3 # Copyright (C) 2014 Cumulus Networks, Inc.
5 # This file is part of Frr.
7 # Frr is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2, or (at your option) any
12 # Frr is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 # General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Frr; see the file COPYING. If not, write to the Free
19 # Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
24 - reads a frr configuration text file
25 - reads frr's current running configuration via "vtysh -c 'show running'"
26 - compares the two configs and determines what commands to execute to
27 synchronize frr's running configuration with the configuation in the
31 from __future__
import print_function
, unicode_literals
41 from collections
import OrderedDict
44 from ipaddress
import IPv6Address
, ip_network
46 from ipaddr
import IPv6Address
, IPNetwork
47 from pprint
import pformat
51 except AttributeError:
54 return iter(d
.items())
63 log
= logging
.getLogger(__name__
)
66 class VtyshException(Exception):
71 def __init__(self
, bindir
=None, confdir
=None, sockdir
=None, pathspace
=None):
73 self
.confdir
= confdir
74 self
.pathspace
= pathspace
75 self
.common_args
= [os
.path
.join(bindir
or "", "vtysh")]
77 self
.common_args
.extend(["--config_dir", confdir
])
79 self
.common_args
.extend(["--vty_socket", sockdir
])
81 self
.common_args
.extend(["-N", pathspace
])
83 def _call(self
, args
, stdin
=None, stdout
=None, stderr
=None):
86 kwargs
["stdin"] = stdin
87 if stdout
is not None:
88 kwargs
["stdout"] = stdout
89 if stderr
is not None:
90 kwargs
["stderr"] = stderr
91 return subprocess
.Popen(self
.common_args
+ args
, **kwargs
)
93 def _call_cmd(self
, command
, stdin
=None, stdout
=None, stderr
=None):
94 if isinstance(command
, list):
95 args
= [item
for sub
in command
for item
in ["-c", sub
]]
97 args
= ["-c", command
]
98 return self
._call
(args
, stdin
, stdout
, stderr
)
100 def __call__(self
, command
, stdouts
=None):
102 Call a CLI command (e.g. "show running-config")
104 Output text is automatically redirected, decoded and returned.
105 Multiple commands may be passed as list.
107 proc
= self
._call
_cmd
(command
, stdout
=subprocess
.PIPE
)
108 stdout
, stderr
= proc
.communicate()
110 if stdouts
is not None:
111 stdouts
.append(stdout
.decode("UTF-8"))
112 raise VtyshException(
113 'vtysh returned status %d for command "%s"' % (proc
.returncode
, command
)
115 return stdout
.decode("UTF-8")
117 def is_config_available(self
):
119 Return False if no frr daemon is running or some other vtysh session is
120 in 'configuration terminal' mode which will prevent us from making any
121 configuration changes.
124 output
= self("configure")
126 if "VTY configuration is locked by other VTY" in output
:
127 log
.error("vtysh 'configure' returned\n%s\n" % (output
))
132 def exec_file(self
, filename
):
133 child
= self
._call
(["-f", filename
])
134 if child
.wait() != 0:
135 raise VtyshException(
136 "vtysh (exec file) exited with status %d" % (child
.returncode
)
139 def mark_file(self
, filename
, stdin
=None):
141 ["-m", "-f", filename
],
142 stdout
=subprocess
.PIPE
,
143 stdin
=subprocess
.PIPE
,
144 stderr
=subprocess
.PIPE
,
147 stdout
, stderr
= child
.communicate()
148 except subprocess
.TimeoutExpired
:
150 stdout
, stderr
= child
.communicate()
151 raise VtyshException("vtysh call timed out!")
153 if child
.wait() != 0:
154 raise VtyshException(
155 "vtysh (mark file) exited with status %d:\n%s"
156 % (child
.returncode
, stderr
)
159 return stdout
.decode("UTF-8")
161 def mark_show_run(self
, daemon
=None):
162 cmd
= "show running-config"
164 cmd
+= " %s" % daemon
166 show_run
= self
._call
_cmd
(cmd
, stdout
=subprocess
.PIPE
)
168 ["-m", "-f", "-"], stdin
=show_run
.stdout
, stdout
=subprocess
.PIPE
172 stdout
, stderr
= mark
.communicate()
175 if show_run
.returncode
!= 0:
176 raise VtyshException(
177 "vtysh (show running-config) exited with status %d:"
178 % (show_run
.returncode
)
180 if mark
.returncode
!= 0:
181 raise VtyshException(
182 "vtysh (mark running-config) exited with status %d" % (mark
.returncode
)
185 return stdout
.decode("UTF-8")
188 class Context(object):
191 A Context object represents a section of frr configuration such as:
194 description swp3 -> r8's swp1
199 or a single line context object such as this:
205 def __init__(self
, keys
, lines
):
209 # Keep a dictionary of the lines, this is to make it easy to tell if a
210 # line exists in this Context
211 self
.dlines
= OrderedDict()
214 self
.dlines
[ligne
] = True
216 def add_lines(self
, lines
):
218 Add lines to specified context
221 self
.lines
.extend(lines
)
224 self
.dlines
[ligne
] = True
227 def get_normalized_es_id(line
):
229 The es-id or es-sys-mac need to be converted to lower case
231 sub_strs
= ["evpn mh es-id", "evpn mh es-sys-mac"]
232 for sub_str
in sub_strs
:
233 obj
= re
.match(sub_str
+ " (?P<esi>\S*)", line
)
235 line
= "%s %s" % (sub_str
, obj
.group("esi").lower())
240 def get_normalized_mac_ip_line(line
):
241 if line
.startswith("evpn mh es"):
242 return get_normalized_es_id(line
)
244 if not "ipv6 add" in line
:
245 return get_normalized_ipv6_line(line
)
250 class Config(object):
253 A frr configuration is stored in a Config object. A Config object
254 contains a dictionary of Context objects where the Context keys
255 ('router ospf' for example) are our dictionary key.
258 def __init__(self
, vtysh
):
260 self
.contexts
= OrderedDict()
263 def load_from_file(self
, filename
):
265 Read configuration from specified file and slurp it into internal memory
266 The internal representation has been marked appropriately by passing it
267 through vtysh with the -m parameter
269 log
.info("Loading Config object from file %s", filename
)
271 file_output
= self
.vtysh
.mark_file(filename
)
273 for line
in file_output
.split("\n"):
276 # Compress duplicate whitespaces
277 line
= " ".join(line
.split())
280 line
= get_normalized_mac_ip_line(line
)
283 vrf static routes can be added in two ways. The old way is:
285 "ip route x.x.x.x/x y.y.y.y vrf <vrfname>"
287 but it's rendered in the configuration as the new way::
290 ip route x.x.x.x/x y.y.y.y
293 this difference causes frr-reload to not consider them a
294 match and delete vrf static routes incorrectly.
295 fix the old way to match new "show running" output so a
296 proper match is found.
299 line
.startswith("ip route ") or line
.startswith("ipv6 route ")
300 ) and " vrf " in line
:
301 newline
= line
.split(" ")
302 vrf_index
= newline
.index("vrf")
303 vrf_ctx
= newline
[vrf_index
] + " " + newline
[vrf_index
+ 1]
304 del newline
[vrf_index
: vrf_index
+ 2]
305 newline
= " ".join(newline
)
306 self
.lines
.append(vrf_ctx
)
307 self
.lines
.append(newline
)
308 self
.lines
.append("exit-vrf")
311 self
.lines
.append(line
)
315 def load_from_show_running(self
, daemon
):
317 Read running configuration and slurp it into internal memory
318 The internal representation has been marked appropriately by passing it
319 through vtysh with the -m parameter
321 log
.info("Loading Config object from vtysh show running")
323 config_text
= self
.vtysh
.mark_show_run(daemon
)
325 for line
in config_text
.split("\n"):
329 line
== "Building configuration..."
330 or line
== "Current configuration:"
335 self
.lines
.append(line
)
341 Return the lines read in from the configuration
344 return "\n".join(self
.lines
)
346 def get_contexts(self
):
348 Return the parsed context as strings for display, log etc.
351 for (_
, ctx
) in sorted(iteritems(self
.contexts
)):
352 print(str(ctx
) + "\n")
354 def save_contexts(self
, key
, lines
):
356 Save the provided key and lines as a context
363 IP addresses specified in "network" statements, "ip prefix-lists"
364 etc. can differ in the host part of the specification the user
365 provides and what the running config displays. For example, user
366 can specify 11.1.1.1/24, and the running config displays this as
367 11.1.1.0/24. Ensure we don't do a needless operation for such
368 lines. IS-IS & OSPFv3 have no "network" support.
