Page MenuHomeVyOS Platform
Create Task
Maniphest T7267

Upgrade from 1.3.8 to 1.4.1 failed with migration error
Closed, InvalidPublicBUG
Actions

Description

The upgrade is failing with migration error and this part of the configuration is loaded:

vyos@xxxxx:~$ conf
WARNING: There was a config error on boot: saving the configuration now could overwrite data.
You may want to check and reload the boot config
[edit]
vyos@xxxxx# load
Loading configuration from 'config.boot'
Load complete. Use 'commit' to make changes effective.
[edit]
vyos@xxxxx# comp
[interfaces ethernet]
+ eth2 {
+     address "10.29.58.254/24"
+     hw-id "50:0b:00:0a:00:02"
+ }
+ eth3 {
+     address "10.29.59.254/24"
+     hw-id "50:0b:00:0a:00:03"
+ }
+ eth6 {
+     address "10.29.149.212/24"
+     hw-id "50:0b:00:0a:00:06"
+ }
+ eth7 {
+     address "10.74.50.134/24"
+     hw-id "50:0b:00:0a:00:07"
+ }
[system]
+ syslog {
+     global {
+         facility all {
+             level "info"
+         }
+         facility local7 {
+             level "debug"
+         }
+     }
+     host 10.29.113.213 {
+         facility all {
+             level "info"
+         }
+     }
+     host 10.29.113.213:9000 {
+         facility auth {
+             level "info"
+         }
+     }
+     host 10.29.113.213:9001 {
+         facility kern {
+             level "info"
+         }
+     }
+     host placeholder.isd.org {
+         facility all {
+             level "info"
+         }
+     }
+ }

migrate log output:

/opt/vyatta/etc/config-migrate/migrate/system/21-to-22
- op: set path: ['system', 'sysctl', 'parameter', 'net.ipv6.conf.all.disable_ipv6', 'value'] value: 1 replace: True
- op: delete path: ['system', 'sysctl', 'custom']
/opt/vyatta/etc/config-migrate/migrate/system/22-to-23
/opt/vyatta/etc/config-migrate/migrate/system/23-to-24
/opt/vyatta/etc/config-migrate/migrate/system/24-to-25
/opt/vyatta/etc/config-migrate/migrate/system/25-to-26
- op: rename old_path: ['system', 'syslog', 'global', 'facility', 'protocols'] new_path: ['system', 'syslog', 'global', 'facility', 'local7']

Interfaces output post upgrade:

vyos@xxxxx:~$ sh int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address         MAC                VRF        MTU  S/L    Description
-----------  -----------------  -----------------  -------  -----  -----  -------------
eth0         192.168.255.91/24  50:0b:00:0a:00:00  default   1500  u/u
eth1         10.18.48.254/24    50:0b:00:0a:00:01  default   1500  u/u
eth2         10.19.58.254/24    50:0b:00:0a:00:02  default   1500  A/D
eth3         10.19.59.254/24    50:0b:00:0a:00:03  default   1500  A/D
eth4         10.19.60.254/24    50:0b:00:0a:00:04  default   1500  u/u
eth5         10.19.67.254/24    50:0b:00:0a:00:05  default   1500  u/u
eth6         10.19.149.212/24   50:0b:00:0a:00:06  default   1500  A/D
eth7         10.64.50.134/24    50:0b:00:0a:00:07  default   1500  A/D
lo           127.0.0.1/8        00:00:00:00:00:00  default  65536  u/u

Interface issue is sorted by deleting the sysctl config:

delete system sysctl custom net.ipv6.conf.all.disable_ipv6 value '1'

Attached the config file.

config.boot_file3 KBDownload

Details

Version
1.3.8
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

SrividyaA created this task.Mar 20 2025, 9:35 AM
SrividyaA triaged this task as High priority.Mar 20 2025, 10:11 AM
SrividyaA added a comment.Mar 20 2025, 1:14 PM

This below specific configuration was allowed in 1.3.8 but not in 1.4.1 anymore, if defined it needs to be migrated in this format: "set system syslog host 10.29.113.213 port '9001'"

VyOS 1.3.8:

set system syslog host 10.29.113.213:9000 facility auth level 'info'

VyOS 1.4.1:

vyos@vyos# set system syslog host 10.29.0.1:9001 facility auth level info



  Error: 10.29.0.1:9001 is not a valid IP address



  Invalid host (FQDN or IP address)
  Value validation failed
  Set failed

[edit]
pasik subscribed.Mar 20 2025, 2:38 PM
a.pidnebesny subscribed.Sep 17 2025, 3:21 PM

That was two case of migration issue.
I tried to reproduce the problem using a simplified configuration.

