Working with configuration

Configuration basics

Terminology

Several versions of system configuration information exist on the system at a given time.

  • Active or “running” configuration

    • This configuration is the one that is loaded and being used by the system.

  • Candidate configuration

    • When you enter configuration mode and make configuration changes, changes remain in candidate configuration until you commit the changes, at which time the configuration becomes active or running.

Configuration hierarchy

DANOS vRouter configuration is organized as a hierarchy of configuration statements, with a hierarchical tree of nodes similar to the directory structure on a UNIX file system. Three kinds of statements exist:

  • Configuration nodes. These nodes can be either

    • Single-nodes (just one instance can be created; for example, the service ssh timeout)

    • Multi-nodes (more than one instance can be created; for example, service ssh port)

  • Attribute statements. These statements set the values or characteristics for parameters within a node.

You can tell where you are in the configuration tree by the [edit] prompt, which is context sensitive.

At the top of the configuration tree, the [edit] prompt looks like this:
[edit]
When you are in another location, the edit prompt indicates your location by showing the node hierarchy in order, like this:
[edit service ssh]

The following commands for navigating in configuration mode are available:

  • edit config-node

    • Navigates to the specified configuration node for editing.

    • The node must already be created the configuration committed.

  • exit

    • Jumps to the top of the configuration tree.

    • If you are already at the top of the configuration tree, exit from configuration mode and return to operational mode.

  • top

    • Jumps to the top of the configuration tree.

  • up

    • Moves up one node in the configuration tree.

Viewing configuration in configuration mode

Use the show command in configuration mode to display configuration. You can restrict the display to a particular node by specifying the path to the node.

The following example shows how to display configuration for all configured interfaces.

1 2 3 4 5 6 7 8 9 10 11 vyatta@R1# show interfaces interfaces { dataplane dp0p1s1 { address 10.10.1.1/24 mac 00:13:46:e6:f6:87 } dataplane dp0s2 { address dhcp } loopback lo }

 

The following example shows how to display configuration for only the dp0p1s1 dataplane interface.

1 2 3 4 5 vyatta@R1# show interfaces dataplane dp0p1s1 dataplane dp0p1s1 { address 10.10.1.1/24 mac 00:13:46:e6:f6:87 }


When the display is too large for one screen, the display stops after one screen is shown. In this case, press one of the following keys to perform the indicated action.

  • <Enter> to display the next line

  • <Space> to display the next screen

  • <q> to interrupt the display and return to the command prompt

Viewing configuration in operational mode

You can display configuration information without leaving operational mode by using the show configuration command, as in the following example.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 vyatta@R1:~$ show configuration interfaces { dataplane dp0p1s1 { address 10.10.1.1/24 hw-id 00:13:46:e6:f6:87 } dataplane dp0s2 { address dhcp } loopback lo } service { netconf ssh { port 22 port 830 } telnet }

Changing configuration information

Adding or modifying the configuration

Add new configuration by creating a configuration node by using the set command in configuration mode. Modify existing configuration by using the set command in configuration mode, as in the following example.

 

1 2 vyatta@R1# set interfaces dataplane dp0p1s1 address 192.168.1.100/24 vyatta@R1#

 

Then use the show command to see the change.

1 2 3 4 vyatta@R1# show interfaces dataplane dp0p1s1 +address 192.168.1.100/24 mac 00:13:46:e6:f6:87 vyatta@R1#

 

Notice the plus sign (+) in front of the new statement. This + shows that this statement has been added to the configuration, but the change is not yet committed. The change does not take effect until the configuration is committed by using the commit command.


Another option is to use the compare command to see the change.

1 2 3 4 vyatta@R1# compare [edit interfaces dataplane dp0p1s1] +address 192.168.1.100/24 vyatta@R1#

 

You can change the configuration from the root of the configuration tree or use the edit command to navigate to the part of the tree where you want to modify or add a configuration.

The configuration tree is nearly empty when you first startup, except for a few automatically configured nodes. You must create a node for any functionality you want to configure on the system. When a node is created, any default values that exist for its attributes are applied to the node.

Deleting configuration

Use the delete command to delete a configuration statement or a complete configuration node, as in the following example.

vyatta@R1# delete interfaces dataplane dp0p1s1address 192.168.1.100/24
Then use the show command to see the change.

