Local User Commits Get Stuck When TACACS Servers Are Unavailable
Closed, WontfixPublicBUG
Actions

Assigned To

Authored By

	a.hajiyev
	Mar 11 2025, 2:52 AM

Description

VyOS configuration:

set interfaces bonding bond0 address '10.55.8.91/24'
set interfaces bonding bond0 description 'vyos-shared-if'
set interfaces bonding bond0 member interface 'eth0'
set interfaces bonding bond0 member interface 'eth2'
set interfaces bonding bond0 mode '802.3ad'
set protocols static route 0.0.0.0/0 next-hop 10.55.8.254
set service ssh port '22'
set system host-name 'vyos-test'

set system login tacacs server 192.168.1.50 key 'test123'
set system login tacacs server 192.168.1.50 port '49'
set system login tacacs server 192.168.1.51 key 'test123'
set system login tacacs server 192.168.1.51 port '49'
set system login tacacs source-address '10.55.8.91'
set system login tacacs timeout '10'

In this scenario, both TACACS servers are unavailable. I accessed the VyOS instance via SSH with my local user account (vyos).
Trying to delete system login via TACACS and commit gets stuck:

vyos@vyos-test#
[edit]
vyos@vyos-test# delete system login tacacs
[edit]
vyos@vyos-test# commit

Journal logs:

vyos@vyos-test# sudo journalctl -f
Mar 11 02:34:07 vyos-test sshd[2543]: pam_tacplus(sshd:auth): connection to srv[0] 192.168.1.50:49 failed: Operation now in progress
Mar 11 02:34:17 vyos-test sshd[2543]: pam_tacplus(sshd:auth): connection to srv[1] 192.168.1.51:49 failed: Operation now in progress
Mar 11 02:34:25 vyos-test sshd[2543]: Accepted password for vyos from 10.55.8.1 port 52196 ssh2
Mar 11 02:34:25 vyos-test sshd[2543]: pam_unix(sshd:session): session opened for user vyos(uid=1002) by (uid=0)
Mar 11 02:34:25 vyos-test systemd-logind[842]: New session 4 of user vyos.
Mar 11 02:34:25 vyos-test systemd[1]: Started session-4.scope - Session 4 of User vyos.
Mar 11 02:34:26 vyos-test systemd[1]: opt-vyatta-config-tmp-new_config_2881.mount: Deactivated successfully.
Mar 11 02:34:26 vyos-test sshd[2543]: pam_env(sshd:session): deprecated reading of user environment enabled
Mar 11 02:37:20 vyos-test sudo[3243]:     vyos : TTY=ttyS0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/journalctl -f
Mar 11 02:37:20 vyos-test sudo[3243]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
Mar 11 02:37:42 vyos-test sudo[3288]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c '/usr/sbin/vyshim /usr/libexec/vyos/conf_mode/system_login.py'
Mar 11 02:37:42 vyos-test sudo[3288]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
Mar 11 02:37:42 vyos-test vyos-configd[692]: Received message: {"type": "init"}
Mar 11 02:37:42 vyos-test vyos-configd[692]: config session pid is 3164
Mar 11 02:37:42 vyos-test vyos-configd[692]: commit_scripts: ['system_login']
Mar 11 02:37:42 vyos-test vyos-configd[692]: Received message: {"type": "node", "last": true, "data": "/usr/libexec/vyos/conf_mode/system_login.py"}
Mar 11 02:37:42 vyos-test vyos-configd[692]: Sending response 8
Mar 11 02:37:42 vyos-test vyos-configd[692]: scripts_called: ['system_login']
Mar 11 02:40:01 vyos-test CRON[3304]: nss_tacplus: Configuration file(s) have changed, re-initializing

Terminating process via Ctrl+C
Trying another command and commit gets stuck as well:

vyos@vyos-test#
[edit]
vyos@vyos-test# delete system login tacacs
[edit]
vyos@vyos-test# commit