370 re_key_rt
= re
.match(r
"(ip|ipv6)\s+route\s+([A-Fa-f:.0-9/]+)(.*)$", key
[0])
372 addr
= re_key_rt
.group(2)
375 if "ipaddress" not in sys
.modules
:
376 newaddr
= IPNetwork(addr
)
377 key
[0] = "%s route %s/%s%s" % (
384 newaddr
= ip_network(addr
, strict
=False)
385 key
[0] = "%s route %s/%s%s" % (
387 str(newaddr
.network_address
),
394 re_key_rt
= re
.match(
395 r
"(ip|ipv6)\s+prefix-list(.*)(permit|deny)\s+([A-Fa-f:.0-9/]+)(.*)$", key
[0]
398 addr
= re_key_rt
.group(4)
401 if "ipaddress" not in sys
.modules
:
402 newaddr
= "%s/%s" % (
403 IPNetwork(addr
).network
,
404 IPNetwork(addr
).prefixlen
,
407 network_addr
= ip_network(addr
, strict
=False)
408 newaddr
= "%s/%s" % (
409 str(network_addr
.network_address
),
410 network_addr
.prefixlen
,
417 legestr
= re_key_rt
.group(5)
418 re_lege
= re
.search(r
"(.*)le\s+(\d+)\s+ge\s+(\d+)(.*)", legestr
)
420 legestr
= "%sge %s le %s%s" % (
427 key
[0] = "%s prefix-list%s%s %s%s" % (
435 if lines
and key
[0].startswith("router bgp"):
438 re_net
= re
.match(r
"network\s+([A-Fa-f:.0-9/]+)(.*)$", line
)
440 addr
= re_net
.group(1)
441 if "/" not in addr
and key
[0].startswith("router bgp"):
442 # This is most likely an error because with no
443 # prefixlen, BGP treats the prefixlen as 8
447 if "ipaddress" not in sys
.modules
:
448 newaddr
= IPNetwork(addr
)
449 line
= "network %s/%s %s" % (
455 network_addr
= ip_network(addr
, strict
=False)
456 line
= "network %s/%s %s" % (
457 str(network_addr
.network_address
),
458 network_addr
.prefixlen
,
461 newlines
.append(line
)
463 # Really this should be an error. Whats a network
464 # without an IP Address following it ?
465 newlines
.append(line
)
467 newlines
.append(line
)
471 More fixups in user specification and what running config shows.
472 "null0" in routes must be replaced by Null0.
475 key
[0].startswith("ip route")
476 or key
[0].startswith("ipv6 route")
477 and "null0" in key
[0]
479 key
[0] = re
.sub(r
"\s+null0(\s*$)", " Null0", key
[0])
482 Similar to above, but when the static is in a vrf, it turns into a
483 blackhole nexthop for both null0 and Null0. Fix it accordingly
485 if lines
and key
[0].startswith("vrf "):
488 if line
.startswith("ip route ") or line
.startswith("ipv6 route "):
490 line
= re
.sub(r
"\s+null0(\s*$)", " blackhole", line
)
491 elif "Null0" in line
:
492 line
= re
.sub(r
"\s+Null0(\s*$)", " blackhole", line
)
493 newlines
.append(line
)
495 newlines
.append(line
)
499 if tuple(key
) not in self
.contexts
:
500 ctx
= Context(tuple(key
), lines
)
501 self
.contexts
[tuple(key
)] = ctx
503 ctx
= self
.contexts
[tuple(key
)]
507 if tuple(key
) not in self
.contexts
:
508 ctx
= Context(tuple(key
), [])
509 self
.contexts
[tuple(key
)] = ctx
511 def load_contexts(self
):
513 Parse the configuration and create contexts for each appropriate block
516 current_context_lines
= []
520 The end of a context is flagged via the 'end' keyword:
529 bgp router-id 10.0.0.1
530 bgp log-neighbor-changes
531 no bgp default ipv4-unicast
532 neighbor EBGP peer-group
533 neighbor EBGP advertisement-interval 1
534 neighbor EBGP timers connect 10
535 neighbor 2001:40:1:4::6 remote-as 40
536 neighbor 2001:40:1:8::a remote-as 40
540 neighbor IBGPv6 activate
541 neighbor 2001:10::2 peer-group IBGPv6
542 neighbor 2001:10::3 peer-group IBGPv6
547 neighbor LEAF activate
551 route-target import 10.1.1.1:10100
552 route-target export 10.1.1.1:10100
558 ospf router-id 10.0.0.1
559 log-adjacency-changes detail
560 timers throttle spf 0 50 5000
565 # The code assumes that its working on the output from the "vtysh -m"
566 # command. That provides the appropriate markers to signify end of
567 # a context. This routine uses that to build the contexts for the
570 # There are single line contexts such as "log file /media/node/zebra.log"
571 # and multi-line contexts such as "router ospf" and subcontexts
572 # within a context such as "address-family" within "router bgp"
573 # In each of these cases, the first line of the context becomes the
574 # key of the context. So "router bgp 10" is the key for the non-address
575 # family part of bgp, "router bgp 10, address-family ipv6 unicast" is
576 # the key for the subcontext and so on.
581 # the keywords that we know are single line contexts. bgp in this case
582 # is not the main router bgp block, but enabling multi-instance
583 oneline_ctx_keywords
= (
586 "allow-external-route-update",
611 "vrrp autoconfigure",
615 for line
in self
.lines
:
620 if line
.startswith("!") or line
.startswith("#"):
625 and ctx_keys
[0].startswith("bfd")
626 and ctx_keys
[1].startswith("profile ")
629 log
.debug("LINE %-50s: popping from sub context, %-50s", line
, ctx_keys
)
632 self
.save_contexts(ctx_keys
, current_context_lines
)
633 ctx_keys
= copy
.deepcopy(main_ctx_key
)
634 current_context_lines
= []
638 # there is one exception though: ldpd accepts a 'router-id' clause
639 # as part of its 'mpls ldp' config context. If we are processing
640 # ldp configuration and encounter a router-id we should NOT switch
644 and any(line
.startswith(keyword
) for keyword
in oneline_ctx_keywords
)
647 and ctx_keys
[0].startswith("mpls ldp")
648 and line
.startswith("router-id ")
651 self
.save_contexts(ctx_keys
, current_context_lines
)
653 # Start a new context
658 current_context_lines
= []
660 log
.debug("LINE %-50s: entering new context, %-50s", line
, ctx_keys
)
661 self
.save_contexts(ctx_keys
, current_context_lines
)
665 self
.save_contexts(ctx_keys
, current_context_lines
)
666 log
.debug("LINE %-50s: exiting old context, %-50s", line
, ctx_keys
)
668 # Start a new context
672 current_context_lines
= []
674 elif line
== "exit" and ctx_keys
[0].startswith("rpki"):
675 self
.save_contexts(ctx_keys
, current_context_lines
)
676 log
.debug("LINE %-50s: exiting old context, %-50s", line
, ctx_keys
)
678 # Start a new context
682 current_context_lines
= []
684 elif line
== "exit-vrf":
685 self
.save_contexts(ctx_keys
, current_context_lines
)
686 current_context_lines
.append(line
)
688 "LINE %-50s: append to current_context_lines, %-50s", line
, ctx_keys
691 # Start a new context
695 current_context_lines
= []
699 and len(ctx_keys
) > 1
700 and ctx_keys
[0].startswith("segment-routing")
702 self
.save_contexts(ctx_keys
, current_context_lines
)
704 # Start a new context
705 ctx_keys
= ctx_keys
[:-1]
706 current_context_lines
= []
708 "LINE %-50s: popping segment routing sub-context to ctx%-50s",
713 elif line
in ["exit-address-family", "exit", "exit-vnc"]:
714 # if this exit is for address-family ipv4 unicast, ignore the pop
716 self
.save_contexts(ctx_keys
, current_context_lines
)
718 # Start a new context
719 ctx_keys
= copy
.deepcopy(main_ctx_key
)
720 current_context_lines
= []
722 "LINE %-50s: popping from subcontext to ctx%-50s",
727 elif line
in ["exit-vni", "exit-ldp-if"]:
729 self
.save_contexts(ctx_keys
, current_context_lines
)
731 # Start a new context
732 ctx_keys
= copy
.deepcopy(sub_main_ctx_key
)
733 current_context_lines
= []
735 "LINE %-50s: popping from sub-subcontext to ctx%-50s",
740 elif new_ctx
is True:
746 ctx_keys
= copy
.deepcopy(main_ctx_key
)
749 current_context_lines
= []
751 log
.debug("LINE %-50s: entering new context, %-50s", line
, ctx_keys
)
754 line
.startswith("address-family ")
755 or line
.startswith("vnc defaults")
756 or line
.startswith("vnc l2-group")
757 or line
.startswith("vnc nve-group")
758 or line
.startswith("peer")
759 or line
.startswith("key ")
760 or line
.startswith("member pseudowire")
764 # Save old context first
765 self
.save_contexts(ctx_keys
, current_context_lines
)
766 current_context_lines
= []
767 main_ctx_key
= copy
.deepcopy(ctx_keys
)
768 log
.debug("LINE %-50s: entering sub-context, append to ctx_keys", line
)
770 if line
== "address-family ipv6" and not ctx_keys
[0].startswith(
773 ctx_keys
.append("address-family ipv6 unicast")
774 elif line
== "address-family ipv4" and not ctx_keys
[0].startswith(
777 ctx_keys
.append("address-family ipv4 unicast")
778 elif line
== "address-family evpn":
779 ctx_keys
.append("address-family l2vpn evpn")
781 ctx_keys
.append(line
)
784 line
.startswith("vni ")
