 Pipfile
 Pipfile.lock
diff --git a/Makefile b/Makefile
index 3ec5ed73f..72b3d2784 100644
--- a/Makefile
+++ b/Makefile
@@ -27,7 +27,7 @@ libvyosconfig:
 		rm -rf /tmp/libvyosconfig && \
 			git clone https://github.com/vyos/libvyosconfig.git /tmp/libvyosconfig || exit 1
 		cd /tmp/libvyosconfig && \
-			git checkout 677d1e2bf8109b9fd4da60e20376f992b747e384 || exit 1
+			git checkout 5f15d8095efd11756a867e552a3f8fe6c77e57cc || exit 1
 		eval $$(opam env --root=/opt/opam --set-root) && ./build.sh
 	fi
 
diff --git a/debian/control b/debian/control
index 4f1207078..20b1a228c 100644
--- a/debian/control
+++ b/debian/control
@@ -15,6 +15,8 @@ Build-Depends:
 # For generating command definitions
   python3-lxml,
   python3-xmltodict,
+# For generating serialization functions
+  protobuf-compiler,
 # For running tests
   python3-coverage,
   python3-hurry.filesize,
@@ -70,6 +72,7 @@ Depends:
   python3-netifaces,
   python3-paramiko,
   python3-passlib,
+  python3-protobuf,
   python3-pyroute2,
   python3-psutil,
   python3-pyhumps,
@@ -77,6 +80,7 @@ Depends:
   python3-pyudev,
   python3-six,
   python3-tabulate,
+  python3-tomli,
   python3-voluptuous,
   python3-xmltodict,
   python3-zmq,
diff --git a/python/setup.py b/python/setup.py
index 2d614e724..96dc211f7 100644
--- a/python/setup.py
+++ b/python/setup.py
@@ -1,5 +1,11 @@
 import os
+import sys
+import subprocess
 from setuptools import setup
+from setuptools.command.build_py import build_py
+
+sys.path.append('./vyos')
+from defaults import directories
 
 def packages(directory):
     return [
@@ -8,6 +14,35 @@ def packages(directory):
         if os.path.isfile(os.path.join(_[0], '__init__.py'))
     ]
 
+
+class GenerateProto(build_py):
+    ver = os.environ.get('OCAML_VERSION')
+    if ver:
+        proto_path = f'/opt/opam/{ver}/share/vyconf'
+    else:
+        proto_path = directories['proto_path']
+
+    def run(self):
+        # find all .proto files in vyconf proto_path
+        proto_files = []
+        for _, _, files in os.walk(self.proto_path):
+            for file in files:
+                if file.endswith('.proto'):
+                    proto_files.append(file)
+
+        # compile each .proto file to Python
+        for proto_file in proto_files:
+            subprocess.check_call(
+                [
+                    'protoc',
+                    '--python_out=vyos/proto',
+                    f'--proto_path={self.proto_path}/',
+                    proto_file,
+                ]
+            )
+
+        build_py.run(self)
+
 setup(
     name = "vyos",
     version = "1.3.0",
@@ -29,4 +64,7 @@ setup(
             "config-mgmt = vyos.config_mgmt:run",
         ],
     },
+    cmdclass={
+        'build_py': GenerateProto,
+    },
 )
diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py
index 1c2b70fdf..dd8910afb 100644
--- a/python/vyos/config_mgmt.py
+++ b/python/vyos/config_mgmt.py
@@ -287,7 +287,7 @@ Proceed ?"""
 
         # commits under commit-confirm are not added to revision list unless
         # confirmed, hence a soft revert is to revision 0
-        revert_ct = self._get_config_tree_revision(0)
+        revert_ct = self.get_config_tree_revision(0)
 
         message = '[commit-confirm] Reverting to previous config now'
         os.system('wall -n ' + message)
@@ -351,7 +351,7 @@ Proceed ?"""
             )
             return msg, 1
 
