Merge pull request #3064 from vyos/mergify/bp/sagitta/pr-3056

T5504: Keepalived VRRP ability to set more than one peer-address (backport #3056)

data/templates/high-availability/keepalived.conf.j2

@@ -82,7 +82,11 @@ vrrp_instance {{ name }} {
     nopreempt
 {%         endif %}
 {%         if group_config.peer_address is vyos_defined %}
-    unicast_peer { {{ group_config.peer_address }} }
+    unicast_peer {
+{%             for peer_address in group_config.peer_address %}
+        {{ peer_address }}
+{%             endfor %}
+    }
 {%         endif %}
 {%         if group_config.hello_source_address is vyos_defined %}
 {%             if group_config.peer_address is vyos_defined %}

interface-definitions/high-availability.xml.in

@@ -195,6 +195,7 @@
                   <constraint>
                     <validator name="ip-address"/>
                   </constraint>
+                  <multi/>
                 </properties>
               </leafNode>
               <leafNode name="no-preempt">

smoketest/scripts/cli/test_high-availability_vrrp.py

@@ -237,5 +237,32 @@ def test_04_exclude_vrrp_interface(self):
         self.assertIn(f'track_interface', config)
         self.assertIn(f'    {none_vrrp_interface}', config)
 
+    def test_05_set_multiple_peer_address(self):
+        group = 'VyOS-WAN'
+        vlan_id = '24'
+        vip = '100.64.24.1/24'
+        peer_address_1 = '192.0.2.1'
+        peer_address_2 = '192.0.2.2'
+        vrid = '150'
+        group_base = base_path + ['vrrp', 'group', group]
+
+        self.cli_set(['interfaces', 'ethernet', vrrp_interface, 'vif', vlan_id, 'address', '100.64.24.11/24'])
+        self.cli_set(group_base + ['interface', vrrp_interface])
+        self.cli_set(group_base + ['address', vip])
+        self.cli_set(group_base + ['peer-address', peer_address_1])
+        self.cli_set(group_base + ['peer-address', peer_address_2])
+        self.cli_set(group_base + ['vrid', vrid])
+
+        # commit changes
+        self.cli_commit()
+
+        config = getConfig(f'vrrp_instance {group}')
+
+        self.assertIn(f'interface {vrrp_interface}', config)
+        self.assertIn(f'virtual_router_id {vrid}', config)
+        self.assertIn(f'unicast_peer', config)
+        self.assertIn(f'    {peer_address_1}', config)
+        self.assertIn(f'    {peer_address_2}', config)
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)

src/conf_mode/high-availability.py

@@ -125,8 +125,9 @@ def verify(ha):
                         raise ConfigError(f'VRRP group "{group}" uses IPv4 but hello-source-address is IPv6!')
 
                 if 'peer_address' in group_config:
-                    if is_ipv6(group_config['peer_address']):
-                        raise ConfigError(f'VRRP group "{group}" uses IPv4 but peer-address is IPv6!')
+                    for peer_address in group_config['peer_address']:
+                        if is_ipv6(peer_address):
+                            raise ConfigError(f'VRRP group "{group}" uses IPv4 but peer-address is IPv6!')
 
             if vaddrs6:
                 tmp = {'interface': interface, 'vrid': vrid, 'ipver': 'IPv6'}
@@ -139,8 +140,9 @@ def verify(ha):
                         raise ConfigError(f'VRRP group "{group}" uses IPv6 but hello-source-address is IPv4!')
 
                 if 'peer_address' in group_config:
-                    if is_ipv4(group_config['peer_address']):
-                        raise ConfigError(f'VRRP group "{group}" uses IPv6 but peer-address is IPv4!')
+                    for peer_address in group_config['peer_address']:
+                        if is_ipv4(peer_address):
+                            raise ConfigError(f'VRRP group "{group}" uses IPv6 but peer-address is IPv4!')
     # Check sync groups
     if 'vrrp' in ha and 'sync_group' in ha['vrrp']:
         for sync_group, sync_config in ha['vrrp']['sync_group'].items():