Page MenuHomeVyOS Platform
Create Task
Maniphest T5940

[1.3.5 -> 1.4.0-RC1 Migration] commit-archive Fails to Migrate
Open, HighPublicBUG
Actions

Description

The commit-archive functionality fails to be loaded after migrating to 1.4-RC1. Here's the (sanitized) config on 1.3.5:

image.png (174×1 px, 56 KB)

Here's what happens when I try to load it on 1.4 after booting:
image.png (275×1 px, 115 KB)

Also, you may want to consider some censoring of username / password for output on errors like this (but I get it if not, it's a pain).

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rc1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

trae32566 created this task.Jan 14 2024, 11:17 AM
trae32566 added a parent task: T5938: Migration fail root task for 1.4-rc.
trae32566 added a comment.EditedJan 15 2024, 8:09 AM

I think I see part of what's happening here; it looks like the format for configuration-sync URIs removed the colon (:) between the host and path:
<PROTO>://<USER>:<PASS>@<HOST>:<PATH>
is now:
<PROTO>://<USER>:<PASS>@<HOST><PATH>

The migration scripts probably just need to account for this.

Additionally, it looks like special characters, specifically !, which worked prior (and still works with the save op-mode command), cause a failure in 1.4+:

trae@cr01b-vyos# set system config-management commit-archive location sftp://MYUSER:[email protected]/wdc07/cr01b-vyos
[edit]
trae@cr01b-vyos# set system config-management commit-archive location sftp://MYUSER:[email protected]/wdc07/cr01b-vyos

  "//MYUSER:[email protected]/wdc07/cr01b-vyos" is not a valid URI for the sftp URL scheme
  
  
  Invalid value
  Value validation failed
  Set failed

[edit]
trae@cr01b-vyos# set system config-management commit-archive location 'sftp://MYUSER:[email protected]/wdc07/cr01b-vyos'

  "//MYUSER:[email protected]/wdc07/cr01b-vyos" is not a valid URI for the sftp URL scheme
  
  
  Invalid value
  Value validation failed
  Set failed

[edit]
trae@cr01b-vyos# set system config-management commit-archive location "sftp://MYUSER:[email protected]/wdc07/cr01b-vyos"

  "//MYUSER:[email protected]/wdc07/cr01b-vyos" is not a valid URI for the sftp URL scheme
  
  
  Invalid value
  Value validation failed
  Set failed

[edit]
trae32566 added a comment.Jan 16 2024, 11:34 AM

It also doesn't appear to accept %, *, or ^ in the password. Perhaps we should consider splitting this up into something like:

set system config-management commit-archive location SERVER1 protocol sftp
set system config-management commit-archive location SERVER1 path '/wdc07/cr01b-vyos'
set system config-management commit-archive location SERVER1 host 'stor01a-rh9.int.trae32566.org'
set system config-management commit-archive location SERVER1 user 'myuser'
set system config-management commit-archive location SERVER1 password '$P4SsW0RD!'

I realize this would be a significant departure from the way it is currently done, but I think it's worth it given that it:

  • Clearly delineates each part of the configuration, preventing having to find identifiers (ex: : or /) to split up a single long string
  • Allows for easy encryption of the password in the configuration in the future
  • Removes the concern of special characters in any field other than the password
  • Obfuscates away the formatting of the underlying protocol URI
Apachez added a subscriber: Apachez.Jan 16 2024, 11:45 AM

Another good thing is that any logging can be done without spoling the user/pass which otherwise is the case with todays oneliner approach.

That is that the log of failed connection could include just protocol + host (and path).

Viacheslav triaged this task as High priority.Jan 20 2024, 2:12 PM
syncer assigned this task to dmbaturin.Jan 20 2024, 7:35 PM
pasik added a subscriber: pasik.Jan 20 2024, 9:33 PM
dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.0-epa1); removed VyOS 1.4 Sagitta.Feb 15 2024, 5:37 PM