785 and len(ctx_keys
) == 2
786 and ctx_keys
[0].startswith("router bgp")
787 and ctx_keys
[1] == "address-family l2vpn evpn"
790 # Save old context first
791 self
.save_contexts(ctx_keys
, current_context_lines
)
792 current_context_lines
= []
793 sub_main_ctx_key
= copy
.deepcopy(ctx_keys
)
795 "LINE %-50s: entering sub-sub-context, append to ctx_keys", line
797 ctx_keys
.append(line
)
800 line
.startswith("interface ")
801 and len(ctx_keys
) == 2
802 and ctx_keys
[0].startswith("mpls ldp")
803 and ctx_keys
[1].startswith("address-family")
806 # Save old context first
807 self
.save_contexts(ctx_keys
, current_context_lines
)
808 current_context_lines
= []
809 sub_main_ctx_key
= copy
.deepcopy(ctx_keys
)
811 "LINE %-50s: entering sub-sub-context, append to ctx_keys", line
813 ctx_keys
.append(line
)
816 line
.startswith("traffic-eng")
817 and len(ctx_keys
) == 1
818 and ctx_keys
[0].startswith("segment-routing")
821 # Save old context first
822 self
.save_contexts(ctx_keys
, current_context_lines
)
823 current_context_lines
= []
825 "LINE %-50s: entering segment routing sub-context, append to ctx_keys",
828 ctx_keys
.append(line
)
831 line
.startswith("segment-list ")
832 and len(ctx_keys
) == 2
833 and ctx_keys
[0].startswith("segment-routing")
834 and ctx_keys
[1].startswith("traffic-eng")
837 # Save old context first
838 self
.save_contexts(ctx_keys
, current_context_lines
)
839 current_context_lines
= []
841 "LINE %-50s: entering segment routing sub-context, append to ctx_keys",
844 ctx_keys
.append(line
)
847 line
.startswith("policy ")
848 and len(ctx_keys
) == 2
849 and ctx_keys
[0].startswith("segment-routing")
850 and ctx_keys
[1].startswith("traffic-eng")
853 # Save old context first
854 self
.save_contexts(ctx_keys
, current_context_lines
)
855 current_context_lines
= []
857 "LINE %-50s: entering segment routing sub-context, append to ctx_keys",
860 ctx_keys
.append(line
)
863 line
.startswith("candidate-path ")
864 and line
.endswith(" dynamic")
865 and len(ctx_keys
) == 3
866 and ctx_keys
[0].startswith("segment-routing")
867 and ctx_keys
[1].startswith("traffic-eng")
868 and ctx_keys
[2].startswith("policy")
871 # Save old context first
872 self
.save_contexts(ctx_keys
, current_context_lines
)
873 current_context_lines
= []
874 main_ctx_key
= copy
.deepcopy(ctx_keys
)
876 "LINE %-50s: entering candidate-path sub-context, append to ctx_keys",
879 ctx_keys
.append(line
)
882 line
.startswith("pcep")
883 and len(ctx_keys
) == 2
884 and ctx_keys
[0].startswith("segment-routing")
885 and ctx_keys
[1].startswith("traffic-eng")
888 # Save old context first
889 self
.save_contexts(ctx_keys
, current_context_lines
)
890 current_context_lines
= []
891 main_ctx_key
= copy
.deepcopy(ctx_keys
)
893 "LINE %-50s: entering pcep sub-context, append to ctx_keys", line
895 ctx_keys
.append(line
)
898 line
.startswith("pce-config ")
899 and len(ctx_keys
) == 3
900 and ctx_keys
[0].startswith("segment-routing")
901 and ctx_keys
[1].startswith("traffic-eng")
902 and ctx_keys
[2].startswith("pcep")
905 # Save old context first
906 self
.save_contexts(ctx_keys
, current_context_lines
)
907 current_context_lines
= []
908 main_ctx_key
= copy
.deepcopy(ctx_keys
)
910 "LINE %-50s: entering pce-config sub-context, append to ctx_keys",
913 ctx_keys
.append(line
)
916 line
.startswith("pce ")
917 and len(ctx_keys
) == 3
918 and ctx_keys
[0].startswith("segment-routing")
919 and ctx_keys
[1].startswith("traffic-eng")
920 and ctx_keys
[2].startswith("pcep")
923 # Save old context first
924 self
.save_contexts(ctx_keys
, current_context_lines
)
925 current_context_lines
= []
926 main_ctx_key
= copy
.deepcopy(ctx_keys
)
928 "LINE %-50s: entering pce sub-context, append to ctx_keys", line
930 ctx_keys
.append(line
)
933 line
.startswith("pcc")
934 and len(ctx_keys
) == 3
935 and ctx_keys
[0].startswith("segment-routing")
936 and ctx_keys
[1].startswith("traffic-eng")
937 and ctx_keys
[2].startswith("pcep")
940 # Save old context first
941 self
.save_contexts(ctx_keys
, current_context_lines
)
942 current_context_lines
= []
943 main_ctx_key
= copy
.deepcopy(ctx_keys
)
945 "LINE %-50s: entering pcc sub-context, append to ctx_keys", line
947 ctx_keys
.append(line
)
950 line
.startswith("profile ")
951 and len(ctx_keys
) == 1
952 and ctx_keys
[0].startswith("bfd")
955 # Save old context first
956 self
.save_contexts(ctx_keys
, current_context_lines
)
957 current_context_lines
= []
958 main_ctx_key
= copy
.deepcopy(ctx_keys
)
960 "LINE %-50s: entering BFD profile sub-context, append to ctx_keys",
963 ctx_keys
.append(line
)
966 # Continuing in an existing context, add non-commented lines to it
967 current_context_lines
.append(line
)
969 "LINE %-50s: append to current_context_lines, %-50s", line
, ctx_keys
972 # Save the context of the last one
973 self
.save_contexts(ctx_keys
, current_context_lines
)
976 def lines_to_config(ctx_keys
, line
, delete
):
978 Return the command as it would appear in frr.conf
983 for (i
, ctx_key
) in enumerate(ctx_keys
):
984 cmd
.append(" " * i
+ ctx_key
)
987 indent
= len(ctx_keys
) * " "
989 # There are some commands that are on by default so their "no" form will be
990 # displayed in the config. "no bgp default ipv4-unicast" is one of these.
991 # If we need to remove this line we do so by adding "bgp default ipv4-unicast",
992 # not by doing a "no no bgp default ipv4-unicast"
994 if line
.startswith("no "):
995 cmd
.append("%s%s" % (indent
, line
[3:]))
997 cmd
.append("%sno %s" % (indent
, line
))
1000 cmd
.append(indent
+ line
)
1002 # If line is None then we are typically deleting an entire
1003 # context ('no router ospf' for example)
1005 for i
, ctx_key
in enumerate(ctx_keys
[:-1]):
1006 cmd
.append("%s%s" % (" " * i
, ctx_key
))
1008 # Only put the 'no' on the last sub-context
1010 if ctx_keys
[-1].startswith("no "):
1011 cmd
.append("%s%s" % (" " * (len(ctx_keys
) - 1), ctx_keys
[-1][3:]))
1013 cmd
.append("%sno %s" % (" " * (len(ctx_keys
) - 1), ctx_keys
[-1]))
1015 cmd
.append("%s%s" % (" " * (len(ctx_keys
) - 1), ctx_keys
[-1]))
1020 def get_normalized_ipv6_line(line
):
1022 Return a normalized IPv6 line as produced by frr,
1023 with all letters in lower case and trailing and leading
1024 zeros removed, and only the network portion present if
1025 the IPv6 word is a network
1028 words
= line
.split(" ")
1034 if "ipaddress" not in sys
.modules
:
1035 v6word
= IPNetwork(word
)
1036 norm_word
= "%s/%s" % (v6word
.network
, v6word
.prefixlen
)
1038 v6word
= ip_network(word
, strict
=False)
1039 norm_word
= "%s/%s" % (
1040 str(v6word
.network_address
),
1047 norm_word
= "%s" % IPv6Address(word
)
1052 norm_line
= norm_line
+ " " + norm_word
1054 return norm_line
.strip()
1057 def line_exist(lines
, target_ctx_keys
, target_line
, exact_match
=True):
1058 for (ctx_keys
, line
) in lines
:
1059 if ctx_keys
== target_ctx_keys
:
1061 if line
== target_line
:
1064 if line
.startswith(target_line
):
1069 def check_for_exit_vrf(lines_to_add
, lines_to_del
):
1071 # exit-vrf is a bit tricky. If the new config is missing it but we
1072 # have configs under a vrf, we need to add it at the end to do the
1073 # right context changes. If exit-vrf exists in both the running and
1074 # new config, we cannot delete it or it will break context changes.
1075 add_exit_vrf
= False
1078 for (ctx_keys
, line
) in lines_to_add
:
1079 if add_exit_vrf
== True:
1080 if ctx_keys
[0] != prior_ctx_key
:
1081 insert_key
= ((prior_ctx_key
),)
1082 lines_to_add
.insert(index
, ((insert_key
, "exit-vrf")))
1083 add_exit_vrf
= False
1085 if ctx_keys
[0].startswith("vrf") and line
:
1086 if line
!= "exit-vrf":
1088 prior_ctx_key
= ctx_keys
[0]
1090 add_exit_vrf
= False
1093 for (ctx_keys
, line
) in lines_to_del
:
1094 if line
== "exit-vrf":
1095 if line_exist(lines_to_add
, ctx_keys
, line
):
1096 lines_to_del
.remove((ctx_keys
, line
))
1098 return (lines_to_add
, lines_to_del
)
1102 This method handles deletion of bgp peer group config.
1103 The objective is to delete config lines related to peers
1104 associated with the peer-group and move the peer-group
1105 config line to the end of the lines_to_del list.
