VRRP Transition Scripts Permission Issue

somethingwithpackets · November 26, 2021, 2:31pm

Hi,

I’m are currently testing VyOS as our solution for virtualized firewalls and we are quite happy with it.

But there is one problem i can’t solve. When I use the VRRP Transition Script function to change the configuration, no manual changes are possible afterwards.

The setup is pretty basic:

high-availability {
    vrrp {
        group test {
            address 172.23.254.1/24
            interface eth0.80
            transition-script {
                backup /config/scripts/vrrp_ospd_down.sh
                fault /config/scripts/vrrp_ospd_down.sh
                master /config/scripts/vrrp_ospd_up.sh
                stop /config/scripts/vrrp_ospd_down.sh
            }
            vrid 80
        }
    }
}

For testing purposes, I change a random value of the config with my scripts:

#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
set system domain-name up.test.local
commit
exit

The result is the same in all cases. The scripts are executed und the value is changed, bit when I try to change something manually afterwards, I receive the following error message:

vyos@vyos1# set system domain-name test.local

  Set failed

I know this behaviour is described in the Command Scripting documentation, but since I execute the script via the transition-script option, I don’t know how to call the scripts the proper way. What am I missing?

Greetings

Viacheslav · November 26, 2021, 2:38pm

Configuration should be from group vyattacfg
Add it before source

if [ $(id -gn) != vyattacfg ]; then
    exec sg vyattacfg "$0 $*"
fi

somethingwithpackets · November 26, 2021, 3:12pm

Works perfectly, thank you very much for the quick response!

system · November 28, 2021, 3:13pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.