 

1 2 3 4 vyatta@R1# show interfaces dataplane dp0p1s1 -address 192.168.1.100/24 mac 00:13:46:e6:f6:87 vyatta@R1#


Notice the minus sign (-) in front of the deleted statement. This - shows that this statement has been deleted from the configuration, but the change is not yet committed. The change does not take effect until configuration is committed by using the commit command.
Another option is to use the compare command to see the change.

 

1 2 3 4 vyatta@R1# compare [edit interfaces dataplane dp0p1s1] -address 192.168.1.100/24 vyatta@R1#

 

Some configuration nodes are mandatory; these nodes cannot be deleted. Some configuration nodes are mandatory but have default values; if you delete one of these nodes, the default value is restored.

Committing configuration changes

In a DANOS vRouter, configuration changes do not take effect until you commit them by using the commit command.

vyatta@R1# commit
A line that contains uncommitted changes is flagged as follows:

  • > to indicate the line has been modified

  • + to indicate the line has been added

  • - to indicate the line has been deleted

After you commit the changes, the flag disappears, as in the following example.

 

1 2 3 4 5 6 7 vyatta@R1# show interfaces dataplane dp0p1s1 -address 192.168.1.100/24 mac 00:13:46:e6:f6:87 vyatta@R1# commit vyatta@R1# show interfaces dataplane dp0p1s1 mac 00:13:46:e6:f6:87 vyatta@R1#

When you commit changes in the configuration mode, the changes are saved to the startup configuration. As a result, the changes are preserved even after a reboot.

If your login username is not a member of the "secrets" login user group and you either save a configuration through the REST API or use the save command, the encrypted passwords in the configuration file are replaced with the ******** placeholder. If you load this configuration, the replaced password fields trigger validation errors because the placeholder does not match the format for an encrypted password. Do not commit this configuration. If you ignore the error message
and perform a commit with this invalid configuration, the passwords are deleted.

Discarding configuration changes

You cannot exit from configuration mode with uncommitted configuration changes; you must either commit the changes or discard them. If you do not want to commit the changes, you can discard them by using the exit discard command.

 

1 2 3 4 5 vyatta@R1# exit Cannot exit: configuration modified. Use 'exit discard' to discard the changes and exit. vyatta@R1# exit discard vyatta@R1:~$

Managing system configuration

Saving the running configuration

You can save the configuration to file for your own use; for example copying to another device, by using the save <filename> command in configuration mode.

The running configuration is saved automatically when you enter commit or commit-confirm. Entering the save command without a filename has no effect.

You can also save a configuration file to a location path other than the standard configuration directory by specifying a different path. You can save the configuration to a location specivied as ftp, http, scp or tftp.

The save command writes only committed changes. If you try to save uncommitted changes, the system warns you that it is saving only the committed changes.

Loading a saved configuration

To load a previously saved configuration, use the load command in configuration mode. By default, the system reads the file from the /config configuration directory.

A loaded configuration then needs to be committed to become the active configuration.

Merging saved and running configurations

You can merge a saved configuration with the active (running) configuration by using the merge command.

The merger adds new configuration entries and applies any modifications to existing active entries to produce a new working configuration. This merged configuration must be committed before it becomes the active configuration.

Configuration can be loaded from a hard disk (including a Flash disk or USB device), a TFTP server, an FTP server, an SCP server, or an HTTP server. Note that you cannot load an empty configuration file; the configuration file must contain at least one configuration node.

Rolling back to a previous version

You can roll back system configuration to any archived version by using the rollback command.

To see a list of available configuration file revisions, use the show system commit command in operational mode.

Archiving configuration versions on commit

The system automatically archives the configuration whenever you commit a configuration change. Previous versions of the configuration are saved in the /config/archive directory, with a file name config.boot.<n>.gz.

By default, the system maintains 20 versions of configuration in the archive. You can change the number of versions maintained in the archive by using the system config-management commit-revisions command.

You can also direct the system to save configuration versions to a remote location whenever the configuration is committed by using the system config-management commit-archive archive command. FTP, SCP, and TFTP destinations are supported.

Comparing configuration versions

You can compare two versions of configuration by using the show system commit and compare commands.

  • Configuration Commands

    • compare

      • Difference between the working and active configuration.

    • compare n

      • Difference between the working configuration and revision n.

    • compare n m

      • Difference between revision n and revision m.

  • Operational Commands

    • show system commit

      • Summary of commits.

    • show system commit file n

      • Full configuration at revision n.

    • show system commit file n compare m

      • Difference between revision n and revision m.

    • show system commit diff n

      • What changed in a given commit (between revision n and revision n +1). This command is equivalent to the show system file n compare n +1 command.