Page MenuHomeVyOS Platform
Feed All Stories

Fri, Jun 26

c-po closed T2625: Provide generic Library for package builds as Resolved.
Fri, Jun 26, 4:03 PM · VyOS 1.2 Crux (VyOS 1.2.6), VyOS 1.3 Equuleus
c-po updated the task description for T2625: Provide generic Library for package builds.
Fri, Jun 26, 3:55 PM · VyOS 1.2 Crux (VyOS 1.2.6), VyOS 1.3 Equuleus
c-po changed the status of T2653: "set interfaces" Python handler code improvements - next iteration from Open to In progress.
Fri, Jun 26, 1:51 PM · VyOS 1.3 Equuleus
c-po created T2653: "set interfaces" Python handler code improvements - next iteration.
Fri, Jun 26, 1:50 PM · VyOS 1.3 Equuleus
thomas-mangin closed T2057: Generalised Interface configuration as Resolved.
Fri, Jun 26, 1:32 PM · VyOS 1.3 Equuleus
c-po claimed T2622: An issue with config migration (interface pseudo ethernet).
Fri, Jun 26, 1:31 PM · VyOS 1.3 Equuleus
c-po renamed T2588: Add support for default values to the interface-definition format from Add support for default values to the interface definition format to Add support for default values to the interface-definition format.
Fri, Jun 26, 1:29 PM · VyOS 1.3 Equuleus
c-po updated the task description for T2636: get_config_dict() shall always return a list on <multi/> nodes.
Fri, Jun 26, 12:02 PM · VyOS 1.3 Equuleus
c-po updated the task description for T2636: get_config_dict() shall always return a list on <multi/> nodes.
Fri, Jun 26, 12:01 PM · VyOS 1.3 Equuleus
jjakob added a comment to T2523: Upgrade from 1.2.5 to 1.3-rolling-202005261512 results in broken network config on second boot.

Migration scripts use vyos.configtree which uses libvyosconfig so it's probably a bug there.

Fri, Jun 26, 9:09 AM · VyOS 1.3 Equuleus
jjakob added a comment to T2523: Upgrade from 1.2.5 to 1.3-rolling-202005261512 results in broken network config on second boot.
Fri, Jun 26, 8:42 AM · VyOS 1.3 Equuleus
jjakob added a comment to T2523: Upgrade from 1.2.5 to 1.3-rolling-202005261512 results in broken network config on second boot.

Attached are config.boot post-upgrade(migration) and config.boot pre-migration.
Notice:

  • doubled hw-id lines
  • missing opening curly braces on line 44
  • some things are quoted, some are not
Fri, Jun 26, 8:39 AM · VyOS 1.3 Equuleus
jjakob moved T2523: Upgrade from 1.2.5 to 1.3-rolling-202005261512 results in broken network config on second boot from In Progress to Need Triage on the VyOS 1.3 Equuleus board.
Fri, Jun 26, 8:16 AM · VyOS 1.3 Equuleus
jjakob reopened T2523: Upgrade from 1.2.5 to 1.3-rolling-202005261512 results in broken network config on second boot as "Open".
Fri, Jun 26, 8:15 AM · VyOS 1.3 Equuleus
jjakob added a comment to T2523: Upgrade from 1.2.5 to 1.3-rolling-202005261512 results in broken network config on second boot.

Not doing anything regarding the failed load and just rebooting has now hard-baked the eth0-eth2 names into config.boot without me doing anything. So something effectively decided to rename eth1-eth3 to eth0-eth2 and save it to config.boot.

Fri, Jun 26, 8:15 AM · VyOS 1.3 Equuleus
jjakob claimed T2519: Broadcast address does not add automatically.
Fri, Jun 26, 8:08 AM · VyOS 1.3 Equuleus
c-po merged T2652: nat configuration conflicts with wan-load-balance nat rules into T2524: Restarting vyos-router.service breaks router.
Fri, Jun 26, 7:48 AM · VyOS 1.3 Equuleus
c-po merged task T2652: nat configuration conflicts with wan-load-balance nat rules into T2524: Restarting vyos-router.service breaks router.
Fri, Jun 26, 7:48 AM · VyOS 1.3 Equuleus
c-po changed Difficulty level from unknown to easy on T2642: sshd Broken on Latest Rolling Release.
Fri, Jun 26, 7:47 AM · VyOS 1.3 Equuleus
c-po closed T2642: sshd Broken on Latest Rolling Release as Resolved.
Fri, Jun 26, 7:47 AM · VyOS 1.3 Equuleus
c-po added a comment to T2642: sshd Broken on Latest Rolling Release.