-        rollback_ct = self._get_config_tree_revision(rev)
+        rollback_ct = self.get_config_tree_revision(rev)
         try:
             load(rollback_ct, switch='explicit')
             print('Rollback diff has been applied.')
@@ -382,7 +382,7 @@ Proceed ?"""
         if rev1 is not None:
             if not self._check_revision_number(rev1):
                 return f'Invalid revision number {rev1}', 1
-            ct1 = self._get_config_tree_revision(rev1)
+            ct1 = self.get_config_tree_revision(rev1)
             ct2 = self.working_config
             msg = f'No changes between working and revision {rev1} configurations.\n'
         if rev2 is not None:
@@ -390,7 +390,7 @@ Proceed ?"""
                 return f'Invalid revision number {rev2}', 1
             # compare older to newer
             ct2 = ct1
-            ct1 = self._get_config_tree_revision(rev2)
+            ct1 = self.get_config_tree_revision(rev2)
             msg = f'No changes between revisions {rev2} and {rev1} configurations.\n'
 
         out = ''
@@ -575,7 +575,7 @@ Proceed ?"""
             r = f.read().decode()
         return r
 
-    def _get_config_tree_revision(self, rev: int):
+    def get_config_tree_revision(self, rev: int):
         c = self._get_file_revision(rev)
         return ConfigTree(c)
 
diff --git a/python/vyos/configsource.py b/python/vyos/configsource.py
index 59e5ac8a1..65cef5333 100644
--- a/python/vyos/configsource.py
+++ b/python/vyos/configsource.py
@@ -319,3 +319,13 @@ class ConfigSourceString(ConfigSource):
             self._session_config = ConfigTree(session_config_text) if session_config_text else None
         except ValueError:
             raise ConfigSourceError(f"Init error in {type(self)}")
+
+class ConfigSourceCache(ConfigSource):
+    def __init__(self, running_config_cache=None, session_config_cache=None):
+        super().__init__()
+
+        try:
+            self._running_config = ConfigTree(internal=running_config_cache) if running_config_cache else None
+            self._session_config = ConfigTree(internal=session_config_cache) if session_config_cache else None
+        except ValueError:
+            raise ConfigSourceError(f"Init error in {type(self)}")
diff --git a/python/vyos/configtree.py b/python/vyos/configtree.py
index 4ad0620a5..83954327c 100644
--- a/python/vyos/configtree.py
+++ b/python/vyos/configtree.py
@@ -66,9 +66,14 @@ class ConfigTreeError(Exception):
 
 
 class ConfigTree(object):
-    def __init__(self, config_string=None, address=None, libpath=LIBPATH):
-        if config_string is None and address is None:
-            raise TypeError("ConfigTree() requires one of 'config_string' or 'address'")
+    def __init__(
+        self, config_string=None, address=None, internal=None, libpath=LIBPATH
+    ):
+        if config_string is None and address is None and internal is None:
+            raise TypeError(
+                "ConfigTree() requires one of 'config_string', 'address', or 'internal'"
+            )
+
         self.__config = None
         self.__lib = cdll.LoadLibrary(libpath)
 
@@ -89,6 +94,13 @@ class ConfigTree(object):
         self.__to_commands.argtypes = [c_void_p, c_char_p]
         self.__to_commands.restype = c_char_p
 
+        self.__read_internal = self.__lib.read_internal
+        self.__read_internal.argtypes = [c_char_p]
+        self.__read_internal.restype = c_void_p
+
+        self.__write_internal = self.__lib.write_internal
+        self.__write_internal.argtypes = [c_void_p, c_char_p]
+
         self.__to_json = self.__lib.to_json
         self.__to_json.argtypes = [c_void_p]
         self.__to_json.restype = c_char_p
@@ -168,7 +180,21 @@ class ConfigTree(object):
         self.__destroy = self.__lib.destroy
         self.__destroy.argtypes = [c_void_p]
 
-        if address is None:
+        self.__equal = self.__lib.equal
+        self.__equal.argtypes = [c_void_p, c_void_p]
+        self.__equal.restype = c_bool
+
+        if address is not None:
+            self.__config = address
+            self.__version = ''
+        elif internal is not None:
+            config = self.__read_internal(internal.encode())
+            if config is None:
+                msg = self.__get_error().decode()
+                raise ValueError('Failed to read internal rep: {0}'.format(msg))
+            else:
+                self.__config = config
+        elif config_string is not None:
             config_section, version_section = extract_version(config_string)
             config_section = escape_backslash(config_section)
             config = self.__from_string(config_section.encode())
@@ -179,8 +205,9 @@ class ConfigTree(object):
                 self.__config = config
                 self.__version = version_section
         else:
-            self.__config = address
-            self.__version = ''
+            raise TypeError(
+                "ConfigTree() requires one of 'config_string', 'address', or 'internal'"
+            )
 
         self.__migration = os.environ.get('VYOS_MIGRATION')
         if self.__migration:
@@ -190,6 +217,11 @@ class ConfigTree(object):
         if self.__config is not None:
             self.__destroy(self.__config)
 