[edit]
vyos@vyos-test# set system host-name R-01
[edit]
vyos@vyos-test# commit

Journal logs:

vyos@vyos-test# sudo journalctl -f
Mar 11 02:34:07 vyos-test sshd[2543]: pam_tacplus(sshd:auth): connection to srv[0] 192.168.1.50:49 failed: Operation now in progress
Mar 11 02:34:17 vyos-test sshd[2543]: pam_tacplus(sshd:auth): connection to srv[1] 192.168.1.51:49 failed: Operation now in progress
Mar 11 02:34:25 vyos-test sshd[2543]: Accepted password for vyos from 10.55.8.1 port 52196 ssh2
Mar 11 02:34:25 vyos-test sshd[2543]: pam_unix(sshd:session): session opened for user vyos(uid=1002) by (uid=0)
Mar 11 02:34:25 vyos-test systemd-logind[842]: New session 4 of user vyos.
Mar 11 02:34:25 vyos-test systemd[1]: Started session-4.scope - Session 4 of User vyos.
Mar 11 02:34:26 vyos-test systemd[1]: opt-vyatta-config-tmp-new_config_2881.mount: Deactivated successfully.
Mar 11 02:34:26 vyos-test sshd[2543]: pam_env(sshd:session): deprecated reading of user environment enabled
Mar 11 02:37:20 vyos-test sudo[3243]:     vyos : TTY=ttyS0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/journalctl -f
Mar 11 02:37:20 vyos-test sudo[3243]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
Mar 11 02:37:42 vyos-test sudo[3288]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c '/usr/sbin/vyshim /usr/libexec/vyos/conf_mode/system_login.py'
Mar 11 02:37:42 vyos-test sudo[3288]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
Mar 11 02:37:42 vyos-test vyos-configd[692]: Received message: {"type": "init"}
Mar 11 02:37:42 vyos-test vyos-configd[692]: config session pid is 3164
Mar 11 02:37:42 vyos-test vyos-configd[692]: commit_scripts: ['system_login']
Mar 11 02:37:42 vyos-test vyos-configd[692]: Received message: {"type": "node", "last": true, "data": "/usr/libexec/vyos/conf_mode/system_login.py"}
Mar 11 02:37:42 vyos-test vyos-configd[692]: Sending response 8
Mar 11 02:37:42 vyos-test vyos-configd[692]: scripts_called: ['system_login']
Mar 11 02:40:01 vyos-test CRON[3304]: nss_tacplus: Configuration file(s) have changed, re-initializing
Mar 11 02:42:21 vyos-test CRON[3304]: pam_unix(cron:session): session opened for user smmsp(uid=116) by (uid=0)
Mar 11 02:42:42 vyos-test CRON[3307]: (smmsp) CMD (test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/libexec/sendmail/sendmail && /usr/share/sendmail/sendmail cron-msp)
Mar 11 02:43:22 vyos-test CRON[3304]: pam_unix(cron:session): session closed for user smmsp
Mar 11 02:45:48 vyos-test python3[3295]: tac_connect_single: connection failed with 192.168.1.50:49: Interrupted system call
Mar 11 02:45:48 vyos-test sudo[3288]: pam_unix(sudo:session): session closed for user root
Mar 11 02:45:59 vyos-test python3[3295]: Exception ignored in:
Mar 11 02:45:59 vyos-test python3[3295]: <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>
Mar 11 02:45:59 vyos-test python3[3295]: Exception ignored in sys.unraisablehook
Mar 11 02:45:59 vyos-test [3295]:
Mar 11 02:45:59 vyos-test python3[3295]: <built-in function unraisablehook>
Mar 11 02:45:59 vyos-test systemd[1]: Starting systemd-tmpfiles-clean.service - Cleanup of Temporary Directories...
Mar 11 02:46:16 vyos-test sudo[3351]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c '/usr/sbin/vyshim /usr/libexec/vyos/conf_mode/system_host-name.py'
Mar 11 02:46:16 vyos-test sudo[3351]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
Mar 11 02:46:16 vyos-test vyos-configd[692]: Received message: {"type": "init"}
Mar 11 02:46:16 vyos-test vyos-configd[692]: config session pid is 3164
Mar 11 02:46:16 vyos-test vyos-configd[692]: commit_scripts: ['system_host-name', 'system_login']
Mar 11 02:46:16 vyos-test vyos-configd[692]: Received message: {"type": "node", "last": false, "data": "/usr/libexec/vyos/conf_mode/system_host-name.py"}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Request data: {"type": "host_name", "op": "set", "data": {"host_name": "R-01", "domain_name": ""}}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Saving state to /run/vyos-hostsd/vyos-hostsd.state
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Sent response: {'data': None}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Request data: {"type": "search_domains", "op": "delete", "data": ["system"]}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Saving state to /run/vyos-hostsd/vyos-hostsd.state
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Sent response: {'data': None}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Request data: {"type": "name_servers", "op": "delete", "data": ["system"]}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Saving state to /run/vyos-hostsd/vyos-hostsd.state