https://github.com/vyos/vyos-smoketest/commit/f717f3f3ddb2afca78cf0ff3aab8457242d5f3d0

Fri, Jun 26, 7:46 AM · VyOS 1.3 Equuleus
c-po added a comment to T2642: sshd Broken on Latest Rolling Release.

The problem was in to loop iterator when more then one address was added. This was introduced in T2635. The smoketest will be adjusted to cover this case so the issue won't reappear.

Fri, Jun 26, 7:24 AM · VyOS 1.3 Equuleus
c-po changed the status of T2642: sshd Broken on Latest Rolling Release from Open to In progress.
Fri, Jun 26, 7:00 AM · VyOS 1.3 Equuleus
dsummers added a comment to T2619: Bug: Changes in NAT or ZONES from 1.2 to 1.3.

Here is the iptables-save output for Vyos-1.3-rolling-202006260117:

Fri, Jun 26, 5:34 AM
Demon_H created T2652: nat configuration conflicts with wan-load-balance nat rules.
Fri, Jun 26, 5:02 AM · VyOS 1.3 Equuleus
jack9603301 added a comment to T2518: Support nptv6.

I checked the usage of netmap, but unfortunately I only found the equivalent configuration method of IPv4 on Wiki

Fri, Jun 26, 2:02 AM · VyOS 1.3 Equuleus
fmertz added a comment to T2564: Extend VyOS to support appliance LCDs.

Documentation commit here: GitHub fmertz/vyos-documentation/commits/system-display

Fri, Jun 26, 12:59 AM · VyOS 1.3 Equuleus

Thu, Jun 25

trae32566 added a comment to T2642: sshd Broken on Latest Rolling Release.

This appears to be caused by the setting of service ssh listen-address; it appears the script generating the config is omitting the actual address. Removing a specific listening address is a temporary workaround.

Thu, Jun 25, 10:37 PM · VyOS 1.3 Equuleus
c-po closed T1538: Update conntrack-sync packages to fix VRRP issues as Resolved.
Thu, Jun 25, 6:42 PM · VyOS 1.3 Equuleus
c-po added a comment to T1538: Update conntrack-sync packages to fix VRRP issues.

Updated versions:

  • libnetfilter-conntrack 1.0.8-1
  • conntrack 1.4.6
Thu, Jun 25, 6:42 PM · VyOS 1.3 Equuleus
c-po added a comment to T2518: Support nptv6.

nftables updated to 0.9.6 so the new nftables netmap feature can be used

Thu, Jun 25, 6:22 PM · VyOS 1.3 Equuleus
c-po closed T1808: add package nftables as Resolved.
Thu, Jun 25, 6:21 PM · VyOS 1.3 Equuleus
c-po added a comment to T1808: add package nftables.

Latest rolling has nftables 0.9.6 - closing this

Thu, Jun 25, 6:21 PM · VyOS 1.3 Equuleus
c-po updated the task description for T2651: Generate CLI abstraction for options passed to CURL.
Thu, Jun 25, 3:53 PM · VyOS 1.3 Equuleus
dmbaturin added a comment to T2651: Generate CLI abstraction for options passed to CURL.

I think this is a good idea. Maybe separate the protocols, http-client and ssh-client?

Thu, Jun 25, 3:52 PM · VyOS 1.3 Equuleus
c-po updated the task description for T2651: Generate CLI abstraction for options passed to CURL.
Thu, Jun 25, 3:48 PM · VyOS 1.3 Equuleus
c-po updated the task description for T2651: Generate CLI abstraction for options passed to CURL.
Thu, Jun 25, 3:48 PM · VyOS 1.3 Equuleus
c-po triaged T2651: Generate CLI abstraction for options passed to CURL as Normal priority.
Thu, Jun 25, 3:47 PM · VyOS 1.3 Equuleus
dmbaturin added a comment to T1850: syslog protocol can be set multiple times per facility for the same host.

