Simplify and Standardize Network Provisioning with VyOS Template

Talks
1

Hello, VyOS Community!

Knowledge is power! :brain:Join me on an exciting learning journey as I dive deeper into the world of VyOS and networking. In my previous post (link: VyOS Configuration Tips for Enhancing Network Security), I mentioned my enthusiasm for exploring VyOS configuration tips and enhancing network security. Today, I have some quick and essential tips that will revolutionize your network deployment.

VyOS template for Network Deployment are a game-changer, simplifying the process, enhancing efficiency, and ensuring consistent configurations across your network infrastructure. By leveraging VyOS templates, you can streamline the deployment of routers, firewalls, and other network devices, saving you valuable time and effort.

The power of VyOS templates lies in their ability to create reusable configurations that can be easily replicated and customized for different network environments. They enable you to maintain a standardized setup while the flexibility to cater to specific requirements.

Let’s explore some of the benefits of using VyOS templates:

  1. Standardization: Templates allow you to establish a consistent and uniform configuration across multiple VyOS instances or network devices. This ensures reliability and reduces the chances of human error during deployment.
  2. Time-Saving: With templates, you can create predefined configuration templates from common use cases. Instead of manually configuring each device, simply apply the template to rapidly provision and replicate settings across your network infrastructure.
  3. Flexibility: VyOS templates are customizable, enabling you to tailor configuration to specific requirements. You can modify and fine-tune the template parameters, such as IP addresses, port numbers, or security policies, as needed.

Now, let’s dive into how you can make the most of VyOS templates.

  1. Template Creation: Create a template file using VyOS configuration syntax. Define the desired settings, including firewall rules, NAT configurations, or VLAN assignments. Save the template file with a descriptive name for easy reference.
  2. Template Deployment: Apply the template to your VyOS devices using the “load template ” command. VyOS will automatically apply the configuration settings specified in the template to the device.
  3. Template Modifications: When adjustments or updates are needed, simply modify the template file. Once saved, reapply the template to the devices using the same “load template ” command. VyOS will apply the changes accordingly, ensuring consistency across the network.

By harnessing the power of the VyOS templates, you can say farewell to manual configurations and embrace rapid, error-free provisioning across your VyOS devices. I encourage you to leave a comment and share any additional tips you may have.

Best regards,
Joe

1 Like
2

Any documentation or examples on Template creation, or use online?

3

Hi @Vesalius,

I hope you are doing well. As a young buck in the world of VyOS, I’m still in the early stage of my learning journey. However, I have been diligently exploring forum posts and documentation specifically related to templates.

Here are a few resources I have been looking at:

  1. The VyOS CLI — VyOS 1.2.x (crux) documentation
  2. Running on GNS3 — VyOS 1.3.x (equuleus) documentation
  3. GitHub - vyos/vyatta-netflow: Vyatta netflow config & op templates/scripts

As I continue to explore and deepen my understanding of VyOS, I am considering adding this to my list of KB articles that I contribute. I believe it would be a valuable addition to the knowledge base articles.

Cheers,
Joe

4

I am working at the moment for an rework of our vyos instances.
My Issue at the moment is, convert set commands into the config syntax without loading in to a running vyos. Convert config in to set command works offline, see my old post

My Template Script
I will share my knowledge at this point. feel free to use it
the goal is one template file that generates each config file to setup 2 node ha vyos


bash myscript.sh <floatingip> <networkid>

#!/bin/bash

script_dir=$(dirname "$0")
floatingip=$1
networkid=$2
static_config_file="$script_dir/static_config.txt"

generate_config() {
    local alpha=$1
    local beta
    local status
    local hostname="vyosrouter-$(printf "%02d" $alpha)"

    if [ $alpha -eq 2 ]; then
        beta=$((alpha + 1))
        status="primary"
    else
        beta=$((alpha - 1))
        status="secondary"
    fi

