VyOS Networks Blog

We are happy to announce the next major 6.0.0 release of the VyOS Ansible Collection. It is now available from Ansible Galaxy and is also a certified collection for the Red Hat Ansible Automation Platform.

If you are an active Ansible user, you surely noticed that the Ansible collection for VyOS lost its momentum at some point and remained stagnant for quite some time. Earlier this year, we had the repositories transferred to our organization on GitHub, took over the development, and formed a small team of dedicated maintainers — thanks to Gaige Paulsen and Evgeny Molotkov who joined us and took up the hard work!

Now, after over two years of community work and our own improvements and fixes, a new release of the vyos.vyos Ansible collection is finally available to all users!

This release brings proper support for the current 1.4 LTS release and the upcoming VyOS 1.5.

It also still fully supports VyOS 1.3.x but will be the last release to officially support it since VyOS 1.3.x reached its end of life this year. This release may still work for VyOS 1.2.x and older, but if you run into problems, you should switch to version 5.0.0, since it was the last version to officially support those legacy versions.

Removed or deprecated features

• vyos_logging → Removed in favor of vyos_logging_global
• vyos_bgp_address_family, vyos_bgp_global, vyos_user now support VyOS 1.3+ only
• vyos_snmp_server no longer supports versions prior to 1.3
• Firewall Rules: p2p options removed, tcp.flags updated to list format for 1.4+
• vyos_lldp_global: civic_address removed, 'address' → 'addresses' (removal in 7.0.0)
• vyos_bgp_global: no_ipv4_unicast deprecated for 1.4+, use ipv4_unicast
• vyos_firewall_interfaces is deprecated for 1.4+, firewalls are not directly tied to interfaces in versions 1.4 and beyond
• vyos_logging_global: protocol deprecated for 1.4+, use facility
• vyos_snmp_server: engine_id now under snmp_v3, key parameters renamed
• vyos_user: level and alias 'role' removed as these are not supported in 1.3+

Bug fixes

• vyos_config: Better change detection for newer VyOS versions
• vyos_firewall_global: Fix for group member removal, global-options parsing, and policy deletions
• vyos_firewall_rules: Description deletion, fixes for limit, log, disable, override
• vyos_interfaces: Improved 'replace' logic and handling of disabled items
• vyos_l3_interfaces: Better VIF handling in delete, override, replace
• vyos_logging_global: Fix for 1.3 with protocol and level on same host
• vyos_ospf_interfaces: Fix unordered command list parsing (1.4+)
• vyos_ospfv2 and ospfv3: Passive-interface and area assignment updates
• vyos_static_routes: Fixes for interface route facts and config
• vyos_user: Fixed full-name parsing

New features and improvements

BGP modules

• Support for VyOS 1.4+ system-as
• Attributes moved from bgp_global to bgp_address_family
• New 'solo' neighbor attribute

Firewall modules

• Added support for input, output, forward chains (1.4+)
• Support for log-level in state-policy
• Support for 1.4+ and 1.5+ features like match-ipsec, match-none, packet-length-exclude
• Added diff mode for firewall rule comparison

Interfaces

• vyos_l3_interfaces now includes loopback interfaces

User module

• Support for encrypted passwords and public-key authentication

LLDP

• Address attribute is now addresses with an alias for backward compatibility

NTP

• Support for chronyd vs ntpd (1.4+)
• New options in 1.5+ (interleave, ptp)
• allow_client syntax for 1.4+

OSPF modules

• Support for VyOS 1.4 OSPF and 1.3- virtual interfaces
• Adapted to 1.4+ configuration model changes

Facts

• vyos_facts: Added network_os_major_version

Route-maps

• Added support for as-path-prepend policy option

Of course, our work doesn't stop here. We will continue working towards the next 7.0.0 release, and we welcome your feedback and pull requests!