The first problem related to migrations syslog

migration log

/opt/vyatta/etc/config-migrate/migrate/system/25-to-26
- op: rename old_path: ['system', 'syslog', 'global', 'facility', 'protocols'] new_path: ['system', 'syslog', 'global', 'facility', 'local7']

but no syslog after migration:

system {
    config-management {
        commit-revisions 1000
    }
    conntrack {
        modules {
            ftp
            h323
            nfs
            pptp
            sip
            sqlnet
            tftp
        }
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name xxxxx
    login {
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
        }
    }
    option {
        reboot-on-panic
    }
    sysctl {
        parameter net.ipv6.conf.all.disable_ipv6 {
            value 1
        }
    }
    time-zone Europe/Amsterdam
}

better situation if try to migrate without

set system syslog host 10.29.113.213 facility all level 'info'
set system syslog host placeholder.isd.org facility all level 'info'
set system syslog host 10.29.113.213:9000 facility auth level 'info'
set system syslog host 10.29.113.213:9001 facility kern level 'info'

in this case :

syslog {
       global {
           facility all {
               level info
           }
           facility local7 {
               level debug
           }
       }

and it is not flexible for remote host in 1.4.x like in 1.3.8
Cause the "host" node type in 1.4.x support format with the port parameter in node

host 10.29.113.213 {
            facility kern {
                level info
            }
            port 9001
        }

instead of the previous principle in 1.3.8

host 10.29.113.213:9001 {
    facility kern {
        level info
    }

Allowed such combination

host 10.29.113.213 {
    facility all {
        level info
    }
}
host placeholder.isd.org {
    facility all {
        level info
    }
}
host 10.29.113.213:9000 {
    facility auth {
        level info
    }
}
host 10.29.113.213:9001 {
    facility kern {
        level info

Summary :
Change the node type cause the problem

Second problem related to dependence

set system sysctl parameter net.ipv6.conf.all.disable_ipv6 value '1'

with the Interface State

It was also reproduced in my test session (some interface was Admin Down after migration)

vyos@xxxxx:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address          MAC                VRF        MTU  S/L    Description
-----------  ------------------  -----------------  -------  -----  -----  -------------
eth0         192.168.184.141/24  00:0c:29:a4:d8:11  default   1500  u/u
eth1         10.28.48.254/24     00:0c:29:a4:d8:1b  default   1500  u/u
eth2         10.29.58.254/24     00:0c:29:a4:d8:25  default   1500  A/D
eth3         10.29.59.254/24     00:0c:29:a4:d8:2f  default   1500  A/D
eth4         10.29.60.254/24     00:0c:29:a4:d8:39  default   1500  u/u
eth5         10.29.67.254/24     00:0c:29:a4:d8:43  default   1500  u/u
eth6         10.29.149.212/24    00:0c:29:a4:d8:4d  default   1500  A/D
eth7         10.74.50.134/24     00:0c:29:a4:d8:57  default   1500  A/D
lo           127.0.0.1/8         00:00:00:00:00:00  default  65536  u/u

migration log

/opt/vyatta/etc/config-migrate/migrate/interfaces/23-to-24
/opt/vyatta/etc/config-migrate/migrate/interfaces/24-to-25
/opt/vyatta/etc/config-migrate/migrate/interfaces/25-to-26
/opt/vyatta/etc/config-migrate/migrate/interfaces/26-to-27
/opt/vyatta/etc/config-migrate/migrate/interfaces/27-to-28
/opt/vyatta/etc/config-migrate/migrate/interfaces/28-to-29
/opt/vyatta/etc/config-migrate/migrate/interfaces/29-to-30
/opt/vyatta/etc/config-migrate/migrate/interfaces/30-to-31
/opt/vyatta/etc/config-migrate/migrate/interfaces/31-to-32

