Page MenuHomeVyOS Platform
Create Task
Maniphest T6444

"config-sync section service dhcp-server" should swap remote/source-address during sync
Open, WishlistPublicFEATURE REQUEST
Actions

Description

Not for all config-sections it makes sense, to sync it 1:1 to the peer. Example:

vyos@vyos-a# show service config-sync 
 mode load
 secondary {
     address 192.168.13.3
     key xxxxxxxxx
 }
 section {
     service {
         dhcp-server
     }
 }
[edit]

vyos@vyos-a# show service dhcp-server high-availability 
 name sync1
 remote 192.168.13.3
 source-address 192.168.13.2
 status primary
[edit]
vyos@vyos-b# show service dhcp-server high-availability
 name sync1
 remote 192.168.13.3
 source-address 192.168.13.2
 status primary
[edit]

Of course, the dhcp-server high-availability will not work, until we swap remote, and source-address manually on vyos-b. Maybe this could be done automatically during the config-sync?

Details

Difficulty level
Normal (likely a few hours)
Version
1.5-rolling-202406020021
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

manuel81 created this task.Jun 4 2024, 9:12 AM
Viacheslav changed the subtype of this task from "Bug" to "Feature Request".EditedJun 5 2024, 7:48 AM
Viacheslav subscribed.

Swap/change/hide config entries are not implemented.
It is not a bug but a feature request.

Viacheslav triaged this task as Wishlist priority.Jun 5 2024, 7:50 AM
pasik subscribed.Jun 5 2024, 12:29 PM
Thunderstorm subscribed.Jun 7 2024, 2:06 AM

what about moving the dhcp high-availability configuration under the existing high-availability node? that would allow the entire dhcp section to be synced.

eg.

### router1
set high-availability dhcp-server name 'default'
set high-availability dhcp-server remote '172.16.0.3'
set high-availability dhcp-server source-address '172.16.0.2'
set high-availability dhcp-server status 'primary'
set high-availability vrrp [...]
[...]
set service dhcp-server shared-network-name guest option default-router '172.16.0.1'
set service dhcp-server shared-network-name guest option name-server '1.1.1.1'
set service dhcp-server shared-network-name guest subnet 172.16.0.0/24 range default start '172.16.0.100'
set service dhcp-server shared-network-name guest subnet 172.16.0.0/24 range default stop '172.16.0.200'
set service dhcp-server shared-network-name guest subnet 172.16.0.0/24 subnet-id '1'

### router2
set high-availability dhcp-server name 'default'
set high-availability dhcp-server remote '172.16.0.2'
set high-availability dhcp-server source-address '172.16.0.3'
set high-availability dhcp-server status 'secondary'
set high-availability vrrp [...]
[...]
set service dhcp-server shared-network-name guest option default-router '172.16.0.1'
set service dhcp-server shared-network-name guest option name-server '1.1.1.1'
set service dhcp-server shared-network-name guest subnet 172.16.0.0/24 range default start '172.16.0.100'
set service dhcp-server shared-network-name guest subnet 172.16.0.0/24 range default stop '172.16.0.200'
set service dhcp-server shared-network-name guest subnet 172.16.0.0/24 subnet-id '1'
Harliff subscribed.Jul 17 2024, 6:02 PM

About config-sync: maybe add option to exclude some patterns from config sync?

e.g.

set service config-sync set service config-sync section service dhcp-server exclude high-availability

or

set service config-sync set service config-sync section service dhcp-server exclude high-availability mode
set service config-sync set service config-sync section service dhcp-server exclude high-availability name
set service config-sync set service config-sync section service dhcp-server exclude high-availability remote
set service config-sync set service config-sync section service dhcp-server exclude high-availability source-address
set service config-sync set service config-sync section service dhcp-server exclude high-availability status

Or in case of the DHCP server - maybe sync just "shared-network-name" nodes?

Harliff added a comment.EditedJul 17 2024, 7:28 PM

There is another approach to improve the config-sync: a "replace" option

What if we could give an user ability to:

  1. define source value (be searched for)
  2. define target value (be replaced with)
  3. specify a place where search should be done (search scope limiter)

Let's consider the following example with dhcp-server:

vyos-a:

set service dhcp-server high-availability 
set service dhcp-server high-availability name sync1
set service dhcp-server high-availability remote 192.168.13.3
set service dhcp-server high-availability source-address 192.168.13.2
set service dhcp-server high-availability status primary

vyos-b:

set service dhcp-server high-availability 
set service dhcp-server high-availability name sync1
set service dhcp-server high-availability remote 192.168.13.2
set service dhcp-server high-availability source-address 192.168.13.3
set service dhcp-server high-availability status secondary

config-sync on vyos-a:

set service config-sync 
set service config-sync mode load
set service config-sync secondary address 192.168.13.3
set service config-sync secondary key xxxxxxxxx
set service config-sync section service dhcp-server

The replace config on vyos-a may looks like:

set service config-sync replace REPLACE-1 find '192.168.13.3'
set service config-sync replace REPLACE-1 replace '192.168.13.2'
set service config-sync replace REPLACE-1 scope 'service dhcp-server high-availability remote'

set service config-sync replace REPLACE-2 find '192.168.13.2'
set service config-sync replace REPLACE-2 replace '192.168.13.3'
set service config-sync replace REPLACE-2 scope 'service dhcp-server high-availability source-address'

set service config-sync replace REPLACE-3 find 'primary'
set service config-sync replace REPLACE-3 replace 'secondary'
set service config-sync replace REPLACE-3 scope 'service dhcp-server high-availability status'
Harliff added a comment.EditedJul 23 2024, 8:41 AM

@Viacheslav
Have you read my comment?
What do you think about it?

Should I create new task for it or just the comment in enough?

Viacheslav added a comment.Jul 23 2024, 11:51 AM

Needs to think.
I think there should be an exclude-section or exclude

set service config-sync section service dhcp-server

set service config-sync < exclude-section | exclude > service dhcp-server high-availability remote
set service config-sync < exclude-section | exclude > service dhcp-server high-availability source-address
set service config-sync < exclude-section | exclude > service dhcp-server high-availability status