Discussion:
[rancid] vyatta/vyos
Antonio Querubin
2014-12-28 02:30:42 UTC
Permalink
I've cobbled together support for VyOS from some previous efforts by
various people for Vyatta (see the git log). I'm assuming VyOS is still
close enough to Vyatta so that this should continue to work for Vyatta as
well. I don't have access to real Vyatta routers so I'd appreciate any
feedback from those that do.

https://bitbucket.org/aquerubin/rancid-vyatta

There's only a vyos branch.

Antonio Querubin
e-mail: ***@lavanauts.org
xmpp: ***@gmail.com
James Andrewartha
2015-01-05 02:28:12 UTC
Permalink
Post by Antonio Querubin
I've cobbled together support for VyOS from some previous efforts by
various people for Vyatta (see the git log). I'm assuming VyOS is still
close enough to Vyatta so that this should continue to work for Vyatta as
well. I don't have access to real Vyatta routers so I'd appreciate any
feedback from those that do.
I took a different approach for my VyOS (well, Ubiquiti EdgeOS) routers.
I use the in-built configuration backup to copy the configuration to the
rancid host:

set system config-management commit-archive location
'scp://user:***@rancidhost:/var/lib/rancid/ccgs/configs/vyoshost.domain.name'

I also made a few changes to /opt/vyatta/sbin/vyatta-commit-push.pl,
changing it to use the commands form of configuration (note also the
change from showCfg to showConfig):

my $cmd = 'cli-shell-api showConfig --show-active-only --show-commands';

and changing the save filename:

#my $cmd = "curl -s -T $tmp_push_file $uri/$save_file";
my $cmd = "curl -s -T $tmp_push_file $uri";

Then my vyosrancid file is just:

#!/usr/bin/perl
# Just copy the existing file to .new
use File::Copy qw(copy);

my $host = $ARGV[0];

copy $host, $host . ".new";

exit(0);

Obviously this isn't for everyone, being a push rather than pull setup,
but it does the job for me.
--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
rdrake
2015-01-05 20:07:52 UTC
Permalink
Post by James Andrewartha
I took a different approach for my VyOS (well, Ubiquiti EdgeOS)
routers. I use the in-built configuration backup to copy the
configuration to the rancid host: set system config-management
commit-archive location
I also made a few changes to /opt/vyatta/sbin/vyatta-commit-push.pl,
changing it to use the commands form of configuration (note also the
I would advise against this depending on the size and scope of your
network. The primary issue with pushing the configuration is that if
any of your routers are compromised then someone has a username and
password, as well as the name of your configuration server, so they have
full access to hop to it and further compromise other hosts.

A better choice for most UNIX based routers if you're skipping rancid is
to use ssh host keys to allow the configuration server access without
passwords, then pull the file at scheduled times and manage it with a
change control. (Rancid still helps here by normalizing lines, like
sorting access-lists or removing timestamps if needed.. but if the file
is pretty static you might be able to commit it without changing anything)
Post by James Andrewartha
my $cmd = 'cli-shell-api showConfig --show-active-only --show-commands';
#my $cmd = "curl -s -T $tmp_push_file $uri/$save_file";
my $cmd = "curl -s -T $tmp_push_file $uri";
#!/usr/bin/perl
# Just copy the existing file to .new
use File::Copy qw(copy);
my $host = $ARGV[0];
copy $host, $host . ".new";
exit(0);
Obviously this isn't for everyone, being a push rather than pull setup,
but it does the job for me.
Of course, use whichever works best for you. I just don't advise
scaling with this approach just in case. :)

Loading...