+    def __eq__(self, other):
+        if isinstance(other, ConfigTree):
+            return self.__equal(self._get_config(), other._get_config())
+        return False
+
     def __str__(self):
         return self.to_string()
 
@@ -199,6 +231,9 @@ class ConfigTree(object):
     def get_version_string(self):
         return self.__version
 
+    def write_cache(self, file_name):
+        self.__write_internal(self._get_config(), file_name)
+
     def to_string(self, ordered_values=False, no_version=False):
         config_string = self.__to_string(self.__config, ordered_values).decode()
         config_string = unescape_backslash(config_string)
@@ -488,6 +523,35 @@ def mask_inclusive(left, right, libpath=LIBPATH):
     return tree
 
 
+def show_commit_data(active_tree, proposed_tree, libpath=LIBPATH):
+    if not (
+        isinstance(active_tree, ConfigTree) and isinstance(proposed_tree, ConfigTree)
+    ):
+        raise TypeError('Arguments must be instances of ConfigTree')
+
+    __lib = cdll.LoadLibrary(libpath)
+    __show_commit_data = __lib.show_commit_data
+    __show_commit_data.argtypes = [c_void_p, c_void_p]
+    __show_commit_data.restype = c_char_p
+
+    res = __show_commit_data(active_tree._get_config(), proposed_tree._get_config())
+
+    return res.decode()
+
+
+def test_commit(active_tree, proposed_tree, libpath=LIBPATH):
+    if not (
+        isinstance(active_tree, ConfigTree) and isinstance(proposed_tree, ConfigTree)
+    ):
+        raise TypeError('Arguments must be instances of ConfigTree')
+
+    __lib = cdll.LoadLibrary(libpath)
+    __test_commit = __lib.test_commit
+    __test_commit.argtypes = [c_void_p, c_void_p]
+
+    __test_commit(active_tree._get_config(), proposed_tree._get_config())
+
+
 def reference_tree_to_json(from_dir, to_file, internal_cache='', libpath=LIBPATH):
     try:
         __lib = cdll.LoadLibrary(libpath)
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index 86194cd55..2b08ff68e 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -38,7 +38,8 @@ directories = {
   'vyos_configdir' : '/opt/vyatta/config',
   'completion_dir' : f'{base_dir}/completion',
   'ca_certificates' : '/usr/local/share/ca-certificates/vyos',
-  'ppp_nexthop_dir' : '/run/ppp_nexthop'
+  'ppp_nexthop_dir' : '/run/ppp_nexthop',
+  'proto_path' : '/usr/share/vyos/vyconf'
 }
 
