This is the result of buster-backports being removed from the main repository server: https://backports.debian.org/news/Removal_of_buster-backports_from_the_debian_archive/
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Apr 19 2024
Apr 19 2024
Viacheslav triaged T6249: ISO builder fails because of changed buster-backport repository as High priority.
Apr 18 2024
Apr 18 2024
Hi,
I was playing around with VyOS and thought i'd build myself an iso and hit this issue. Not sure if its the correct way to solve it, but this is what I did:
Viacheslav placed T2279: Router resolves as 127.0.1.1 when using Router's Recursive DNS up for grabs.
Viacheslav closed T4422: WAN load-balance status failed on all interfaces if one of them failed, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Wontfix.
Viacheslav closed T4422: WAN load-balance status failed on all interfaces if one of them failed as Wontfix.
Test addresses have to be different
Viacheslav changed the status of T4422: WAN load-balance status failed on all interfaces if one of them failed, a subtask of T4470: Rewrite load-balancing wan to XML/Python, from Open to Needs reporter action.
Viacheslav changed the status of T4422: WAN load-balance status failed on all interfaces if one of them failed from Open to Needs reporter action.
Viacheslav added a comment to T4422: WAN load-balance status failed on all interfaces if one of them failed.
Provide the set of the commands to reproduce
rusnino updated the task description for T6249: ISO builder fails because of changed buster-backport repository.
rusnino updated the task description for T6249: ISO builder fails because of changed buster-backport repository.
Viacheslav added a project to T5471: Conntrack logging doesnt seem to be working: VyOS 1.5 Circinus.
The old implementation used this script and https://github.com/vyos/vyatta-conntrack/blob/current/src/vyatta-conntrack-logging.c for the logging and it seems not impelemted for the current
At least there is not mention of the log
Without subtasks, it is going to be dead.
@Apachez It is not clear what you want to fix exactly. Fix all and do all working well could be related to any task.
Viacheslav closed T5755: Running set pki ca NAME certificate with a name with spaces breaks the config as Not Applicable.
Not reproduced on VyOS 1.5-rolling-202404141045
vyos@r-left# set pki ca "my test ca name" certificate 'MIIDnTCCAoWgAwIBAgIUFvyB2rY0V1V6AaIpPWHCftGRwN8wDQYJKoZIhvcNAQELBQAwVzELMAkGA0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yNDA0MTgxMTM3MzZaFw0yOTA0MzZaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggEiMA0GCQEBAQUAA4IBDwAwggEKAoIBAQCKEVxs7gdzmnN4iMinvXN1vdGaT+v3TOnHSXbBkWHnt9YdWmo8UoqFpVqyVM3E8xmoT+3HOXJeWkKArEpMkGo93kWaGo0f25KGEFWbS2ttgNA9cqH9PGa42XTKyTY+5ZoIWaQQzNNiUSaIoslRrMSV4V2yQs90ECxR37ezlV2RAIHEhZ6mizUkMkuSmdjqRolh2tpF1MoisyhspFPXBC6lJ8d0jFZEi1tP3tlQjqVEWPjTvtddy34iOLFeUjBF5cOwfmpVLzWBVLbIxJr5ZHamGeQIabn36Jg1u0+/6p7hb8avqBW4dT0K8UykWVqgjQ4W4rM7AgMBAAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUxEx+IVaoLb7M/SW9AkCVRaXCNTUwDQYJKoZIhvcNAQELBQADggEBAGjV6WiH4Z+hfdANG8oWgY0xsHmUZg8dCjwqO5GMwjBVIuu8GuoZu0JobtLa097behWcgCkwjvKBffuwCu542WbFkxdXzBLZjSAc+K3itegZIuy4jqRO5z6Q0IbPSaFUhR4HhfwejwlyXgjNCFzEMzwoDL2/3PXjWyilkqthYyFcx092tgwiXtnfO9z9Xm/YQHQmRG2VWzLEwucOhV698xnqFgRJk3uKqcDN9KjF+5v32OQ0eis7GHn1aJim5aUee1nnCRFdQO0llNJRwF6fIaICzKLwa7zzMjF7HhRehh5kpwY8omcQX7xYz7GJag4='
Viacheslav placed T2003: BGP FQDN capability has improper hostname after new image install up for grabs.
Viacheslav changed the status of T1790: OSPF Exchanged Routes marked as invalid when run through a GRE PTMP/PTP OSPF between peers from Open to Needs reporter action.
@SquirePug re-check please with the latest rolling image.
Viacheslav reopened T2003: BGP FQDN capability has improper hostname after new image install as "Needs reporter action".
Viacheslav closed T2003: BGP FQDN capability has improper hostname after new image install as Resolved.
