VyOS Configuration Backup Automation with Git
Backup to a Git Repository with Every VyOS Commit
Many years ago when I ran a Ubiquiti EdgeRouter Lite as my primary home router, I came across psitem/edgerouter-backup while searching forums for someone who may have already developed a solution. This worked great for me for as long as I had the EdgeRouter.
Fast-forward a while, and I've switched to running a VyOS VM as my primary router at home. VyOS and EdgeOS were both forked from Vyatta, so they share a lot of similarities, but there are almost as many differences.
I wanted to continue backing up my configuration to a git repository to protect against loss as well as keep a versioned history of every change I make to my router, so I put together a single script that runs as a post-commit hook in VyOS.
Today, I will review the script I've created to automatically back up my VyOS router config to a git repository with every configuration commit.
The script itself is fairly straightforward, but there's a little bit of setup you'll have to do beforehand for it to be successful.
This tutorial assumes you are using key-based SSH authentication to your router--it will be required in order to push to your remote repository.
Build Your Own Image with Git Installed
The default ISOs do not include Git, so you'll need to build your own with Git integrated. Luckily, I covered that for you in an earlier post titled How I Automate Building VyOS Images. If you're not running a custom image, you'll want to go back and build one, then boot your router from it before you continue.
Set up Agent Forwarding
For this to work properly, you'll need to set up SSH Agent Forwarding in your local .ssh/config
file. This will prevent you from having to generate new SSH keys specifically for your router. Agent forwarding allows your SSH keys on your local machine to 'pass through' to the router and be used for pushing to your remote Git repo via SSH.
Open ~/.ssh/config
in your favorite editor, and then add the following to the end of the file, then save and exit. This works because the default ssh config in VyOS rolling release has the flag AllowAgentForwarding
set to yes
.
Host <enter your VyOS hostname here>
ForwardAgent Yes
Don't forget to modify the text above, replacing vyos-hostname
with the actual hostname of your router.
Create Git Repository
First, you'll need a repository for your router. I've used config-hostname
for my repo names. The easiest way to do this is to log into your git provider website, create a new private repository with a README.md file in it.
⚠️ A NOTE ON SECURITY: The configuration files the script will create are not sanitized in any way and contain secret information you do not want to be published publicly. This is why it's extremely important to use a private repository. I personally use Gitea in a Docker container to store my router configs, so there's very little risk of accidentally making them public. I cannot recommend this option enough.
Log into VyOS and Clone Repository
Log into your VyOS router and set your user.name and user.email for Git.
git config --global user.name "Your Name Here"
git config --global user.email "Your Email Address Here"
Now, let's change to the /config/user-data
directory. Once there, clone your repository into the directory. In the example below, I'm using git@git.internal
for my Git server, which is a my private Gitea docker container.
cd /config/user-data
git clone git@git.internal:brav0charlie/config-router01
It's important to clone into /config/user-data
, because this location is persistent across reboots and upgrades. This prevents your local repository from getting wiped out with every reboot or upgrade.
Copy Script into Place
Copy the contents of the 99-git-commit
script below to your clipboard, then create the script on your router. While logged into your router, use the following command to create the script.
nano /config/scripts/commit/post-hooks.d/99-git-commit
Paste the script into the file, then hit Ctrl+X to exit. Hit Y to save, then Enter to confirm the file name. Now we'll mark the script as executable.
chmod +x /config/scripts/commit/post-hooks.d/99-git-commit
That's All There is To It!
You're done! Now, when you make commit changes to your VyOS instance, the script will create a copy of the JSON config file and a copy of the configuration commands to the repo. Then, it'll perform a git commit
and a git push
to send your config off to your Git host for safekeeping.
The script will use a generic "commit message" when committing to the repository, however, you can specify a custom commit message by setting the variable $M
before issuing the VyOS commit command. For example:
M="This is my custom commit message." commit;save
The line above sets the custom commit message in the $M
variable and then issues a commit
and save
command on the same line.
Testing the Script
You can test the script's functionality without actually performing a VyOS commit beforehand. Just run the script directly like so:
/config/scripts/commit/post-hooks.d/99-git-commit
A final note on upgrades
When you upgrade your system image, your user profile folder gets wiped out. This wipes out your .gitconfig
file, so you'll need to reissue your git config after an upgrade.
git config --global user.name "Your Name Here"
git config --global user.email "Your Email Address Here"