 systemd_services = {
@@ -69,3 +70,5 @@ rt_symbolic_names = {
 
 rt_global_vrf = rt_symbolic_names['main']
 rt_global_table = rt_symbolic_names['main']
+
+vyconfd_conf = '/etc/vyos/vyconfd.conf'
diff --git a/python/vyos/proto/__init__.py b/python/vyos/proto/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/python/vyos/proto/__init__.py
diff --git a/src/helpers/show_commit_data.py b/src/helpers/show_commit_data.py
new file mode 100755
index 000000000..d507ed9a4
--- /dev/null
+++ b/src/helpers/show_commit_data.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2025 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# This script is used to show the commit data of the configuration
+
+import sys
+from pathlib import Path
+from argparse import ArgumentParser
+
+from vyos.config_mgmt import ConfigMgmt
+from vyos.configtree import ConfigTree
+from vyos.configtree import show_commit_data
+
+cm = ConfigMgmt()
+
+parser = ArgumentParser(
+    description='Show commit priority queue; no options compares the last two commits'
+)
+parser.add_argument('--active-config', help='Path to the active configuration file')
+parser.add_argument('--proposed-config', help='Path to the proposed configuration file')
+args = parser.parse_args()
+
+active_arg = args.active_config
+proposed_arg = args.proposed_config
+
+if active_arg and not proposed_arg:
+    print('--proposed-config is required when --active-config is specified')
+    sys.exit(1)
+
+if not active_arg and not proposed_arg:
+    active = cm.get_config_tree_revision(1)
+    proposed = cm.get_config_tree_revision(0)
+else:
+    if active_arg:
+        active = ConfigTree(Path(active_arg).read_text())
+    else:
+        active = cm.get_config_tree_revision(0)
+
+    proposed = ConfigTree(Path(proposed_arg).read_text())
+
+ret = show_commit_data(active, proposed)
+print(ret)
diff --git a/src/helpers/test_commit.py b/src/helpers/test_commit.py
new file mode 100755
index 000000000..00a413687
--- /dev/null
+++ b/src/helpers/test_commit.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2025 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# This script is used to test execution of the commit algorithm by vyos-commitd
+
+from pathlib import Path
+from argparse import ArgumentParser
+from datetime import datetime
+
+from vyos.configtree import ConfigTree
+from vyos.configtree import test_commit
+
+
+parser = ArgumentParser(
+    description='Execute commit priority queue'
+)
+parser.add_argument(
+    '--active-config', help='Path to the active configuration file', required=True
+)
+parser.add_argument(
+    '--proposed-config', help='Path to the proposed configuration file', required=True
+)
+args = parser.parse_args()
+
+active_arg = args.active_config
+proposed_arg = args.proposed_config
+
+active = ConfigTree(Path(active_arg).read_text())
+proposed = ConfigTree(Path(proposed_arg).read_text())
+
+
+time_begin_commit = datetime.now()
+test_commit(active, proposed)
+time_end_commit = datetime.now()
+print(f'commit time: {time_end_commit - time_begin_commit}')
diff --git a/src/services/vyos-commitd b/src/services/vyos-commitd
new file mode 100755
index 000000000..8dbd39058
--- /dev/null
+++ b/src/services/vyos-commitd
@@ -0,0 +1,453 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2025 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+import os
+import sys
+import grp
+import json
+import signal
+import socket
+import typing
+import logging
+import traceback
+import importlib.util
+import io
+from contextlib import redirect_stdout
+from dataclasses import dataclass
+from dataclasses import fields
+from dataclasses import field
+from dataclasses import asdict
+from pathlib import Path
+
+import tomli
+
+from google.protobuf.json_format import MessageToDict
+from google.protobuf.json_format import ParseDict
+
+from vyos.defaults import directories
+from vyos.utils.boot import boot_configuration_complete
+from vyos.configsource import ConfigSourceCache
+from vyos.configsource import ConfigSourceError
+from vyos.config import Config
+from vyos.frrender import FRRender
+from vyos.frrender import get_frrender_dict
+from vyos import ConfigError
+
+from vyos.proto import vycall_pb2
+
+
+@dataclass
+class Status:
+    success: bool = False
+    out: str = ''
+
+
+@dataclass
+class Call:
+    script_name: str = ''
+    tag_value: str = None
+    arg_value: str = None
+    reply: Status = None
+
+    def set_reply(self, success: bool, out: str):
+        self.reply = Status(success=success, out=out)
+
+
+@dataclass
+class Session:
+    # pylint: disable=too-many-instance-attributes
+
+    session_id: str = ''
+    named_active: str = None
+    named_proposed: str = None
+    dry_run: bool = False
+    atomic: bool = False
+    background: bool = False
+    config: Config = None
+    init: Status = None
+    calls: list[Call] = field(default_factory=list)
+
+    def set_init(self, success: bool, out: str):
+        self.init = Status(success=success, out=out)
+
+
+@dataclass
+class ServerConf:
+    commitd_socket: str = ''
+    session_dir: str = ''
+    running_cache: str = ''
+    session_cache: str = ''
+
+
+server_conf = None
+SOCKET_PATH = None
+conf_mode_scripts = None
+frr = None
+
+CFG_GROUP = 'vyattacfg'
+
+script_stdout_log = '/tmp/vyos-commitd-script-stdout'
+
+debug = True
+
+logger = logging.getLogger(__name__)
+logs_handler = logging.StreamHandler()
+logger.addHandler(logs_handler)
+
+if debug:
+    logger.setLevel(logging.DEBUG)
+else:
