Page MenuHomeVyOS Platform
Create Task
Maniphest T5508

Configuration Migration Fails to New Netfilter Firewall Syntax
Closed, ResolvedPublicBUG
Actions

Description

Hello,

This configuration is not my entire configuration, I just spun up a VM with interface and firewall configuration to replicate this bug. I am also not using the same pre-netfilter syntax version on my production as this VM, however both exhibits the same behavior.

config.boot.2023-08-25-131058.pre-migration5 KBDownload

This is what I had before upgrading to vyos-1.4-rolling-202308240020-amd64.

config.boot5 KBDownload

The new config.boot are identical to the pre-migration one which is odd since this is not the new syntax.

running.config2 KBDownload

The actual running config only contains firewall groups and nothing else.

If I enter the configuration mode and execute load, I get the follow error message:

vyos@vyos# load
Loading configuration from 'config.boot'
Traceback (most recent call last):
  File "/usr/libexec/vyos/vyos-load-config.py", line 86, in <module>
    virtual_migration.run()
  File "/usr/lib/python3/dist-packages/vyos/migrator.py", line 213, in run
    cfg_versions = self.read_config_file_versions()
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/migrator.py", line 65, in read_config_file_versions
    cfg_versions = component_version.from_file(cfg_file, vintage='vyos')
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/component_version.py", line 80, in from_file
    version_dict = from_string(line_in_config, vintage=vintage)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/component_version.py", line 57, in from_string
    raise ValueError(f"malformed configuration string: {string_line}")
ValueError: malformed configuration string: // vyos-config-version: "bgp@4:broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-dynamic@1:dns-forwarding@4:firewall@10:flow-accounting@1:https@4:ids@1:interfaces@30:ipoe-server@1:ipsec@12:isis@3:l2tp@4:lldp@1:mdns@1:monitoring@1:nat@5:nat66@1:ntp@3:openconnect@2:ospf@2:policy@5:pppoe-server@6:pptp@2:qos@2:quagga@11:rip@1:rpki@1:salt@1:snmp@3:ssh@2:sstp@4:system@26:vrf@3:vrrp@
[edit]

I went from version 1.4-rolling-202308111749 to 1.4-rolling-202308240020 on the test VM.

On my production system I went from 1.4-rolling-202307060317 to 1.4-rolling-202308180646 with the exact same outcome.

Details

Difficulty level
Unknown (require assessment)
Version
1.4 Rolling
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Config syntax change (non-migratable)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

jagekurt created this task.Aug 25 2023, 1:25 PM
jagekurt attached a referenced file: F3829575: running.config. (Show Details)Aug 25 2023, 1:43 PM
jagekurt attached a referenced file: F3829574: config.boot. (Show Details)
jagekurt attached a referenced file: F3829573: config.boot.2023-08-25-131058.pre-migration. (Show Details)
n.fort added a subscriber: n.fort.Aug 25 2023, 2:16 PM

Missing vrrp cli version in last line in config.boot file:

// vyos-config-version: "bgp@4:broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-dynamic@1:dns-forwarding@4:firewall@10:flow-accounting@1:https@4:ids@1:interfaces@30:ipoe-server@1:ipsec@12:isis@3:l2tp@4:lldp@1:mdns@1:monitoring@1:nat@5:nat66@1:ntp@3:openconnect@2:ospf@2:policy@5:pppoe-server@6:pptp@2:qos@2:quagga@11:rip@1:rpki@1:salt@1:snmp@3:ssh@2:sstp@4:system@26:vrf@3:vrrp@vyos@vyos:/config$
pasik added a subscriber: pasik.Aug 25 2023, 5:47 PM
jagekurt added a comment.Aug 31 2023, 3:26 PM

Any updates on this?

jestabro added a subscriber: jestabro.Aug 31 2023, 4:32 PM

We have seen occasional corruption of config.boot during system update, as reported, for example:
https://vyos.dev/T5267
That issue has been resolved here:
https://vyos.dev/T5520

I expect that this is related to your report, as I know of no other cases that would result in a misconfigured version string.

jagekurt added a comment.Aug 31 2023, 4:46 PM

Ok, thanks for the info.

I see that the commit was added to the current branch 3 days ago: https://github.com/vyos/vyatta-cfg-system/pull/204 and the last rolling release was released on August 24th. I will test this again once a new release is made that includes this fix.

jagekurt added a comment.Sep 4 2023, 3:48 PM

Hello,

I upgraded from 1.4-rolling-202307060317 to 1.4-rolling-202309040919 and the issue mention in this post was resolved. The configuration was migrated. However nothing worked in regards to the firewall, and I am not familiar enough with the new syntax so I cannot, nor do I have time to troubleshoot it right now.

This can now be closed.

jestabro closed this task as Resolved.Sep 5 2023, 7:15 PM
jestabro claimed this task.