Como matar Vyatta – cuidado con las actualizaciones de Vyatta desde la versión VC6.2!!
Parece ser que en Vyatta tienen algún problema con los repositorios y el tema de las actualizaciones de su última versión basada en Mendocino, Vyatta Core 6.2-2011.02.09 y por eso hasta la fecha no hay posibilidad de actualizar por repositorios las máquinas Vyatta previas a la versión VC6.2.
Peeeeeero que a nadie se le ocurra teniendo instalada la versión VC6.2 el tratar de actualizar haciendo un “sudo full-upgrade -k” ya que el proceso de actualización nos elimina ficheros, paquetes e instala otros de la versión VC6.1 obteniendo como resultado una máquina que no arranca!!
Esto es lo que tenemos si llevamos a cabo ese fatídico proceso de actualización:
vyatta@vyatta:~$ show version
Version: VC6.2-2011.02.09
Description: Vyatta Core 6.2 2011.02.09
Copyright: 2006-2011 Vyatta, Inc.
Built by: autobuild@vyatta.com
Built on: Wed Feb 9 20:04:26 UTC 2011
Build ID: 1102092009-7353197
Boot via: disk
Uptime: 08:13:50 up 1:46, 2 users, load average: 0.13, 0.06, 0.01
vyatta@vyatta:~$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 3.7G 607M 2.9G 17% /
tmpfs 125M 0 125M 0% /lib/init/rw
udev 119M 108K 119M 1% /dev
tmpfs 125M 4.0K 125M 1% /dev/shm
none 125M 164K 125M 1% /opt/vyatta/config
Ahora vamos a matar Vyatta!
vyatta@vyatta:~$ sudo full-upgrade -k
*******************************************************************************
Vyatta full-upgrade status - Configuring unpacked packages
*******************************************************************************
Vyatta full-upgrade status - Resynchronizing package index files
*******************************************************************************
Vyatta full-upgrade status - Setting pin priority
*******************************************************************************
Vyatta full-upgrade status - Fixing any broken package dependencies
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
*******************************************************************************
Vyatta recommends minimum 512 Megabytes of memory but system has 249 installed
This may have unintended consequences during full-upgrade. Continue? (Y/N) [N]: y
*******************************************************************************
full-upgrade detected the following repositories to get packages from -
Repositories configured in CLI :
community
components: main
distribution: stable
url: http://packages.vyatta.com/vyatta
Make sure you have the correct repository configured. Continue? (Y/N) [N]: y
*******************************************************************************
Vyatta full-upgrade status - Installing latest Vyatta-base package
Reading package lists... Done
Building dependency tree
Reading state information... Done
vyatta-base is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
===full-upgrade -k===
08:14:41 up 1:47, 2 users, load average: 0.05, 0.05, 0.01
Fri Mar 25 08:14:41 GMT 2011
*******************************************************************************
Vyatta full-upgrade status - Removing no longer needed dependencies
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
*******************************************************************************
Vyatta full-upgrade status - Fixing any broken dependencies
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
*******************************************************************************
Vyatta full-upgrade status - Cleaning local repository of retrieved package files
*******************************************************************************
Vyatta full-upgrade status - Installing vyatta-version package
Reading package lists... Done
Building dependency tree
Reading state information... Done
vyatta-version is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
*******************************************************************************
Vyatta full-upgrade status - Checking Vyatta packages that need to be downgraded
package conntrack needs to be removed for downgrade
package conntrackd needs to be removed for downgrade
package grub-common needs to be removed for downgrade
package grub-pc needs to be removed for downgrade
package initramfs-tools needs to be removed for downgrade
package iproute needs to be removed for downgrade
package ipset needs to be removed for downgrade
package iptables needs to be removed for downgrade
package libsnmp-base needs to be removed for downgrade
package libsnmp-perl needs to be removed for downgrade
package libsnmp15 needs to be removed for downgrade
package libstrongswan needs to be removed for downgrade