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Sent response: {'data': None}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Request data: {"type": "name_server_tags_system", "op": "get"}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Saving state to /run/vyos-hostsd/vyos-hostsd.state
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Sent response: {'data': ['system']}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Request data: {"type": "name_server_tags_system", "op": "delete", "data": ["system"]}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Saving state to /run/vyos-hostsd/vyos-hostsd.state
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Sent response: {'data': None}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Request data: {"type": "name_server_tags_system", "op": "add", "data": ["system"]}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Saving state to /run/vyos-hostsd/vyos-hostsd.state
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Sent response: {'data': None}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Request data: {"type": "hosts", "op": "delete", "data": ["system"]}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Saving state to /run/vyos-hostsd/vyos-hostsd.state
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Sent response: {'data': None}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Request data: {"op": "apply"}
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Applying 6 changes
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Writing /etc/resolv.conf
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Writing /etc/hosts
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Writing /run/pdns-recursor/recursor.vyos-hostsd.conf.lua
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Writing /run/pdns-recursor/recursor.forward-zones.conf
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: pdns_recursor not running, not sending "reload-lua-config"
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: pdns_recursor not running, not sending "reload-zones"
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Success
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Saving state to /run/vyos-hostsd/vyos-hostsd.state
Mar 11 02:46:16 vyos-test vyos-hostsd[693]: Sent response: {'data': {'message': 'Applied 6 changes'}}
Mar 11 02:46:16 vyos-test dbus-daemon[836]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.13' (uid=0 pid=3360 comm="hostnamectl --static")
Mar 11 02:46:16 vyos-test systemd[1]: Starting systemd-hostnamed.service - Hostname Service...
Mar 11 02:46:16 vyos-test dbus-daemon[836]: [system] Successfully activated service 'org.freedesktop.hostname1'
Mar 11 02:46:16 vyos-test systemd[1]: Started systemd-hostnamed.service - Hostname Service.
Mar 11 02:46:16 R-01 systemd-hostnamed[3361]: Hostname set to <R-01> (static)
Mar 11 02:46:16 R-01 systemd[1]: Stopping rsyslog.service - System Logging Service...
Mar 11 02:46:16 R-01 rsyslogd[2288]: [origin software="rsyslogd" swVersion="8.2302.0" x-pid="2288" x-info="https://www.rsyslog.com"] exiting on signal 15.
Mar 11 02:46:16 R-01 systemd[1]: rsyslog.service: Deactivated successfully.
Mar 11 02:46:16 R-01 systemd[1]: Stopped rsyslog.service - System Logging Service.
Mar 11 02:46:16 R-01 systemd[1]: Starting rsyslog.service - System Logging Service...
Mar 11 02:46:16 R-01 rsyslogd[3364]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.2302.0]
Mar 11 02:46:16 R-01 rsyslogd[3364]: [origin software="rsyslogd" swVersion="8.2302.0" x-pid="3364" x-info="https://www.rsyslog.com"] start
Mar 11 02:46:16 R-01 systemd[1]: Started rsyslog.service - System Logging Service.
Mar 11 02:46:16 R-01 vyos-configd[692]: Sending response 1
Mar 11 02:46:16 R-01 sudo[3351]: pam_unix(sudo:session): session closed for user root
Mar 11 02:46:16 R-01 sudo[3369]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c '/usr/sbin/vyshim /usr/libexec/vyos/conf_mode/system_login.py'
Mar 11 02:46:16 R-01 sudo[3369]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
Mar 11 02:46:16 R-01 vyos-configd[692]: Received message: {"type": "node", "last": true, "data": "/usr/libexec/vyos/conf_mode/system_login.py"}
Mar 11 02:46:16 R-01 vyos-configd[692]: Sending response 8
Mar 11 02:46:16 R-01 vyos-configd[692]: scripts_called: ['system_host-name', 'system_login']
Mar 11 02:46:46 R-01 systemd[1]: systemd-hostnamed.service: Deactivated successfully.
Mar 11 02:49:19 R-01 systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
Mar 11 02:49:19 R-01 systemd[1]: Finished systemd-tmpfiles-clean.service - Cleanup of Temporary Directories.
Mar 11 02:49:19 R-01 systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.

