Page MenuHomeVyOS Platform

API service with VRF doesn't work in 1.3.1
Closed, ResolvedPublicBUG

Description

T4055 added a useful feature that supports VRF for API.
Unfortunately, it doesn't work as expected in Equuleus with following configuration.

set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 vrf 'mgmt'
set interfaces loopback lo
set service https api keys id vyos key 'vyos'
set service https vrf 'mgmt'
set vrf name mgmt table '65535'

There are no nginx processes in the VRF and it's not accessible from eth0 network.

vyos@vyos:~$ show vrf mgmt processes
 5829  vyos-http-api-s
 5835  unionfs-fuse
 3224  sshd
test@vm:~$ curl -sSfLk -X POST 'https://192.168.0.20/retrieve' -F data='{"op": "showConfig", "path": ["interfaces"]}' -F key='vyos'
curl: (7) Failed to connect to 192.168.0.20 port 443: Connection refused

And, the nginx configuration file doesn't include ip vrf exec command.

vyos@vyos:~$ cat /etc/systemd/system/nginx.service.d/override.conf
[Unit]
StartLimitIntervalSec=0
After=vyos-router.service

[Service]
ExecStartPre=
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
Restart=always
RestartPreventExitStatus=

It works properly in current branch, so it's just in Equuleus.

Details

Difficulty level
Easy (less than an hour)
Version
1.3.1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Revisions and Commits

Related Objects

Mentioned In
1.3.4