package live-initramfs needs to be removed for downgrade
package lldpd needs to be removed for downgrade
package netplug needs to be removed for downgrade
package ntp needs to be removed for downgrade
package ntpdate needs to be removed for downgrade
package pmacct needs to be removed for downgrade
package snmp needs to be removed for downgrade
package snmpd needs to be removed for downgrade
package squidguard needs to be removed for downgrade
package strongswan needs to be removed for downgrade
package strongswan-ikev1 needs to be removed for downgrade
package strongswan-ikev2 needs to be removed for downgrade
package strongswan-starter needs to be removed for downgrade
package vyatta-base needs to be removed for downgrade
package vyatta-bash needs to be removed for downgrade
package vyatta-biosdevname needs to be removed for downgrade
package vyatta-busybox needs to be removed for downgrade
package vyatta-cfg needs to be removed for downgrade
package vyatta-cfg-dhcp-relay needs to be removed for downgrade
package vyatta-cfg-dhcp-server needs to be removed for downgrade
package vyatta-cfg-firewall needs to be removed for downgrade
package vyatta-cfg-op-pppoe needs to be removed for downgrade
package vyatta-cfg-qos needs to be removed for downgrade
package vyatta-cfg-quagga needs to be removed for downgrade
package vyatta-cfg-system needs to be removed for downgrade
package vyatta-cfg-vpn needs to be removed for downgrade
package vyatta-cluster needs to be removed for downgrade
package vyatta-config-migrate needs to be removed for downgrade
package vyatta-conntrack-sync needs to be removed for downgrade
package vyatta-dhcp3-client needs to be removed for downgrade
package vyatta-dhcp3-common needs to be removed for downgrade
package vyatta-dhcp3-relay needs to be removed for downgrade
package vyatta-dhcp3-server needs to be removed for downgrade
package vyatta-idp-snort needs to be removed for downgrade
package vyatta-ipv6-rtradv needs to be removed for downgrade
package vyatta-keepalived needs to be removed for downgrade
package vyatta-lldp needs to be removed for downgrade
package vyatta-nat needs to be removed for downgrade
package vyatta-netflow needs to be removed for downgrade
package vyatta-op needs to be removed for downgrade
package vyatta-op-dhcp-server needs to be removed for downgrade
package vyatta-op-firewall needs to be removed for downgrade
package vyatta-op-qos needs to be removed for downgrade
package vyatta-op-quagga needs to be removed for downgrade
package vyatta-op-vpn needs to be removed for downgrade
package vyatta-op-xml needs to be removed for downgrade
package vyatta-openvpn needs to be removed for downgrade
package vyatta-ppp needs to be removed for downgrade
package vyatta-quagga needs to be removed for downgrade
package vyatta-ravpn needs to be removed for downgrade
package vyatta-snort needs to be removed for downgrade
package vyatta-snort-common needs to be removed for downgrade
package vyatta-snort-common-libraries needs to be removed for downgrade
package vyatta-version needs to be removed for downgrade
package vyatta-wanloadbalance needs to be removed for downgrade
package vyatta-webgui needs to be removed for downgrade
package vyatta-webproxy needs to be removed for downgrade
package vyatta-wireless needs to be removed for downgrade
package vyatta-wirelessmodem needs to be removed for downgrade
package vyatta-version needs to be removed for downgrade
Package vyatta-version listed more than once, only processing once.
(Reading database ... 33470 files and directories currently installed.)
Removing grub-pc ...
Removing libsnmp-perl ...
Removing live-initramfs ...
update-initramfs: Generating /boot/initrd.img-2.6.35-1-586-vyatta
W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.
W: mdadm: no arrays defined in configuration file.
Removing netplug ...
invoke-rc.d: policy-rc.d denied execution of stop.
Removing vyatta-base ...
Removing vyatta-cfg-dhcp-relay ...
Removing vyatta-cfg-dhcp-server ...
Removing vyatta-cfg-op-pppoe ...
invoke-rc.d: policy-rc.d denied execution of stop.
Removing vyatta-cfg-qos ...
Removing vyatta-cfg-quagga ...
Removing vyatta-cluster ...
Removing vyatta-conntrack-sync ...
Removing vyatta-dhcp3-relay ...
invoke-rc.d: unknown initscript, /etc/init.d/dhcp3-relay not found.
Removing vyatta-ipv6-rtradv ...
Removing vyatta-lldp ...
Removing vyatta-nat ...
Removing vyatta-netflow ...
Removing vyatta-op-dhcp-server ...
Removing vyatta-op-firewall ...
Removing vyatta-op-qos ...
Removing vyatta-op-quagga ...
Removing vyatta-op-xml ...
Removing vyatta-openvpn ...
Removing vyatta-ppp ...