Details

Version: 1.4
Is it a breaking change?: Perfectly compatible
Issue type: Bug (incorrect behavior)

Event Timeline

a.hajiyev created this task.Mar 11 2025, 2:52 AM

Viacheslav triaged this task as Urgent! priority.Mar 11 2025, 7:13 AM

a.hajiyev renamed this task from Local User Commits Get Stuck When Takacs Servers Are Unavailable to Local User Commits Get Stuck When TACACS Servers Are Unavailable.Mar 11 2025, 7:14 AM

pasik subscribed.Mar 11 2025, 7:26 AM

a.hajiyev removed a project: VyOS 1.5 Circinus.Mar 12 2025, 1:53 AM

I tested the same scenario in VyOS 2025.03.09-0613-rolling and did not observe the same issue.
VyOS works as expected and commit did not get stuck.

VyOS configuration:

set interfaces bonding bond0 address '10.55.8.93/24'
set interfaces bonding bond0 description 'vyos-shared-if'
set interfaces bonding bond0 member interface 'eth0'
set interfaces bonding bond0 member interface 'eth2'
set interfaces bonding bond0 mode '802.3ad'
set interfaces bonding bond0 mtu '9000'
set protocols static route 0.0.0.0/0 next-hop 10.55.8.254
set service ssh port '22'
set system host-name 'vyos-test'
set system login tacacs server 192.168.1.50 key 'test123'
set system login tacacs server 192.168.1.50 port '49'
set system login tacacs server 192.168.1.51 key 'test123'
set system login tacacs server 192.168.1.51 port '49'
set system login tacacs source-address '10.55.8.91'
set system login tacacs timeout '10'

Both TACACS servers are unavailable. I accessed the VyOS instance via SSH with my local user account (vyos).
Trying to delete system login via TACACS and commit did not get stuck:

vyos@vyos-test# delete system login tacacs
[edit]
vyos@vyos-test# commit
[edit]
vyos@vyos-test# set interfaces bonding bond0 description LAN-02
[edit]
vyos@vyos-test# commit
[edit]