but found interesting behavior when try catch manually,
as @SrividyaA mentioned Interface issue is sorted by deleting the sysctl config

delete system sysctl parameter net.ipv6.conf.all.disable_ipv6 value '1'

then reboot and found Admin Down interfaces miss IP

Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address          MAC                VRF        MTU  S/L    Description
-----------  ------------------  -----------------  -------  -----  -----  -------------
eth0         192.168.184.141/24  00:0c:29:a4:d8:11  default   1500  u/u
eth1         10.28.48.254/24     00:0c:29:a4:d8:1b  default   1500  u/u
eth2         -                   00:0c:29:a4:d8:25  default   1500  u/u
eth3         -                   00:0c:29:a4:d8:2f  default   1500  u/u
eth4         10.29.60.254/24     00:0c:29:a4:d8:39  default   1500  u/u
eth5         10.29.67.254/24     00:0c:29:a4:d8:43  default   1500  u/u
eth6         -                   00:0c:29:a4:d8:4d  default   1500  u/u
eth7         -                   00:0c:29:a4:d8:57  default   1500  u/u
lo           127.0.0.1/8         00:00:00:00:00:00  default  65536  u/u

after try next manipulation, i was find behavior probably related to this problem

vyos@xxxxx# set interfaces ethernet eth2 address '10.29.58.254/24'
[edit]
vyos@xxxxx# commit
[edit]
vyos@xxxxx# run show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address          MAC                VRF        MTU  S/L    Description
-----------  ------------------  -----------------  -------  -----  -----  -------------
eth0         192.168.184.141/24  00:0c:29:a4:d8:11  default   1500  u/u
eth1         10.28.48.254/24     00:0c:29:a4:d8:1b  default   1500  u/u
eth2         10.29.58.254/24     00:0c:29:a4:d8:25  default   1500  u/u
eth3         -                   00:0c:29:a4:d8:2f  default   1500  u/u
eth4         10.29.60.254/24     00:0c:29:a4:d8:39  default   1500  u/u
eth5         10.29.67.254/24     00:0c:29:a4:d8:43  default   1500  u/u
eth6         -                   00:0c:29:a4:d8:4d  default   1500  u/u
eth7         -                   00:0c:29:a4:d8:57  default   1500  u/u
lo           127.0.0.1/8         00:00:00:00:00:00  default  65536  u/u


vyos@xxxxx# set system sysctl parameter net.ipv6.conf.all.disable_ipv6 value '1'
[edit]
vyos@xxxxx# commit
[edit]
vyos@xxxxx# set interfaces ethernet eth3 address '10.29.59.254/24'
[edit]
vyos@xxxxx# commit
[ interfaces ethernet eth3 ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
  https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
  https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
  https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report time:      2025-09-17 17:00:43
Image version:    VyOS 1.4.1
Release train:    sagitta

Built by:         VyOS Networks Iberia S.L.U.
Built on:         Thu 19 Dec 2024 16:39 UTC
Build UUID:       857ab426-c3d8-4254-b23a-0ad62a45ecc7
Build commit ID:  98c72c5c45a7a1-dirty

Architecture:     x86_64
Boot via:         installed image
System type:      VMware guest

Hardware vendor:  VMware, Inc.
Hardware model:   VMware Virtual Platform
Hardware S/N:     VMware-56 4d 6f 14 e3 9c 9a f0-59 9d b5 c1 85 a4 d8 11
Hardware UUID:    146f4d56-9ce3-f09a-599d-b5c185a4d811

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces_ethernet.py", line 433, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces_ethernet.py", line 410, in apply
    e.update(ethernet)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/ethernet.py", line 454, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1649, in update
    self.add_ipv6_eui64_address(link_local_prefix)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 849, in add_ipv6_eui64_address
    self.add_addr(f'{eui64}/{prefixlen}')
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1159, in add_addr
    self._cmd(tmp)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
    return cmd(command, self.debug)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip addr add fe80::20c:29ff:fea4:d82f/64 dev eth3
returned:
exit code: 2

noteworthy:
cmd 'nft --check delete element inet vrf_zones ct_iface_map { "eth3" }'
returned (out):

returned (err):
Error: Could not process rule: No such file or directory
delete element inet vrf_zones ct_iface_map { eth3 }
                                             ^^^^
cmd 'ip addr add fe80::20c:29ff:fea4:d82f/64 dev eth3'
returned (out):

returned (err):
Error: ipv6: IPv6 is disabled on this device.