@jmaslak can you check the latest rolling image?
Viacheslav changed the status of T2616: BFD Configuration causes flapping from Needs testing to Needs reporter action.
@kroy can you re-test this case?
Viacheslav added a project to T3393: IPoE does not assign IPv6 PD or WAN address: VyOS 1.5 Circinus.
Apr 17 2024
Apr 17 2024
dex added a comment to T5386: Execute VRRP transition script when `set high-availability disable` is commited.
Just checked with the current rolling release 1.5-rolling-202404141045. After committing set high-availability disable, keepalived is successfully stopped and the logs show that the transition script seems to be executed:
indrajitr closed T5612: Miscellaneous improvements and fixes for dynamic DNS configuration as Resolved.
indrajitr closed T5723: mdns repeater: Always reload systemd daemon before applying changes as Resolved.
indrajitr closed T5966: Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments as Resolved.
Updates have been applied on 1.4 and 1.5.
This can probably be closed.
jestabro closed T6154: Installer should ask for password twice, a subtask of T4516: Rewrite system image manipulation tools in Python, as Resolved.
Apr 16 2024
Apr 16 2024
The regression causing 'image cannot be found" was fixed in https://vyos.dev/T6186.
jestabro removed a parent task for T5917: Restore annotations of (running)/(default boot) in select image list: T6022: set system image default-boot.
Viacheslav changed the status of T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network from In progress to Needs testing.
Viacheslav changed the status of T6123: Limit NTP allow-client config to internal addresses by default from Open to Needs testing.
Viacheslav closed T5946: TASK [setup-root-partition : Create a fileystem on EFI partition] failing in Docker as Wontfix.
A docker container usually has issues with loop devices:
Use the VM or attach dev
HollyGurza changed the status of T4248: There isn't a way to remove the only rule from the (traffic-policy) class. from Open to In progress.
Apr 15 2024
Apr 15 2024
Viacheslav changed the status of T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network from Open to In progress.
Viacheslav added a comment to T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network.
PR https://github.com/vyos/vyos-1x/pull/3313
Add onlink option
set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10
Viacheslav added a comment to T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network.
It is more of a feature request than a bug due to specific kernel routes.
Feature to add onlink option
Viacheslav renamed T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network from Failing to add route in failover to Failing to add route in failover if gateway not in the same interface network.
Apr 14 2024
Apr 14 2024
Seems like its either fixed or was a quirk in that specific version.
Viacheslav added a comment to T5986: Container: Error on commit when environment variable value contains \n line break.
The dictionaries process the \n different way
environment.POSTGRES_HOST_AUTH_METHOD.value.
1.5
vyos@r4# commit
[ container ]
{'container_remove': ['c1', 'c2'],
'name': {'test-postgres-master': {'allow_host_networks': {},
'command': 'postgres -c wal_level=replica '
'-c hot_standby=on -c '
'max_wal_senders=10 -c '
'max_replication_slots=10 -c '
'hot_standby_feedback=on',
'environment': {'POSTGRES_HOST_AUTH_METHOD': {'value': 'scram-sha-256\\nhost '
'replication '
'all '
'0.0.0.0/0 '
'md5'},
'POSTGRES_PASSWORD': {'value': 'password'}},
'image': 'postgres:14-alpine',
'memory': '512',
'restart': 'always',
'shared_memory': '64'}},
'network': {'NET01': {'prefix': ['10.0.0.0/24']}},
'registry': {'docker.io': {}, 'quay.io': {}}}Viacheslav added a comment to T5986: Container: Error on commit when environment variable value contains \n line break.
Diff
check --env "POSTGRES_HOST_AUTH_METHOD=. options
1.5
vyos@r4# cat /run/systemd/system/vyos-container-test-postgres-master.service | grep ExecStart -A2
ExecStartPre=/bin/rm -f %t/%n.pid %t/%n.cid
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%n.pid --cidfile %t/%n.cid --cgroups=no-conmon \
--detach --interactive --tty --replace --memory 512m --shm-size 64m --memory-swap 0 --restart always --name test-postgres-master --env "POSTGRES_HOST_AUTH_METHOD=scram-sha-256\nhost replication all 0.0.0.0/0 md5" --env "POSTGRES_PASSWORD=password" --net host postgres:14-alpine postgres -c wal_level=replica -c hot_standby=on -c max_wal_senders=10 -c max_replication_slots=10 -c hot_standby_feedback=onViacheslav removed a project from T5986: Container: Error on commit when environment variable value contains \n line break: VyOS 1.5 Circinus.
