From 25b611f504521181f85cb4460bfdfd702c377b5e Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Thu, 14 Mar 2024 13:32:00 +0000 Subject: T6121: Extend service config-sync to new sections Extend `service config-sync` with new sections: - LeafNodes: pki, policy, vpn, vrf (syncs the whole sections) - Nodes: interfaces, protocols, service (syncs subsections) In this cae the Node allows to uses the next level section i.e subsection For example any of the subsection of the node `interfaces`: - set service config-sync section interfaces pseudo-ethernet - set service config-sync section interfaces virtual-ethernet Example of the config: ``` set service config-sync mode 'load' set service config-sync secondary address '192.0.2.1' set service config-sync secondary key 'xxx' set service config-sync section firewall set service config-sync section interfaces pseudo-ethernet set service config-sync section interfaces virtual-ethernet set service config-sync section nat set service config-sync section nat66 set service config-sync section protocols static set service config-sync section pki set service config-sync section vrf ``` --- interface-definitions/service_config-sync.xml.in | 394 +++++++++++++++++++++-- src/helpers/vyos_config_sync.py | 26 +- 2 files changed, 390 insertions(+), 30 deletions(-) diff --git a/interface-definitions/service_config-sync.xml.in b/interface-definitions/service_config-sync.xml.in index 9955acfee..9e9dcdb69 100644 --- a/interface-definitions/service_config-sync.xml.in +++ b/interface-definitions/service_config-sync.xml.in @@ -73,30 +73,382 @@ - + Section for synchronization - - nat nat66 firewall - - - nat - NAT - - - nat66 - NAT66 - - - firewall - firewall - - - (nat|nat66|firewall) - - - + + + + Firewall + + + + + + Interfaces + + + + + Bonding interface + + + + + + Bridge interface + + + + + + Dummy interface + + + + + + Ethernet interface + + + + + + GENEVE interface + + + + + + Input interface + + + + + + L2TPv3 interface + + + + + + Loopback interface + + + + + + MACsec interface + + + + + + OpenVPN interface + + + + + + PPPoE interface + + + + + + Pseudo-Ethernet interface + + + + + + SSTP client interface + + + + + + Tunnel interface + + + + + + Virtual Ethernet interface + + + + + + Virtual tunnel interface + + + + + + VXLAN interface + + + + + + Wireguard interface + + + + + + Wireless interface + + + + + + WWAN interface + + + + + + + + NAT + + + + + + NAT66 + + + + + + Public key infrastructure (PKI) + + + + + + Routing policy + + + + + + Routing protocols + + + + + Babel Routing Protocol + + + + + + Bidirectional Forwarding Detection (BFD) + + + + + + Border Gateway Protocol (BGP) + + + + + + Failover route + + + + + + Internet Group Management Protocol (IGMP) proxy + + + + + + Intermediate System to Intermediate System (IS-IS) + + + + + + Multiprotocol Label Switching (MPLS) + + + + + + Next Hop Resolution Protocol (NHRP) parameters + + + + + + Open Shortest Path First (OSPF) + + + + + + Open Shortest Path First (OSPF) for IPv6 + + + + + + Protocol Independent Multicast (PIM) and IGMP + + + + + + Protocol Independent Multicast for IPv6 (PIMv6) and MLD + + + + + + Routing Information Protocol (RIP) parameters + + + + + + Routing Information Protocol (RIPng) parameters + + + + + + Resource Public Key Infrastructure (RPKI) + + + + + + Segment Routing + + + + + + Static Routing + + + + + + + + System services + + + + + Serial Console Server + + + + + + Host Configuration Protocol (DHCP) relay agent + + + + + + Dynamic Host Configuration Protocol (DHCP) for DHCP server + + + + + + DHCPv6 Relay Agent parameters + + + + + + DHCP for IPv6 (DHCPv6) server + + + + + + Domain Name System (DNS) related services + + + + + + LLDP settings + + + + + + Multicast DNS (mDNS) parameters + + + + + + Monitoring services + + + + + + Neighbor Discovery Protocol (NDP) Proxy + + + + + + Network Time Protocol (NTP) configuration + + + + + + Simple Network Management Protocol (SNMP) + + + + + + Trivial File Transfer Protocol (TFTP) server + + + + + + Webproxy service settings + + + + + + + + Virtual Private Network (VPN) + + + + + + Virtual Routing and Forwarding + + + + + diff --git a/src/helpers/vyos_config_sync.py b/src/helpers/vyos_config_sync.py index 7cfa8fe88..572fea61f 100755 --- a/src/helpers/vyos_config_sync.py +++ b/src/helpers/vyos_config_sync.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -60,6 +60,7 @@ def post_request(url: str, return response + def retrieve_config(section: str = None) -> Optional[Dict[str, Any]]: """Retrieves the configuration from the local server. @@ -71,8 +72,6 @@ def retrieve_config(section: str = None) -> Optional[Dict[str, Any]]: """ if section is None: section = [] - else: - section = section.split() conf = Config() config = conf.get_config_dict(section, get_first_key=True) @@ -101,8 +100,6 @@ def set_remote_config( if path is None: path = [] - else: - path = path.split() headers = {'Content-Type': 'application/json'} # Disable the InsecureRequestWarning @@ -127,17 +124,16 @@ def set_remote_config( def is_section_revised(section: str) -> bool: from vyos.config_mgmt import is_node_revised - return is_node_revised([section]) + return is_node_revised(section) def config_sync(secondary_address: str, secondary_key: str, - sections: List[str], + sections: List[list], mode: str): """Retrieve a config section from primary router in JSON format and send it to secondary router """ - # Config sync only if sections changed if not any(map(is_section_revised, sections)): return @@ -188,5 +184,17 @@ if __name__ == '__main__': "Missing required configuration data for config synchronization.") exit(0) + # Generate list_sections of sections/subsections + # [ + # ['interfaces', 'pseudo-ethernet'], ['interfaces', 'virtual-ethernet'], ['nat'], ['nat66'] + # ] + list_sections = [] + for section, subsections in sections.items(): + if subsections: + for subsection in subsections: + list_sections.append([section, subsection]) + else: + list_sections.append([section]) + config_sync(secondary_address, secondary_key, - sections, mode) + list_sections, mode) -- cgit v1.2.3