Page MenuHomeVyOS Platform
Create Task
Maniphest T521

Network services may fail if vyatta-router.service startup takes longer than a few seconds
Closed, ResolvedPublicBUG
Actions

Description

Network services starting before vyatta-router.service has started may enter a failed state if they were configured to listen on an interface or address not coming up very quickly within the vyatta-router.service commit phase.

Example ( see also T452):
Hostapd instances will be configured and brought up by vyatta-router.service.
When configuring 5GHz Wifi interfaces with DFS, SSH wil fail to start if SSH was configured to listen on the 5GHz Wifi AP interface address. The 5GHz AP needs at least 60sec startup time because of radar scanning. During startup time, the Wifi interface is down, causing the SSH daemon being restarted by vyatta-router.service with its new config to silently fail. However, the commit sequence passes as it does not detect this lockup. The result is a VyOS system without SSH access despite Wifi AP started working after 60sec.

Other servies may be affected as well.

Workaround
Configure the SSH service to listen on 0.0.0.0 and set up firewall rules to selectively allow access.

Details

Difficulty level
Hard (possibly days)
Version
VyOS 1.2.0
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

alainlamar renamed this task from Network Services start before vyatta-router.service is started to Network services may fail if vyatta-router.service startup takes longe rthan a few seconds.Jan 14 2018, 4:47 PM
alainlamar created this task.
alainlamar renamed this task from Network services may fail if vyatta-router.service startup takes longe rthan a few seconds to Network services may fail if vyatta-router.service startup takes longer than a few seconds.Jan 14 2018, 4:49 PM
alainlamar mentioned this in T452: WiFi: Enable support for 5GHz AccesPoints with DFS.Jan 21 2018, 7:46 PM
c-po added a subscriber: c-po.Feb 12 2018, 8:08 AM

@alainlamar that sounds familiar, have you verified that you use the proper priority: tags inside your node.def files?

VyOS/Vyatta will run those in ascending order. We have some files with priorioty > 900 which means that they get executed very late.

syncer triaged this task as Normal priority.Feb 27 2018, 2:58 PM
syncer added subscribers: UnicronNL, syncer.

@UnicronNL maybe you can advise here

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc4); removed VyOS 1.2 Crux.Oct 13 2018, 10:09 AM
syncer assigned this task to UnicronNL.Oct 13 2018, 7:10 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc5); removed VyOS 1.2 Crux (VyOS 1.2.0-rc4).Oct 24 2018, 4:40 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc6); removed VyOS 1.2 Crux (VyOS 1.2.0-rc5).Oct 29 2018, 6:16 PM
pasik added a subscriber: pasik.Nov 4 2018, 11:24 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc7); removed VyOS 1.2 Crux (VyOS 1.2.0-rc6).Nov 6 2018, 12:57 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc8); removed VyOS 1.2 Crux (VyOS 1.2.0-rc7).Nov 13 2018, 3:48 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc9); removed VyOS 1.2 Crux (VyOS 1.2.0-rc8).Nov 20 2018, 12:44 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc10); removed VyOS 1.2 Crux (VyOS 1.2.0-rc9).Nov 27 2018, 12:03 AM
syncer edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-rc11); removed VyOS 1.2 Crux (VyOS 1.2.0-rc10).Dec 5 2018, 11:58 PM
dmbaturin edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux ( VyOS 1.2.0-rc11).Dec 16 2018, 3:40 PM
c-po updated the task description. (Show Details)Dec 16 2018, 4:02 PM
erkin claimed this task.Jan 27 2021, 7:05 PM
erkin set Is it a breaking change? to Unspecified (possibly destroys the router).
zsdc changed Difficulty level from Unknown (require assessment) to Hard (possibly days).Mar 11 2021, 2:05 PM
dmbaturin added a project: test.Jul 29 2021, 1:01 PM
erkin changed the task status from Open to In progress.Aug 12 2021, 10:42 AM
erkin closed this task as Resolved.Aug 14 2021, 4:39 PM

I cannot replicate this in 1.2.8 or 1.3.0-rc5. No matter how long vyos-router.service (even absurdly high times) stalls, ssh.service happily starts. This was probably resolved a long time ago, making this a ghost bug.

dmbaturin set Issue type to Bug (incorrect behavior).Sep 3 2021, 7:32 AM
dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed test, VyOS 1.3 Equuleus.Sep 10 2021, 6:07 AM