Unable to "set" configuration

microlinux · January 28, 2015, 2:59am

I’m running into a strange problem suddenly . . . I am unable to set any configuration variables on one of my VyOS systems.

For example, set interfaces ethernet eth1 vif 1400 disable results in

and I’ll get this in cfg-stdout.log

No matter what I try to “set”, the above pattern is repeated.

I think this is the problem. On another VyOS system I have, the owner would be the logged in user and the group would be vyattacfg. I’m not sure what is going on here.

cgb · January 28, 2015, 3:22am

I see your uptime is only 24 minutes. Is your problem persistent between boots?

I’m not hugely familiar with the backend operation of Vyatta (but I’m reasonably experienced with Linux). I’m observing that anything created in /opt/vyatta/config or /opt/vyatta/config/tmp is non-persistent.

Can you confirm /opt/vyatta/tmp is empty after reboot before trying your commands again?

microlinux · January 28, 2015, 3:33am

Yes, it is persistent.

Yes, I am seeing the same thing - but on this system folders/files are set to root:root.

New directories get created on each reboot.

Thanks for any thoughts!

cgb · January 28, 2015, 4:22am

I upgraded to 1.1.2 (from 1.1.1) to see if it was a version diff. From what I’m seeing, many folders are owned by root under the /opt/vyatta/config/tmp location, but everything remains group owned by vyattacfg.

I’m curious what the value is for this:

find /opt/vyatta/config -gid 0 | wc -l

For me, it’s zero, and for group 104 (vyattacfg on my router), it is 1472:

root@guestfw01:/opt/vyatta/config/tmp# find /opt/vyatta/config -gid 0 | wc -l
0
root@guestfw01:/opt/vyatta/config/tmp# find /opt/vyatta/config -gid 104 | wc -l
1472

microlinux · January 29, 2015, 1:16am

cgb:

For me, it’s zero, and for group 104 (vyattacfg on my router), it is 1472:
root@guestfw01:/opt/vyatta/config/tmp# find /opt/vyatta/config -gid 0 | wc -l
0
root@guestfw01:/opt/vyatta/config/tmp# find /opt/vyatta/config -gid 104 | wc -l
1472

I’m the opposite, nothing with group vyattacfg.

Even stranger, it just happened on another VM I spun up to replace this one last night (worked fine then). I wonder if this is happening when I power off and on, more digging to do.

Senol · February 9, 2015, 3:23pm

Hi there,

That is because, unionfs-fuse has wrong file permissions in the temporary mounted filesystem…

in configuration mode
vyos@drake-fw# df -h in the last line will show you unionfs-fuse cd to that mount point and list the files, you will see that they dont belong to you…

soln.

first you have to be in run mode $

Go to the folder /opt/vyatta/config/active
and list the files

vyos@drake-fw$ ls

drwxrwxr-x 10 pedagus vyattacfg 200 Feb 13 08:59 .
drwxrwxr-x 4 pedagus vyattacfg 100 Jan 27 09:41 …
drwxrwxr-x 5 pedagus vyattacfg 100 Feb 13 08:59 .unionfs
drwxrwxr-x 15 pedagus vyattacfg 300 Feb 13 08:59 firewall
drwxrwxr-x 5 pedagus vyattacfg 100 Feb 13 08:59 interfaces
drwxrwxr-x 4 pedagus vyattacfg 80 Feb 13 08:59 nat
drwxrwxr-x 3 pedagus vyattacfg 60 Feb 13 08:59 protocols
drwxrwxr-x 5 pedagus vyattacfg 100 Feb 13 08:59 service
drwxrwxr-x 11 pedagus vyattacfg 220 Feb 13 08:59 system
drwxrwxr-x 3 pedagus vyattacfg 60 Feb 13 08:59 vpn

as you can see the user “pedagus” is the owner of the running configuration, either you have to change them to your user or you have to switch to that user.

“switch to pedagus”
vyos@drake-fw$ sudo su - pedagus
pedagus@drake-fw$ conf …

or

“change the owner to your own”
vyos@drake-fw$ sudo chown -R vyos /opt/vyatta/config/active
vyos@drake-fw$ conf …

sorry for my older answer, it was not fully working…

microlinux · February 11, 2015, 2:19am

Ah ha, many thanks!

That sounds very plausible, I deleted the VMs, but I will try to reproduce the problem and attempt this fix so I’m familiar with it.

jasonseparovic · May 5, 2025, 2:36pm

Can’t believe this is still relevant!
Fixed my issue using debian version of cloud-init (couldn’t get vyos-cloud-init working)

Here’s my cloud-init user-data generation script:

    # Create user-data file with cloud-init for VyOS
    cat > "$CLOUD_INIT_DIR/user-data" << EOF
#cloud-config
write_files:
  - path: /opt/vyatta/etc/config/scripts/vyos-postconfig-bootup.script
    owner: root:vyattacfg
    permissions: '0775'
    content: |
      #!/bin/vbash
      source /opt/vyatta/etc/functions/script-template

      configure
      set system host-name $vmname
      set system name-server $dns

      set system login user vyos authentication public-keys root key ${SSH_PUB_KEY}
      set system login user vyos authentication public-keys root type ssh-rsa
      
      set service ssh disable-password-authentication

EOF
    
    # Add interface configurations with explicit interface parameters
    for i in "${!bridge_array[@]}"; do
        cat >> "$CLOUD_INIT_DIR/user-data" << EOF
      delete interfaces ethernet eth$i address
      set interfaces ethernet eth$i address ${cidr_array[$i]}
      set interfaces ethernet eth$i description ${bridge_array[$i]}

EOF
    done
    
    # Add default route via gateway and finish script with commit/save
    cat >> "$CLOUD_INIT_DIR/user-data" << EOF
      set protocols static route 0.0.0.0/0 next-hop '$gateway'
      commit
      save
      exit

EOF

    # Add fix from https://forum.vyos.io/t/unable-to-set-configuration/344/6
    cat >> "$CLOUD_INIT_DIR/user-data" << EOF
      sudo chown -R vyos /opt/vyatta/config/active
EOF

Without the chown to vyos user for the active config, every subsequent config set command would get “Set failed” and “set cfg path failed” in the logs. What’s strange is that the example script from VyOS cloud-init — VyOS 1.5.x (circinus) documentation doesn’t mention it at all.