There was a new upstream release 1.4.6 7 days ago, but that shouldn't make it to debian stable (buster). Only the patch done by elbandi via PR could get released as 1.4.5-3, but it hasn't been yet. We could make a backport of 1.4.6 into buster-backports and add a custom apt pin for the package. (I'd rather not go the backport route, as that means the backporter needs to always update the upload for security fixes, rather I'd add all patches for bugs into 1.4.5 for buster and ask for a new buster release).
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Apr 8 2020
Please find below, with some comments redacted.
I can't reproduce it with the code in the rolling image that will be available by tomorrow.
Can you please share your configuration on the pppoe interface with us?
The only major differences I've noticed are the kernel versions:
Re-assigning to @Dmitry after checking with him as he's more experienced here.
Where do I get the local address from? Can you share your complete config? Maybe we need source-address or something similar in CLI.
Yes - there are some parts which make use of this bad practice (mostly introduced by me), cleanup required.
There is an issue with storing the state of the interface and then applying it in bulk. For some interface we want to admin it down before performing change and then bringing it back up.
If we store this then only the change and the up command will be applied, this is not going to work.
@cpo should another task be created to make sure we exclude the interfaces themself from source-interface (s) ?
Hello, @adestis!
Support of transition-scripts was added to sync-groups in a rolling version.
I have investigated this a bit. Most operations for ports are doing one-by-one. Deleting as I see is always done in this way. Adding a range is done by a single command, but checking ports are doing one-by-one.
If we skip/change mentioned checking for adding ports, this should decrease initial commit time. But when we try to change/delete ports, the issue will back.
I think that there should be better to reimplement the whole firewall group section in Python, instead of fixing this logic now.
PR for this task https://github.com/vyos/vyos-1x/pull/313
thanks to @runborg .. my own initial attempt to syslog failed (facility level ??)
This works
import logging import logging.handlers my_logger = logging.getLogger('MyLogger') # logger is singleton my_logger.setLevel(logging.DEBUG) handler = logging.handlers.SysLogHandler(address='/dev/log', facility="auth") my_logger.addHandler(handler) my_logger.critical('this is critical')
from shlex import quote def systemd(self, level, message): msg = quote(message) run(f'echo {msg} | systemd-cat -p {self.level}')
Personally I'd use systemd-journald which I think provides the same logging facilities as rsyslog used to, but vyos still runs both. IMO the logging section is a mess and would need a complete rewrite to journal.
# sudo lsof | grep dev-log I am officially daft .. I thought it was not running !
@dmbaturin I was aked on slack to report the information via syslog. However the syslog server is not listening on on UDP port 514 on localhost. How would you like to proceed ?
should it be opened (I am not sure where this should be configured) or should the log be written on the drive using the python logging module (as I currently have implemented).
@cpo AFAIU the patches are not right as the code making use of Config() in the verify() section and AFAIU this is against the separation between get_config()
Already possible via Cloud-init. For different environments may be required differently tuned images (data sources, additional tools like guest agents, etc.).
I think I can pinpoint it down to the mesh generation using wireguard. Please see the logs of two failed nodes attached. I dont find older rotations of the log file. Thats all I have.
Looks good. I don't have merge access but this definitely is a fix to an oversight in the build.
Apr 7 2020
@chrismarget we autogenerate list of resolved issues for releases
so tasks names should be with more context
Not really, just make sure you include VyOS 1.3 project so we can track what can be backported
you will need to adjust your PR message to include task number T2239
Did I do the wrong thing by tagging this for vyos-build?
@fetzerms I was mistaken: cfg-stdout.log is logrotated, but not removed on boot, and this is useful info. When you are able to reproduce, please share. I believe the corner case I am seeing is distinct but related to what you are seeing. Thanks.
The automatic helper assignment is enabled in both the LTS and the current rolling releases. The only thing that is needed to make the TFTP working is to allow the udp/69 and "related" traffic.
The automatic helper assignment is enabled in both the LTS and the current rolling releases. The only thing that is needed to make the FTP working is to allow the tcp/21, "related" and "established" traffic.
merged.