Merge pull request #770 from c-po/vrf-dynamic-routing

VRF: support for dynamic routing protocols OSPF and BGP

7 files changed, 200 insertions, 90 deletions

diff --git a/src/completion/list_bgp_peer_groups.sh b/src/completion/list_bgp_peer_groups.sh
new file mode 100755
index 000000000..4503d608f
--- /dev/null
+++ b/src/completion/list_bgp_peer_groups.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Return BGP peer-groups from CLI
+
+declare -a vals
+eval "bgp_as=$(cli-shell-api listNodes protocols bgp)"
+eval "vals=($(cli-shell-api listNodes protocols bgp $bgp_as peer-group))"
+
+echo -n ${vals[@]}
+exit 0
diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py
index b63312750..cab94a5b0 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces-tunnel.py
@@ -34,7 +34,7 @@ from vyos.ifconfig import Interface
 from vyos.ifconfig import TunnelIf
 from vyos.template import is_ipv4
 from vyos.template import is_ipv6
-from vyos.util import get_json_iface_options
+from vyos.util import get_interface_config
 from vyos.util import dict_search
 from vyos import ConfigError
 from vyos import airbag
@@ -103,7 +103,7 @@ def apply(tunnel):
     # There is no other solution to destroy and recreate the tunnel.
     encap = ''
     remote = ''
-    tmp = get_json_iface_options(interface)
+    tmp = get_interface_config(interface)
     if tmp:
         encap = dict_search('linkinfo.info_kind', tmp)
         remote = dict_search('linkinfo.info_data.remote', tmp)
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 7dede74a1..43ca37f9d 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -17,6 +17,7 @@
 import os
 
 from sys import exit
+from sys import argv
 
 from vyos.config import Config
 from vyos.configdict import dict_merge
@@ -37,11 +38,24 @@ def get_config(config=None):
         conf = config
     else:
         conf = Config()
-    base = ['protocols', 'bgp']
+
+    vrf = None
+    if len(argv) > 1:
+        vrf = argv[1]
+
+    base_path = ['protocols', 'bgp']
+
+    # eqivalent of the C foo ? 'a' : 'b' statement
+    base = vrf and ['vrf', 'name', vrf, 'protocols', 'bgp'] or base_path
     bgp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
 
-    # Bail out early if configuration tree does not exist
+    # Assign the name of our VRF context. This MUST be done before the return
+    # statement below, else on deletion we will delete the default instance
+    # instead of the VRF instance.
+    if vrf: bgp.update({'vrf' : vrf})
+
     if not conf.exists(base):
+        bgp.update({'deleted' : ''})
         return bgp
 
     # We also need some additional information from the config,
@@ -80,11 +94,20 @@ def verify(bgp):
     if not bgp:
         return None
 
-    # Check if declared more than one ASN
-    if len(bgp) > 1:
-        raise ConfigError('Only one BGP AS number can be defined!')
+    # FRR bgpd only supports one Autonomous System Number, verify this!
+    asn = 0
+    for key in bgp:
+        if key.isnumeric():
+            asn +=1
+        if asn > 1:
+            raise ConfigError('Only one BGP AS number can be defined!')
 
     for asn, asn_config in bgp.items():
+        # Workaround for https://phabricator.vyos.net/T1711
+        # We also have a vrf, and deleted key now - so we can only veriy "numbers"
+        if not asn.isnumeric():
+            continue
+
         # Common verification for both peer-group and neighbor statements
         for neighbor in ['neighbor', 'peer_group']:
             # bail out early if there is no neighbor or peer-group statement
@@ -175,7 +198,7 @@ def verify(bgp):
     return None
 
 def generate(bgp):
-    if not bgp:
+    if not bgp or 'deleted' in bgp:
         bgp['new_frr_config'] = ''
         return None
 
@@ -183,6 +206,8 @@ def generate(bgp):
     # of the config dict
     asn = list(bgp.keys())[0]
     bgp[asn]['asn'] = asn
+    if 'vrf' in bgp:
+        bgp[asn]['vrf'] = bgp['vrf']
 
     bgp['new_frr_config'] = render_to_string('frr/bgp.frr.tmpl', bgp[asn])
     return None
@@ -191,7 +216,13 @@ def apply(bgp):
     # Save original configuration prior to starting any commit actions
     frr_cfg = frr.FRRConfig()
     frr_cfg.load_configuration(frr_daemon)
-    frr_cfg.modify_section(f'^router bgp \d+$', '')
+
+    if 'vrf' in bgp:
+        vrf = bgp['vrf']
+        frr_cfg.modify_section(f'^router bgp \d+ vrf {vrf}$', '')
+    else:
+        frr_cfg.modify_section('^router bgp \d+$', '')
+
     frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', bgp['new_frr_config'])
     frr_cfg.commit_configuration(frr_daemon)
 
