remote: T4732: add VRF option for commit-archive

[c-po]

Change summary

Add new CLI option to make transfers to the commit-archive working using a dedicated (e.g. management) VRF.

set system config-management commit-archive vrf MGMT

All transfers using vyos.remote module will now run through the VRF defined on the CLI.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

• https://vyos.dev/T4732

Related PR(s)

• remote: T4732: add VRF option for commit-archive vyos-documentation#1823

How to test / Smoketest result

vyos@vyos# run show configuration commands | grep -E "commit-archive|eth0 vif 10"
set interfaces ethernet eth0 vif 10 address '172.16.33.201/24'
set interfaces ethernet eth0 vif 10 vrf 'MGMT'
set system config-management commit-archive location 'https://172.16.33.30/fff'
set system config-management commit-archive vrf 'MGMT'

Using tcpdump(1) one can see the packets now traverse via eth0.10 which is bound to VRF MGMT

vyos@vyos:~$ sudo tcpdump -nevi eth0.10 host 172.16.33.30
tcpdump: listening on eth0.10, link-type EN10MB (Ethernet), snapshot length 262144 bytes
15:18:32.605946 00:50:56:bf:c5:6d > bc:24:11:8d:42:a3, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 33178, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.33.201.52951 > 172.16.33.30.443: Flags [S], cksum 0x9b36 (incorrect -> 0xf260), seq 3461808828, win 64240, options [mss 1460,sackOK,TS val 2953604595 ecr 0,nop,wscale 7], length 0

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[Copilot]

Pull request overview

Adds a new commit-archive vrf CLI option so commit-archive uploads can run in a dedicated VRF (e.g., a management VRF), wiring the setting through config-management into the remote transfer layer.

Changes:

• Extend the CLI schema for system config-management commit-archive with a vrf leaf.
• Read the effective commit-archive vrf from config and pass it into commit-archive uploads.
• Add VRF-aware plumbing to vyos.remote transfer implementations (HTTP(S), SSH, TFTP/curl, git).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.

File	Description
src/conf_mode/system_config-management.py	Validates commit-archive configuration including VRF existence via verify_vrf().
python/vyos/config_mgmt.py	Reads effective commit-archive vrf and passes it to remote uploads for commit-archive.
python/vyos/remote.py	Adds vrf parameter propagation and implements VRF binding/wrapping for several protocols.
interface-definitions/system_config-management.xml.in	Adds vrf CLI node under commit-archive.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

CI integration ❌ failed!

Details

CI logs

• CLI Smoketests ❌ failed
• CLI Smoketests (interfaces only) 👍 passed
• Config tests 👍 passed
• RAID1 tests 👍 passed
• CLI Smoketests VPP 👍 passed
• Config tests VPP 👍 passed
• TPM tests 👍 passed