Journal logs:

vyos@vyos-test# sudo journalctl -f
Mar 12 01:50:28 vyos-test vyos-configd[694]: scripts_called: ['system_login']
Mar 12 01:50:28 vyos-test systemd[1]: opt-vyatta-config-tmp-new_config_4070.mount: Deactivated successfully.
Mar 12 01:51:06 vyos-test systemd[1]: opt-vyatta-config-tmp-new_config_4070.mount: Deactivated successfully.
Mar 12 01:51:09 vyos-test systemd[1]: session-3.scope: Deactivated successfully.
Mar 12 01:51:09 vyos-test systemd[1]: session-3.scope: Consumed 15.385s CPU time.
Mar 12 01:51:09 vyos-test systemd-logind[1127]: Session 3 logged out. Waiting for processes to exit.
Mar 12 01:51:09 vyos-test systemd[1]: session-4.scope: Deactivated successfully.
Mar 12 01:51:09 vyos-test systemd-logind[1127]: Session 4 logged out. Waiting for processes to exit.
Mar 12 01:51:09 vyos-test systemd-logind[1127]: Removed session 3.
Mar 12 01:51:09 vyos-test systemd-logind[1127]: Removed session 4.
Mar 12 01:51:28 vyos-test systemd-logind[1127]: New session 8 of user vyos.
Mar 12 01:51:28 vyos-test systemd[1]: Started session-8.scope - Session 8 of User vyos.
Mar 12 01:51:29 vyos-test systemd[1]: opt-vyatta-config-tmp-new_config_5906.mount: Deactivated successfully.
Mar 12 01:51:30 vyos-test systemd-logind[1127]: New session 9 of user vyos.
Mar 12 01:51:30 vyos-test systemd[1]: Started session-9.scope - Session 9 of User vyos.
Mar 12 01:51:31 vyos-test systemd[1]: opt-vyatta-config-tmp-new_config_6075.mount: Deactivated successfully.
Mar 12 01:51:59 vyos-test vyos-configd[694]: Received message: {"type": "init"}
Mar 12 01:51:59 vyos-test vyos-configd[694]: config session pid is 6213
Mar 12 01:51:59 vyos-test vyos-configd[694]: config session sudo_user is vyos
Mar 12 01:51:59 vyos-test vyos-configd[694]: commit_scripts: ['system_login']
Mar 12 01:51:59 vyos-test vyos-configd[694]: Received message: {"type": "node", "last": true, "data": "/usr/libexec/vyos/conf_mode/system_login.py"}
Mar 12 01:52:00 vyos-test vyos-configd[694]: Sending reply: SUCCESS with output
Mar 12 01:52:00 vyos-test vyos-configd[694]: scripts_called: ['system_login']
Mar 12 01:52:00 vyos-test systemd[1]: opt-vyatta-config-tmp-new_config_6213.mount: Deactivated successfully.
Mar 12 01:52:29 vyos-test vyos-configd[694]: Received message: {"type": "init"}
Mar 12 01:52:29 vyos-test vyos-configd[694]: config session pid is 6213
Mar 12 01:52:29 vyos-test vyos-configd[694]: config session sudo_user is vyos
Mar 12 01:52:29 vyos-test vyos-configd[694]: commit_scripts: ['interfaces_bonding_bond0']
Mar 12 01:52:29 vyos-test vyos-configd[694]: Received message: {"type": "node", "last": true, "data": "VYOS_TAGNODE_VALUE=bond0/usr/libexec/vyos/conf_mode/interfaces_bonding.py"}
Mar 12 01:52:30 vyos-test vyos-configd[694]: Sending reply: SUCCESS with output
Mar 12 01:52:30 vyos-test vyos-configd[694]: scripts_called: ['interfaces_bonding_bond0']
Mar 12 01:52:30 vyos-test systemd[1]: opt-vyatta-config-tmp-new_config_6213.mount: Deactivated successfully.
Mar 12 01:56:15 vyos-test systemd[1]: Starting systemd-tmpfiles-clean.service - Cleanup of Temporary Directories...
Mar 12 01:56:15 vyos-test systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
Mar 12 01:56:15 vyos-test systemd[1]: Finished systemd-tmpfiles-clean.service - Cleanup of Temporary Directories.
Mar 12 01:56:15 vyos-test systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.

