merge does not work via scp
When I was testing something with my EdgeRouter Lite, I saw some command that might help me create a config outside the router itself and then load it. One of them was the merge command, so I tried to use it. The help information on the CLI was the following:
# merg<tab><tab>
Possible completions:
merge Load configuration from a file and merge running configuration
[edit]
# merge <tab>
Possible completions:
<Enter> Merge from system config file
<file> Merge from file on local machine
scp://<user>:<passwd>@<host>/<file> Merge from file on remote machine
ftp://<user>:<passwd>@<host>/<file> Merge from file on remote machine
http://<host>/<file> Merge from file on remote machine
tftp://<host>/<file> Merge from file on remote machine
[edit]
#
This made me believe I could use scp to merge a config into the running configuration. But when I tried it, it gave an error message:
# merge scp://user:*****@hostname/home/user/fw_test.txt
curl: (51) SSL peer certificate or SSH remote key was not OK
Can not open remote configuration file scp://user:*****@hostname/home/user/fw_test.txt
[edit]
#
Using curl for scp
Based on a message on the ubnt forum this is because all commands use curl to fetch or store the files.
To fix it I had to change a perl script. To do this I had to become root (using sudo -i) and then vi to edit the file.
The original /opt/vyatta/sbin/vyatta-load-config.pl line 128 was
my $rc = system("curl -# -o $url_tmp_file $load_file");my $rc = system("curl -k -# -o $url_tmp_file $load_file");After the change I was able to load the config.
Not a valid config
I had written the following config file for testing:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name foo {
default-action drop
rule 1 {
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
When I tried to merge it, it gave a warning
# merge scp://user:*****@hostname/home/user/fw_test.txt
######################################################################## 100.0%
Warning: file does NOT appear to be a valid config file.
Do you want to continue? [no] y
(Please answer 'Y' for yes) Y
Loading configuration from '/config/config.boot.27648'...
The specified configuration node is not valid
Set failed
"set 'system' 'console' 'device' 'ttyS0' 'speed' '9600'" failed
Merge complete. Use 'commit' to make changes active.
[edit]
#
It seems the merge tried to add somethings because it thought it was needed. It resulted in the following compare:
# compare
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians enable
+ name foo {
+ default-action drop
+ rule 1 {
+ }
+ }
+ receive-redirects disable
+ send-redirects enable
+ source-validation disable
+ syn-cookies enable
+}
[edit system config-management]
>commit-revisions 20
[edit system]
+conntrack {
+ expect-table-size 2048
+ hash-size 32768
+ table-size 262144
+}
[edit system offload ipv6]
>forwarding disable
[edit]
#
Apparently the config needs the following oneliner (for Release version: v1.9.7.5001798.170720.0132) in order to merge without problems. I don’t know the details of the line, so it might be different for a different version of EdgeOS.
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:
dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:
ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */