Page MenuHomeVyOS Platform
Create Task
Maniphest T3980

vrrp transition-script validator makes warning fatal and also causes a python NameError exception
Closed, ResolvedPublicBUG
Actions

Description

When setting a transition script to something outside of /config the commit will fail with:

[ high-availability vrrp group eth0-5 transition-script backup /etc/init.d/radvd stop ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/validators/script", line 40, in <module>
    f'Warning: file {path} is outside the / config directory\n'
NameError: name 'path' is not defined

[ high-availability vrrp group eth0-5 transition-script backup /etc/init.d/radvd stop ]
Invalid value

In /usr/libexec/vyos/validators/script it has

f'Warning: file {path} is outside the / config directory\n'

changing {path} to {script} here in https://github.com/vyos/vyos-1x/blob/current/src/validators/script#L40 fixes the traceback error but the warning is still fatal. If I change it to print() instead of sys.exit() the warning doesn't even get printed.

Details

Difficulty level
Unknown (require assessment)
Version
1.3/1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

ross211 created this task.Nov 10 2021, 2:35 PM
Viacheslav added a subscriber: Viacheslav.EditedNov 10 2021, 3:17 PM

Try to restart vyos-configd after changing script file

sudo systemctl restart vyos-configd

Or just stop it.

ross211 added a comment.Nov 11 2021, 12:40 PM

This doesn't seem to help, whatever is calling the validator script seems to hide the output unless the exit status is non-zero.

pasik added a subscriber: pasik.Nov 11 2021, 3:01 PM
ross211 added a comment.Nov 12 2021, 7:19 AM

From what I understand this looks to be due to https://github.com/vyos/vyos-utils/blob/master/src/validate_value.ml catching both stdout and stderr output from the validators and only printing the captured output if the validator exit status is 0 so there isn't a way to print warnings unless it always prints the output or handling for a special 'warning' exit code was added.

jestabro claimed this task.Nov 12 2021, 4:12 PM
jestabro added a subscriber: jestabro.

I will take a look; thanks for the report !

jestabro added a comment.EditedNov 12 2021, 7:20 PM

This brings up an interesting issue: validate_value.ml could easily be modified to print warnings, while maintaining T2759 (namely, only print fatal errors if _all_ validators fail for a given setting), however, is this reasonable behaviour ? One would think that a 'validator' is either pass or fail, and if it is just giving a warning, it is no longer a validator.

If we choose not to have strict enforcement of the path here, then an alternative is to move the 'script' check to the verify step in the conf_mode script, providing either a warning or failure depending on what is appropriate for the case. Currently, 'script' is only called for validation by vrrp.xml.in and service_pppoe-server.xml.in.

jestabro added a comment.EditedNov 24 2021, 6:34 PM

The plan is to weaken this to a warning in 'verify'; as summarized above, validators are pass/fail and warnings are not an appropriate response for a validator

jestabro mentioned this in T4053: VRRP impossible to set scripts out of the /config directory.Dec 6 2021, 2:29 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus, VyOS 1.4 Sagitta.Aug 14 2022, 1:05 PM
dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).Aug 14 2022, 6:43 PM
jestabro edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Apr 13 2023, 7:57 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:31 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:37 PM
jestabro closed this task as Resolved.Jan 8 2024, 7:59 PM

The errors here were fixed in:
https://vyos.dev/T4052
https://vyos.dev/T4053
in equuleus and subsequent.

dmbaturin mentioned this in 1.3.6.Feb 3 2024, 1:59 AM