+    logger.setLevel(logging.INFO)
+
+
+vyos_conf_scripts_dir = directories['conf_mode']
+commitd_include_file = os.path.join(directories['data'], 'configd-include.json')
+
+
+def key_name_from_file_name(f):
+    return os.path.splitext(f)[0]
+
+
+def module_name_from_key(k):
+    return k.replace('-', '_')
+
+
+def path_from_file_name(f):
+    return os.path.join(vyos_conf_scripts_dir, f)
+
+
+def load_conf_mode_scripts():
+    with open(commitd_include_file) as f:
+        try:
+            include = json.load(f)
+        except OSError as e:
+            logger.critical(f'configd include file error: {e}')
+            sys.exit(1)
+        except json.JSONDecodeError as e:
+            logger.critical(f'JSON load error: {e}')
+            sys.exit(1)
+
+    # import conf_mode scripts
+    (_, _, filenames) = next(iter(os.walk(vyos_conf_scripts_dir)))
+    filenames.sort()
+
+    # this is redundant, as all scripts are currently in the include file;
+    # leave it as an inexpensive check for future changes
+    load_filenames = [f for f in filenames if f in include]
+    imports = [key_name_from_file_name(f) for f in load_filenames]
+    module_names = [module_name_from_key(k) for k in imports]
+    paths = [path_from_file_name(f) for f in load_filenames]
+    to_load = list(zip(module_names, paths))
+
+    modules = []
+
+    for x in to_load:
+        spec = importlib.util.spec_from_file_location(x[0], x[1])
+        module = importlib.util.module_from_spec(spec)
+        spec.loader.exec_module(module)
+        modules.append(module)
+
+    scripts = dict(zip(imports, modules))
+
+    return scripts
+
+
+def get_session_out(session: Session) -> str:
+    out = ''
+    if session.init and session.init.out:
+        out = f'{out} + init: {session.init.out} + \n'
+    for call in session.calls:
+        reply = call.reply
+        if reply and reply.out:
+            out = f'{out} + {call.script_name}: {reply.out} + \n'
+    return out
+
+
+def write_stdout_log(file_name, session):
+    if boot_configuration_complete():
+        return
+    with open(file_name, 'a') as f:
+        f.write(get_session_out(session))
+
+
+def msg_to_commit_data(msg: vycall_pb2.Commit) -> Session:
+    # pylint: disable=no-member
+
+    d = MessageToDict(msg, preserving_proto_field_name=True)
+
+    # wrap in dataclasses
+    session = Session(**d)
+    session.init = Status(**session.init) if session.init else None
+    session.calls = list(map(lambda x: Call(**x), session.calls))
+    for call in session.calls:
+        call.reply = Status(**call.reply) if call.reply else None
+
+    return session
+
+
+def commit_data_to_msg(obj: Session) -> vycall_pb2.Commit:
+    # pylint: disable=no-member
+
+    # avoid asdict attempt of deepcopy on Config obj
+    obj.config = None
+
+    msg = vycall_pb2.Commit()
+    msg = ParseDict(asdict(obj), msg, ignore_unknown_fields=True)
+
+    return msg
+
+
+def initialization(session: Session) -> Session:
+    running_cache = os.path.join(server_conf.session_dir, server_conf.running_cache)
+    session_cache = os.path.join(server_conf.session_dir, server_conf.session_cache)
+    try:
+        configsource = ConfigSourceCache(
+            running_config_cache=running_cache,
+            session_config_cache=session_cache,
+        )
+    except ConfigSourceError as e:
+        fail_msg = f'Failed to read config caches: {e}'
+        logger.critical(fail_msg)
+        session.set_init(False, fail_msg)
+        return session
+
+    session.set_init(True, '')
+
+    config = Config(config_source=configsource)
+
+    dependent_func: dict[str, list[typing.Callable]] = {}
+    setattr(config, 'dependent_func', dependent_func)
+
+    scripts_called = []
+    setattr(config, 'scripts_called', scripts_called)
+
+    dry_run = False
+    setattr(config, 'dry_run', dry_run)
+
+    session.config = config
+
+    return session
+
+
+def run_script(script_name: str, config: Config, args: list) -> tuple[bool, str]:
+    # pylint: disable=broad-exception-caught
+
+    script = conf_mode_scripts[script_name]
+    script.argv = args
+    config.set_level([])
+    try:
+        c = script.get_config(config)
+        script.verify(c)
+        script.generate(c)
+        script.apply(c)
+    except ConfigError as e:
+        logger.error(e)
+        return False, str(e)
+    except Exception:
+        tb = traceback.format_exc()
+        logger.error(tb)
+        return False, tb
+
+    return True, ''
+
+
+def process_call_data(call: Call, config: Config, last: bool = False) -> None:
+    # pylint: disable=too-many-locals
+
+    script_name = key_name_from_file_name(call.script_name)
+
+    if script_name not in conf_mode_scripts:
+        fail_msg = f'No such script: {call.script_name}'
+        logger.critical(fail_msg)
+        call.set_reply(False, fail_msg)
+        return
+
+    config.dependency_list.clear()
+
+    tag_value = call.tag_value if call.tag_value is not None else ''
+    os.environ['VYOS_TAGNODE_VALUE'] = tag_value
+
+    args = call.arg_value.split() if call.arg_value else []
+    args.insert(0, f'{script_name}.py')
+
+    tag_ext = f'_{tag_value}' if tag_value else ''
+    script_record = f'{script_name}{tag_ext}'
+    scripts_called = getattr(config, 'scripts_called', [])
+    scripts_called.append(script_record)
+
+    with redirect_stdout(io.StringIO()) as o:
+        success, err_out = run_script(script_name, config, args)
+    amb_out = o.getvalue()
+    o.close()
+
