I would like to solve this in the next way. I will:
- Add verification to our config module to avoid impossible configurations.
- Add IPv6 gateway processing (how could I miss this? Cannot imagine...).
I would like to solve this in the next way. I will:
I saw multiple times configs with a firewall section that contains about a thousand lines, so I do not think that DNS records are something size-critical that deserves additional config files.
I believe that keeping config parts outside the config.boot is a bad idea in general that against our main benefit - single config for everything.
Can you share details about your hypervisor and datasource? Also as the full Cloud-init log (/var/log/cloud-init.log)?
Either datasource generates a wrong config, either the format is not well described in the Cloud-init documentation - there noted that: "gateway: IPv4 address of the default gateway for this subnet". I more believe in the wrong documentation, but would be better to check.
Independently of this all, the situation is not good, because we need to verify values that put into config. So, this will be fixed in one or another way (proper adding or drop), when we figure out details.
I am suggesting switching to https://github.com/vyos/vyos-vm-images for everything, except ISO images. This will solve the problem automatically. It is already able to create images for QEMU, VMware, Hyper-V, GCE, AWS, OpenStack, Oracle, Packet, and more not mentioned in the https://github.com/vyos/vyos-build. The only what I have not tried yet is Azure.
Setting Ethernet interfaces addresses, routes, and name servers are supported in both versions now. Advanced features like bonding, bridges, VLANs could be added later on-demand.
This was resolved via dhclient hooks - there is a protection mechanism now, which allows deleting only routes with tag 210 that set by hooks to all DHCP routes.
The config module without this problem is available in the crux, should be released in the 1.2.7 version.
The config module backported to the crux, should be available with 1.2.7 release.
Backported to the crux branch, should be released with 1.2.7.
After the testing with a standalone User-Data handler, this feature was ported to the main cloud-init package in https://github.com/vyos/vyos-cloud-init/pull/27.
Currently, supported only set and delete commands processing. They must be provided as a list in the vyos_config_commands option.
The main reason for such issues is missing a good one instructions on how to build a proper one image.
NoCloud (and actually any datasource which provide network-config) must be supported now in VyOS 1.3. Feel free to test it.
This feature now is in the Cloud-init for 1.3 and must be backported after testing.
The configuration module for 1.3 is compatible with both network-config versions now. Initial testing was successful, but let's keep this for some time to collect more cases.
@kroy how about testing this in 1.3? It must work now.
Handling of all supported by VyOS configuration SSH key types was added to the VyOS 1.3 by this commit https://github.com/vyos/vyos-cloud-init/commit/d4004ac6ea1c7c03a35d9410f7c70ab423c926bb
Just to make this a bit clearer. A short how-to to reproduce the bug in 1.3-rolling-202008031114 with empty config:
set firewall ipv6-name WAN6_IN6 set firewall ipv6-name WAN6_LOCAL6 set interfaces tunnel tun1 6rd-prefix '2607:FA48:6ED8::/45' set interfaces tunnel tun1 6rd-relay-prefix '24.225.128.0/17' set interfaces tunnel tun1 address '2607:FA48:6ED8:8A50::1/60' set interfaces tunnel tun1 description 'Videotron 6rd Tunnel' set interfaces tunnel tun1 encapsulation 'sit' set interfaces tunnel tun1 firewall in ipv6-name 'WAN6_IN6' set interfaces tunnel tun1 firewall local ipv6-name 'WAN6_LOCAL6' set interfaces tunnel tun1 mtu '1480' set interfaces tunnel tun1 multicast 'disable' set interfaces tunnel tun1 parameters ip ttl '255' set interfaces tunnel tun1 remote-ip '24.225.128.1' set interfaces tunnel tun1 local-ip '24.225.136.165' commit
leads to the error:
Can not set "local" for tunnel sit tun1 at tunnel creation
and the same but without the local-ip option leads to the Python traceback.
It is possible to use https://github.com/vyos/vyos-1x/blob/b704d0676ab2d623d2eeb1ed4dc1bcf2a2c4a5e2/python/vyos/logger.py for this purpose now.
