I am working at the moment for an rework of our vyos instances.
My Issue at the moment is, convert set commands into the config syntax without loading in to a running vyos. Convert config in to set command works offline, see my old post
My Template Script
I will share my knowledge at this point. feel free to use it
the goal is one template file that generates each config file to setup 2 node ha vyos
bash myscript.sh <floatingip> <networkid>
#!/bin/bash
script_dir=$(dirname "$0")
floatingip=$1
networkid=$2
static_config_file="$script_dir/static_config.txt"
generate_config() {
local alpha=$1
local beta
local status
local hostname="vyosrouter-$(printf "%02d" $alpha)"
if [ $alpha -eq 2 ]; then
beta=$((alpha + 1))
status="primary"
else
beta=$((alpha - 1))
status="secondary"
fi
ALPHA=$alpha BETA=$beta STATUS=$status FLOATINGIP=$floatingip NETWORKID=$networkid envsubst < "$script_dir/VYOS/config.boot.tmpl" > "$script_dir/config$alpha" 2>/dev/null
echo "$alpha - $beta - $status" > "$script_dir/results$alpha.txt"
cat "$script_dir/config$alpha" >> "$script_dir/results$alpha.txt"
}
# Check if both floatingip and networkid are provided
if [ $# -lt 2 ]; then
echo "Usage: bash myscript.sh <floatingip> <networkid>"
exit 1
fi
for alpha in {1..2}; do
generate_config $alpha
done
# Add static config snippets to the generated configuration files
for alpha in {1..2}; do
cat "$static_config_file" >> "$script_dir/config$alpha"
done
create folder called VYOS and put the file config.boot.tmpl into it
- set high-availability vrrp group Private address ${NETWORKID}.1/24
- set high-availability vrrp group Private description 'Gateway sync'
- set high-availability vrrp group Private interface 'eth1'
- set high-availability vrrp group Private vrid '10'
- set high-availability vrrp group Public address ${FLOATINGIP}/24
- set high-availability vrrp group Public interface 'eth0'
- set high-availability vrrp group Public vrid '20'
- set high-availability vrrp sync-group sync member 'Private'
- set high-availability vrrp sync-group sync member 'Public'
- set interfaces ethernet eth0 address 'dhcp'
- set interfaces ethernet eth0 description 'OUTSIDE'
- set interfaces ethernet eth1 address '${NETWORKID}.${ALPHA}/24'
- set interfaces ethernet eth1 description 'INSIDE'
- set nat source rule 100 outbound-interface 'eth0'
- set nat source rule 100 source address '${NETWORKID}.0/24'
- set nat source rule 100 translation address ${FLOATINGIP}
- set service conntrack-sync accept-protocol 'tcp'
- set service conntrack-sync accept-protocol 'udp'
- set service conntrack-sync accept-protocol 'icmp'
- set service conntrack-sync event-listen-queue-size '8'
- set service conntrack-sync failover-mechanism vrrp sync-group 'sync'
- set service conntrack-sync interface eth1
- set service conntrack-sync mcast-group '224.0.0.60'
- set service conntrack-sync sync-queue-size '8'
- set service dhcp-server failover name 'internal-network'
- set service dhcp-server failover remote '${NETWORKID}.${BETA}'
- set service dhcp-server failover source-address '${NETWORKID}.${ALPHA}'
- set service dhcp-server failover status '${STATUS}'
- set system host-name 'vyosrouter-${ALPHA}'
- set service dhcp-server shared-network-name LAN authoritative
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} default-router '${NETWORKID}.1'
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-name 'internal-network'
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-search 'fr.example.com'
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-search 'sig.fr.example.com'
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-search 'txt.fr.example.com'
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} domain-search 'example.com'
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} enable-failover
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} lease '900'
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} name-server '${NETWORKID}.1'
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} range 0 start '${NETWORKID}.20'
- set service dhcp-server shared-network-name LAN subnet ${NETWORKID} range 0 stop '${NETWORKID}.254'
- set service dns forwarding listen-address '${NETWORKID}.1'
- set service dns forwarding allow-from '${NETWORKID}.0/24'
- set service ntp allow-client address '${NETWORKID}.0/24'
static_config.txt that will be filled up with rules that will be the same on each vyos, that is only an example
set service snmp community test authorization 'ro'
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
at the end you have two vyos config file ready to deploy