Try the latest version
vyos@r4# set container name test-postgres-master environment POSTGRES_HOST_AUTH_METHOD value 'scram-sha-256\nhost replication all 0.0.0.0/0 md5' [edit] vyos@r4# commit [edit] vyos@r4# run show container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 75a7fb610b57 localhost/gobgp-new:1 3 weeks ago Created new fdb74e9700e5 docker.io/library/alpine:3.19 /bin/sh 47 minutes ago Up 47 minutes c1 c05806fdb92c docker.io/library/busybox:latest sh 39 minutes ago Up 39 minutes c2 1b5fc3d4a07b docker.io/library/postgres:14-alpine postgres -c wal_l... 24 seconds ago Up 25 seconds test-postgres-master [edit] vyos@r4# run show ver Version: VyOS 1.5-rolling-202404140022 Release train: current
Will a migrationsscript be included so that users who used the default of:
Apr 13 2024
Apr 13 2024
Viacheslav closed T6238: vyos-build Check pull request title requires the python script as Resolved.
There is also an inactivity timer in systemd-logind, but this will log you out even while running e.g. htop and just watching - I wonder if that's the preferred way :/
Viacheslav added a comment to T6238: vyos-build Check pull request title requires the python script.
Apr 12 2024
Apr 12 2024
n.fort moved T6213: Validations in firewall groups mistakenly reject correct configurations from Open to Finished on the VyOS 1.4 Sagitta board.
n.fort moved T6213: Validations in firewall groups mistakenly reject correct configurations from Open to Finished on the VyOS 1.5 Circinus board.
n.fort closed T6213: Validations in firewall groups mistakenly reject correct configurations as Resolved.
dmbaturin closed T6216: Firewall group names that contain the '+' character break the config, a subtask of T5938: Migration fail root task for 1.4-rc, as Resolved.
dmbaturin renamed T5631: Ability to export the current configuration in JSON format from Ability to have the current configuration in JSON format to Ability to export the current configuration in JSON format.
Already implemented
vyos@r4# set interfaces macsec macsec0 security static Possible completions: key MACsec static key +> peer MACsec peer name
Viacheslav updated subscribers of T6082: BGP doesn't allow the same local AS and remote AS in peer groups.
@tjh Do you still need this package? As it was relevant for ipset/iptables
iprange/stable 1.0.4+ds-2 amd64 optimizing ipsets for iptables
commit 40b0986d66c3a0891dedbedc273b5485e5a8ca3a Author: Lucas Christian <lucas@lucasec.com> Date: Sat Feb 10 11:26:47 2024 -0800
Viacheslav added a comment to T5386: Execute VRRP transition script when `set high-availability disable` is commited.
It was implemented around a year ago https://github.com/vyos/vyos-1x/commit/e201454f073c9a92fb56b65f497eae55fc634521
Just need to check if it works as expected.
Viacheslav added a comment to T6222: VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters.
In T6222#183247, @Chrisc-c-c wrote:Wouldn’t your suggested fix to https://vyos.dev/T6223 also apply here? If the plan is to validate interface name lengths and allow custom names this would be a non-issue.
a.apostoliuk added a comment to T6148: Reset vpn ipsec command breaks tunnel and does not reset SAs that are down.
After considering, we decided that reset is the same as terminate.
If you want to add a feature start manual initialization, please create a feature request.
haakon.nore added a comment to T6148: Reset vpn ipsec command breaks tunnel and does not reset SAs that are down.
Here is an example of a perferctly valid vyos vpn config that will never recover a child SA when resetting it.
haakon.nore added a comment to T6148: Reset vpn ipsec command breaks tunnel and does not reset SAs that are down.
In 1.4 and 1.5 command reset vpn ipsec has a termination meaning.
No, it says reset, both the command, and auto complete output. It does not say terminate or clear. If you run a reset you do expect it to restart or re-populate in one way or another, not just stop working completley.
dex added a comment to T5386: Execute VRRP transition script when `set high-availability disable` is commited.
Just to make sure: This change is part of the current nightly build, right?
HollyGurza edited projects for T6035: random-detect QoS policies cause commit failures due to a missing tc parameter (avpkt), added: VyOS 1.4 Sagitta; removed VyOS 1.4 Sagitta (1.4.0).
a.apostoliuk added a comment to T6148: Reset vpn ipsec command breaks tunnel and does not reset SAs that are down.
In 1.4 and 1.5 command reset vpn ipsec has a termination meaning.
Apr 11 2024
Apr 11 2024
jestabro changed the status of T3474: Revisit storing syntax version of interface definitions in XML file from Unknown Status to Resolved.
jestabro changed the status of T3474: Revisit storing syntax version of interface definitions in XML file, a subtask of T3475: XML dictionary cache unable to process syntaxVersion elements, from Unknown Status to Resolved.