Module vyos#

Typedefs#

typedef vyos::abrtype_t#
  • Base type string

  • Type constraint (self in ['cisco', 'ibm', 'shortcut', 'standard'])

typedef vyos::area#
  • Base type number

  • Type constraint ((self >= 0) and (self < 4294967296))

typedef vyos::duplex#
  • Base type string

  • Type constraint (((self == 'auto') or (self == 'half')) or (self == 'full'))

typedef vyos::ospf_metric_t#
  • Base type number

  • Type constraint ((self > 0) and (self <= 16))

typedef vyos::ospf_metric_type_t#
  • Base type number

  • Type constraint (self in [1, 2])

typedef vyos::redistribute_t#
  • Base type string

  • Type constraint (self in ['bgp', 'connected', 'kernel', 'rip', 'static'])

typedef vyos::speed#
  • Base type string

  • Type constraint (self in ['10', '100', '1000', '2500', '10000', 'auto'])

typedef vyos::tunnel_encap_t#
  • Base type string

  • Type constraint (self in ['gre', 'gre-bridge', 'ipip', 'sit', 'ipip6', 'ip6ip6'])

typedef vyos::tunnel_key_t#
  • Base type number

  • Type constraint ((self >= 0) and (self <= 99999))

typedef vyos::tunnel_mtu_t#
  • Base type number

  • Type constraint ((self >= 64) and (self <= 8024))

typedef vyos::vlan_id#
  • Base type int

  • Type constraint ((self >= 0) and (self < 4095))

typedef vyos::firewall::action_t#
  • Base type string

  • Type constraint (self in ['accept', 'drop', 'reject'])

typedef vyos::firewall::protocol_t#
  • Base type string

  • Type constraint (self in ['tcp_udp', 'all', 'icmp', 'tcp', 'udp'])

typedef vyos::routemap::rm_action_t#
  • Base type string

  • Type constraint (self in ['permit', 'deny'])

typedef vyos::vpn::auth_mode_t#
  • Base type string

  • Type constraint (self in ['pre-shared-secret', 'rsa', 'x509'])

typedef vyos::vpn::conn_type_t#
  • Base type string

  • Type constraint (self in ['initiate', 'respond'])

typedef vyos::vpn::dh_group_t#
  • Base type string

  • Type constraint (self in [2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26])

typedef vyos::vpn::encryption_t#
  • Base type string

  • Type constraint (self in ['aes128', 'aes256', '3des'])

typedef vyos::vpn::esp_mode_t#
  • Base type string

  • Type constraint (self in ['tunnel', 'transport'])

typedef vyos::vpn::hash_t#
  • Base type string

  • Type constraint (self in ['md5', 'sha1', 'sha256', 'sha384', 'sha512'])

typedef vyos::vpn::kex_t#
  • Base type string

  • Type constraint (self in ['ikev1', 'ikev2'])

typedef vyos::vpn::local_address_t#
  • Base type string

  • Type constraint (ip::is_valid_ip_v10(self) or (self == 'any'))

Entities#

entity vyos::Address#

Parents: std::Entity

An address entity to add multiple addresses to an interface

attribute ip::cidr_v10 ip#

The following implements statements select implementations for this entity:

entity vyos::BaseHost#

Parents: ip::Host

A vyos (or derivative) based host.

attribute string user='inmanta'#
attribute string password='inmanta'#
attribute number port=22#
attribute bool skip_on_connect_error=false#

When true, vyos resources deployed on this host will be skipped when the handler fails to connect to the host. Otherwise the resource will be marked as failed.

relation vyos::Credential credential [1]#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::BaseInterface#

Parents: vyos::ConfigNode

attribute string name#
attribute ip::cidr_v10? address=null#
attribute bool dhcp=false#
relation vyos::Address addresses [0:*]#
relation vyos::PolicyRoute policy_route [0:1]#

Set a policy route for this interface.

relation vyos::Shaper traffic_policy_out [0:1]#

other end: vyos::Shaper.interfaces_in [0:*]

relation vyos::Shaper traffic_policy_in [0:1]#

other end: vyos::Shaper.interfaces_out [0:*]

relation vyos::Bridge bridge_group [0:1]#

other end: vyos::Bridge.members [0:*]