Or we can make protocol a multi node.

Thu, Jun 25, 3:43 PM · VyOS 1.3 Equuleus
dmbaturin added a comment to T1850: syslog protocol can be set multiple times per facility for the same host.

Since the user can specify both protocols inside, we'll probably have to duplicate the whole things if we detect that.

Thu, Jun 25, 3:41 PM · VyOS 1.3 Equuleus
c-po added a parent task for T2596: Allow specifying source IP for 'add system image': T2651: Generate CLI abstraction for options passed to CURL.
Thu, Jun 25, 3:38 PM · VyOS 1.3 Equuleus
c-po added a parent task for T2615: Provide an explicit option for server fingerprint in commit archive, and make insecure the default: T2651: Generate CLI abstraction for options passed to CURL.
Thu, Jun 25, 3:38 PM · VyOS 1.3 Equuleus
c-po added subtasks for T2651: Generate CLI abstraction for options passed to CURL: T2615: Provide an explicit option for server fingerprint in commit archive, and make insecure the default, T2596: Allow specifying source IP for 'add system image'.
Thu, Jun 25, 3:38 PM · VyOS 1.3 Equuleus
c-po created T2651: Generate CLI abstraction for options passed to CURL.
Thu, Jun 25, 3:38 PM · VyOS 1.3 Equuleus
c-po added a comment to T2615: Provide an explicit option for server fingerprint in commit archive, and make insecure the default.

Maybe related to T2596

Thu, Jun 25, 3:35 PM · VyOS 1.3 Equuleus
dmbaturin added a project to T1901: Semicolon in values is interpreted as a part of the shell command by validators: VyOS 1.2 Crux (VyOS 1.2.6).
Thu, Jun 25, 3:30 PM · VyOS 1.2 Crux (VyOS 1.2.6), VyOS 1.3 Equuleus
jestabro added a comment to T2649: Ensure configration mode scripts conform to coding guidelines.

@jjakob that is in fact what we are doing: for stability, some of the changes are necessarily incremental --- these are not new abstractions, but rather, refinements of the existing ones, which allow the separation of new code from legacy. We are avoiding any patching of the old backend, simply replacing with the structures which will allow a switch to vyconf, while improving performance and extension of the new code.

Thu, Jun 25, 3:30 PM · VyOS 1.3 Equuleus
dmbaturin added a comment to T1928: Is the 'Welcome to VyOS' message when using SSH an information leak?.

Ok, let's switch to an empty banner.

Thu, Jun 25, 3:20 PM
thomas-mangin added a comment to T2582: Script daemon to offload processing during commit.

I propose to provide alternatives is_ function using the new XML code. I will provide a patch for review.

Thu, Jun 25, 2:51 PM · VyOS 1.3 Equuleus
jjakob added a comment to T2649: Ensure configration mode scripts conform to coding guidelines.

To be fair, I'm getting frustrated by the layers-upon-layers of new abstractions getting added on old code that doesn't work properly in the first place. I'd much prefer if we just started with a clean slate. I liked @thomas-mangin 's idea of replacing vyatta-cfg completely with our own code, either vyconf or his python daemon. I wouldn't waste time patching up the old backend, just make a decision in one place to replace it completely.

Thu, Jun 25, 2:25 PM · VyOS 1.3 Equuleus
jjakob added a comment to T2523: Upgrade from 1.2.5 to 1.3-rolling-202005261512 results in broken network config on second boot.

I think I ran into this today after upgrading from 1.3-rolling-202006110117 to 1.3-rolling-202006241940. My config had eth1-eth3 (as those were the default names created by a previous install of 1.3 somewhere around May) and those worked fine for numerous reboots before this upgrade. The first reboot after adding the new image, everything was fine. The 2nd reboot (actually a power outage) the interfaces were eth0-eth2 on the system, but eth1-eth3 in the config, so the config load failed.

Thu, Jun 25, 2:18 PM · VyOS 1.3 Equuleus
jestabro added a comment to T2649: Ensure configration mode scripts conform to coding guidelines.

I agree @jjakob that we are still converging on the best way to structure the salient information, namely the difference between effective and session configs, however this will be internalized: a simple example of use for testing and daemon (and other) is:

Thu, Jun 25, 1:59 PM · VyOS 1.3 Equuleus
jjakob added a comment to T2649: Ensure configration mode scripts conform to coding guidelines.