1109 def delete_move_lines(lines_to_add
, lines_to_del
):
1112 # Stores the lines to move to the end of the pending list.
1113 lines_to_del_to_del
= []
1114 # Stores the lines to move to end of the pending list.
1115 lines_to_del_to_app
= []
1116 found_pg_del_cmd
= False
1119 When "neighbor <pg_name> peer-group" under a bgp instance is removed,
1120 it also deletes the associated peer config. Any config line below no form of
1121 peer-group related to a peer are errored out as the peer no longer exists.
1122 To cleanup peer-group and associated peer(s) configs:
1123 - Remove all the peers config lines from the pending list (lines_to_del list).
1124 - Move peer-group deletion line to the end of the pending list, to allow
1125 removal of any of the peer-group specific configs.
1127 Create a dictionary of config context (i.e. router bgp vrf x).
1128 Under each context node, create a dictionary of a peer-group name.
1129 Append a peer associated to the peer-group into a list under a peer-group node.
1130 Remove all of the peer associated config lines from the pending list.
1131 Append peer-group deletion line to end of the pending list.
1134 neighbor underlay peer-group
1135 neighbor underlay remote-as external
1136 neighbor underlay advertisement-interval 0
1137 neighbor underlay timers 3 9
1138 neighbor underlay timers connect 10
1139 neighbor swp1 interface peer-group underlay
1140 neighbor swp1 advertisement-interval 0
1141 neighbor swp1 timers 3 9
1142 neighbor swp1 timers connect 10
1143 neighbor swp2 interface peer-group underlay
1144 neighbor swp2 advertisement-interval 0
1145 neighbor swp2 timers 3 9
1146 neighbor swp2 timers connect 10
1147 neighbor swp3 interface peer-group underlay
1148 neighbor uplink1 interface remote-as internal
1149 neighbor uplink1 advertisement-interval 0
1150 neighbor uplink1 timers 3 9
1151 neighbor uplink1 timers connect 10
1154 "router bgp 200 no bgp bestpath as-path multipath-relax"
1155 "router bgp 200 no neighbor underlay advertisement-interval 0"
1156 "router bgp 200 no neighbor underlay timers 3 9"
1157 "router bgp 200 no neighbor underlay timers connect 10"
1158 "router bgp 200 no neighbor uplink1 advertisement-interval 0"
1159 "router bgp 200 no neighbor uplink1 timers 3 9"
1160 "router bgp 200 no neighbor uplink1 timers connect 10"
1161 "router bgp 200 no neighbor underlay remote-as external"
1162 "router bgp 200 no neighbor uplink1 interface remote-as internal"
1163 "router bgp 200 no neighbor underlay peer-group"
1167 for (ctx_keys
, line
) in lines_to_del
:
1169 ctx_keys
[0].startswith("router bgp")
1171 and line
.startswith("neighbor ")
1174 When 'neighbor <peer> remote-as <>' is removed it deletes the peer,
1175 there might be a peer associated config which also needs to be removed
1177 Append the 'neighbor <peer> remote-as <>' to the lines_to_del.
1180 neighbor uplink1 interface remote-as internal
1181 neighbor uplink1 advertisement-interval 0
1182 neighbor uplink1 timers 3 9
1183 neighbor uplink1 timers connect 10
1186 neighbor uplink1 advertisement-interval 0
1187 neighbor uplink1 timers 3 9
1188 neighbor uplink1 timers connect 10
1191 neighbor uplink1 interface remote-as internal
1194 # 'no neighbor peer [interface] remote-as <>'
1195 nb_remoteas
= "neighbor (\S+) .*remote-as (\S+)"
1196 re_nb_remoteas
= re
.search(nb_remoteas
, line
)
1198 lines_to_del_to_app
.append((ctx_keys
, line
))
1201 {'router bgp 65001': {'PG': [], 'PG1': []},
1202 'router bgp 65001 vrf vrf1': {'PG': [], 'PG1': []}}
1204 if ctx_keys
[0] not in del_dict
:
1205 del_dict
[ctx_keys
[0]] = dict()
1206 # find 'no neighbor <pg_name> peer-group'
1207 re_pg
= re
.match("neighbor (\S+) peer-group$", line
)
1208 if re_pg
and re_pg
.group(1) not in del_dict
[ctx_keys
[0]]:
1209 del_dict
[ctx_keys
[0]][re_pg
.group(1)] = list()
1211 for (ctx_keys
, line
) in lines_to_del_to_app
:
1212 lines_to_del
.remove((ctx_keys
, line
))
1213 lines_to_del
.append((ctx_keys
, line
))
1215 if found_pg_del_cmd
== False:
1216 return (lines_to_add
, lines_to_del
)
1219 {'router bgp 65001': {'PG': ['10.1.1.2'], 'PG1': ['10.1.1.21']},
1220 'router bgp 65001 vrf vrf1': {'PG': ['10.1.1.2'], 'PG1': ['10.1.1.21']}}
1222 for (ctx_keys
, line
) in lines_to_del
:
1224 ctx_keys
[0].startswith("router bgp")
1226 and line
.startswith("neighbor ")
1228 if ctx_keys
[0] in del_dict
:
1229 for pg_key
in del_dict
[ctx_keys
[0]]:
1230 # 'neighbor <peer> [interface] peer-group <pg_name>'
1231 nb_pg
= "neighbor (\S+) .*peer-group %s$" % pg_key
1232 re_nbr_pg
= re
.search(nb_pg
, line
)
1235 and re_nbr_pg
.group(1) not in del_dict
[ctx_keys
[0]][pg_key
]
1237 del_dict
[ctx_keys
[0]][pg_key
].append(re_nbr_pg
.group(1))
1239 lines_to_del_to_app
= []
1240 for (ctx_keys
, line
) in lines_to_del
:
1242 ctx_keys
[0].startswith("router bgp")
1244 and line
.startswith("neighbor ")
1246 if ctx_keys
[0] in del_dict
:
1247 for pg
in del_dict
[ctx_keys
[0]]:
1248 for nbr
in del_dict
[ctx_keys
[0]][pg
]:
1249 nb_exp
= "neighbor %s .*" % nbr
1250 re_nb
= re
.search(nb_exp
, line
)
1251 # add peer configs to delete list.
1252 if re_nb
and line
not in lines_to_del_to_del
:
1253 lines_to_del_to_del
.append((ctx_keys
, line
))
1255 pg_exp
= "neighbor %s peer-group$" % pg
1256 re_pg
= re
.match(pg_exp
, line
)
1258 lines_to_del_to_app
.append((ctx_keys
, line
))
1260 for (ctx_keys
, line
) in lines_to_del_to_del
:
1261 lines_to_del
.remove((ctx_keys
, line
))
1263 for (ctx_keys
, line
) in lines_to_del_to_app
:
1264 lines_to_del
.remove((ctx_keys
, line
))
1265 lines_to_del
.append((ctx_keys
, line
))
1267 return (lines_to_add
, lines_to_del
)
1270 def ignore_delete_re_add_lines(lines_to_add
, lines_to_del
):
1272 # Quite possibly the most confusing (while accurate) variable names in history
1273 lines_to_add_to_del
= []
1274 lines_to_del_to_del
= []
1276 for (ctx_keys
, line
) in lines_to_del
:
1279 # If there is a change in the segment routing block ranges, do it
1280 # in-place, to avoid requesting spurious label chunks which might fail
1281 if line
and "segment-routing global-block" in line
:
1282 for (add_key
, add_line
) in lines_to_add
:
1284 ctx_keys
[0] == add_key
[0]
1286 and "segment-routing global-block" in add_line
1288 lines_to_del_to_del
.append((ctx_keys
, line
))
1292 if ctx_keys
[0].startswith("router bgp") and line
:
1294 if line
.startswith("neighbor "):
1296 BGP changed how it displays swpX peers that are part of peer-group. Older
1297 versions of frr would display these on separate lines:
1298 neighbor swp1 interface
1299 neighbor swp1 peer-group FOO
1301 but today we display via a single line
1302 neighbor swp1 interface peer-group FOO
1304 This change confuses frr-reload.py so check to see if we are deleting
1305 neighbor swp1 interface peer-group FOO
1308 neighbor swp1 interface
1309 neighbor swp1 peer-group FOO
1311 If so then chop the del line and the corresponding add lines
1314 re_swpx_int_peergroup
= re
.search(
1315 "neighbor (\S+) interface peer-group (\S+)", line
1317 re_swpx_int_v6only_peergroup
= re
.search(
1318 "neighbor (\S+) interface v6only peer-group (\S+)", line
1321 if re_swpx_int_peergroup
or re_swpx_int_v6only_peergroup
:
1322 swpx_interface
= None
1323 swpx_peergroup
= None
1325 if re_swpx_int_peergroup
:
1326 swpx
= re_swpx_int_peergroup
.group(1)
1327 peergroup
= re_swpx_int_peergroup
.group(2)
1328 swpx_interface
= "neighbor %s interface" % swpx
1329 elif re_swpx_int_v6only_peergroup
:
1330 swpx
= re_swpx_int_v6only_peergroup
.group(1)
1331 peergroup
= re_swpx_int_v6only_peergroup
.group(2)
1332 swpx_interface
= "neighbor %s interface v6only" % swpx
1334 swpx_peergroup
= "neighbor %s peer-group %s" % (swpx
, peergroup
)
1335 found_add_swpx_interface
= line_exist(
1336 lines_to_add
, ctx_keys
, swpx_interface
1338 found_add_swpx_peergroup
= line_exist(
1339 lines_to_add
, ctx_keys
, swpx_peergroup
1341 tmp_ctx_keys
= tuple(list(ctx_keys
))
1343 if not found_add_swpx_peergroup
:
1344 tmp_ctx_keys
= list(ctx_keys
)
1345 tmp_ctx_keys
.append("address-family ipv4 unicast")
1346 tmp_ctx_keys
= tuple(tmp_ctx_keys
)
1347 found_add_swpx_peergroup
= line_exist(
1348 lines_to_add
, tmp_ctx_keys
, swpx_peergroup
1351 if not found_add_swpx_peergroup
:
1352 tmp_ctx_keys
= list(ctx_keys
)
1353 tmp_ctx_keys
.append("address-family ipv6 unicast")
1354 tmp_ctx_keys
= tuple(tmp_ctx_keys
)
1355 found_add_swpx_peergroup
= line_exist(
1356 lines_to_add
, tmp_ctx_keys
, swpx_peergroup
1359 if found_add_swpx_interface
and found_add_swpx_peergroup
:
1361 lines_to_del_to_del
.append((ctx_keys
, line
))
1362 lines_to_add_to_del
.append((ctx_keys
, swpx_interface
))
1363 lines_to_add_to_del
.append((tmp_ctx_keys
, swpx_peergroup
))
1366 Changing the bfd timers on neighbors is allowed without doing
1367 a delete/add process. Since doing a "no neighbor blah bfd ..."
