So I am using
set high-availability vrrp group vrrp transition-script backup ‘/config/scripts/vrrp-states.sh BACKUP’
set high-availability vrrp group vrrp transition-script fault ‘/config/scripts/vrrp-states.sh BACKUP’
set high-availability vrrp group vrrp transition-script master ‘/config/scripts/vrrp-states.sh MASTER’
set high-availability vrrp group vrrp transition-script stop ‘/config/scripts/vrrp-states.sh BACKUP’
And in this script I use /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper to modify the configuration.
But this messes up the file permissions of /opt/vyatta/config/active/*
It changes the owner to root and the configuration of whole vyos will be unmodifiable after this.
Because the transition-script is probably ran as root.
So I also include:
sudo chown -R vyos:vyattacfg /opt/vyatta/config/active/
in the end of the script to fix the rights.
I also tried running vyatta-cfg-cmd-wrapper as vyos with sudo and su (to avoid messing up the file rights), but this produced errors like:
Sorry, user vyos is not allowed to execute ‘/bin/vbash -c /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin’ as vyos on
Any ideas how to solve this more elegantly?