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Bridge#

Parents: vyos::BaseInterface

attribute string type='bridge'#
relation vyos::BaseInterface members [0:*]#

other end: vyos::BaseInterface.bridge_group [0:1]

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Config#

Parents: vyos::ConfigItem, std::PurgeableResource

VYOS config block resource

This is the central resource, that is used to deploy specific configlets.

attribute string device#
attribute string node#
attribute bool never_delete=false#
attribute bool save=true#
attribute bool send_event=true#
attribute string[] keys_only=List()#

Only compare these keys, ignore all other keys that are in the current state

attribute string[] ignore_keys=List()#

Ignore these keys in the current state

attribute bool facts=false#

When set to true the config is never executed. The value under node is exposed as a fact

attribute bool skip_on_connect_error#
relation vyos::Credential credential [1]#

The following implements statements select implementations for this entity:

entity vyos::ConfigItem#

Parents: std::Entity

attribute string config#
relation vyos::ExtraConfig extra [0:*]#

other end: vyos::ExtraConfig.parent [1]

entity vyos::ConfigNode#

Parents: std::Entity

attribute string node_name#
attribute bool purged=false#
attribute bool purge_on_delete=false#
relation vyos::ConfigItem config [0:1]#
relation vyos::BaseHost host [1]#

The following implementations are defined for this entity:

entity vyos::Credential#

Parents: std::Entity

attribute string address#
attribute string user#
attribute string password#
attribute number port#

The following implements statements select implementations for this entity:

entity vyos::DhcpServer#

Parents: vyos::ConfigNode

attribute string name#
attribute ip::cidr subnet#
attribute ip::ip default_router#
attribute ip::ip[] dns_servers#
attribute ip::ip range_start#
attribute ip::ip range_end#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::ExtraConfig#

Parents: vyos::ConfigItem

relation vyos::ConfigItem parent [1]#

other end: vyos::ConfigItem.extra [0:*]

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Host#

Parents: vyos::BaseHost

The following implements statements select implementations for this entity:

entity vyos::Hostname#

Parents: vyos::ConfigNode

attribute string name#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Interface#

Parents: vyos::BaseInterface

attribute bool never_delete=false#
attribute vyos::duplex duplex='auto'#
attribute vyos::speed speed='auto'#
relation vyos::firewall::RuleSet inbound_ruleset [0:1]#
relation vyos::firewall::RuleSet local_ruleset [0:1]#
relation vyos::firewall::RuleSet outbound_ruleset [0:1]#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::IpFact#

Parents: std::PurgeableResource

Discover interface IP

attribute string id#
attribute string device#
relation vyos::BaseHost host [1]#
relation vyos::Credential credential [1]#
relation vyos::Interface interface [1]#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Loopback#

Parents: vyos::ConfigNode

attribute ip::cidr address#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Masquerade#

Parents: vyos::ConfigNode

attribute string outbound_interface#
attribute string source_address#
attribute number rule#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Ospf#

Parents: vyos::ConfigNode

attribute vyos::area area=0#
attribute ip::cidr[] network#
attribute ip::ip router_id#
attribute string[]? passive_interfaces=null#
attribute string[]? passive_interface_excludes=null#
attribute vyos::abrtype_t abrtype='cisco'#
relation vyos::OspfRedistribute redistributes [0:*]#

other end: vyos::OspfRedistribute.ospf [1]

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::OspfRedistribute#

Parents: std::Entity

attribute vyos::redistribute_t type#
attribute vyos::ospf_metric_t? metric=null#
attribute vyos::ospf_metric_type_t metric_type=2#
attribute string? route_map=null#
relation vyos::Ospf ospf [1]#

other end: vyos::Ospf.redistributes [0:*]

The following implements statements select implementations for this entity:

entity vyos::PolicyRoute#

Parents: vyos::ConfigNode

Route policy for Vyos Polciy Based Routing.

attribute std::alfanum name#

The name for this policy route

relation vyos::PolicyRouteRule rules [1:*]#

other end: vyos::PolicyRouteRule.policy [1]

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::PolicyRouteRule#

Parents: vyos::ConfigNode

Rule in a route policy for Vyos Polciy Based Routing.

