I tried using the merge command to potentially merge a large amount of firewall configuration with existing configuration, since the ansible module vyos_command is kind of slow for this task, but ran into following errors.
# cat /tmp/1k2sk
set firewall global-options all-ping 'enable'
# merge /tmp/1k2sk
Migration script error: /opt/vyatta/etc/config-migrate/migrate/cluster/1-to-2: [Errno 1] failed to run command: ['/opt/vyatta/etc/config-migrate/migrate/cluster/1-to-2', '/tmp/tmpzhttbhke']
returned:
exit code: 1.
# cat /tmp/json-merge-test
firewall {
global-options {
all-ping "disable"
}
}
# merge /tmp/json-merge-test
Migration script error: /opt/vyatta/etc/config-migrate/migrate/firewall/7-to-8: [Errno 1] failed to run command: ['/opt/vyatta/etc/config-migrate/migrate/firewall/7-to-8', '/tmp/tmpgwgn4fol']
returned:
exit code: 1.
# run show version
Version: VyOS 1.5-rolling-202403210019
Any ideas? Or suggestions how to tackle the root issue?
For merge to work, you need to ensure you have the magic code at the bottom.
i.e.:
// Warning: Do not remove the following line.
// vyos-config-version: "bgp@5:broadcast-relay@1:cluster@2:config-management@1:conntrack@5:conntrack-sync@2:container@2:dhcp-relay@2:dhcp-server@8:dhcpv6-server@1:dns-dynamic@4:dns-forwarding@4:firewall@15:flow-accounting@1:https@6:ids@1:interfaces@32:ipoe-server@3:ipsec@13:isis@3:l2tp@9:lldp@2:mdns@1:monitoring@1:nat@8:nat66@3:ntp@3:openconnect@3:ospf@2:pim@1:policy@8:pppoe-server@10:pptp@5:qos@2:quagga@11:reverse-proxy@1:rip@1:rpki@2:salt@1:snmp@3:ssh@2:sstp@6:system@27:vrf@3:vrrp@4:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2"
// Release version: 1.4.0
Don’t use that line, but get the one from the bottom of your /config/config.boot
Add it to your file and then see if a merge works.
Yes I don’t think it’s documented, I just found out that was the answer by talking with the devs.
I do mean to go back and submit a pull request to update the doco, it’s on my todo list.