diff --git a/src/conf_mode/protocols_ospf.py b/src/conf_mode/protocols_ospf.py
index aefe7c23e..ef2aeda7f 100755
--- a/src/conf_mode/protocols_ospf.py
+++ b/src/conf_mode/protocols_ospf.py
@@ -17,14 +17,17 @@
 import os
 
 from sys import exit
+from sys import argv
 
 from vyos.config import Config
 from vyos.configdict import dict_merge
+from vyos.configdict import node_changed
 from vyos.configverify import verify_route_maps
 from vyos.configverify import verify_interface_exists
 from vyos.template import render_to_string
 from vyos.util import call
 from vyos.util import dict_search
+from vyos.util import get_interface_config
 from vyos.xml import defaults
 from vyos import ConfigError
 from vyos import frr
@@ -38,16 +41,33 @@ def get_config(config=None):
         conf = config
     else:
         conf = Config()
-    base = ['protocols', 'ospf']
+
+    vrf = None
+    if len(argv) > 1:
+        vrf = argv[1]
+
+    base_path = ['protocols', 'ospf']
+
+    # eqivalent of the C foo ? 'a' : 'b' statement
+    base = vrf and ['vrf', 'name', vrf, 'protocols', 'ospf'] or base_path
     ospf = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
 
+    # Assign the name of our VRF context. This MUST be done before the return
+    # statement below, else on deletion we will delete the default instance
+    # instead of the VRF instance.
+    if vrf: ospf['vrf'] = vrf
+
     # Bail out early if configuration tree does not exist
     if not conf.exists(base):
+        ospf.update({'deleted' : ''})
         return ospf
 
     # We have gathered the dict representation of the CLI, but there are default
     # options which we need to update into the dictionary retrived.
-    default_values = defaults(base)
+    # XXX: Note that we can not call defaults(base), as defaults does not work
+    # on an instance of a tag node. As we use the exact same CLI definition for
+    # both the non-vrf and vrf version this is absolutely safe!
+    default_values = defaults(base_path)
 
     # We have to cleanup the default dict, as default values could enable features
     # which are not explicitly enabled on the CLI. Example: default-information
@@ -99,6 +119,14 @@ def get_config(config=None):
             ospf['interface'][interface] = dict_merge(default_values,
                 ospf['interface'][interface])
 
+    # As we no re-use this Python handler for both VRF and non VRF instances for
+    # OSPF we need to find out if any interfaces changed so properly adjust
+    # the FRR configuration and not by acctident change interfaces from a
+    # different VRF.
+    interfaces_removed = node_changed(conf, base + ['interface'])
+    if interfaces_removed:
+        ospf['interface_removed'] = list(interfaces_removed)
+
     # We also need some additional information from the config, prefix-lists
     # and route-maps for instance. They will be used in verify()
     base = ['policy']
@@ -121,12 +149,22 @@ def verify(ospf):
             # time. FRR will only activate the last option set via CLI.
             if {'hello_multiplier', 'dead_interval'} <= set(ospf['interface'][interface]):
                 raise ConfigError(f'Can not use hello-multiplier and dead-interval ' \
-                                  f'concurrently for "{interface}"!')
+                                  f'concurrently for {interface}!')
+
+            if 'vrf' in ospf:
+                # If interface specific options are set, we must ensure that the
+                # interface is bound to our requesting VRF. Due to the VyOS/Vyatta
+                # priorities the interface is bound to the VRF after creation of
+                # the VRF itself, and before any routing protocol is configured.
+                vrf = ospf['vrf']
+                tmp = get_interface_config(interface)
+                if 'master' not in tmp or tmp['master'] != vrf:
+                    raise ConfigError(f'Interface {interface} is not a member of VRF {vrf}!')
 
     return None
 
 def generate(ospf):
-    if not ospf:
+    if not ospf or 'deleted' in ospf:
         ospf['new_frr_config'] = ''
         return None
 
@@ -137,8 +175,19 @@ def apply(ospf):
     # Save original configuration prior to starting any commit actions
     frr_cfg = frr.FRRConfig()
     frr_cfg.load_configuration(frr_daemon)
-    frr_cfg.modify_section(r'^interface \S+', '')
-    frr_cfg.modify_section('^router ospf$', '')
+
+    if 'vrf' in ospf:
+        vrf = ospf['vrf']
+        frr_cfg.modify_section(f'^router ospf vrf {vrf}$', '')
+    else:
+        frr_cfg.modify_section('^router ospf$', '')
+
+    for key in ['interface', 'interface_removed']:
+        if key not in ospf:
+            continue
+        for interface in ospf[key]:
+            frr_cfg.modify_section(f'^interface {interface}$', '')
+
     frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', ospf['new_frr_config'])
     frr_cfg.commit_configuration(frr_daemon)
 