attribute number id#

The rule number

attribute number table#

Routing table for traffic matching this rule

attribute std::alfanum? description=null#

Description for this rule

attribute ip::cidr? match_source_address=null#

The source address to match traffic on

attribute ip::cidr? match_destination_address=null#

The destination address to match traffic on. Can only be specified if match_protocol is set

attribute ip::port? match_source_port=null#

The source port to match traffic on. Can only be specified if match_protocol in [“tcp”, “udp”]

attribute ip::port? match_destination_port=null#

The destination port to match traffic on

attribute std::alfanum? match_protocol=null#

The protocol to match traffic on

relation vyos::PolicyRoute policy [1]#

other end: vyos::PolicyRoute.rules [1:*]

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::RouteMap#

Parents: vyos::ConfigNode

attribute string name#
attribute string? description=null#
relation vyos::routemap::Rule rules [0:*]#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Shaper#

Parents: vyos::ConfigNode

attribute string name#
attribute string bandwidth#
attribute string default_bandwidth='50%'#
attribute string default_ceiling='100%'#
attribute string default_queue_type='fair-queue'#
relation vyos::BaseInterface interfaces_in [0:*]#

other end: vyos::BaseInterface.traffic_policy_out [0:1]

relation vyos::BaseInterface interfaces_out [0:*]#

other end: vyos::BaseInterface.traffic_policy_in [0:1]

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::StaticRoute#

Parents: vyos::ConfigNode

attribute ip::cidr destination#
attribute ip::ip next_hop#
attribute number table=0#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Tunnel#

Parents: vyos::BaseInterface

attribute string? description=null#
attribute vyos::tunnel_mtu_t mtu=1476#
attribute vyos::tunnel_encap_t encapsulation#
attribute ip::ip_v10 local_ip#
attribute ip::ip_v10? remote_ip=null#
attribute vyos::tunnel_key_t? key=null#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::Vif#

Parents: vyos::BaseInterface

attribute vyos::vlan_id vlan#
attribute string type='vif'#
attribute string name=''#
relation vyos::Interface parent [1]#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::firewall::AddressGroup#

Parents: vyos::firewall::Group

attribute string[] addresses#
string vyos::firewall::AddressGroup.description='inmanta managed address-group'

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::firewall::Group#

Parents: vyos::ConfigNode

attribute string name#
attribute string group_type#
entity vyos::firewall::NetworkGroup#

Parents: vyos::firewall::Group

attribute ip::cidr[] networks#
string vyos::firewall::NetworkGroup.description='inmanta managed network-group'

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::firewall::PortGroup#

Parents: vyos::firewall::Group

attribute string[] ports#
string vyos::firewall::PortGroup.description='inmanta managed port-group'

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::firewall::Rule#

Parents: std::Entity

attribute number id#
attribute vyos::firewall::action_t action#
attribute vyos::firewall::protocol_t protocol#
string vyos::firewall::Rule.description='inmanta managed rule'
relation vyos::firewall::Group source [0:*]#
relation vyos::firewall::Group destination [0:*]#
relation vyos::firewall::RuleSet ruleset [1]#

other end: vyos::firewall::RuleSet.rules [0:*]

The following implements statements select implementations for this entity:

entity vyos::firewall::RuleSet#

Parents: vyos::ConfigNode

attribute string name#
attribute vyos::firewall::action_t default_action#
string vyos::firewall::RuleSet.description='inmanta managed ruleset'
relation vyos::firewall::Rule rules [0:*]#

other end: vyos::firewall::Rule.ruleset [1]

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::openstackext::OpenstackHost#

Parents: vyos::BaseHost, openstack::Host

A vyos based host for Openstack

attribute string? floatingIP=null#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::routemap::Match#

Parents: std::Entity

attribute string? interface=null#

The following implements statements select implementations for this entity:

entity vyos::routemap::Rule#

Parents: std::Entity

attribute number id#
attribute vyos::routemap::rm_action_t action#
relation vyos::routemap::Match match [1]#

The following implements statements select implementations for this entity:

entity vyos::vpn::Authentication#

Parents: std::Entity

attribute string id#
attribute vyos::vpn::auth_mode_t mode#
attribute string? pre_shared_key=null#
attribute string? remote_id=null#
attribute string? rsa_key_name=null#