Keep in mind that the preferred way to implement scripts is, in my mind, the one used by interfaces-tunnel.py: it takes both session and effective configs and compares them, only applying the changes for the differences that are required. get_config_dict just takes the session config and so it requires a complete teardown and re-initialization of any system component that is configured from it (restarting instead of reloading services, deleting interfaces instead of modifying just 1 setting, ...)
I don't consider just get_config_dict as the preferred future way to implement features for that reason, rather it is the interfaces-tunnel that could be made the reference.
get_config_dict could be ran 2 times (once with effective=True) in each script, then the script could compare/make a diff of the 2 dicts, but that's what interfaces-tunnel ConfigurationState does.
Take for example a minor change in the current openvpn code - changing the description of the interface - currently results in a complete service outage (restart). AFAIK all scripts are like this. It didn't use to be that way in Vyatta, most perl scripts compared session and effective configs and just applied the necessary changes.

Thu, Jun 25, 1:56 PM · VyOS 1.3 Equuleus
jestabro added a comment to T2649: Ensure configration mode scripts conform to coding guidelines.

I'm not sure that we have to go that far, but let me take a closer look, and we can discuss; the model is to be able to call, in batch, the functions of an arbitrary conf_mode script, without variation in structure or behaviour.

Thu, Jun 25, 1:55 PM · VyOS 1.3 Equuleus
thomas-mangin claimed T2643: Show Interface Command Issues.
Thu, Jun 25, 1:55 PM · VyOS 1.3 Equuleus
thomas-mangin added a comment to T2038: repository organisation change.

I agree that this kind of changes are better done at the start of a development cycle.

Thu, Jun 25, 1:53 PM · Restricted Project
thomas-mangin added a comment to T2649: Ensure configration mode scripts conform to coding guidelines.

There is really no difference between calling Config() and using it functions in the code - as is done by every module - vs having the class inherit from it as I do not use any private ( _ prefixed ) functions. I can modify the code to have self.config as an object of the class instead but IMO this is cosmetic and does not change anything with the API and coding guideline.

Thu, Jun 25, 1:48 PM · VyOS 1.3 Equuleus
jestabro added a comment to T2649: Ensure configration mode scripts conform to coding guidelines.

Only that it inherits from Config, hence the form of the Config instance can not be changed, say, to 'off-line' Config, or 'testing' Config, which would have different init functions; if it took Config as an argument instead, or a named argument with default the 'live' Config, then it would not be an issue for generalization. But we should discuss the details further, and collect results and suggestions.

Thu, Jun 25, 1:41 PM · VyOS 1.3 Equuleus
jjakob created T2650: interfaces bridge, bonding: revert back to per-interface membership syntax.
Thu, Jun 25, 1:40 PM · VyOS 1.3 Equuleus
thomas-mangin added a comment to T2640: Running VyOS inside Docker containers.

not willing to take the lead on this task but happy to help.

Thu, Jun 25, 1:29 PM · VyOS 1.3 Equuleus
thomas-mangin added a comment to T2649: Ensure configration mode scripts conform to coding guidelines.

@jestabro could you please clarify how interfaces-tunnel.py is not following the guideline. The class it uses to generate the dict is internal to the get_config() function and the dict API is respected.

Thu, Jun 25, 1:28 PM · VyOS 1.3 Equuleus
jestabro added a subtask for T2582: Script daemon to offload processing during commit: T2649: Ensure configration mode scripts conform to coding guidelines.
Thu, Jun 25, 12:32 PM · VyOS 1.3 Equuleus
jestabro added a parent task for T2649: Ensure configration mode scripts conform to coding guidelines: T2582: Script daemon to offload processing during commit.
Thu, Jun 25, 12:32 PM · VyOS 1.3 Equuleus
jestabro created T2649: Ensure configration mode scripts conform to coding guidelines.
Thu, Jun 25, 12:29 PM · VyOS 1.3 Equuleus
zsdc changed the status of T2640: Running VyOS inside Docker containers from Open to In progress.
Thu, Jun 25, 12:01 PM · VyOS 1.3 Equuleus
jjakob triaged T2648: router-advert: erroneous syslog warning about invalid all-zeros prefix as Low priority.
Thu, Jun 25, 10:45 AM · VyOS 1.3 Equuleus
fabio.prina created T2647: ipsec disableuniqreqids generate a wrong ipsec.conf.
Thu, Jun 25, 10:41 AM
jjakob changed the status of T2155: Cannot set anything on Intel 82599ES 10-Gigabit SFI/SFP+ from Open to Needs testing.

