VRRP Transition Scripts Permission Issue


I’m are currently testing VyOS as our solution for virtualized firewalls and we are quite happy with it.

But there is one problem i can’t solve. When I use the VRRP Transition Script function to change the configuration, no manual changes are possible afterwards.

The setup is pretty basic:

high-availability {
    vrrp {
        group test {
            interface eth0.80
            transition-script {
                backup /config/scripts/vrrp_ospd_down.sh
                fault /config/scripts/vrrp_ospd_down.sh
                master /config/scripts/vrrp_ospd_up.sh
                stop /config/scripts/vrrp_ospd_down.sh
            vrid 80

For testing purposes, I change a random value of the config with my scripts:

source /opt/vyatta/etc/functions/script-template
set system domain-name up.test.local

The result is the same in all cases. The scripts are executed und the value is changed, bit when I try to change something manually afterwards, I receive the following error message:

vyos@vyos1# set system domain-name test.local

  Set failed

I know this behaviour is described in the Command Scripting documentation, but since I execute the script via the transition-script option, I don’t know how to call the scripts the proper way. What am I missing?


Configuration should be from group vyattacfg
Add it before source

if [ $(id -gn) != vyattacfg ]; then
    exec sg vyattacfg "$0 $*"

Works perfectly, thank you very much for the quick response!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.