Stopping all PPP connections...done.
Removing vyatta-ravpn ...
dpkg: warning: while removing vyatta-ravpn, directory '/opt/vyatta/etc/ravpn' not empty so not removed.
Removing vyatta-version ...
dpkg: warning: while removing vyatta-version, directory '/opt/vyatta/etc/config' not empty so not removed.
Removing vyatta-wanloadbalance ...
Removing vyatta-webgui ...
Removing vyatta-webproxy ...
Removing vyatta-wireless ...
Removing vyatta-wirelessmodem ...
Removing conntrack ...
Removing conntrackd ...
invoke-rc.d: policy-rc.d denied execution of stop.
Removing grub-common ...
Removing lldpd ...
Removing pmacct ...
Removing squidguard ...
Removing vyatta-bash ...
Removing vyatta-dhcp3-server ...
invoke-rc.d: unknown initscript, /etc/init.d/dhcp3-server not found.
Removing vyatta-op-vpn ...
Removing vyatta-cfg-vpn ...
Removing strongswan ...
Removing strongswan-ikev1 ...
Removing strongswan-starter ...
invoke-rc.d: policy-rc.d denied execution of stop.
invoke-rc.d: policy-rc.d denied execution of stop.
Removing strongswan-ikev2 ...
Removing libstrongswan ...
dpkg: snmpd: dependency problems, but removing anyway as you requested:
vyatta-cfg-system depends on snmpd (>= 5.4.2.1-vyatta11); however:
Package snmpd is to be removed.
vyatta-cfg-firewall depends on snmpd; however:
Package snmpd is to be removed.
Removing snmpd ...
invoke-rc.d: policy-rc.d denied execution of stop.
dpkg: vyatta-biosdevname: dependency problems, but removing anyway as you requested:
vyatta-cfg-system depends on vyatta-biosdevname; however:
Package vyatta-biosdevname is to be removed.
Removing vyatta-biosdevname ...
dpkg: vyatta-busybox: dependency problems, but removing anyway as you requested:
vyatta-cfg-system depends on vyatta-busybox; however:
Package vyatta-busybox is to be removed.
vyatta-cfg-firewall depends on busybox; however:
Package busybox is not installed.
Package vyatta-busybox which provides busybox is to be removed.
Removing vyatta-busybox ...
dpkg: vyatta-cfg: dependency problems, but removing anyway as you requested:
vyatta-config-mgmt depends on vyatta-cfg (>= 0.15.33).
vyatta-op depends on vyatta-cfg (>= 0.16.26).
vyatta-zone depends on vyatta-cfg; however:
Package vyatta-cfg is to be removed.
vyatta-cfg-system depends on vyatta-cfg (>= 0.18.58).
vyatta-idp-snort depends on vyatta-cfg (>= 0.15.33).
vyatta-cfg-firewall depends on vyatta-cfg (>= 0.15.33).
Removing vyatta-cfg ...
dpkg: vyatta-cfg-firewall: dependency problems, but removing anyway as you requested:
vyatta-zone depends on vyatta-cfg-firewall; however:
Package vyatta-cfg-firewall is to be removed.
vyatta-idp-snort depends on vyatta-cfg-firewall; however:
Package vyatta-cfg-firewall is to be removed.
Removing vyatta-cfg-firewall ...
dpkg: vyatta-cfg-system: dependency problems, but removing anyway as you requested:
vyatta-config-mgmt depends on vyatta-cfg-system; however:
Package vyatta-cfg-system is to be removed.
Removing vyatta-cfg-system ...
Removing vyatta-config-migrate ...
Removing vyatta-dhcp3-client ...
Removing vyatta-dhcp3-common ...
dpkg: vyatta-idp-snort: dependency problems, but removing anyway as you requested:
vyatta-zone depends on vyatta-idp-snort; however:
Package vyatta-idp-snort is to be removed.
Removing vyatta-idp-snort ...
Removing vyatta-keepalived ...
invoke-rc.d: policy-rc.d denied execution of stop.
dpkg: vyatta-op: dependency problems, but removing anyway as you requested:
vyatta-config-mgmt depends on vyatta-op; however:
Package vyatta-op is to be removed.
Removing vyatta-op ...
Removing vyatta-quagga ...
dpkg: vyatta-snort: dependency problems, but removing anyway as you requested:
barnyard2 depends on snort | vyatta-snort; however:
Package snort is not installed.