Changing description in a master transition script will lead to an endless loop, because of:
Jul 29 14:05:36 vyos sudo[3097]: root : TTY=ttyS0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c VYOS_TAGNODE_VALUE='eth1' /usr/libexec/vyos/conf_mode/interfaces-ethernet.py Jul 29 14:05:36 vyos sudo[3097]: pam_unix(sudo:session): session opened for user root by vyos(uid=0) Jul 29 14:05:36 vyos control.py[3098]: set_interface: alias, Jul 29 14:05:36 vyos control.py[3098]: set_interface: link_detect, 1 Jul 29 14:05:36 vyos control.py[3098]: set_interface: vrf, Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_cache_tmo, 30 Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_filter, 1 Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_accept, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_announce, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_ignore, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: proxy_arp, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: proxy_arp_pvlan, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: ipv6_forwarding, 1 Jul 29 14:05:36 vyos control.py[3098]: set_interface: ipv6_accept_ra, 1 Jul 29 14:05:36 vyos control.py[3098]: set_interface: ipv6_autoconf, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: ipv6_dad_transmits, 1 Jul 29 14:05:36 vyos control.py[3098]: set_interface: mtu, 1500 Jul 29 14:05:36 vyos control.py[3098]: set_interface: alias, MASTER_by_script Jul 29 14:05:36 vyos control.py[3098]: set_interface: link_detect, 1 Jul 29 14:05:36 vyos Keepalived_vrrp[1302]: (lan) Entering BACKUP STATE Jul 29 14:05:36 vyos Keepalived_vrrp[1302]: (lan) sent 0 priority Jul 29 14:05:36 vyos control.py[3098]: set_interface: vrf, Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_cache_tmo, 30 Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_filter, 1 Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_accept, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_announce, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: arp_ignore, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: proxy_arp, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: proxy_arp_pvlan, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: ipv6_forwarding, 1 Jul 29 14:05:36 vyos control.py[3098]: set_interface: ipv6_accept_ra, 1 Jul 29 14:05:36 vyos control.py[3098]: set_interface: ipv6_autoconf, 0 Jul 29 14:05:36 vyos control.py[3098]: set_interface: ipv6_dad_transmits, 1 Jul 29 14:05:36 vyos control.py[3098]: set_interface: gro, off Jul 29 14:05:36 vyos control.py[3098]: set_interface: gso, off Jul 29 14:05:36 vyos control.py[3098]: set_interface: sg, off Jul 29 14:05:36 vyos control.py[3098]: set_interface: tso, off Jul 29 14:05:36 vyos control.py[3098]: set_interface: ufo, off Jul 29 14:05:36 vyos control.py[3098]: set_interface: admin_state, up Jul 29 14:05:36 vyos Keepalived_vrrp[1302]: (lan) Entering MASTER STATE Jul 29 14:05:36 vyos control.py[3098]: set_interface: gro, off Jul 29 14:05:36 vyos control.py[3098]: set_interface: gso, off Jul 29 14:05:36 vyos control.py[3098]: set_interface: sg, off Jul 29 14:05:36 vyos control.py[3098]: set_interface: tso, off Jul 29 14:05:37 vyos control.py[3098]: set_interface: ufo, off Jul 29 14:05:37 vyos control.py[3098]: set_interface: admin_state, up
Closed in favor of https://phabricator.vyos.net/T1101
This command doing not what you are expecting. It shows virtual VRRP interfaces running in RFC3768 compatibility mode. Add the rfc3768-compatibility option to a VRRP group and a new virtual interface should be listed in the output.
If you want to change this behavior, please describe how exactly.
@s.lorente can you check this with actually configured tc values?
The set protocols bgp XXX neighbor XXX address-family ipv6-unicast peer-group XXX command generate the router bgp XXX; address-family ipv6; neighbor XXX peer-group XXX', for vtysh, which does not supported (anymore? I cannot find any commits in FRR about syntax change, maybe this was migrated from old quagga).
@c-po I have not tried this previously, but if it works well, I would like to keep it for kernel debugging on bare-metal devices.
The bug is produced because of deleted deprecated option in vtysh. Before FRR 7.3:
root@vyos:/home/vyos# vtysh -c "show ip community-list 10" This config option is deprecated, and is scheduled for removal. if you are using this please migrate to the below command. 'show bgp community-list <(1-500)|WORD> detail' % Can't find community-list
Starting from 7.3:
root@vyos:/home/vyos# vtysh -c "show ip community-list 10" % Unknown command: show ip community-list 10
Need to check again with 1.3, as may be solved by: https://phabricator.vyos.net/T1291