Page MenuHomeVyOS Platform
Create Task
Maniphest T6559

vyos-configd should return commit error on config dependency error
Closed, ResolvedPublicBUG
Actions

Description

vyos-configd should return the response R_ERROR_COMMIT on an error in any call to config dependency. However, to allow other dependencies to proceed, dependent script errors should be collected and returned after all calls are complete; cascading errors will be corrected on correcting the original config error once it is successfully reported.

Without a response to the originating config session, the commit lock can remain on error.

This was noticed with a default config containing the lines below; unpleasantly, this is triggered in this case by (T3275) operating on the added config stanza. Nonetheless, it reveals a needed case for managing config dependency failures.

service {
    ...
    conntrack-sync {
        accept-protocol "tcp"
        failover-mechanism {
            vrrp {
                sync-group "SGR"
            }
        }
        interface eth0 {
            peer "192.0.2.1"
        }
    }
    ...
}

Details

Difficulty level
Normal (likely a few hours)
Version
1.4.0
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

jestabro created this task.Jul 5 2024, 5:44 PM
jestabro triaged this task as High priority.
jestabro created this object in space S1 VyOS Public.
pasik subscribed.Jul 7 2024, 1:56 PM
jestabro added a comment.Jul 8 2024, 12:38 AM

Recovering gracefully and logging an error is a simple fix, and will be committed in the interim while the larger issue is addressed: namely, when running under vyos-configd, a ConfigError in a called dependency script should elicit a commit error in the originating config session. Here, however, we confront again the constraints of operating under the legacy commit algorithm. To address the matter, we will implement a partial solution to T5731 so as to catch verification errors in the (first instance of) sequential processing of the priority queue and cache the data for final processing of the activation stages (generate/apply); errors in the latter stages, as less common, will be logged. The sketch provided summarizes a design that balances the needs of early and correct (verify stage) error reporting with removing redundancy overhead when running under configd.

jestabro added a parent task: T5731: Add ability to call config dependencies by canonical function instead of whole script.Jul 8 2024, 12:38 AM
jestabro mentioned this in T6569: Cache results of config script stages under configd, for use by configdep.Jul 11 2024, 5:17 PM
jestabro added a subtask: T6569: Cache results of config script stages under configd, for use by configdep.
jestabro removed a parent task: T5731: Add ability to call config dependencies by canonical function instead of whole script.
jestabro added a comment.Jul 11 2024, 5:21 PM

The solution sketched above will be handled in subtask T6569; in this task we will revert to using only the local redundancy removal in order to provide per-script error reporting.

jestabro added a comment.Jul 15 2024, 5:31 AM

PR:
https://github.com/vyos/vyos-1x/pull/3813

jestabro moved this task from Need Triage to Backport Candidates on the VyOS 1.5 Circinus board.Jul 17 2024, 12:59 PM
jestabro moved this task from Need Triage to Backport Candidates on the VyOS 1.4 Sagitta (1.4.1) board.
jestabro closed this task as Resolved.Jul 22 2024, 12:23 PM
jestabro moved this task from Backport Candidates to Finished on the VyOS 1.5 Circinus board.
jestabro moved this task from Backport Candidates to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
jestabro mentioned this in T6671: Confid dependency works incorrectly conntrack conntrack-sync.Aug 21 2024, 5:15 PM