The following implements statements select implementations for this entity:

entity vyos::vpn::ESPGroup#

Parents: vyos::ConfigNode

attribute string name#
attribute bool compression#
attribute number lifetime#
attribute vyos::vpn::esp_mode_t mode#
attribute bool pfs#
relation vyos::vpn::ESPProposal proposals [1:*]#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::vpn::ESPProposal#

Parents: std::Entity

attribute number id#
attribute vyos::vpn::encryption_t encryption#
attribute vyos::vpn::hash_t hash='sha1'#

The following implements statements select implementations for this entity:

entity vyos::vpn::IKEGroup#

Parents: vyos::ConfigNode

attribute string name#
attribute vyos::vpn::kex_t key_exchange='ikev1'#
attribute number lifetime#
relation vyos::vpn::IKEProposal proposals [1:*]#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::vpn::IKEProposal#

Parents: std::Entity

attribute number id#
attribute vyos::vpn::dh_group_t? dh_group=null#
attribute vyos::vpn::encryption_t encryption#
attribute vyos::vpn::hash_t hash='sha1'#

The following implements statements select implementations for this entity:

entity vyos::vpn::IPSECOptions#

Parents: vyos::ConfigNode

attribute string[] ipsec_interfaces=List()#
attribute string[] log_modes=List()#
attribute bool nat_traversal=false#
attribute ip::cidr[] allowed_nat_networks=List()#

The following implements statements select implementations for this entity:

entity vyos::vpn::KeyGen#

Parents: std::PurgeableResource

Ensure an RSA key has been generated

attribute string id='keygen'#
attribute string device#
relation vyos::BaseHost host [1]#
relation vyos::Credential credential [1]#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::vpn::RSAKey#

Parents: vyos::ConfigNode

attribute string name#
attribute string rsa_key#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::vpn::SiteToSite#

Parents: vyos::ConfigNode

attribute string peer#
attribute vyos::vpn::conn_type_t connection_type#
attribute vyos::vpn::local_address_t local_address#
relation vyos::vpn::Authentication authentication [1]#
relation vyos::vpn::IKEGroup ike_group [1]#
relation vyos::vpn::ESPGroup default_esp_group [0:1]#
relation vyos::vpn::Tunnel tunnels [0:*]#

The following implementations are defined for this entity:

The following implements statements select implementations for this entity:

entity vyos::vpn::Tunnel#

Parents: std::Entity

attribute number id#
attribute ip::cidr_v10 local_prefix#
attribute ip::cidr_v10 remote_prefix#

The following implements statements select implementations for this entity:

Implementations#

implementation vyos::bridge#
implementation vyos::commonConfig#
implementation vyos::dhcpServer#
implementation vyos::extraconfig_depends#
implementation vyos::hostname#
implementation vyos::iface#
implementation vyos::ifacePolicyRoute#
implementation vyos::loopback#
implementation vyos::masq#
implementation vyos::ospf#
implementation vyos::policyRoute#
implementation vyos::policyRouteRule#
implementation vyos::routeMap#
implementation vyos::shaper#
implementation vyos::staticRouteDefault#
implementation vyos::staticRouteTable#
implementation vyos::tunnel#
implementation vyos::vif#
implementation vyos::vyosConfig#
implementation vyos::wireup_ipfact#
implementation vyos::firewall::addressGroup#
implementation vyos::firewall::networkGroup#
implementation vyos::firewall::portGroup#
implementation vyos::firewall::ruleSet#
implementation vyos::openstackext::openstackConfig#
implementation vyos::openstackext::withFip#
implementation vyos::vpn::espGroup#
implementation vyos::vpn::ikeGroup#
implementation vyos::vpn::ipsecOptions#
implementation vyos::vpn::rsaKey#
implementation vyos::vpn::siteToSite#
implementation vyos::vpn::wireup#

Resources#

class vyos.Config#
class vyos.IpFact#
class vyos.KeyGen#

Handlers#

class vyos.VyosHandler#
class vyos.KeyGenHandler#
class vyos.IpFactHandler#