[[interfaces ethernet eth3]] failed
Commit failed

vyos@xxxxx# run show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address          MAC                VRF        MTU  S/L    Description
-----------  ------------------  -----------------  -------  -----  -----  -------------
eth0         192.168.184.141/24  00:0c:29:a4:d8:11  default   1500  u/u
eth1         10.28.48.254/24     00:0c:29:a4:d8:1b  default   1500  u/u
eth2         10.29.58.254/24     00:0c:29:a4:d8:25  default   1500  u/u
eth3         10.29.59.254/24     00:0c:29:a4:d8:2f  default   1500  u/u
eth4         10.29.60.254/24     00:0c:29:a4:d8:39  default   1500  u/u
eth5         10.29.67.254/24     00:0c:29:a4:d8:43  default   1500  u/u
eth6         -                   00:0c:29:a4:d8:4d  default   1500  u/u
eth7         -                   00:0c:29:a4:d8:57  default   1500  u/u
lo           127.0.0.1/8         00:00:00:00:00:00  default  65536  u/u
[edit]

then reboot and

system sysctl parameter net.ipv6.conf.all.disable_ipv6 value '1'

agin impact on interfaces

vyos@xxxxx:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address          MAC                VRF        MTU  S/L    Description
-----------  ------------------  -----------------  -------  -----  -----  -------------
eth0         192.168.184.141/24  00:0c:29:a4:d8:11  default   1500  u/u
eth1         10.28.48.254/24     00:0c:29:a4:d8:1b  default   1500  u/u
eth2         10.29.58.254/24     00:0c:29:a4:d8:25  default   1500  A/D
eth3         -                   00:0c:29:a4:d8:2f  default   1500  A/D
eth4         10.29.60.254/24     00:0c:29:a4:d8:39  default   1500  u/u
eth5         10.29.67.254/24     00:0c:29:a4:d8:43  default   1500  u/u
eth6         -                   00:0c:29:a4:d8:4d  default   1500  A/D
eth7         -                   00:0c:29:a4:d8:57  default   1500  A/D
lo           127.0.0.1/8         00:00:00:00:00:00  default  65536  u/u

config_no_dns_no_mac.txt3 KBDownload

dmbaturin mentioned this in T8060: Make it possible to disable IPv6.Tue, Dec 2, 1:45 PM
dmbaturin mentioned this in T8069: Disallow custom sysctl parameters that have proper CLI commands for them or break system assumptions.Wed, Dec 3, 4:15 PM
dmbaturin added subscribers: zsdc, dmbaturin.

I split this task into three independent parts:

  1. T8059 — the problem with address:port syntax not converted to the new port option. There's PR for that now: https://github.com/vyos/vyos-1x/pull/4886 , it's planned for 1.4.4.
  1. T8058 — the fact that there's no direct way to send different logs for different facilities or levels to different ports on the same server. This use case appears very rare and there's a workaround: create multiple domain names for the same address and use them in the config with different ports, like set system syslog remote critical.syslog.example.com port 9000 and set system syslog remote debug.syslog.example.com port 9001. Adding a level of indirection to the config syntax just to support this very uncommon use case doesn't seem justified, so the task is quite likely to be closed as WONTFIX.
  1. T8060 — the fact that it's no longer possible to completely disable IPv6. Most of the time the idea to disable it is misguided so it's also likely a WONTFIX. However, @zsdc believes it can still be useful, for example, so I'd like to hear more opinions.

Tangentially, there's also an idea to explicitly disallow sysctl parameters that can mess with VyOS code: https://vyos.dev/T8069

dmbaturin closed this task as Invalid.Wed, Dec 3, 4:17 PM

I'm closing this task as invalid because the user's report combines unrelated problem that need to be tracked as separate tasks.