I have noticed the '/etc/vrf/systemd.conf' file which lead to me to the following documentation: https://docs.cumulusnetworks.com/display/DOCS/Management+VRF
The documentation gives some examples, notably ntp, snmpd and hsflowd. However, it says nothing about ssh. Despite being in '/etc/vrf/systemd.conf', sshd doesn't need to be started as 'ssh@mgmt' to log users in the management context. Using 'vrf task identify', I see the main daemon is in the default VRF while the children spawned on each connections are in the mgmt VRF. Should I use 'ssh@mgmt' instead? Why would SSH not be entirely bound to the mgmt VRF?
I notice that rsyslog is not part of the services and instead, it has been modified to allow specifying a device to bind to. What's the reason of rsyslog not playing nice with VRF? I ask that to identify other services that could have this problem.
I find it cumbersome to have a service for the default VRF and a different service for the mgmt VRF. I understand this gives the user the ability to run the services in any VRF, but it's also easy to make an error and starts the service in the default VRF. I was thinking of running my own copy of 'systemd-vrf-generator' that justs add overrides to the normal name. For example, '/run/systemd/generator/snmpd.service.d/vrf.conf' would have the same content than '/run/systemd/generator/snmpd@.service.d/vrf.conf' except '%I' is already replaced by 'mgmt'. I wonder why you didn't go this road. Maybe there is a difficulty I didn't see?
BTW, this would be interesting to have the functionality integrated in systemd directly. The override would be simpler. It would be similar to the 'JoinsNamespaceOf' directive.