@Viacheslav could you please check if this probably should make it into 1.2.6 in addition?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jul 5 2020
@c-po When you submit the following commit, the problem seems to be solved, when I need to do further testing tomorrow, waiting for tomorrow's daily build
Problem was introduced by porting PPPoE to the get_config_dict() implementation T2653 commit https://github.com/vyos/vyos-1x/commit/65fa21f5
The most likely culprit is /opt/vyatta/sbin/vyatta_interface_rescan. I'm not sure if this should be fixed or migrated to Python.
The rewrite would need to be done together with all other vyatta interface renaming and detection scripts.
Upgrading a different test VM with different config that starts at eth0: on 2nd reboot the hw-id lines are duplicated too, but they are the same on a single interface, and there are no new interfaces created, so the config loads and works fine. The duplicated hw-id lines stay in the config for all subsequent reboots.
Example:
ethernet eth0 { address "192.0.2.1" hw-id "52:54:00:2d:29:19" ipv6 { address { } } smp-affinity "auto" speed "auto" hw-id 52:54:00:2d:29:19 }
What I'm noticing is that the migration scripts save all nodes with quotes, but saving in config mode (through vyatta-cfg) results in most nodes not having quotes (mostly just those with spaces have it). Maybe there is a vyatta script that adds any new interfaces to config.boot that runs on each boot that doesn't like these quoted hw-id lines that the migration scripts produce.
I tried reupgrading from 1.3-rolling-202006110117 to 1.3-rolling-202007050117 and the exact same error occurred - on first reboot everything was fine (config.boot was migrated, looked correct, and loaded fine). On 2nd reboot, the exact same thing happened.
Necessary run service with priority for correct starting https://github.com/vyos/vyos-1x/pull/489
Does DNS static-host-mapping still work with the nssswich.conf change? I‘m just curious about the side effects.
@c-po The basic cause of the failure has been determined.This time, the problem may be relatively serious, because it is not the configuration of the service, but the execution of commit will not start the dhcp6c service at all.
Jul 4 2020
default as an IP address is in the end more useful then a resolved PTR
Duplicate of T2627
Somehow I do not want to change the overall system behavior by altering nsswitch.conf. I wonder if we should not enable "disable-host-ookups" by default as an IP address is in the end more useful then a resolved PTR. A PTR record can be changed later on when dissecting the logfiles but an IP lookup should stay longer.
Linux tries to bind SSHd to the VRF but it is yet not ready. After restarting SSH to often (rate-limiting) it is blocked.
Oddly enough, whether I change the service settings or change the default settings of systemd, there are problems.
@c-po The problem was found when upgrading to the latest version, and the reason is not clear.
PPPoE is configured as follows (account password is hidden):
I want to do it and have to re explore the cause of the failure, but I haven't found out why dhcp6c can't start, I have to start it manually.
Changing the systemd defaults is a thing I hesitate to do! It will have a ton of unexpected sideeffects. I guess you have an error in your entire setup as multiple sites of mine work flawlessly
Strange, I found that this service may not have been started at all!
for me it looks like a name lookup error. I have read the forum entry mentioned above. And they fixed it by disabling name lookup.
I found that I had disable-host-validation configured and as soon as I removed it it happened to me, too. Changing task priority.
I have checked with a v4/v6 full table router and VyOS 1.2.5 - each SSH session will consume 7MiB which semms okay for me.
Availible in keepalived, thus kt could be considered for 1.3
This also has a measurable impact on CPU. You can tell exactly when I applied the nsswitch.conf fix.
forwarding { allow-from 192.168.0.0/16 allow-from 2001:470:f1cd::/48 cache-size 1024 domain pve. { addnta recursion-desired server 192.168.0.47 server 2001:470:f1cd::47 } listen-address 0.0.0.0 listen-address :: name-server 2001:470:f1cd::ff00 name-server 192.168.0.254 name-server 202.96.134.33 name-server 202.96.128.86 name-server 114.114.114.114 name-server 1.1.1.1 name-server 1.0.0.1 system }
Oh, in a system like vyos, SSH memory leak appears to be relatively serious. If there is a solution, it should be handled first
Jul 3 2020
To add to this, this link pointed me at the correct solution:
PR https://github.com/vyos/vyos-1x/pull/487 with changed CLI to service ids ddos-protection.
@elianora Email me at [email protected]
Again, please always attach a configuration file
I use myself a "cleanup" function, imagine:
In T2674#69525, @jack9603301 wrote:I wish you success in advance. Porting and compiling has always been a large-scale application project, which may take a lot of time. However, in addition to rewriting and porting related code to a more portable language, we can also try to transplant and cross build the existing old code first. Of course, this is only the first step. If possible, porting the code base has made it easier for the code base to be transplanted Meaningful.
As "ip" is an invalid key in "vif" (as its no VLAN number) it should not be part of the default dict I guess - same for vif_s
There are allready someone trying to make a guide for building vyos on arm and the pi3/4, i myself have made it work on the pi4 some time ago but did not save my work so i dont have all the steps to reproduce..
I wish you success in advance. Porting and compiling has always been a large-scale application project, which may take a lot of time. However, in addition to rewriting and porting related code to a more portable language, we can also try to transplant and cross build the existing old code first. Of course, this is only the first step. If possible, porting the code base has made it easier for the code base to be transplanted Meaningful.
Yes, I'm interested in actually helping on porting it as it would make my ER-X for one, a lot more fun and useful.
porting half of an operating system to a different architecture is far from easy. Right now VyOS still has a lot of the old Vyatta codebase in it. As we are more and more in the process of migrating this to a Python based codebase it will still take some time. To be fair I stater a project some time back to port VyOS on an EdgeROuterPro (https://github.com/c-po/vy-project) and at least "it booted" but I then switched my focus to VyOS first - so by migrating th ecodebase to our own vyos-1x based Python implementation it will become easier in the future to port it to other operating systems as there is less code, less packages to port.
Jul 2 2020
As always, please provide your config and probably a way to reproducs.
EDIT 1: Removing comment after speaking with cpo, I apologize for the confusion
I found that this problem may be related to T2673
Please open a new ticket or move your comment to an appropriate ticket, this ticket is not discussing your consernes.
Also on delete: