Vyatta Config Sync Howto and Overview
Tags: config-sync, firewall, howto, linux, nat, networking, routing, sysadmin, vse, vyatta
Here is a quick run down of how to set up vyatta config sync on VSE (subscription edition).
Note: Vyatta subscription edition is required for this functionality.
Vyatta config sync allows you to select a subset of your router config, then set one of your routers as the master for that subset. In this example we’ll be syncing our nat config section from vyatta-01 (master) to vyatta-02 (slave).
Preparing the slave system:
First, we need to enable the web server on the slave system as this is the transport used by config-sync.
[email protected]# configure [email protected]# set service https listen-address <IP_OF_VYATTA-02> [email protected]# commit |
Then, I recommend creating a user account dedicated to the purpose of config-sync.
[email protected]# configure [email protected]# set system login user config-sync authentication plaintext-password secret [email protected]# commit |
Configuring vyatta config sync on the master system
Now we tell vyatta-01 about vyatta-02:
[email protected]# configure [email protected]# set system config-sync remote-router <IP_OF_VYATTA-02> [email protected]# set system config-sync remote-router <IP_OF_VYATTA-02> username config-sync [email protected]# set system config-sync remote-router <IP_OF_VYATTA-02> password secret [email protected]# commit |
Then, we specify what to sync from vyatta-01 to vyatta-02…
[email protected]# configure [email protected]# set system config-sync sync-map default rule 0 action include [email protected]# set system config-sync sync-map default rule 0 location nat [email protected]# commit |
And finally we go back and assign the sync-map to the remote-router entry.
[email protected]# configure [email protected]# set system config-sync remote-router <IP_OF_VYATTA-02> sync-map default [email protected]# commit |
That’s it. You should see vyatta-01 attempt to sync to vyatta-02 upon subsequent commits, and anything under nat should appear on vyatta-02.
For quick reference, here’s a config dump of the relevant sections:
Vyatta-01:
[email protected]# show system config-sync remote-router <IP_OF_VYATTA-02> { password secret sync-map default username config-sync } sync-map default { rule 0 { action include location nat } } |
Vyatta-02:
[email protected]# show service http listen-address <IP_OF_VYATTA-02> [email protected]# show system login user config-sync authentication { encrypted-password $19aboeuo/20u230b+8239bulkj8271J. plaintext-password "" } |
October 28th, 2012 at 5:44 am
If you have only community edition of Vyatta,
you may use Vyatta-Config-Sync from Vyatta4People.Org:
http://www.vyatta4people.org/vyatta-config-sync/
Cheers!
[Reply]