VyOS Platform Blog

VyOS Project April 2021 Update

Written by Erkin Batu Altunbas | May 16, 2021 9:48:23 PM Z

Hello again!

Another month has passed, and now it's time for the April update. The most important news of the past month includes a VyOS 1.3.0-rc4 release candidate and multiple improvements in the 1.4/Sagitta branch, including support for running containers on VyOS (via Podman). Correction: A previous version of this blogpost was marked "May 2021" instead of "April 2021".

VyOS 1.3 Equuleus

VyOS 1.3.0-rc4 came out recently. If you haven't already seen the changelog for it, you should go check it out. You can download it, as well as the previous release candidates and monthly snapshots of the 1.3 branch right now.

VyOS 1.4 Sagitta

The development branch acquired some interesting features in April. As 1.3 nears completion, 1.4 is taking a more consistent shape in parallel. You can grab the latest nightly to try it yourselves. As always, we welcome your contributions to development, documentation and everything else.

Containers

As teased in the last update, support for containerized applications is coming along. It's still experimental and not yet documented but you can give it a test and let us know what you think. It uses Podman under the hood, so there's no daemon involved. I put together a quick demonstration at the bottom of this post to get you started.

HTTP API

The HTTP API server migrated from Flask to FastAPI. The API is still fully backward compatible with the previous versions, so this change has no impact on existing infrastructure (besides the performance boost, of course). The only difference is that the API now natively supports application/json requests to directly send JSON data. multipart/form-data requests with JSON payloads continue to be supported.

Networking

Some user-facing networking features added in April:

  • The DHCP client can now be configured to reject lease offers from specified hosts and subnets.
  • Support for the address families of VPN, multicast and RSVP flowspec for MP-BGP is added.
  • BGP capabilities of per-peer graceful shutdown and graceful restart are now supported.

UI niceties

And two miscellaneous quality of life features:

  • monitor log can now produce color output with the colored subcommand.
  • You can now set your console layout to Dvorak by setting system option keyboard-layout to dvorak.

VyOS 1.2 Crux

There's going to be a security release to accommodate for a minor vulnerability in OpenVPN server. That vulnerability could be a major problem demanding an emergency release, but, luckily, it's very hard to trigger, so we'll use this as a chance to prepare a larger 1.2.8 update.

To keep 1.2.x up to date longer, we are now workign with a company named Freexian that provides extended LTS for Debian.

 

And that's it for this month's updates. See you next time!

Appendix: Container example

For the sake of demonstration, I translated example #1 in the official documentation to the declarative VyOS CLI syntax.

# set container network zabbix-net prefix 172.20.0.0/16
# set container network zabbix-net description 'Network for Zabbix component containers'

# set container name mysql-server image mysql:8.0
# set container name mysql-server network zabbix-net
# set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix'
# set container name mysql-server environment 'MYSQL_USER' value 'zabbix'
# set container name mysql-server environment 'MYSQL_PASSWORD' value 'zabbix_pwd'
# set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'

# set container name zabbix-java-gateway image zabbix/zabbix-java-gateway:alpine-5.2-latest
# set container name zabbix-java-gateway network zabbix-net

# set container name zabbix-server-mysql image zabbix/zabbix-server-mysql:alpine-5.2-latest
# set container name zabbix-server-mysql network zabbix-net
# set container name zabbix-server-mysql environment 'DB_SERVER_HOST' value 'mysql-server'
# set container name zabbix-server-mysql environment 'MYSQL_DATABASE' value 'zabbix'
# set container name zabbix-server-mysql environment 'MYSQL_USER' value 'zabbix'
# set container name zabbix-server-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd'
# set container name zabbix-server-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'
# set container name zabbix-server-mysql environment 'ZBX_JAVAGATEWAY' value 'zabbix-java-gateway'
# set container name zabbix-server-mysql port zabbix source 10051
# set container name zabbix-server-mysql port zabbix destination 10051

# set container name zabbix-web-nginx-mysql image zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest
# set container name zabbix-web-nginx-mysql network zabbix-net
# set container name zabbix-web-nginx-mysql environment 'MYSQL_DATABASE' value 'zabbix'
# set container name zabbix-web-nginx-mysql environment 'ZBX_SERVER_HOST' value 'zabbix-server-mysql'
# set container name zabbix-web-nginx-mysql environment 'DB_SERVER_HOST' value 'mysql-server'
# set container name zabbix-web-nginx-mysql environment 'MYSQL_USER' value 'zabbix'
# set container name zabbix-web-nginx-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd'
# set container name zabbix-web-nginx-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'
# set container name zabbix-web-nginx-mysql port http source 80
# set container name zabbix-web-nginx-mysql port http destination 8080