+    out = amb_out + err_out
+
+    call.set_reply(success, out)
+
+    logger.info(f'[{script_name}] {out}')
+
+    if last:
+        scripts_called = getattr(config, 'scripts_called', [])
+        logger.debug(f'scripts_called: {scripts_called}')
+
+    if last and success:
+        tmp = get_frrender_dict(config)
+        if frr.generate(tmp):
+            # only apply a new FRR configuration if anything changed
+            # in comparison to the previous applied configuration
+            frr.apply()
+
+
+def process_session_data(session: Session) -> Session:
+    if session.init is None or not session.init.success:
+        return session
+
+    config = session.config
+    len_calls = len(session.calls)
+    for index, call in enumerate(session.calls):
+        process_call_data(call, config, last=len_calls == index + 1)
+
+    return session
+
+
+def read_message(msg: bytes) -> Session:
+    """Read message into Session instance"""
+
+    message = vycall_pb2.Commit()  # pylint: disable=no-member
+    message.ParseFromString(msg)
+    session = msg_to_commit_data(message)
+
+    session = initialization(session)
+    session = process_session_data(session)
+
+    write_stdout_log(script_stdout_log, session)
+
+    return session
+
+
+def write_reply(session: Session) -> bytearray:
+    """Serialize modified object to bytearray, prepending data length
+    header"""
+
+    reply = commit_data_to_msg(session)
+    encoded_data = reply.SerializeToString()
+    byte_size = reply.ByteSize()
+    length_bytes = byte_size.to_bytes(4)
+    arr = bytearray(length_bytes)
+    arr.extend(encoded_data)
+
+    return arr
+
+
+def load_server_conf() -> ServerConf:
+    # pylint: disable=import-outside-toplevel
+    # pylint: disable=broad-exception-caught
+    from vyos.defaults import vyconfd_conf
+
+    try:
+        with open(vyconfd_conf, 'rb') as f:
+            vyconfd_conf_d = tomli.load(f)
+
+    except Exception as e:
+        logger.critical(f'Failed to open the vyconfd.conf file {vyconfd_conf}: {e}')
+        sys.exit(1)
+
+    app = vyconfd_conf_d.get('appliance', {})
+
+    conf_data = {
+        k: v for k, v in app.items() if k in [_.name for _ in fields(ServerConf)]
+    }
+
+    conf = ServerConf(**conf_data)
+
+    return conf
+
+
+def remove_if_exists(f: str):
+    try:
+        os.unlink(f)
+    except FileNotFoundError:
+        pass
+
+
+def sig_handler(_signum, _frame):
+    logger.info('stopping server')
+    raise KeyboardInterrupt
+
+
+def run_server():
+    # pylint: disable=global-statement
+
+    global server_conf
+    global SOCKET_PATH
+    global conf_mode_scripts
+    global frr
+
+    signal.signal(signal.SIGTERM, sig_handler)
+    signal.signal(signal.SIGINT, sig_handler)
+
+    logger.info('starting server')
+
+    server_conf = load_server_conf()
+    SOCKET_PATH = server_conf.commitd_socket
+    conf_mode_scripts = load_conf_mode_scripts()
+
+    cfg_group = grp.getgrnam(CFG_GROUP)
+    os.setgid(cfg_group.gr_gid)
+
+    server_socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+
+    remove_if_exists(SOCKET_PATH)
+    server_socket.bind(SOCKET_PATH)
+    Path(SOCKET_PATH).chmod(0o775)
+
+    # We only need one long-lived instance of FRRender
+    frr = FRRender()
+
+    server_socket.listen(2)
+    while True:
+        try:
+            conn, _ = server_socket.accept()
+            logger.debug('connection accepted')
+            while True:
+                # receive size of data
+                data_length = conn.recv(4)
+                if not data_length:
+                    logger.debug('no data')
+                    # if no data break
+                    break
+
+                length = int.from_bytes(data_length)
+                # receive data
+                data = conn.recv(length)
+
+                session = read_message(data)
+                reply = write_reply(session)
+                conn.sendall(reply)
+
+            conn.close()
+            logger.debug('connection closed')
+
+        except KeyboardInterrupt:
+            break
+
+    server_socket.close()
+    sys.exit(0)
+
+
+if __name__ == '__main__':
+    run_server()
diff --git a/src/systemd/vyos-commitd.service b/src/systemd/vyos-commitd.service
new file mode 100644
index 000000000..5b083f500
--- /dev/null
+++ b/src/systemd/vyos-commitd.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=VyOS commit daemon
+
+# Without this option, lots of default dependencies are added,
+# among them network.target, which creates a dependency cycle
+DefaultDependencies=no
+
+# Seemingly sensible way to say "as early as the system is ready"
+# All vyos-configd needs is read/write mounted root
+After=systemd-remount-fs.service
+Before=vyos-router.service
+
+[Service]
+ExecStart=/usr/bin/python3 -u /usr/libexec/vyos/services/vyos-commitd
+Type=idle
+
+SyslogIdentifier=vyos-commitd
+SyslogFacility=daemon
+
+Restart=on-failure
+
+# Does't work in Jessie but leave it here
+User=root
+Group=vyattacfg
+
+[Install]
+WantedBy=vyos.target
diff --git a/src/tests/test_config_diff.py b/src/tests/test_config_diff.py
index 39e17613a..4017fff4d 100644
--- a/src/tests/test_config_diff.py
+++ b/src/tests/test_config_diff.py
@@ -31,11 +31,11 @@ class TestConfigDiff(TestCase):
     def test_unit(self):
         diff = vyos.configtree.DiffTree(self.config_left, self.config_null)
         sub = diff.sub
-        self.assertEqual(sub.to_string(), self.config_left.to_string())
+        self.assertEqual(sub, self.config_left)
 
