Page MenuHomeVyOS Platform
Create Task
Maniphest T6837

Add replace configuration for module vyos_config
Open, NormalPublicFEATURE REQUEST
Actions

Description

SUMMARY
We have many cases when creates automation deployments/uses cases, where we have the necessity to replace full configuration , I've seen in other modules that have this ability (https://docs.ansible.com/ansible/latest/collections/cisco/iosxr/iosxr_config_module.html#parameter-replace) it will be useful to get it for vyos_config module.

ADDITIONAL INFORMATION

example : https://docs.ansible.com/ansible/latest/collections/cisco/iosxr/iosxr_config_module.html#parameter-replace
- name: load a config from file/disk and replace the current config
  vyos.vyos.vyos_config:
    src: vyos.cfg
    replace: config
    backup: yes

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

syncer created this task.Oct 27 2024, 3:48 PM
syncer triaged this task as Normal priority.
pasik subscribed.Oct 27 2024, 4:50 PM
syncer added a subscriber: Global Notifications.Nov 1 2024, 9:16 PM
MrVantage subscribed.Nov 17 2024, 11:58 AM

I was looking for this too, and actually started to play with the code of the module to get this feature in a few weeks ago. I've submitted my changes as a draft PR on Github. I've been playing with managing my VyOS config from SCM for my home lab. It's important when I for example remove a firewall rule, it is also deleted in the running config, instead of being orphaned. It seems to work pretty well in my setup, but I am uncertain if nothing breaks in other workflows.

msnatepg subscribed.Dec 11 2024, 10:46 AM
MrVantage added a comment.EditedDec 16 2024, 9:55 PM

I was looking into this again today. As I mentioned in the pull request, there is an issue with the draft PR. What happens is that the current config is retrieved using the command show configuration commands instead of show configuration. The output does not contain any less specific config paths, as they would be useless in configuring a system. However, when determining what to delete, this information is essential.

For example:

running config:

firewall {
  ipv4 {
    name example {
      rule 100 {
        action drop
      }
      rule 200 {
        action accept
      }
    }
  }
}

candidate config:

firewall {
  ipv4 {
    name example {
      rule 100 {
        action drop
      }
    }
  }
}

retrieving the config results in:

set firewall ipv4 name example rule 100 action drop
set firewall ipv4 name example rule 200 action accept

With my code change the module is able to figure out to do the following:

delete firewall ipv4 name example rule 200 action accept

However this results in the invalid rule 200 config residue:

firewall {
  ipv4 {
    name example {
      rule 100 {
        action drop
      }
      rule 200 {
      }
    }
  }
}

I hope, that when we use show configuration instead, it's possible to determine the correct delete commands.

I tried looking into unit testing this and develop from there, but I'm not familiar with this testing tool chain. Does anyone have some pointer on how to run these unit tests locally?