Vyatta Config Sync Howto and Overview

Tags: , , , , , , , , ,


Here is a quick run down of how to set up vyatta config sync on VSE (subscription edition).

Note: Vyatta subscription edition is required for this functionality.

Vyatta config sync allows you to select a subset of your router config, then set one of your routers as the master for that subset. In this example we’ll be syncing our nat config section from vyatta-01 (master) to vyatta-02 (slave).

Preparing the slave system:

First, we need to enable the web server on the slave system as this is the transport used by config-sync.

[email protected]# configure
[email protected]# set service https listen-address <IP_OF_VYATTA-02>
[email protected]# commit

Then, I recommend creating a user account dedicated to the purpose of config-sync.

[email protected]# configure
[email protected]# set system login user config-sync authentication plaintext-password secret
[email protected]# commit

Configuring vyatta config sync on the master system

Now we tell vyatta-01 about vyatta-02:

[email protected]# configure
[email protected]# set system config-sync remote-router <IP_OF_VYATTA-02>
[email protected]# set system config-sync remote-router <IP_OF_VYATTA-02> username config-sync
[email protected]# set system config-sync remote-router <IP_OF_VYATTA-02> password secret
[email protected]# commit

Then, we specify what to sync from vyatta-01 to vyatta-02…

[email protected]# configure
[email protected]# set system config-sync sync-map default rule 0 action include
[email protected]# set system config-sync sync-map default rule 0 location nat
[email protected]# commit

And finally we go back and assign the sync-map to the remote-router entry.

[email protected]# configure
[email protected]# set system config-sync remote-router <IP_OF_VYATTA-02> sync-map default
[email protected]# commit

That’s it. You should see vyatta-01 attempt to sync to vyatta-02 upon subsequent commits, and anything under nat should appear on vyatta-02.

For quick reference, here’s a config dump of the relevant sections:

Vyatta-01:

[email protected]# show system config-sync 
 remote-router <IP_OF_VYATTA-02> {
     password secret
     sync-map default
     username config-sync
 }
 sync-map default {
     rule 0 {
         action include
         location nat
     }
 }

Vyatta-02:

[email protected]# show service http
 listen-address <IP_OF_VYATTA-02>
 
[email protected]# show system login user config-sync
 authentication {
     encrypted-password $19aboeuo/20u230b+8239bulkj8271J.
     plaintext-password ""
 }

One Response to “Vyatta Config Sync Howto and Overview”

  1. Eugene Says:

    If you have only community edition of Vyatta,
    you may use Vyatta-Config-Sync from Vyatta4People.Org:
    http://www.vyatta4people.org/vyatta-config-sync/
    Cheers!

    [Reply]

Join the Conversation