         diff = vyos.configtree.DiffTree(self.config_null, self.config_left)
         add = diff.add
-        self.assertEqual(add.to_string(), self.config_left.to_string())
+        self.assertEqual(add, self.config_left)
 
     def test_symmetry(self):
         lr_diff = vyos.configtree.DiffTree(self.config_left,
@@ -45,10 +45,10 @@ class TestConfigDiff(TestCase):
 
         sub = lr_diff.sub
         add = rl_diff.add
-        self.assertEqual(sub.to_string(), add.to_string())
+        self.assertEqual(sub, add)
         add = lr_diff.add
         sub = rl_diff.sub
-        self.assertEqual(add.to_string(), sub.to_string())
+        self.assertEqual(add, sub)
 
     def test_identity(self):
         lr_diff = vyos.configtree.DiffTree(self.config_left,
@@ -61,6 +61,9 @@ class TestConfigDiff(TestCase):
         r_union = vyos.configtree.union(add, inter)
         l_union = vyos.configtree.union(sub, inter)
 
+        # here we must compare string representations instead of using
+        # dunder equal, as we assert equivalence of the values list, which
+        # is optionally ordered at render
         self.assertEqual(r_union.to_string(),
                          self.config_right.to_string(ordered_values=True))
         self.assertEqual(l_union.to_string(),