    ALPHA=$alpha BETA=$beta STATUS=$status FLOATINGIP=$floatingip NETWORKID=$networkid envsubst < "$script_dir/VYOS/config.boot.tmpl" > "$script_dir/config$alpha" 2>/dev/null

    echo "$alpha - $beta - $status" > "$script_dir/results$alpha.txt"
    cat "$script_dir/config$alpha" >> "$script_dir/results$alpha.txt"
}

# Check if both floatingip and networkid are provided
if [ $# -lt 2 ]; then
    echo "Usage: bash myscript.sh <floatingip> <networkid>"
    exit 1
fi

for alpha in {1..2}; do
    generate_config $alpha
done

# Add static config snippets to the generated configuration files
for alpha in {1..2}; do
    cat "$static_config_file" >> "$script_dir/config$alpha"
done

create folder called VYOS and put the file config.boot.tmpl into it

  - set high-availability vrrp group Private address ${NETWORKID}.1/24
  - set high-availability vrrp group Private description 'Gateway sync'
  - set high-availability vrrp group Private interface 'eth1'
  - set high-availability vrrp group Private vrid '10'
  - set high-availability vrrp group Public address ${FLOATINGIP}/24
  - set high-availability vrrp group Public interface 'eth0'
  - set high-availability vrrp group Public vrid '20'
  - set high-availability vrrp sync-group sync member 'Private'
  - set high-availability vrrp sync-group sync member 'Public'
  - set interfaces ethernet eth0 address 'dhcp'
  - set interfaces ethernet eth0 description 'OUTSIDE'
  - set interfaces ethernet eth1 address '${NETWORKID}.${ALPHA}/24'
  - set interfaces ethernet eth1 description 'INSIDE'
  - set nat source rule 100 outbound-interface 'eth0'
  - set nat source rule 100 source address '${NETWORKID}.0/24'
  - set nat source rule 100 translation address ${FLOATINGIP}
  - set service conntrack-sync accept-protocol 'tcp'
  - set service conntrack-sync accept-protocol 'udp'
  - set service conntrack-sync accept-protocol 'icmp'
  - set service conntrack-sync event-listen-queue-size '8'
  - set service conntrack-sync failover-mechanism vrrp sync-group 'sync'
  - set service conntrack-sync interface eth1
  - set service conntrack-sync mcast-group '224.0.0.60'
  - set service conntrack-sync sync-queue-size '8'
  - set service dhcp-server failover name 'internal-network'
  - set service dhcp-server failover remote '${NETWORKID}.${BETA}'
  - set service dhcp-server failover source-address '${NETWORKID}.${ALPHA}'
  - set service dhcp-server failover status '${STATUS}'
  - set system host-name 'vyosrouter-${ALPHA}'
  - set service dhcp-server shared-network-name LAN authoritative
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} default-router '${NETWORKID}.1'
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-name 'internal-network'
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-search 'fr.example.com'
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-search 'sig.fr.example.com' 
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-search 'txt.fr.example.com'
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-search 'example.com'
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} enable-failover
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} lease '900'
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} name-server '${NETWORKID}.1'
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} range 0 start '${NETWORKID}.20'
  - set service dhcp-server shared-network-name LAN subnet ${NETWORKID} range 0 stop '${NETWORKID}.254'
  - set service dns forwarding listen-address '${NETWORKID}.1'
  - set service dns forwarding allow-from '${NETWORKID}.0/24'
  - set service ntp allow-client address '${NETWORKID}.0/24'

static_config.txt that will be filled up with rules that will be the same on each vyos, that is only an example

set service snmp community test authorization 'ro'
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'

at the end you have two vyos config file ready to deploy

2 Likes
5

@tomcat667 This is great! :raised_hands: Thank you so much for offering to share your knowledge and expertise! I truly believe in the power of knowledge sharing and collaboration within our community, and your input plays a vital role in its success. Thank you again!!! :pray: :bowing_man: