Safe to update straight from 1.2.0-rc11 to 1.2.5?

As the title says, I need to update a router still on 1.2.0-rc11, safe to jump directly to the latest version?

Thanks.

Hello @Ralm, Yes, I think this is enough safe.
But if you have any doubts, you can check your config on the other VyOS router with 1.2.5.

Well, your guess was incorrect.

There was a configuration incompatibility some how.
It seems that with all these updates the VyOS team decided to make a breaking change on the configuration, which is not something I would expect from minor versions updates.

Either way, from the errors presented during boot, I found out that from version 1.2.0-RC11 (the last Release candidate) and 1.2.5-EPA2, the interface bound members was changed, from being defined on the interfaces themselves to the bound interface.

The other part that it complained was with DNS Forwarding, the “listen-on” is no longer supported it seems.

Anyway, I wanted to fix the configuration file that was migrated from one version to the other when I added the new image.
On the update page, here https://vyos.readthedocs.io/en/latest/image-mgmt.html#update-vyos-installation, it says n the hint on the end of the page that you can copy the config file from the previous image, however it doesn’t seem to be working for this one. I suspect that either I’m not using the right version or the config.boot file hasn’t been created yet.

How can I list the installed values, such as given in the example of “1.2.1://” so I can navigate to the right partion?
Also, if the “/config” folder is empty, where can I find the config file to fix it?

Thank you

If /config folder empty, then need to debug the migration procedure in your case. Can you provide your config with replacing all private data?
show configuration commands | strip-private
Can you also provide show versions for confirmation that you update to 1.2.5-epaX exactly?

Hi there,

Please find my configuration here from 1.2.0-rc11:

set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall ip-src-route 'disable'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall log-martians 'enable'
set firewall name LAN-LOCAL default-action 'drop'
set firewall name LAN-LOCAL rule 99 action 'drop'
set firewall name LAN-LOCAL rule 99 destination port '159'
set firewall name LAN-LOCAL rule 99 protocol 'tcp'
set firewall name LAN-LOCAL rule 99 recent count '4'
set firewall name LAN-LOCAL rule 99 recent time '60'
set firewall name LAN-LOCAL rule 99 state new 'enable'
set firewall name LAN-LOCAL rule 100 action 'accept'
set firewall name LAN-LOCAL rule 100 destination port '159'
set firewall name LAN-LOCAL rule 100 protocol 'tcp'
set firewall name LAN-LOCAL rule 100 state new 'enable'
set firewall name WAN-IN default-action 'drop'
set firewall name WAN-IN rule 10 action 'accept'
set firewall name WAN-IN rule 10 state established 'enable'
set firewall name WAN-IN rule 10 state related 'enable'
set firewall name WAN-IN rule 17 action 'accept'
set firewall name WAN-IN rule 17 description 'plex'
set firewall name WAN-IN rule 17 destination address 'xxx.xxx.10.4'
set firewall name WAN-IN rule 17 destination port '32400'
set firewall name WAN-IN rule 17 protocol 'tcp'
set firewall name WAN-IN rule 17 state new 'enable'
set firewall name WAN-LOCAL default-action 'drop'
set firewall name WAN-LOCAL rule 10 action 'accept'
set firewall name WAN-LOCAL rule 10 state established 'enable'
set firewall name WAN-LOCAL rule 10 state related 'enable'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces bonding bond0 description 'LAN Bond'
set interfaces bonding bond0 firewall local name 'LAN-LOCAL'
set interfaces bonding bond0 hash-policy 'layer2'
set interfaces bonding bond0 mode '802.3ad'
set interfaces bonding bond0 vif 1 address 'xxx.xxx.10.1/24'
set interfaces bonding bond0 vif 1 description 'LAN-GUEST'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id 'XX:XX:XX:87:c0:15'
set interfaces ethernet eth0 smp-affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 address 'dhcp'
set interfaces ethernet eth1 description 'WAN'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 firewall in name 'WAN-IN'
set interfaces ethernet eth1 firewall local name 'WAN-LOCAL'
set interfaces ethernet eth1 hw-id 'XX:XX:XX:23:fd:18'
set interfaces ethernet eth1 smp-affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 bond-group 'bond0'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id 'XX:XX:XX:23:fd:19'
set interfaces ethernet eth2 smp-affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth3 bond-group 'bond0'
set interfaces ethernet eth3 description 'Member of bond0'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id 'XX:XX:XX:23:fd:1a'
set interfaces ethernet eth3 smp-affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces ethernet eth4 bond-group 'bond0'
set interfaces ethernet eth4 description 'Member of bond0'
set interfaces ethernet eth4 duplex 'auto'
set interfaces ethernet eth4 hw-id 'XX:XX:XX:23:fd:1b'
set interfaces ethernet eth4 smp-affinity 'auto'
set interfaces ethernet eth4 speed 'auto'
set interfaces loopback lo
set nat destination rule 15 description 'Plex'
set nat destination rule 15 destination port '32400'
set nat destination rule 15 inbound-interface 'eth1'
set nat destination rule 15 protocol 'tcp'
set nat destination rule 15 translation address 'xxx.xxx.10.4'
set nat source rule 100 outbound-interface 'eth1'
set nat source rule 100 source address 'xxx.xxx.10.0/24'
set nat source rule 100 translation address 'masquerade'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 default-router 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 dns-server 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 start 'xxx.xxx.10.2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 stop 'xxx.xxx.10.254'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.10'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:20:b8:83'
set service dns dynamic interface eth1 service namecheap host-name xxxxxx
set service dns dynamic interface eth1 service namecheap login 'ralms'
set service dns dynamic interface eth1 service namecheap password xxxxxx
set service dns forwarding cache-size '5000'
set service dns forwarding listen-on 'bond0.1'
set service dns forwarding name-server 'xxx.xxx.1.1'
set service dns forwarding name-server 'xxx.xxx.0.1'
set service ssh port '159'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '9600'
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system login user xxxxxx level 'admin'
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system time-zone 'UTC'

And in regards to the version, I’m currently unable to boot into the 1.2.5epa2, I have it installed on hyper-v with minimum config just to compare the settings failing.

Here is some of the versions of it as I’m unable to copy paste:

ii  vyatta-bash               4.1-3+vyos2+current2
ii  vyatta-biosdevname        1:0.3.11+vyos2+current2
ii  vyatta-cfg                0.102.0+vyos2+current4
ii  vyatta-cfg-firewall       0.14.0+vyos2+current2
ii  vyatta-config-mgmt        0.34+vyos2+current2
ii  vyatta-config-migrate     0.13.65+vyos2+current1
ii  vyos-1x                   1.3.0-17
ii  vyos-world                1.3.0+vyos3+equuleus1

Version: VyOS 1.2.5epa2
Built Commit ID: 84ad43ca30120c

I don’t understand why “vyos-world” would say version 1.3.0 when I explicitly ran the Crux container in Docker with:

docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:crux bash

Which as per the documentation should do a Crux 1.2 build. https://vyos.readthedocs.io/en/latest/contributing/build-vyos.html#build-iso

Also, do you know where is the file that the config migration tool will use?
If I could fix that file with the new configs it should work.

Let me know if you need anything else.

So @Ralm, you have rolling VyOS version, look commit ID https://github.com/vyos/vyos-build/commit/84ad43ca30120c5c14e5a0682f14c0c9d04ed4d7

Before building the Docker container you need switch to the crux branch.

cd vyos-build
git checkout crux

Ok, I will build the ISO again.

We need to update the docs then, my gut was telling me that but since it also tells you to do that with the docker image, is a bit confusing.

I will let you know the result.