Partial commit

From VyOS Wiki
Jump to: navigation, search

Partial commit is commit behaviour when in case of errors the system applies configuration that loaded cleanly and ignores the rest.

Both original Vyatta and VyOS 1.0.x exhibit this behaviour. Specifically, commit stops at the first error, even if there is potentially valid configuration below.

The argument for partial commit is that at boot time it gives the user some chance to end up with an operational (or at least accessible) system even in case of config load errors.

The argument against it is that it leaves the system in an inconsistent state.

Virtually everyone agreed that user-initiated commits must be atomic. Boot-time partial commit issue is more complicated.

Arguments for

  • Some chance to keep the system accessible and let the user login and fix it
  • Closer to general-purpose distros

Arguments against

  • Inconsistency created by failed config load is not immediately apparent (unless you are at the console) and requires manual inspection or user complaints to spot
  • Only helps in certain cases: error in interfaces, or SSH, or firewall, or... and the system is both inconsistent and inaccessible
  • Can create adverse effects: firewall failed to load -> the system is accessible but insecure

Alternatives

Support for a failsafe config. When the config.boot fails to load, the system tries e.g. config.boot.failsafe