Vyatta Config Sync
Some of us run groups of Vyatta installations, having similar or even the same configurations, and when we need to modify configuration on all systems in group, we need to do it manually on every system. That’s definitely not good.
Recent Vyatta versions include configuration synchronization, but only in Subscription Edition. Community Edition, which I use, does not include such feature.
- Add Vyatta4People.Org Repo.
- Install Config-Sync (required): sudo apt-get install vyatta-config-sync
- Install Config-Validator (recommended): sudo apt-get install vyatta-config-validator
- LogOut and LogIn back to load script alias.
vyatta-config-sync needs one mandatory parameter, which can take 3 values, each sets corresponding mode of vyatta-config-sync operation.
Distribute configurations across slave hosts and load new configuration on each slave host.This is the most common modus operandi for vyatta-config-sync. Use it, if unsure.
Distribute configurations across slave hosts, but don’t load them.This may be needed only if your want to do something manually on a slave system before loading new configuration. You will probably never use it.
Distribute configurations across slave hosts and reboot each slave host.You may use this mode in case of some fundamental configuration changes, that can not be applied at the runtime.
Imagine we have minimal group of 2 Vyatta routers r1 and r2. R1 is a master, we will edit configuration there
and r2 is a slave, it will be synced to master. NB! r2 configuration will not be touched manually! Both routers has 2 ethernet interfaces, eth0(WAN) & eth1(LAN), eth0 addresses are assigned via DHCP on both routers, r1 eth1 address is 192.168.0.1, r2 eth1 address is 192.168.0.2 NB! Equal number of ethernet interfaces is required on master and slaves! Other hardware details are not so important.
Create SSH private/public key pair on r1.
Install SSH public key from r1 on r1 (yes, really!).
Install SSH public key from r1 on r2.
Since Vyatta 6.0 you do not edit ~/.ssh/authorized_keys by hand.
See: system login user USERNAME authentication public-keys
Usernames on master and slave must be equal.
Launching vyatta-config-sync by root is prohibited, due to security reasons.
Now we need to edit project configuration files,
which reside in directory /etc/vyatta-config-sync/:
Global options for vyatta-config-sync. Edit on master:
Setting enable_master_mode to 1 will enable r1 to behave like master.
List of hosts in cluster. Edit on master. Append these 2 lines:
Per-slave config.boot modifications are configured here.
NB! This file is edited on slave, NOT on master!
Use sed expressions, one-per-line, to modify slave config.boot before save.
It will replace 192.168.0.1/24 master IP with 192.168.0.2/24 slave IP.
Serial number of last synchronization. NB! Should not be edited manually at all!
Verify it works
First, configure nat rule on r1, commit and save:
- set service nat rule 1
- set service nat rule 1 type masquerade
- set service nat rule 1 outbound-interface eth0
- set service nat rule 1 source address 192.168.0.0/24
Second, launch on r1 “vyatta-config-sync load”.
If console output looks like this:
[email protected]:~$ vyatta-config-sync load
[ OK ]
That means all OK.
If you see something else, verify your setup
and, if nothing is clear, post your problem in a comment.
NB! You may use shorthand vcs instead of issuing vyatta-config