Page MenuHomeVyOS Platform

Add VRF support to the add system image command
Closed, ResolvedPublicFEATURE REQUEST

Description

Hi,

I often find myself in the need for upgrading to the latest rolling release (e.g. to mitigate bugs or add new features). I often have setups where management (ssh, ntp) is in a VRF and the default VRF has no internet access. It would be very useful to be able to do "add system image http://10.1.2.3/vyos-rolling-xyz.iso vrf management" (or maybe place the vrf before the URL? I don't have a stron opinion on where to place it).

I think this should be quite easy to implement since it shouldn't take much more than adding something like "ip vrf exec {{ vrf }}" infront of the curl/wget.

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

moepman created this task.Mon, Jul 6, 4:23 PM

@moepman can you check command?

curl --interface eth0 --url https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso --output  /home/vyos/vyos.iso

Where eth0 vrf interface...

It does work (eth0 is actually my management vrf interface) if I put the IP for downloads.vyos.io into my /etc/hosts (I guess using a vrf for outgoing DNS requests would be even trickier but this workaround is okay for me, especially since I have a local update mirror reachable via static IP):

vyos@vyos1:~$ grep vyos.io /etc/hosts
185.144.208.249         downloads.vyos.io
vyos@vyos1:~$ curl --interface eth0 --url https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso --output  /home/vyos/vyos.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  317M  100  317M    0     0  30.0M      0  0:00:10  0:00:10 --:--:-- 33.1M
c-po added a subscriber: c-po.Tue, Jul 7, 5:11 PM

This somehow relates to T2651

pasik added a subscriber: pasik.Wed, Jul 8, 10:11 AM
c-po claimed this task.Sun, Jul 12, 4:30 PM
c-po added a comment.EditedWed, Jul 15, 7:00 PM

@moepman can you please try if the change introduced in T2651 is already sufficient for your usecase?

https://docs.vyos.io/en/latest/system/options.html#http-client

c-po added a comment.Mon, Jul 27, 3:34 PM

EveNG lab tests have shown its not working as expected (yet)

c-po added a comment.Sat, Aug 1, 9:40 AM

@moepman

When connected via SSH to the router in question every command is run inside the VRF, thus a regular add system image will already run in the VRF. Nevertheless it would make sense to execute the command from another VRF.

c-po changed the task status from Open to In progress.Sat, Aug 1, 12:07 PM
c-po triaged this task as Low priority.
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
c-po added a comment.Sat, Aug 1, 12:31 PM

@moepman please checkout the next rolling ISO - at least it works as expected in my LAB

$ add system image <URL> vrf <VRFNAME>

c-po closed this task as Resolved.Sat, Aug 1, 12:31 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Mon, Aug 3, 2:14 PM

Works fine on latest rolling, thx!