Page MenuHomeVyOS Platform
Create Task
Maniphest T6559

vyos-configd should return commit error on config dependency error
Closed, ResolvedPublicBUG
Actions

Description

vyos-configd should return the response R_ERROR_COMMIT on an error in any call to config dependency. However, to allow other dependencies to proceed, dependent script errors should be collected and returned after all calls are complete; cascading errors will be corrected on correcting the original config error once it is successfully reported.

Without a response to the originating config session, the commit lock can remain on error.

This was noticed with a default config containing the lines below; unpleasantly, this is triggered in this case by (T3275) operating on the added config stanza. Nonetheless, it reveals a needed case for managing config dependency failures.

service {
    ...
    conntrack-sync {
        accept-protocol "tcp"
        failover-mechanism {
            vrrp {
                sync-group "SGR"
            }
        }
        interface eth0 {
            peer "192.0.2.1"
        }
    }
    ...
}

Details

Difficulty level
Normal (likely a few hours)
Version
1.4.0
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

jestabro created this task.Jul 5 2024, 5:44 PM
jestabro triaged this task as High priority.
jestabro created this object in space S1 VyOS Public.
pasik subscribed.Jul 7 2024, 1:56 PM
jestabro added a comment.Jul 8 2024, 12:38 AM

Recovering gracefully and logging an error is a simple fix, and will be committed in the interim while the larger issue is addressed: namely, when running under vyos-configd, a ConfigError in a called dependency script should elicit a commit error in the originating config session. Here, however, we confront again the constraints of operating under the legacy commit algorithm. To address the matter, we will implement a partial solution to T5731 so as to catch verification errors in the (first instance of) sequential processing of the priority queue and cache the data for final processing of the activation stages (generate/apply); errors in the latter stages, as less common, will be logged. The sketch provided summarizes a design that balances the needs of early and correct (verify stage) error reporting with removing redundancy overhead when running under configd.

jestabro added a parent task: T5731: Add ability to call config dependencies by canonical function instead of whole script.Jul 8 2024, 12:38 AM
jestabro mentioned this in T6569: Cache results of config script stages under configd, for use by configdep.Jul 11 2024, 5:17 PM
jestabro added a subtask: T6569: Cache results of config script stages under configd, for use by configdep.
jestabro removed a parent task: T5731: Add ability to call config dependencies by canonical function instead of whole script.
jestabro added a comment.Jul 11 2024, 5:21 PM

The solution sketched above will be handled in subtask T6569; in this task we will revert to using only the local redundancy removal in order to provide per-script error reporting.

jestabro added a comment.Jul 15 2024, 5:31 AM

PR:
https://github.com/vyos/vyos-1x/pull/3813

Restricted Repository Identity mentioned this in rVYOSONEX2fdcf50263bc: Merge pull request #3813 from jestabro/configdep-error.Jul 15 2024, 6:57 AM
jestabro mentioned this in rVYOSONEXad43aa885a8e: configdep: T6559: add smoketest of dependency script error.Jul 15 2024, 6:57 AM
jestabro mentioned this in rVYOSONEX52d08b1ec5b2: configdep: T6559: use single dependency list with reset under configd.
jestabro mentioned this in rVYOSONEX7249d10f1fbb: configdep: T6559: drop global redundancy removal to fix error reporting.
jestabro moved this task from Open to Backport Candidates on the VyOS 1.5 Circinus board.Jul 17 2024, 12:59 PM
jestabro moved this task from Backlog to Backport Candidates on the VyOS 1.4 Sagitta (1.4.1) board.
Restricted Repository Identity mentioned this in rVYOSONEX71f4d7c721d4: configdep: T6559: drop global redundancy removal to fix error reporting.Jul 17 2024, 1:04 PM
Restricted Repository Identity mentioned this in rVYOSONEX70dbc0109282: configdep: T6559: use single dependency list with reset under configd.
Restricted Repository Identity mentioned this in rVYOSONEXecd125d9cc9e: configdep: T6559: add smoketest of dependency script error.
Restricted Repository Identity mentioned this in rVYOSONEX655ad2e9a589: configdep: T6559: drop global redundancy removal to fix error reporting.Jul 17 2024, 1:21 PM
Restricted Repository Identity mentioned this in rVYOSONEX08f524a62f4a: configdep: T6559: use single dependency list with reset under configd.
Restricted Repository Identity mentioned this in rVYOSONEX65d4ee33269f: configdep: T6559: add smoketest of dependency script error.
Restricted Repository Identity mentioned this in rVYOSONEXbb7c376659af: Merge pull request #3824 from vyos/mergify/bp/sagitta/pr-3813.Jul 18 2024, 12:09 PM
Restricted Repository Identity mentioned this in rVYOSONEXa64e2cebb07e: Merge pull request #3822 from vyos/mergify/bp/circinus/pr-3813.Jul 18 2024, 12:15 PM
jestabro closed this task as Resolved.Jul 22 2024, 12:23 PM
jestabro moved this task from Backport Candidates to Finished on the VyOS 1.5 Circinus board.
jestabro moved this task from Backport Candidates to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
jestabro mentioned this in T6671: Confid dependency works incorrectly conntrack conntrack-sync.Aug 21 2024, 5:15 PM