Viacheslav lowered the priority of this task from Urgent! to High.Apr 12 2025, 11:20 AM

dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.3); removed VyOS 1.4 Sagitta.May 8 2025, 10:44 AM

dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.

dmbaturin edited projects, added VyOS Rolling, VyOS 1.4 Sagitta (1.4.4), VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta (1.4.3).Jul 14 2025, 2:05 PM

dmbaturin removed a project: VyOS 1.4 Sagitta (1.4.4).Wed, Nov 19, 2:20 PM

c-po claimed this task.Wed, Nov 19, 7:53 PM

c-po updated the task description. (Show Details)Wed, Nov 19, 8:22 PM

The "issue" why it's blocking for a very long time it the TACACS servers are unreachable is:

Current thread 0x00007f4ab21b1040 (most recent call first):
  File "/usr/libexec/vyos/conf_mode/system_login.py", line 75 in get_local_users
  File "/usr/libexec/vyos/conf_mode/system_login.py", line 328 in apply
  File "/usr/libexec/vyos/conf_mode/system_login.py", line 444 in <module>

Line 75 is: if getpwnam(s_user.pw_name).pw_uid < min_uid: from below

def get_local_users(min_uid=MIN_USER_UID, max_uid=MAX_USER_UID):
    """Return list of dynamically allocated users (see Debian Policy Manual)"""
    local_users = []
    for s_user in getpwall():
        if getpwnam(s_user.pw_name).pw_uid < min_uid:
            continue
        if getpwnam(s_user.pw_name).pw_uid > max_uid:
            continue
        if s_user.pw_name in SYSTEM_USER_SKIP_LIST:
            continue
        local_users.append(s_user.pw_name)

    return local_users

Nov 24 20:55:39 systemd[1]: Starting Cleanup of Temporary Directories...
Nov 24 20:56:39 systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
Nov 24 20:56:39 systemd[1]: Finished Cleanup of Temporary Directories.
Nov 24 20:56:39 systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.
Nov 24 20:58:53 sudo[3835]: pam_unix(sudo:session): session closed for user root
Nov 24 20:58:53 systemd[1]: opt-vyatta-config-tmp-new_config_3466.mount: Deactivated successfully.
Nov 24 20:58:53 sudo[3958]:     vyos : TTY=pts/1 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/mv /tmp/config.boot.3949 /opt/vyatta/etc/config/archive/config.boot
Nov 24 20:58:53 sudo[3958]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1003)
Nov 24 20:58:53 sudo[3958]: pam_unix(sudo:session): session closed for user root
Nov 24 20:58:53 sudo[3961]:     vyos : TTY=pts/1 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/sbin/logrotate -f -s /opt/vyatta/etc/config/archive/lr.state /opt/vyatta/etc/config/archive/lr.conf
Nov 24 20:58:53 sudo[3961]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1003)
Nov 24 20:58:53 sudo[3961]: pam_unix(sudo:session): session closed for user root
Nov 24 20:58:53 commit[3965]: Successful change to active configuration by user vyos on /dev/pts/1

Repeated testing shows that VyOS does not hang during commit when TACACS servers are unreachable. The commit operation completes successfully but takes a long time due to TACACS timeout behavior.

With the TACACS timeout set to 1 second, removing the TACACS configuration takes ~1 minute.
With the timeout set to 5 seconds, the operation takes a bit over 4 minutes. This is expected because the TACACS timeout is applied multiple times within PAM during commit of the system_login scripts.

This is normal behavior of pam_tacplus and not a malfunction in VyOS. Long commit durations are a direct consequence of the configured TACACS timeout values when the TACACS servers cannot be reached.

Given that this is expected behavior and cannot be reproduced as a functional error, I recommend closing this task.

This specific case when servers are unavailable is consistent with other vendors' behavior and likely worth fixing. Commit performance issues when TACACS servers are slow to respond or need to be contacted frequently is a different issue and we will eventually improve that.

Local User Commits Get Stuck When TACACS Servers Are UnavailableClosed, WontfixPublicBUGActions

Description

Details

Event Timeline

Local User Commits Get Stuck When TACACS Servers Are Unavailable
Closed, WontfixPublicBUG
Actions