Package vyatta-snort is to be removed.
Removing vyatta-snort ...
Removing vyatta-snort-common ...
Removing vyatta-snort-common-libraries ...
dpkg: initramfs-tools: dependency problems, but removing anyway as you requested:
linux-image-2.6.35-1-586-vyatta depends on initramfs-tools (>= 0.55) | yaird (>= 0.0.12-8) | linux-initramfs-tool; however:
Package initramfs-tools is to be removed.
Package yaird is not installed.
Package linux-initramfs-tool is not installed.
Package initramfs-tools which provides linux-initramfs-tool is to be removed.
linux-image-2.6.35-1-586-vyatta depends on initramfs-tools (>= 0.55) | yaird (>= 0.0.12-8) | linux-initramfs-tool; however:
Package initramfs-tools is to be removed.
Package yaird is not installed.
Package linux-initramfs-tool is not installed.
Package initramfs-tools which provides linux-initramfs-tool is to be removed.
Removing initramfs-tools ...
dpkg: iproute: dependency problems, but removing anyway as you requested:
heartbeat depends on iproute.
vlan depends on iproute.
Removing iproute ...
Removing ipset ...
Removing iptables ...
dpkg: libsnmp-base: dependency problems, but removing anyway as you requested:
libsnmp15 depends on libsnmp-base (>= 5.6-vyatta5+mendocino1).
Removing libsnmp-base ...
dpkg: libsnmp15: dependency problems, but removing anyway as you requested:
ntp depends on libsnmp15 (>= 5.5).
cluster-glue depends on libsnmp15 (>= 5.4.3~dfsg).
snmp depends on libsnmp15 (>= 5.5).
Removing libsnmp15 ...
Removing ntp ...
invoke-rc.d: policy-rc.d denied execution of stop.
Removing ntpdate ...
Removing snmp ...
Processing triggers for man-db ...
*******************************************************************************
Vyatta full-upgrade status - Fixing any broken dependencies
/opt/vyatta/bin/download-only: line 188: /opt/vyatta/bin/xes: No such file or directory
vyatta@vyatta:~$
Ya está, Vyatta esta muerto, no podemos hacer nada, ni reconoce los comandos del CLI y si reiniciamos ni arranca!!
Esto es lo que vemos si reiniciamos, un kernel panic
Fuentes:
- Experiencia propia.
- Hilo del foro de Vyatta.
- Bug publicado en el bug tracker de Vyatta
podrías aclararme una duda? eso de open source no es del todo cierto verdad?
he bajado lo que se supone el código pero solo veo paquetes y script de configuración, al parecer se trata de una distribución “personalizable” de Vyatta pero el código fuente hecho en el lenguaje o los lenguajes que se utilizaron “eso sí que no es abierto” verdad?
en resumen lo de Open Source es puro mercadeo?
Hola José Manuel, bienvenido.
La verdad es que aún no me he visto en la necesidad o curiosidad de bajar los fuentes, pero puedo decirte que si que hay acceso a los fuentes y si que se trata de código libre, de hecho Vyatta se compone en su mayoría de otras herramientas open como quagga, netfilter y muchas más.
Me pica la curiosidad y me gustaría llegar hasta el final en este respecto. Podrías decirnos como has hecho la descarga? con git? lo has hecho siguiendo esta guía?
Otro enlace que puede serte interesante es este de vyatta-hackers
Te agradecería nos contases algo más.
Pingback: Vyatta en español | openredes - Networking Open Source
Buenas. No se si me recuerdas. Hace meses te pedi ayuda por esta pagina ya que mi proyecto final quiero hacerlo con Vyatta. Me cambiaron el proyecto a la mitad y finalmente me lo devolvieron.
Ahora, con el tiempo apremiando me encontre con un problema en webproxy
se supone que la address listen es la que alimenta a mi lan
Net
|
|
Vyatta
|——-esta direccion
|
|
LAN
el problema es que esa direccion es normalmente unica. Las configuraciones que he visto todas tienen una unica direccion ahi, pero en mi caso tengo una VLan con 2 direcciones en la misma interaz.
He colocado la direccion de la VLaN y las paginas que quiero bloquear, pero facebook sigue apareciendo a pesar de haberlo bloqueado.
Que piensas tu? Cual puede ser mi error?