1368 will cause the peer to bounce unnecessarily, just skip the delete
1369 and just do the add.
1371 re_nbr_bfd_timers
= re
.search(
1372 r
"neighbor (\S+) bfd (\S+) (\S+) (\S+)", line
1375 if re_nbr_bfd_timers
:
1376 nbr
= re_nbr_bfd_timers
.group(1)
1377 bfd_nbr
= "neighbor %s" % nbr
1378 bfd_search_string
= bfd_nbr
+ r
" bfd (\S+) (\S+) (\S+)"
1380 for (ctx_keys
, add_line
) in lines_to_add
:
1381 if ctx_keys
[0].startswith("router bgp"):
1382 re_add_nbr_bfd_timers
= re
.search(
1383 bfd_search_string
, add_line
1386 if re_add_nbr_bfd_timers
:
1387 found_add_bfd_nbr
= line_exist(
1388 lines_to_add
, ctx_keys
, bfd_nbr
, False
1391 if found_add_bfd_nbr
:
1392 lines_to_del_to_del
.append((ctx_keys
, line
))
1395 Neighbor changes of route-maps need to be accounted for in that we
1396 do not want to do a `no route-map...` `route-map ....` when changing
1397 a route-map. This is bad mojo as that we will send/receive
1399 Additionally we need to ensure that if we have different afi/safi
1400 variants that they actually match and if we are going from a very
1401 old style command such that the neighbor command is under the
1402 `router bgp ..` node that we need to handle that appropriately
1404 re_nbr_rm
= re
.search("neighbor(.*)route-map(.*)(in|out)$", line
)
1406 adjust_for_bgp_node
= 0
1407 neighbor_name
= re_nbr_rm
.group(1)
1408 rm_name_del
= re_nbr_rm
.group(2)
1409 dir = re_nbr_rm
.group(3)
1410 search
= "neighbor%sroute-map(.*)%s" % (neighbor_name
, dir)
1412 for (ctx_keys_al
, add_line
) in lines_to_add
:
1413 if ctx_keys_al
[0].startswith("router bgp"):
1415 rm_match
= re
.search(search
, add_line
)
1417 rm_name_add
= rm_match
.group(1)
1418 if rm_name_add
== rm_name_del
:
1420 if len(ctx_keys_al
) == 1:
1422 adjust_for_bgp_node
= 1
1426 and len(ctx_keys_al
) > 1
1427 and ctx_keys
[1] == ctx_keys_al
[1]
1429 lines_to_del_to_del
.append((ctx_keys_al
, line
))
1431 if adjust_for_bgp_node
== 1:
1432 for (ctx_keys_dl
, dl_line
) in lines_to_del
:
1434 ctx_keys_dl
[0].startswith("router bgp")
1435 and len(ctx_keys_dl
) > 1
1436 and ctx_keys_dl
[1] == "address-family ipv4 unicast"
1438 if save_line
== dl_line
:
1439 lines_to_del_to_del
.append((ctx_keys_dl
, save_line
))
1442 We changed how we display the neighbor interface command. Older
1443 versions of frr would display the following:
1444 neighbor swp1 interface
1445 neighbor swp1 remote-as external
1446 neighbor swp1 capability extended-nexthop
1448 but today we display via a single line
1449 neighbor swp1 interface remote-as external
1451 and capability extended-nexthop is no longer needed because we
1452 automatically enable it when the neighbor is of type interface.
1454 This change confuses frr-reload.py so check to see if we are deleting
1455 neighbor swp1 interface remote-as (external|internal|ASNUM)
1458 neighbor swp1 interface
1459 neighbor swp1 remote-as (external|internal|ASNUM)
1460 neighbor swp1 capability extended-nexthop
1462 If so then chop the del line and the corresponding add lines
1464 re_swpx_int_remoteas
= re
.search(
1465 "neighbor (\S+) interface remote-as (\S+)", line
1467 re_swpx_int_v6only_remoteas
= re
.search(
1468 "neighbor (\S+) interface v6only remote-as (\S+)", line
1471 if re_swpx_int_remoteas
or re_swpx_int_v6only_remoteas
:
1472 swpx_interface
= None
1473 swpx_remoteas
= None
1475 if re_swpx_int_remoteas
:
1476 swpx
= re_swpx_int_remoteas
.group(1)
1477 remoteas
= re_swpx_int_remoteas
.group(2)
1478 swpx_interface
= "neighbor %s interface" % swpx
1479 elif re_swpx_int_v6only_remoteas
:
1480 swpx
= re_swpx_int_v6only_remoteas
.group(1)
1481 remoteas
= re_swpx_int_v6only_remoteas
.group(2)
1482 swpx_interface
= "neighbor %s interface v6only" % swpx
1484 swpx_remoteas
= "neighbor %s remote-as %s" % (swpx
, remoteas
)
1485 found_add_swpx_interface
= line_exist(
1486 lines_to_add
, ctx_keys
, swpx_interface
1488 found_add_swpx_remoteas
= line_exist(
1489 lines_to_add
, ctx_keys
, swpx_remoteas
1491 tmp_ctx_keys
= tuple(list(ctx_keys
))
1493 if found_add_swpx_interface
and found_add_swpx_remoteas
:
1495 lines_to_del_to_del
.append((ctx_keys
, line
))
1496 lines_to_add_to_del
.append((ctx_keys
, swpx_interface
))
1497 lines_to_add_to_del
.append((tmp_ctx_keys
, swpx_remoteas
))
1500 We made the 'bgp bestpath as-path multipath-relax' command
1501 automatically assume 'no-as-set' since the lack of this option caused
1502 weird routing problems. When the running config is shown in
1503 releases with this change, the no-as-set keyword is not shown as it
1504 is the default. This causes frr-reload to unnecessarily unapply
1505 this option only to apply it back again, causing unnecessary session
1508 if "multipath-relax" in line
:
1509 re_asrelax_new
= re
.search(
1510 "^bgp\s+bestpath\s+as-path\s+multipath-relax$", line
1512 old_asrelax_cmd
= "bgp bestpath as-path multipath-relax no-as-set"
1513 found_asrelax_old
= line_exist(lines_to_add
, ctx_keys
, old_asrelax_cmd
)
1515 if re_asrelax_new
and found_asrelax_old
:
1517 lines_to_del_to_del
.append((ctx_keys
, line
))
1518 lines_to_add_to_del
.append((ctx_keys
, old_asrelax_cmd
))
1521 If we are modifying the BGP table-map we need to avoid a del/add and
1522 instead modify the table-map in place via an add. This is needed to
1523 avoid installing all routes in the RIB the second the 'no table-map'
1526 if line
.startswith("table-map"):
1527 found_table_map
= line_exist(lines_to_add
, ctx_keys
, "table-map", False)
1530 lines_to_del_to_del
.append((ctx_keys
, line
))
1533 More old-to-new config handling. ip import-table no longer accepts
1534 distance, but we honor the old syntax. But 'show running' shows only
1535 the new syntax. This causes an unnecessary 'no import-table' followed
1536 by the same old 'ip import-table' which causes perturbations in
1537 announced routes leading to traffic blackholes. Fix this issue.
1539 re_importtbl
= re
.search("^ip\s+import-table\s+(\d+)$", ctx_keys
[0])
1541 table_num
= re_importtbl
.group(1)
1542 for ctx
in lines_to_add
:
1543 if ctx
[0][0].startswith("ip import-table %s distance" % table_num
):
1544 lines_to_del_to_del
.append(
1545 (("ip import-table %s" % table_num
,), None)
1547 lines_to_add_to_del
.append((ctx
[0], None))
1550 ip/ipv6 prefix-lists and access-lists can be specified without a seq number.
