Page MenuHomeVyOS Platform

Configuration with multiple network addresses of firewall network-group via colud-init fails
Resolved (N/A)PublicBUG

Description

Configuring firewall network-group with multiple network addresses via colud-init fails.

Network node under network-group is multi node, but cloud-init does not recognize it as multi node. The result configuration contains only last adress.

The reason is that the config template includes a space after 'multi:'.
https://github.com/vyos/vyatta-cfg-firewall/blob/a0fc973e321e877b3bf04bb453b0b7610e1dd8ee/templates/firewall/group/network-group/node.tag/network/node.def#L1

And vyos_userdata cloud-init module searches multi nodes by the regex ^multi:$. This does not allow any character between : and \n.

https://github.com/vyos/vyos-cloud-init/blob/57b6d5b33843821c71d5ae7fc2c984c39ec2b330/cloudinit/config/cc_vyos_userdata.py#L60

Two other nodes have the same problem.

vyatta-cfg-firewall % egrep -r 'multi:.+$' .
./templates/firewall/group/address-group/node.tag/address/node.def:multi:
./templates/firewall/group/port-group/node.tag/port/node.def:multi:
./templates/firewall/group/network-group/node.tag/network/node.def:multi:

Details

Difficulty level
Unknown (require assessment)
Version
1.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

zsdc changed the task status from Open to Needs testing.Aug 11 2021, 1:31 PM
zsdc claimed this task.
zsdc moved this task from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
zsdc added a subscriber: zsdc.

Hello, @nyamada!
Really appreciated for such a detailed problem analysis! The regex is fixed in the 1.4 version now.
Could you test it, so we can backport changes safely to 1.2 and 1.3?

Thank you for the quick fix!

I checked the fixed version on my 1.3 and it recognized multi node correctly. I can now add multiple addresses in a network-group.

admin@xxxxx:~$ cloud-init --version
/usr/bin/cloud-init 20.4-417-g73280091-1~bddeb

admin@xxxxx:~$ grep Multi /var/log/cloud-init.log
2021-08-11 14:53:39,739 - cc_vyos_userdata.py[DEBUG]: Multi nodes: [('cluster', 'group', 'node.tag', 'monitor'), ('cluster', 'group', 'node.tag', 'secondary'), ('cluster', 'group', 'node.tag', 'service'), ('cluster', 'interface'), ('firewall', 'group', 'address-group', 'node.tag', 'address'), ('firewall', 'group', 'ipv6-address-group', 'node.tag', 'address'), ('firewall', 'group', 'ipv6-network-group', 'node.tag', 'network'), ('firewall', 'group', 'network-group', 'node.tag', 'network'), ('firewall', 'group', 'port-group', 'node.tag', 'port'), ('high-availability' [...]
zsdc moved this task from In Progress to Finished on the VyOS 1.3 Equuleus board.

Thank you for testing! The change was backported to 1.3 and 1.2.

SrividyaA changed the task status from Resolved to Resolved N/A.Sep 1 2021, 10:47 AM
SrividyaA set Issue type to Unspecified (please specify).