Page MenuHomeVyOS Platform

Add VRF support to the add system image command
Closed, ResolvedPublicFEATURE REQUEST

Description

Hi,

I often find myself in the need for upgrading to the latest rolling release (e.g. to mitigate bugs or add new features). I often have setups where management (ssh, ntp) is in a VRF and the default VRF has no internet access. It would be very useful to be able to do "add system image http://10.1.2.3/vyos-rolling-xyz.iso vrf management" (or maybe place the vrf before the URL? I don't have a stron opinion on where to place it).

I think this should be quite easy to implement since it shouldn't take much more than adding something like "ip vrf exec {{ vrf }}" infront of the curl/wget.

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

@moepman can you check command?

curl --interface eth0 --url https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso --output  /home/vyos/vyos.iso

Where eth0 vrf interface...

It does work (eth0 is actually my management vrf interface) if I put the IP for downloads.vyos.io into my /etc/hosts (I guess using a vrf for outgoing DNS requests would be even trickier but this workaround is okay for me, especially since I have a local update mirror reachable via static IP):

vyos@vyos1:~$ grep vyos.io /etc/hosts
185.144.208.249         downloads.vyos.io
vyos@vyos1:~$ curl --interface eth0 --url https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso --output  /home/vyos/vyos.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  317M  100  317M    0     0  30.0M      0  0:00:10  0:00:10 --:--:-- 33.1M

@moepman can you please try if the change introduced in T2651 is already sufficient for your usecase?

https://docs.vyos.io/en/latest/system/options.html#http-client

EveNG lab tests have shown its not working as expected (yet)

@moepman

When connected via SSH to the router in question every command is run inside the VRF, thus a regular add system image will already run in the VRF. Nevertheless it would make sense to execute the command from another VRF.

c-po changed the task status from Open to In progress.Aug 1 2020, 12:07 PM
c-po triaged this task as Low priority.
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.

@moepman please checkout the next rolling ISO - at least it works as expected in my LAB

$ add system image <URL> vrf <VRFNAME>

Works fine on latest rolling, thx!

erkin set Issue type to Feature (new functionality).Aug 29 2021, 1:54 PM
erkin removed a subscriber: Active contributors.