1551 However, the running config always adds 'seq x', where x is a number
1552 incremented by 5 for every element of the prefix/access list.
1553 So, ignore such lines as well. Sample prefix-list and acces-list lines:
1554 ip prefix-list PR-TABLE-2 seq 5 permit 20.8.2.0/24 le 32
1555 ip prefix-list PR-TABLE-2 seq 10 permit 20.8.2.0/24 le 32
1556 ipv6 prefix-list vrfdev6-12 permit 2000:9:2::/64 gt 64
1557 access-list FOO seq 5 permit 2.2.2.2/32
1558 ipv6 access-list BAR seq 5 permit 2:2:2::2/128
1560 re_acl_pfxlst
= re
.search(
1561 "^(ip |ipv6 |)(prefix-list|access-list)(\s+\S+\s+)(seq \d+\s+)(permit|deny)(.*)$",
1567 re_acl_pfxlst
.group(1)
1568 + re_acl_pfxlst
.group(2)
1569 + re_acl_pfxlst
.group(3)
1570 + re_acl_pfxlst
.group(5)
1571 + re_acl_pfxlst
.group(6)
1573 for ctx
in lines_to_add
:
1574 if ctx
[0][0] == tmpline
:
1575 lines_to_del_to_del
.append((ctx_keys
, None))
1576 lines_to_add_to_del
.append(((tmpline
,), None))
1579 If prefix-lists or access-lists are being deleted and
1580 not added (see comment above), add command with 'no' to
1581 lines_to_add and remove from lines_to_del to improve
1582 scaling performance.
1585 add_cmd
= ("no " + ctx_keys
[0],)
1586 lines_to_add
.append((add_cmd
, None))
1587 lines_to_del_to_del
.append((ctx_keys
, None))
1591 and ctx_keys
[0].startswith("router bgp")
1592 and ctx_keys
[1] == "address-family l2vpn evpn"
1593 and ctx_keys
[2].startswith("vni")
1597 re
.search("^route-target import (.*)$", line
)
1603 rt
= re_route_target
.group(1).strip()
1604 route_target_import_line
= line
1605 route_target_export_line
= "route-target export %s" % rt
1606 route_target_both_line
= "route-target both %s" % rt
1608 found_route_target_export_line
= line_exist(
1609 lines_to_del
, ctx_keys
, route_target_export_line
1611 found_route_target_both_line
= line_exist(
1612 lines_to_add
, ctx_keys
, route_target_both_line
1616 If the running configs has
1617 route-target import 1:1
1618 route-target export 1:1
1620 and the config we are reloading against has
1621 route-target both 1:1
1623 then we can ignore deleting the import/export and ignore adding the 'both'
1625 if found_route_target_export_line
and found_route_target_both_line
:
1626 lines_to_del_to_del
.append((ctx_keys
, route_target_import_line
))
1627 lines_to_del_to_del
.append((ctx_keys
, route_target_export_line
))
1628 lines_to_add_to_del
.append((ctx_keys
, route_target_both_line
))
1630 # Deleting static routes under a vrf can lead to time-outs if each is sent
1631 # as separate vtysh -c commands. Change them from being in lines_to_del and
1632 # put the "no" form in lines_to_add
1633 if ctx_keys
[0].startswith("vrf ") and line
:
1634 if line
.startswith("ip route") or line
.startswith("ipv6 route"):
1635 add_cmd
= "no " + line
1636 lines_to_add
.append((ctx_keys
, add_cmd
))
1637 lines_to_del_to_del
.append((ctx_keys
, line
))
1640 found_add_line
= line_exist(lines_to_add
, ctx_keys
, line
)
1643 lines_to_del_to_del
.append((ctx_keys
, line
))
1644 lines_to_add_to_del
.append((ctx_keys
, line
))
1647 We have commands that used to be displayed in the global part
1648 of 'router bgp' that are now displayed under 'address-family ipv4 unicast'
1652 neighbor ISL advertisement-interval 0
1658 address-family ipv4 unicast
1659 neighbor ISL advertisement-interval 0
1661 Look to see if we are deleting it in one format just to add it back in the other
1664 ctx_keys
[0].startswith("router bgp")
1665 and len(ctx_keys
) > 1
1666 and ctx_keys
[1] == "address-family ipv4 unicast"
1668 tmp_ctx_keys
= list(ctx_keys
)[:-1]
1669 tmp_ctx_keys
= tuple(tmp_ctx_keys
)
1671 found_add_line
= line_exist(lines_to_add
, tmp_ctx_keys
, line
)
1674 lines_to_del_to_del
.append((ctx_keys
, line
))
1675 lines_to_add_to_del
.append((tmp_ctx_keys
, line
))
1677 for (ctx_keys
, line
) in lines_to_del_to_del
:
1678 lines_to_del
.remove((ctx_keys
, line
))
1680 for (ctx_keys
, line
) in lines_to_add_to_del
:
1681 lines_to_add
.remove((ctx_keys
, line
))
1683 return (lines_to_add
, lines_to_del
)
1686 def ignore_unconfigurable_lines(lines_to_add
, lines_to_del
):
1688 There are certain commands that cannot be removed. Remove
1689 those commands from lines_to_del.
1691 lines_to_del_to_del
= []
1693 for (ctx_keys
, line
) in lines_to_del
:
1696 ctx_keys
[0].startswith("frr version")
1697 or ctx_keys
[0].startswith("frr defaults")
1698 or ctx_keys
[0].startswith("username")
1699 or ctx_keys
[0].startswith("password")
1700 or ctx_keys
[0].startswith("line vty")
1702 # This is technically "no"able but if we did so frr-reload would
1703 # stop working so do not let the user shoot themselves in the foot
1705 ctx_keys
[0].startswith("service integrated-vtysh-config")
1708 log
.info('"%s" cannot be removed' % (ctx_keys
[-1],))
1709 lines_to_del_to_del
.append((ctx_keys
, line
))
1711 for (ctx_keys
, line
) in lines_to_del_to_del
:
1712 lines_to_del
.remove((ctx_keys
, line
))
1714 return (lines_to_add
, lines_to_del
)
1717 def compare_context_objects(newconf
, running
):
1719 Create a context diff for the two specified contexts
1722 # Compare the two Config objects to find the lines that we need to add/del
1729 candidates_to_add
= []
1732 # Find contexts that are in newconf but not in running
1733 # Find contexts that are in running but not in newconf
1734 for (running_ctx_keys
, running_ctx
) in iteritems(running
.contexts
):
1736 if running_ctx_keys
not in newconf
.contexts
:
1738 # We check that the len is 1 here so that we only look at ('router bgp 10')
1739 # and not ('router bgp 10', 'address-family ipv4 unicast'). The
1740 # latter could cause a false delete_bgpd positive if ipv4 unicast is in
1741 # running but not in newconf.
1742 if "router bgp" in running_ctx_keys
[0] and len(running_ctx_keys
) == 1:
1744 lines_to_del
.append((running_ctx_keys
, None))
1746 # We cannot do 'no interface' or 'no vrf' in FRR, and so deal with it
1747 elif running_ctx_keys
[0].startswith("interface") or running_ctx_keys
[
1749 ].startswith("vrf"):
1750 for line
in running_ctx
.lines
:
1751 lines_to_del
.append((running_ctx_keys
, line
))
1753 # If this is an address-family under 'router bgp' and we are already deleting the
1754 # entire 'router bgp' context then ignore this sub-context
1756 "router bgp" in running_ctx_keys
[0]
1757 and len(running_ctx_keys
) > 1
1762 # Delete an entire vni sub-context under "address-family l2vpn evpn"
1764 "router bgp" in running_ctx_keys
[0]
1765 and len(running_ctx_keys
) > 2
1766 and running_ctx_keys
[1].startswith("address-family l2vpn evpn")
1767 and running_ctx_keys
[2].startswith("vni ")
1769 lines_to_del
.append((running_ctx_keys
, None))
1772 "router bgp" in running_ctx_keys
[0]
1773 and len(running_ctx_keys
) > 1
1774 and running_ctx_keys
[1].startswith("address-family")
1776 # There's no 'no address-family' support and so we have to
1777 # delete each line individually again
1778 for line
in running_ctx
.lines
:
1779 lines_to_del
.append((running_ctx_keys
, line
))
1781 # Some commands can happen at higher counts that make
1782 # doing vtysh -c inefficient (and can time out.) For
1783 # these commands, instead of adding them to lines_to_del,
1784 # add the "no " version to lines_to_add.