Possibly related to T2205, it might have been fixed since this was reported.

Thu, Jun 25, 9:49 AM · VyOS 1.3 Equuleus
dmbaturin edited projects for T1797: Implement DPDK Fast-Path using FRR's Alternate Forwarding Planes and VPP, added: Restricted Project; removed VyOS 1.3 Equuleus.
Thu, Jun 25, 9:31 AM · Restricted Project
dmbaturin added a project to T2300: Delete a PBR show error: VyOS 1.3 Equuleus.

Apparently the "still in use" check logic really leaves much to be desired. See T1292. I wonder if there's a general fix within the current approach.

Thu, Jun 25, 8:42 AM · VyOS 1.3 Equuleus
dmbaturin edited projects for T1292: Issues while deleting all rules from a firewall, added: Restricted Project; removed VyOS 1.3 Equuleus.
Thu, Jun 25, 8:39 AM · Restricted Project
dmbaturin closed T2159: webproxy log read from wrong file as Resolved.

That part is rewritten in current already. https://github.com/vyos/vyos-1x/blob/current/op-mode-definitions/show-log.xml#L212

Thu, Jun 25, 8:39 AM · VyOS 1.3 Equuleus, vyatta-webproxy
olofl added a comment to T2641: Rewrite vpn ipsec OP commands in new style XML syntax.

Going to mention this in here:

Thu, Jun 25, 8:24 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T1241: Remove of policy route throws CLI error.

@dmbaturin sure, PR https://github.com/vyos/vyatta-cfg-firewall/pull/17

Thu, Jun 25, 8:13 AM · VyOS 1.3 Equuleus
dmbaturin closed T2062: Wrong dhcp-server static route subnet bytes as Resolved.
Thu, Jun 25, 7:52 AM · VyOS 1.2 Crux (VyOS 1.2.6), VyOS 1.3 Equuleus
dmbaturin added a project to T2062: Wrong dhcp-server static route subnet bytes: VyOS 1.2 Crux (VyOS 1.2.6).
Thu, Jun 25, 7:52 AM · VyOS 1.2 Crux (VyOS 1.2.6), VyOS 1.3 Equuleus
dmbaturin added a comment to T2097: Problems when using <path> as completion helper in op-mode.

Turns out it's because the conf mode "allowed: " is escaped and eval'd when it's passed to the shell: https://github.com/vyos/vyatta-cfg/blob/current/src/cstore/cstore.cpp#L756-L762

Thu, Jun 25, 7:48 AM · VyOS 1.3 Equuleus
dmbaturin added a comment to T1241: Remove of policy route throws CLI error.

Could you make a pull request?

Thu, Jun 25, 7:20 AM · VyOS 1.3 Equuleus
dmbaturin added a project to T2638: FRR: New framework for configuring FRR : VyOS 1.3 Equuleus.

I've reviewed the code and it looks good to me.

Thu, Jun 25, 7:17 AM · VyOS 1.3 Equuleus
dmbaturin closed T1762: VLAN interface configuration fails after internal representation of edit level was switched from a string to a list, a subtask of T1764: Use lists instead of whitespace-separated strings in vyos.config , as Resolved.
Thu, Jun 25, 7:04 AM · VyOS 1.3 Equuleus
dmbaturin closed T1762: VLAN interface configuration fails after internal representation of edit level was switched from a string to a list as Resolved.
Thu, Jun 25, 7:04 AM · VyOS 1.3 Equuleus
dmbaturin renamed T1665: prefix-list and prefix-list6 rules incorrectly accept a host address where prefix is required from prefix-list incorrectly accept a host address where prefix is required to prefix-list and prefix-list6 rules incorrectly accept a host address where prefix is required.
Thu, Jun 25, 7:03 AM · VyOS 1.3 Equuleus
dmbaturin renamed T1665: prefix-list and prefix-list6 rules incorrectly accept a host address where prefix is required from Commit failed after delete prefix-list to prefix-list incorrectly accept a host address where prefix is required.
Thu, Jun 25, 7:02 AM · VyOS 1.3 Equuleus
dmbaturin added a comment to T1665: prefix-list and prefix-list6 rules incorrectly accept a host address where prefix is required.