diff --git a/src/conf_mode/protocols_static.py b/src/conf_mode/protocols_static.py
index 5d101b33e..51b4acfc8 100755
--- a/src/conf_mode/protocols_static.py
+++ b/src/conf_mode/protocols_static.py
@@ -17,6 +17,7 @@
 import os
 
 from sys import exit
+from sys import argv
 
 from vyos.config import Config
 from vyos.template import render_to_string
@@ -34,8 +35,19 @@ def get_config(config=None):
         conf = config
     else:
         conf = Config()
-    base = ['protocols', 'static']
+
+    vrf = None
+    if len(argv) > 1:
+        vrf = argv[1]
+
+    base_path = ['protocols', 'static']
+    # eqivalent of the C foo ? 'a' : 'b' statement
+    base = vrf and ['vrf', 'name', vrf, 'protocols', 'static'] or base_path
     static = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
+
+    # Assign the name of our VRF context
+    if vrf: static['vrf'] = vrf
+
     return static
 
 def verify(static):
@@ -50,8 +62,14 @@ def apply(static):
     # Save original configuration prior to starting any commit actions
     frr_cfg = frr.FRRConfig()
     frr_cfg.load_configuration(frr_daemon)
-    frr_cfg.modify_section(r'^ip route .*', '')
-    frr_cfg.modify_section(r'^ipv6 route .*', '')
+
+    if 'vrf' in static:
+        vrf = static['vrf']
+        frr_cfg.modify_section(f'^vrf {vrf}$', '')
+    else:
+        frr_cfg.modify_section(r'^ip route .*', '')
+        frr_cfg.modify_section(r'^ipv6 route .*', '')
+
     frr_cfg.add_before(r'(interface .*|line vty)', static['new_frr_config'])
     frr_cfg.commit_configuration(frr_daemon)
 
diff --git a/src/conf_mode/protocols_vrf.py b/src/conf_mode/protocols_vrf.py
deleted file mode 100755
index 227e7d5e1..000000000
--- a/src/conf_mode/protocols_vrf.py
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2021 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 or later as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-import os
-
-from sys import exit
-
-from vyos.config import Config
-from vyos.template import render_to_string
-from vyos.util import call
-from vyos import ConfigError
-from vyos import frr
-from vyos import airbag
-airbag.enable()
-
-frr_daemon = 'staticd'
-
-def get_config(config=None):
-    if config:
-        conf = config
-    else:
-        conf = Config()
-    base = ['protocols', 'vrf']
-    vrf = conf.get_config_dict(base, key_mangling=('-', '_'))
-    return vrf
-
-def verify(vrf):
-
-    return None
-
-def generate(vrf):
-    vrf['new_frr_config'] = render_to_string('frr/vrf.frr.tmpl', vrf)
-    return None
-
-def apply(vrf):
-    # Save original configuration prior to starting any commit actions
-    frr_cfg = frr.FRRConfig()
-    frr_cfg.load_configuration(frr_daemon)
-    frr_cfg.modify_section(r'vrf \S+', '')
-    frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', vrf['new_frr_config'])
-    frr_cfg.commit_configuration(frr_daemon)
-
-    # If FRR config is blank, rerun the blank commit x times due to frr-reload
-    # behavior/bug not properly clearing out on one commit.
-    if vrf['new_frr_config'] == '':
-        for a in range(5):
-            frr_cfg.commit_configuration(frr_daemon)
-
-    return None
-
-if __name__ == '__main__':
-    try:
-        c = get_config()
-        verify(c)
-        generate(c)
-        apply(c)
-    except ConfigError as e:
-        print(e)
-        exit(1)
diff --git a/src/migration-scripts/vrf/1-to-2 b/src/migration-scripts/vrf/1-to-2
new file mode 100755
index 000000000..20128e957
--- /dev/null
+++ b/src/migration-scripts/vrf/1-to-2
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# - T3344: migrate routing options from "protocols vrf" to "vrf <name> protocols"
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 2):
+    print("Must specify file name!")
+    exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+base = ['protocols', 'vrf']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+    # Nothing to do
+    exit(0)
+
+vrf_base = ['vrf', 'name']
+config.set(vrf_base)
+config.set_tag(vrf_base)
+
+# Copy all existing static routes to the new base node under "vrf name <name> protocols static"
+for vrf in config.list_nodes(base):
+    static_base = base + [vrf, 'static']
+    if not config.exists(static_base):
+        continue
+
+    new_static_base = vrf_base + [vrf, 'protocols']
+    config.set(new_static_base)
+    config.copy(static_base, new_static_base + ['static'])
+
+# Now delete the old configuration
+config.delete(base)
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    exit(1)