Config-Sync Documentation

Hello,

I am unable to find meaningful documentation on the Config-Sync service that VyOS now has. I have a 2 router/firewall setup with VyOS and I’d like to sync their configs but I persistently am getting a Connection Refused upon syncing.

I’ve tried a few different mixes of the configuration, but to no avail. Has anybody gotten this to work successfully? I am on VyOS 1.4-rolling-202404160026

Primary

vyos@SP-C1# show service config-sync 
 mode load
 secondary {
     address 10.18.80.2
     key Foo
 }
 section {
     protocols {
         ospf
     }
 }

Secondary

vyos@SP-C2# show service https 
 allow-client {
     address 10.18.80.1
 }
 api {
     graphql {
         authentication {
             expiration 315600
             type token
         }
         introspection
     }
     keys {
         id sync {
             key Foo
         }
     }
 }

 listen-address 10.18.80.2

I can’t answer the documentation question, but have you got firewall rules in place that might be disallowing this traffic?

There is no documentation yet
Just try these steps T6121: Extend config-sync for QoS and system options by sever-sever · Pull Request #3193 · vyos/vyos-1x · GitHub
And you do not need GraphQL
After configure config—sync you have to change anything in this section, then it will apply and on the secondary node.

1 Like

Awesome, thanks you two for the replies. I’ll double check my firewall rules and configurations according to that github link when I get back from work.

Appreciate it !

Hi all,

I’ve been able to test this out and I no longer receive an error after commits,

vyos@SP-C2# commit
INFO:vyos_config_sync:Config synchronization: Mode=load, Secondary=10.18.80.1
[edit]

However, on the secondary node the configuration changes do not apply.

vyos@SP-C2# show service config-sync 
 mode load
 secondary {
     address 10.18.80.1
     key Foo
 }
 section {
     nat
     protocols {
         ospf
     }
 }

Tried mode set & load, to no avail. The secondary router’s configuration is a simple HTTPS service configured the same as previously posted but I subtracted the graphql configuration.
I think I may try an earlier version of VyOS, as this is a rolling release image but I had previously built the 1.4 RC.

Both systems MUST be the same version
Works in my test

vyos@r4# set protocols ospf area 0 network 192.0.2.0/30
[edit]
vyos@r4# commit
INFO:vyos_config_sync:Config synchronization: Mode=load, Secondary=192.168.122.11
[edit]
vyos@r4# 

Check:

vyos@r4# ssh vyos@192.168.122.11
The authenticity of host '192.168.122.11 (192.168.122.11)' can't be established.
ED25519 key fingerprint is SHA256:6hhF9yKMdVC1DbbR0F5okaRRHd7qSsLImPj/XAnZe2c.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.122.11' (ED25519) to the list of known hosts.
vyos@192.168.122.11's password: 
Welcome to VyOS!

   ┌── ┐
   . VyOS 1.5-rolling-202404290019
   └ ──┘  current

 * Documentation:  https://docs.vyos.io/en/latest
 * Project news:   https://blog.vyos.io
 * Bug reports:    https://vyos.dev

You can change this banner using "set system login banner post-login" command.

VyOS is a free software distribution that includes multiple components,
you can check individual component licenses under /usr/share/doc/*/copyright
Last login: Tue Apr 30 12:28:19 2024 from 192.168.122.1

vyos@r1-right:~$ show conf com | match ospf
set protocols ospf area 0 network '192.0.2.0/30'
vyos@r1-right:~$ 

I removed my api key field in the https service then recreated it with a different ID, and afterwards it worked!

Thanks for the help y’all, I am super happy to have this feature.

2 Likes

It would be great if you could add simple documentation for others.

2 Likes

@Viacheslav et al. I’ll give it a go and put together the documentation.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.