1785 elif running_ctx_keys
[0].startswith("ip route") or running_ctx_keys
[
1787 ].startswith("ipv6 route"):
1788 add_cmd
= ("no " + running_ctx_keys
[0],)
1789 lines_to_add
.append((add_cmd
, None))
1791 # if this an interface sub-subcontext in an address-family block in ldpd and
1792 # we are already deleting the whole context, then ignore this
1794 len(running_ctx_keys
) > 2
1795 and running_ctx_keys
[0].startswith("mpls ldp")
1796 and running_ctx_keys
[1].startswith("address-family")
1797 and (running_ctx_keys
[:2], None) in lines_to_del
1801 # same thing for a pseudowire sub-context inside an l2vpn context
1803 len(running_ctx_keys
) > 1
1804 and running_ctx_keys
[0].startswith("l2vpn")
1805 and running_ctx_keys
[1].startswith("member pseudowire")
1806 and (running_ctx_keys
[:1], None) in lines_to_del
1810 # Segment routing and traffic engineering never need to be deleted
1812 running_ctx_keys
[0].startswith("segment-routing")
1813 and len(running_ctx_keys
) < 3
1817 # Neither the pcep command
1819 len(running_ctx_keys
) == 3
1820 and running_ctx_keys
[0].startswith("segment-routing")
1821 and running_ctx_keys
[2].startswith("pcep")
1825 # Segment lists can only be deleted after we removed all the candidate paths that
1826 # use them, so add them to a separate array that is going to be appended at the end
1828 len(running_ctx_keys
) == 3
1829 and running_ctx_keys
[0].startswith("segment-routing")
1830 and running_ctx_keys
[2].startswith("segment-list")
1832 seglist_to_del
.append((running_ctx_keys
, None))
1834 # Policies must be deleted after there candidate path, to be sure
1835 # we add them to a separate array that is going to be appended at the end
1837 len(running_ctx_keys
) == 3
1838 and running_ctx_keys
[0].startswith("segment-routing")
1839 and running_ctx_keys
[2].startswith("policy")
1841 pollist_to_del
.append((running_ctx_keys
, None))
1843 # pce-config must be deleted after the pce, to be sure we add them
1844 # to a separate array that is going to be appended at the end
1846 len(running_ctx_keys
) >= 4
1847 and running_ctx_keys
[0].startswith("segment-routing")
1848 and running_ctx_keys
[3].startswith("pce-config")
1850 pceconf_to_del
.append((running_ctx_keys
, None))
1852 # pcc must be deleted after the pce and pce-config too
1854 len(running_ctx_keys
) >= 4
1855 and running_ctx_keys
[0].startswith("segment-routing")
1856 and running_ctx_keys
[3].startswith("pcc")
1858 pcclist_to_del
.append((running_ctx_keys
, None))
1860 # Non-global context
1861 elif running_ctx_keys
and not any(
1862 "address-family" in key
for key
in running_ctx_keys
1864 lines_to_del
.append((running_ctx_keys
, None))
1866 elif running_ctx_keys
and not any("vni" in key
for key
in running_ctx_keys
):
1867 lines_to_del
.append((running_ctx_keys
, None))
1871 for line
in running_ctx
.lines
:
1872 lines_to_del
.append((running_ctx_keys
, line
))
1874 # if we have some policies commands to delete, append them to lines_to_del
1875 if len(pollist_to_del
) > 0:
1876 lines_to_del
.extend(pollist_to_del
)
1878 # if we have some segment list commands to delete, append them to lines_to_del
1879 if len(seglist_to_del
) > 0:
1880 lines_to_del
.extend(seglist_to_del
)
1882 # if we have some pce list commands to delete, append them to lines_to_del
1883 if len(pceconf_to_del
) > 0:
1884 lines_to_del
.extend(pceconf_to_del
)
1886 # if we have some pcc list commands to delete, append them to lines_to_del
1887 if len(pcclist_to_del
) > 0:
1888 lines_to_del
.extend(pcclist_to_del
)
1890 # Find the lines within each context to add
1891 # Find the lines within each context to del
1892 for (newconf_ctx_keys
, newconf_ctx
) in iteritems(newconf
.contexts
):
1894 if newconf_ctx_keys
in running
.contexts
:
1895 running_ctx
= running
.contexts
[newconf_ctx_keys
]
1897 for line
in newconf_ctx
.lines
:
1898 if line
not in running_ctx
.dlines
:
1900 # candidate paths can only be added after the policy and segment list,
1901 # so add them to a separate array that is going to be appended at the end
1903 len(newconf_ctx_keys
) == 3
1904 and newconf_ctx_keys
[0].startswith("segment-routing")
1905 and newconf_ctx_keys
[2].startswith("policy ")
1906 and line
.startswith("candidate-path ")
1908 candidates_to_add
.append((newconf_ctx_keys
, line
))
1911 lines_to_add
.append((newconf_ctx_keys
, line
))
1913 for line
in running_ctx
.lines
:
1914 if line
not in newconf_ctx
.dlines
:
1915 lines_to_del
.append((newconf_ctx_keys
, line
))
1917 for (newconf_ctx_keys
, newconf_ctx
) in iteritems(newconf
.contexts
):
1919 if newconf_ctx_keys
not in running
.contexts
:
1921 # candidate paths can only be added after the policy and segment list,
1922 # so add them to a separate array that is going to be appended at the end
1924 len(newconf_ctx_keys
) == 4
1925 and newconf_ctx_keys
[0].startswith("segment-routing")
1926 and newconf_ctx_keys
[3].startswith("candidate-path")
1928 candidates_to_add
.append((newconf_ctx_keys
, None))
1929 for line
in newconf_ctx
.lines
:
1930 candidates_to_add
.append((newconf_ctx_keys
, line
))
1933 lines_to_add
.append((newconf_ctx_keys
, None))
1935 for line
in newconf_ctx
.lines
:
1936 lines_to_add
.append((newconf_ctx_keys
, line
))
1938 # if we have some candidate paths commands to add, append them to lines_to_add
1939 if len(candidates_to_add
) > 0:
1940 lines_to_add
.extend(candidates_to_add
)
1942 (lines_to_add
, lines_to_del
) = check_for_exit_vrf(lines_to_add
, lines_to_del
)
1943 (lines_to_add
, lines_to_del
) = ignore_delete_re_add_lines(
1944 lines_to_add
, lines_to_del
1946 (lines_to_add
, lines_to_del
) = delete_move_lines(lines_to_add
, lines_to_del
)
1947 (lines_to_add
, lines_to_del
) = ignore_unconfigurable_lines(
1948 lines_to_add
, lines_to_del
1951 return (lines_to_add
, lines_to_del
)
1954 if __name__
== "__main__":
1955 # Command line options
1956 parser
= argparse
.ArgumentParser(
1957 description
="Dynamically apply diff in frr configs"
1959 parser
.add_argument(
1960 "--input", help='Read running config from file instead of "show running"'
1962 group
= parser
.add_mutually_exclusive_group(required
=True)
1964 "--reload", action
="store_true", help="Apply the deltas", default
=False
1967 "--test", action
="store_true", help="Show the deltas", default
=False
1969 level_group
= parser
.add_mutually_exclusive_group()
1970 level_group
.add_argument(
1972 action
="store_true",
1973 help="Enable debugs (synonym for --log-level=debug)",
1976 level_group
.add_argument(
1980 choices
=("critical", "error", "warning", "info", "debug"),
1982 parser
.add_argument(
1983 "--stdout", action
="store_true", help="Log to STDOUT", default
=False
1985 parser
.add_argument(
1989 help="Reload specified path/namespace",
1992 parser
.add_argument("filename", help="Location of new frr config file")
1993 parser
.add_argument(
1995 action
="store_true",
1996 help="Overwrite frr.conf with running config output",
1999 parser
.add_argument(
2000 "--bindir", help="path to the vtysh executable", default
="/usr/bin"
2002 parser
.add_argument(
2003 "--confdir", help="path to the daemon config files", default
="/etc/frr"
2005 parser
.add_argument(
2006 "--rundir", help="path for the temp config file", default
="/var/run/frr"
2008 parser
.add_argument(
2010 help="socket to be used by vtysh to connect to the daemons",
2013 parser
.add_argument(
2014 "--daemon", help="daemon for which want to replace the config", default
=""
2016 parser
.add_argument(
2018 action
="store_true",
2019 help="Used by topotest to not delete debug or log file commands",
2022 args
= parser
.parse_args()
2025 # For --test log to stdout
2026 # For --reload log to /var/log/frr/frr-reload.log
2027 if args
.test
or args
.stdout
:
2028 logging
.basicConfig(format
="%(asctime)s %(levelname)5s: %(message)s")
2030 # Color the errors and warnings in red
2031 logging
.addLevelName(
2032 logging
.ERROR
, "\033[91m %s\033[0m" % logging
.getLevelName(logging
.ERROR
)
2034 logging
.addLevelName(
2035 logging
.WARNING
, "\033[91m%s\033[0m" % logging
.getLevelName(logging
.WARNING
)
2039 if not os
.path
.isdir("/var/log/frr/"):
2040 os
.makedirs("/var/log/frr/")
2042 logging
.basicConfig(
2043 filename
="/var/log/frr/frr-reload.log",
2044 format
="%(asctime)s %(levelname)5s: %(message)s",
2047 # argparse should prevent this from happening but just to be safe...
2049 raise Exception("Must specify --reload or --test")
2050 log
= logging
.getLogger(__name__
)
2053 log
.setLevel(logging
.DEBUG
)
2055 log
.setLevel(args
.log_level
.upper())
2057 if args
.reload and not args
.stdout
:
2058 # Additionally send errors and above to STDOUT, with no metadata,
2059 # when we are logging to a file. This specifically does not follow
2060 # args.log_level, and is analagous to behaviour in earlier versions
2061 # which additionally logged most errors using print().
