VyOS file upload, management and templating

[thinkl33t]

SUMMARY

We have occasional need to upload files, create directories, and template files onto our vyos servers. Currently we're using an unholy mixture of net_put, templating on the local machine, and vyos_command of linux commandlines to do this.

There are issues with this however - when a file (in our case an openssh vpn certificate) is net_put into place it ends up only owned by the user who created it, and once the VPN is restarted the openvpn process itself takes ownership. This means that this file can't be managed or changed by other administrators. The only way we've come up with to work around this is via net_put into /tmp/ then use vyos_command to copy the file into place. Obviously this isn't idempotent.

We also use a similar process to template a file (in this case openvpn LDAP configuration), initially templating it to /tmp on the user's machine, then uploading it. This has the same issue as the previous paragraph, in that permissions of net_put files are set to the uploading user, with no option to change that.

tl;dr: We'd like to have idempotent, vyos-compatible versions of the following modules, which can use sudo to write to files that require it. We can't use these modules directly as they don't work over network_cli connection method, and end up running on the local host instead.

• template
• file
• copy

ISSUE TYPE

• Feature Idea

COMPONENT NAME

vyos.vyos.template, vyos.vyos.copy, vyos.vyos.file

ADDITIONAL INFORMATION

vyos.vyos.file:
  name: "/config/auth/{{ single_network.key }}/"
  owner: openvpn
  group: openvpn
  mode: 0600
become: true

vyos.vyos.template:
  src: ldap_auth.config.j2
  dest: "/config/auth/{{ single_network.key }}/ldap-auth.config"
  owner: openvpn
  group: openvpn
  mode: 0664
become: true

vyos.vyos.copy:
  src: "{{ inventory_hostname }}.pem"
  dest: "/config/auth/{{ single_network.key }}/{{ inventory_hostname.pem }}"
  owner: openvpn
  group: openvpn
  mode: 0600
become: true