Page MenuHomeVyOS Platform
Create Task
Maniphest T4259

The conntrackd daemon can be started wrongly
Closed, ResolvedPublicBUG
Actions

Description

We have (at least) three different sources for controlling conntrackd daemon state:

  • /usr/libexec/vyos/conf_mode/conntrack_sync.py uses systemctl restart conntrackd.service
  • /etc/logrotate.d/conntrackd uses invoke-rc.d conntrackd restart that normally is transparently translated to the systemctl command
  • /usr/libexec/vyos/vyos-vrrp-conntracksync.sh uses $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d

vyos-vrrp-conntracksync.sh try to start the daemon if cannot receive statistics from it, what not always mean that conntrackd is not running. And it uses the wrong path to a configuration. Because of this, in the worst case we may get two daemons running at the same time:

root      7546  0.0  0.2  11776  2584 ?        Ss   14:47   0:00 /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d
root      7994  1.7  0.7  15680  7256 ?        Ss   14:47   0:00 /usr/sbin/conntrackd -C /run/conntrackd/conntrackd.conf

We may analyze the logic - maybe we can avoid starting the conntrackd from vyos-vrrp-conntracksync.sh at all. But the very quick fix for the problem is using the systemctl restart conntrackd.service there, like in other places. Systemd should take care of the rest.

Details

Difficulty level
Easy (less than an hour)
Version
1.4, 1.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.3
1.3.1

Event Timeline

zsdc created this task.Feb 18 2022, 6:42 PM
pasik added a subscriber: pasik.Feb 18 2022, 6:47 PM
Viacheslav added a subscriber: Viacheslav.Feb 19 2022, 11:29 PM

It is used in keepalived Template

elico added a subscriber: elico.Mar 4 2022, 8:59 PM

If the solution is so simple, whats the issue? from what I understand it's just a matter of working on:
vyos-vrrp-conntracksync.sh

ie make sure that the service is running before restarting it, right?

c-po changed the task status from Open to Needs testing.Mar 5 2022, 8:41 AM
c-po claimed this task.
c-po triaged this task as Normal priority.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po closed this task as Resolved.Mar 5 2022, 7:54 PM
c-po moved this task from Need Triage to 1.3.1 on the VyOS 1.3 Equuleus board.
c-po edited projects, added VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
dmbaturin mentioned this in 1.3.1.Jun 11 2022, 8:40 AM
dmbaturin mentioned this in 1.3.3.Sep 22 2022, 10:56 AM