2063 stdout_hdlr
= logging
.StreamHandler(sys
.stdout
)
2064 stdout_hdlr
.setLevel(logging
.ERROR
)
2065 stdout_hdlr
.setFormatter(logging
.Formatter())
2066 log
.addHandler(stdout_hdlr
)
2068 # Verify the new config file is valid
2069 if not os
.path
.isfile(args
.filename
):
2070 log
.error("Filename %s does not exist" % args
.filename
)
2073 if not os
.path
.getsize(args
.filename
):
2074 log
.error("Filename %s is an empty file" % args
.filename
)
2077 # Verify that confdir is correct
2078 if not os
.path
.isdir(args
.confdir
):
2079 log
.error("Confdir %s is not a valid path" % args
.confdir
)
2082 # Verify that bindir is correct
2083 if not os
.path
.isdir(args
.bindir
) or not os
.path
.isfile(args
.bindir
+ "/vtysh"):
2084 log
.error("Bindir %s is not a valid path to vtysh" % args
.bindir
)
2087 # verify that the vty_socket, if specified, is valid
2088 if args
.vty_socket
and not os
.path
.isdir(args
.vty_socket
):
2089 log
.error("vty_socket %s is not a valid path" % args
.vty_socket
)
2092 # verify that the daemon, if specified, is valid
2093 if args
.daemon
and args
.daemon
not in [
2111 msg
= "Daemon %s is not a valid option for 'show running-config'" % args
.daemon
2116 vtysh
= Vtysh(args
.bindir
, args
.confdir
, args
.vty_socket
, args
.pathspace
)
2118 # Verify that 'service integrated-vtysh-config' is configured
2120 vtysh_filename
= args
.confdir
+ "/" + args
.pathspace
+ "/vtysh.conf"
2122 vtysh_filename
= args
.confdir
+ "/vtysh.conf"
2123 service_integrated_vtysh_config
= True
2125 if os
.path
.isfile(vtysh_filename
):
2126 with
open(vtysh_filename
, "r") as fh
:
2127 for line
in fh
.readlines():
2130 if line
== "no service integrated-vtysh-config":
2131 service_integrated_vtysh_config
= False
2134 if not args
.test
and not service_integrated_vtysh_config
and not args
.daemon
:
2136 "'service integrated-vtysh-config' is not configured, this is required for 'service frr reload'"
2140 log
.info('Called via "%s"', str(args
))
2142 # Create a Config object from the config generated by newconf
2143 newconf
= Config(vtysh
)
2145 newconf
.load_from_file(args
.filename
)
2147 except VtyshException
as ve
:
2148 log
.error("vtysh failed to process new configuration: {}".format(ve
))
2153 # Create a Config object from the running config
2154 running
= Config(vtysh
)
2157 running
.load_from_file(args
.input)
2159 running
.load_from_show_running(args
.daemon
)
2161 (lines_to_add
, lines_to_del
) = compare_context_objects(newconf
, running
)
2164 if not args
.test_reset
:
2165 print("\nLines To Delete")
2166 print("===============")
2168 for (ctx_keys
, line
) in lines_to_del
:
2173 nolines
= lines_to_config(ctx_keys
, line
, True)
2176 # For topotests the original code stripped the lines, and ommitted blank lines
2177 # after, do that here
2178 nolines
= [x
.strip() for x
in nolines
]
2179 # For topotests leave these lines in (don't delete them)
2180 # [chopps: why is "log file" more special than other "log" commands?]
2181 nolines
= [x
for x
in nolines
if "debug" not in x
and "log file" not in x
]
2185 cmd
= "\n".join(nolines
)
2189 if not args
.test_reset
:
2190 print("\nLines To Add")
2191 print("============")
2193 for (ctx_keys
, line
) in lines_to_add
:
2198 lines
= lines_to_config(ctx_keys
, line
, False)
2201 # For topotests the original code stripped the lines, and ommitted blank lines
2202 # after, do that here
2203 lines
= [x
.strip() for x
in lines
if x
.strip()]
2207 cmd
= "\n".join(lines
)
2211 lines_to_configure
= []
2213 # We will not be able to do anything, go ahead and exit(1)
2214 if not vtysh
.is_config_available():
2217 log
.debug("New Frr Config\n%s", newconf
.get_lines())
2219 # This looks a little odd but we have to do this twice...here is why
2220 # If the user had this running bgp config:
2223 # neighbor 1.1.1.1 remote-as 50
2224 # neighbor 1.1.1.1 route-map FOO out
2226 # and this config in the newconf config file
2229 # neighbor 1.1.1.1 remote-as 999
2230 # neighbor 1.1.1.1 route-map FOO out
2233 # Then the script will do
2234 # - no neighbor 1.1.1.1 remote-as 50
2235 # - neighbor 1.1.1.1 remote-as 999
2237 # The problem is the "no neighbor 1.1.1.1 remote-as 50" will also remove
2238 # the "neighbor 1.1.1.1 route-map FOO out" line...so we compare the
2239 # configs again to put this line back.
2241 # There are many keywords in FRR that can only appear one time under
2242 # a context, take "bgp router-id" for example. If the config that we are
2243 # reloading against has the following:
2246 # bgp router-id 1.1.1.1
2247 # bgp router-id 2.2.2.2
2249 # The final config needs to contain "bgp router-id 2.2.2.2". On the
2250 # first pass we will add "bgp router-id 2.2.2.2" but then on the second
2251 # pass we will see that "bgp router-id 1.1.1.1" is missing and add that
2252 # back which cancels out the "bgp router-id 2.2.2.2". The fix is for the
2253 # second pass to include all of the "adds" from the first pass.
2254 lines_to_add_first_pass
= []
2257 running
= Config(vtysh
)
2258 running
.load_from_show_running(args
.daemon
)
2259 log
.debug("Running Frr Config (Pass #%d)\n%s", x
, running
.get_lines())
2261 (lines_to_add
, lines_to_del
) = compare_context_objects(newconf
, running
)
2264 lines_to_add_first_pass
= lines_to_add
2266 lines_to_add
.extend(lines_to_add_first_pass
)
2268 # Only do deletes on the first pass. The reason being if we
2269 # configure a bgp neighbor via "neighbor swp1 interface" FRR
2270 # will automatically add:
2273 # ipv6 nd ra-interval 10
2274 # no ipv6 nd suppress-ra
2277 # but those lines aren't in the config we are reloading against so
2278 # on the 2nd pass they will show up in lines_to_del. This could
2279 # apply to other scenarios as well where configuring FOO adds BAR
2281 if lines_to_del
and x
== 0:
2282 for (ctx_keys
, line
) in lines_to_del
:
2287 # 'no' commands are tricky, we can't just put them in a file and
2288 # vtysh -f that file. See the next comment for an explanation
2290 cmd
= lines_to_config(ctx_keys
, line
, True)
2293 # Some commands in frr are picky about taking a "no" of the entire line.
2294 # OSPF is bad about this, you can't "no" the entire line, you have to "no"
2295 # only the beginning. If we hit one of these command an exception will be
2296 # thrown. Catch it and remove the last '-c', 'FOO' from cmd and try again.
2299 # frr(config-if)# ip ospf authentication message-digest 1.1.1.1
2300 # frr(config-if)# no ip ospf authentication message-digest 1.1.1.1
2301 # % Unknown command.
2302 # frr(config-if)# no ip ospf authentication message-digest
2303 # % Unknown command.
2304 # frr(config-if)# no ip ospf authentication
2310 vtysh(["configure"] + cmd
, stdouts
)
2312 except VtyshException
:
2314 # - Pull the last entry from cmd (this would be
2315 # 'no ip ospf authentication message-digest 1.1.1.1' in
2317 # - Split that last entry by whitespace and drop the last word
2318 log
.info("Failed to execute %s", " ".join(cmd
))
2319 last_arg
= cmd
[-1].split(" ")
2321 if len(last_arg
) <= 2:
2323 '"%s" we failed to remove this command',
2324 " -- ".join(original_cmd
),
2326 # Log first error msg for original_cmd
2328 log
.error(stdouts
[0])
2332 new_last_arg
= last_arg
[0:-1]
2333 cmd
[-1] = " ".join(new_last_arg
)
2335 log
.info('Executed "%s"', " ".join(cmd
))
2339 lines_to_configure
= []
2341 for (ctx_keys
, line
) in lines_to_add
:
2346 # Don't run "no" commands twice since they can error
2347 # out the second time due to first deletion
2348 if x
== 1 and ctx_keys
[0].startswith("no "):
2351 cmd
= "\n".join(lines_to_config(ctx_keys
, line
, False)) + "\n"
2352 lines_to_configure
.append(cmd
)
2354 if lines_to_configure
:
2355 random_string
= "".join(
2356 random
.SystemRandom().choice(
2357 string
.ascii_uppercase
+ string
.digits
2362 filename
= args
.rundir
+ "/reload-%s.txt" % random_string
2363 log
.info("%s content\n%s" % (filename
, pformat(lines_to_configure
)))
2365 with
open(filename
, "w") as fh
:
2366 for line
in lines_to_configure
:
2367 fh
.write(line
+ "\n")
2370 vtysh
.exec_file(filename
)
2371 except VtyshException
as e
:
2372 log
.warning("frr-reload.py failed due to\n%s" % e
.args
)
2376 # Make these changes persistent
2377 target
= str(args
.confdir
+ "/frr.conf")
2378 if args
.overwrite
or (not args
.daemon
and args
.filename
!= target
):