I compile ISO by how-to, some time ago everything was OK,
but after some time, i got strange behavior: when i boot from this ISO in VirtualBox i can login (vyos/vyos) and install it, but when i boot from same ISO recorded to USB Flash on HW i cant login! Why it could be so?
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
Event Timeline
Comment Actions
then i can't login, if i got:
then i could login... So I thing that it use different config files... Why? Where it could take it? On the same ISO????
If i could login, i see my custom config, which i use while compile ISO.
If i record this ISO to CD it boots normally, but from flash I can't login.
I also noticed, when i boot from flash, i got message:
migrate r1-system firewall configure.
Configuration success.
then i can't login, if i got:
migrate r1-system firewall configure failed.
Configuration error.
then i could login... So I thing that it use different config files... Why? Where it could take it? On the same ISO????
If i could login, i see my custom config, which i use while compile ISO.
Comment Actions
I have found reason of this error:
migrate r1-system firewall configure failed.
Configuration error.
But it didn't fix login error... If i record ISO to flash, i cant login in it... Only in virtualbox....
How it's possible???
Comment Actions
I think that it's happens because I add zabbix-agent and user zabbix while compile ISO. And possible GID / UID was changed...
Comment Actions
Christian, may be you know, when you fixed OpenVPN issue and add openvpn user, how did you do it? Why regular zabbix-agent and zabbix-proxy installation script broke authorization?
Comment Actions
Hi @hexes well without knowing the details and diving into zabbix I suggest you just grab the diffs on the OpenVPN rewrite to see what was crucial. vyos-build repository should be the one if I remember correctly, or vyatta-cfg-system - one of those.
Comment Actions
@c-po, thanks for your attention, I have found this:
vyos-build/build/chroot/var/lib/dpkg/info/vyatta-cfg-system.postinst
#OpenVPN should get its own user
if ! grep -q '^openvpn' /etc/passwd; then
sudo adduser --system --group --shell /usr/sbin/nologin --home /var/lib/openvpn openvpn
fiIn my packet after installation script, looks like that
vyos-build/build/chroot/var/lib/dpkg/info/vyos-noc-zabbix.postinst
if [ "$1" = "configure" ]; then
if ! getent group zabbix > /dev/null 2>&1 ; then
addgroup --system --quiet zabbix
fi
if ! getent passwd zabbix > /dev/null 2>&1 ; then
adduser --quiet \
--system --disabled-login --ingroup zabbix \
--home /var/lib/zabbix/ --no-create-home \
zabbix
fi
chown zabbix:zabbix /var/log/zabbix -R
fiSo, as I understand it works the same way? So I don't understand, why my way don't work?
Comment Actions
Hello @hexes,
as I read your script it works in a different way. Also its location seems to be wrong. OpenVPN is handled here:
https://github.com/vyos/vyatta-cfg-system/commit/bb686343fc913413ff51edfeb63929759bee0fde
Aksi you have a if [ "$1" = "configure" ]; then statement. As this looks like an unoficial modification or probably prepartion for a large pull request I recooment following the way in the commit I showed you. This is proved to work in our environment.
Comment Actions
hello @c-po , thanks a lot for reply!
"Different way" - you mean if [ "$1" = "configure" ];? "Same way" - I mean addgroup / adduser commands...
if [ "$1" = "configure" ]; that's regular DEB package style... I take it from zabbix package, and its location is regular for DEB package...
Your fixes inside VyOS environment, my package installed separately while compilation process:
./configure --build-by "hexes" --version 0.0.987 --architecture amd64 --build-type release --custom-apt-entry "deb http://10.255.0.1/apt jessie main" --custom-apt-key /tmp/noc.key.chroot --custom-package "vyos-noc-zabbix htop atop iotop aptitude snmp-mibs-downloader mc libsnmp30 libssl1.0 fping ftp tftp snmptrapd libnet-snmp-perl libsnmp-perl smartmontools lm-sensors acpi"
May be it's wrong way/decision... How to do it right?