The root cause was insufficient validation.

Thu, Jun 25, 7:00 AM · VyOS 1.3 Equuleus
dmbaturin edited projects for T1467: Loopback interface naming and dummy devices, added: Restricted Project; removed VyOS 1.3 Equuleus.

Whichever decision we make, let's not change this in 1.3—there are lots of changes already.

Thu, Jun 25, 6:42 AM · Restricted Project
dmbaturin added a project to T1436: Config entries with default values does not correctly show as changed: Restricted Project.

This rabbit hole goes deep. It's not just a display issue, but the whole reason we cannot have rollbacks without reboots—there's no way to generate an inverse changeset "thanks" to this.

Thu, Jun 25, 6:41 AM · Restricted Project
dmbaturin edited projects for T1429: [DONT FIX] most functions in Interface.pm are broken, added: Restricted Project; removed VyOS 1.3 Equuleus.

This task will be resolved by removing Interface.pm altogether.

Thu, Jun 25, 6:38 AM · Restricted Project
dmbaturin closed T1221: BGP - Default route injection is not processed by the specific route-map as Resolved.

Glad to hear that!

Thu, Jun 25, 6:30 AM · VyOS 1.2 Crux (VyOS 1.2.6)
dmbaturin closed T1219: Redundant active-active configuration, asymmetric routing and conntrack-sync cache as Resolved.

Sorry it took so long! I've cherry-picked it into crux, will be in 1.2.6.

Thu, Jun 25, 6:29 AM · VyOS 1.2 Crux (VyOS 1.2.6), vyatta-conntrack-sync
dmbaturin changed Why the issue appeared? from none to implementation-mistake on T2487: VRRP does not display info when group disabled.
Thu, Jun 25, 6:25 AM · VyOS 1.3 Equuleus
dmbaturin closed T2487: VRRP does not display info when group disabled as Resolved.

Ideally we may want to add an extended "if VRRP configured" check, or make keepalived produce an empty (or special) file when it's running but has no data. For now this fix should do though.

Thu, Jun 25, 6:25 AM · VyOS 1.3 Equuleus
dmbaturin renamed T2455: No support for the IPv6 VTI from Impossible to assign ipv6 address on VTI interface to No support for the IPv6 VTI.
Thu, Jun 25, 6:02 AM · VyOS 1.3 Equuleus
dmbaturin added a comment to T2455: No support for the IPv6 VTI.

VTI is secretly IPIP, so it doesn't support IPv6. The real issue is that we don't support the IPv6 variant of VTI yet.

Thu, Jun 25, 6:02 AM · VyOS 1.3 Equuleus
dmbaturin assigned T2430: cannot delete specific route static next-hop to jestabro.
Thu, Jun 25, 6:01 AM · VyOS 1.3 Equuleus
dmbaturin added a comment to T2376: /config/user-data and "preserved during image upgrade!".

The user-data dir actually is preserved on upgrade, it's just the check that is faulty. Need to look into it.

Thu, Jun 25, 6:00 AM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
dmbaturin added a project to T2329: Show remote config openvpn : VyOS 1.2 Crux.
Thu, Jun 25, 5:59 AM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
dmbaturin closed T2329: Show remote config openvpn , a subtask of T2322: CLI [op-mode] bugs. Root task, as Resolved.
Thu, Jun 25, 5:59 AM · VyOS 1.3 Equuleus
dmbaturin closed T2329: Show remote config openvpn as Resolved.

Added a warning.

Thu, Jun 25, 5:58 AM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
dmbaturin added a project to T2218: Add support for the peeringdb module in salt (upgrade salt-minion to 2019.2): VyOS 1.3 Equuleus.
Thu, Jun 25, 5:43 AM · VyOS 1.3 Equuleus
dmbaturin closed T2165: When trying to add route to ripng it complains that ip address should be IPv4 format. as Resolved.
Thu, Jun 25, 5:42 AM · VyOS 1.3 Equuleus