Page MenuHomeVyOS Platform
Create Task
Maniphest T4730

Conntrack-sync error - listen-address is not the correct type in config as it should be
Closed, ResolvedPublicBUG
Actions

Description

Conntrack-sync not working because of wrong data type in conntrack.conf configuration file generation
Version: VyOS 1.3.2

Steps to reproduce error:
set interface ether eth1 address 10.10.10.2/24

set high-availability vrrp sync-group MAIN member eth1

set service conntrack-sync accept-protocol 'tcp'
set service conntrack-sync accept-protocol 'udp'
set service conntrack-sync accept-protocol 'icmp'
set service conntrack-sync failover-mechanism vrrp sync-group 'MAIN'
set service conntrack-sync interface eth1 peer 10.10.10.1
set service conntrack-sync listen-address 10.10.10.2

Commit wth error:

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/vrrp.py", line 161, in <module>
    verify(c)
  File "/usr/libexec/vyos/conf_mode/vrrp.py", line 133, in verify
    if member not in vrrp['group']:
KeyError: 'group'

[[high-availability vrrp]] failed
[ service conntrack-sync ]
ERROR: error restarting VRRP daemon!

Commit failed

As our customer pointed out, the problem is in the generated configuration file:

vyos@vyos# head /run/conntrackd/conntrackd.conf
# autogenerated by conntrack_sync.py
# Synchronizer settings
Sync {
    Mode FTFW {
        DisableExternalCache off
    }
    UDP {
        IPv4_address ['10.10.10.2']
        IPv4_Destination_Address 10.10.10.1
[edit]

Some logs:

Oct 06 01:07:05 vyos sudo[2248]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c /usr/sbin/vyshim /usr/libexec/vyos/conf_mode/vrrp.py
Oct 06 01:07:05 vyos sudo[2248]: pam_unix(sudo:session): session opened for user root by vyos(uid=0)
Oct 06 01:07:05 vyos vyos-configd[583]: Received message: {"type": "init"}
Oct 06 01:07:05 vyos vyos-configd[583]: config session pid is 1945
Oct 06 01:07:05 vyos vyos-configd[583]: Received message: {"type": "node", "data": "/usr/libexec/vyos/conf_mode/vrrp.py"}
Oct 06 01:07:05 vyos vyos-configd[583]: 'group'
Oct 06 01:07:05 vyos vyos-configd[583]: Sending response 4
Oct 06 01:07:05 vyos python3[2254]: Report time:      2022-10-06 01:07:05
Oct 06 01:07:05 vyos python3[2254]: Image version:    VyOS 1.3.2
Oct 06 01:07:05 vyos python3[2254]: Release train:    equuleus
Oct 06 01:07:05 vyos python3[2254]: Built by:         Sentrium S.L.
Oct 06 01:07:05 vyos python3[2254]: Built on:         Mon 05 Sep 2022 09:23 UTC
Oct 06 01:07:05 vyos python3[2254]: Build UUID:       1ceaab3a-4f4e-4692-b551-7c05e1da0a77
Oct 06 01:07:05 vyos python3[2254]: Build commit ID:  7ce86511888635
Oct 06 01:07:05 vyos Architecture[2254]:     x86_64
Oct 06 01:07:05 vyos python3[2254]: Boot via:         installed image
Oct 06 01:07:05 vyos python3[2254]: System type:      Microsoft Hyper-V guest
Oct 06 01:07:05 vyos python3[2254]: Hardware vendor:  Microsoft Corporation
Oct 06 01:07:05 vyos python3[2254]: Hardware model:   Virtual Machine
Oct 06 01:07:05 vyos python3[2254]: Hardware S/N:     1551-0148-9191-0402-1082-0951-46
Oct 06 01:07:05 vyos python3[2254]: Hardware UUID:    8bd03b74-548b-5a40-bdd9-cd4141dc3ee7
Oct 06 01:07:05 vyos python3[2254]: Traceback (most recent call last):
Oct 06 01:07:05 vyos python3[2254]:   File "/usr/libexec/vyos/conf_mode/vrrp.py", line 161, in <module>
Oct 06 01:07:05 vyos python3[2254]:     verify(c)
Oct 06 01:07:05 vyos python3[2254]:   File "/usr/libexec/vyos/conf_mode/vrrp.py", line 133, in verify
Oct 06 01:07:05 vyos python3[2254]:     if member not in vrrp['group']:
Oct 06 01:07:05 vyos KeyError[2254]: 'group'
Oct 06 01:07:05 vyos sudo[2248]: pam_unix(sudo:session): session closed for user root
Oct 06 01:07:06 vyos sudo[2275]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c /usr/sbin/vyshim /usr/libexec/vyos/conf_mode/conntrack_sync.py
Oct 06 01:07:06 vyos sudo[2275]: pam_unix(sudo:session): session opened for user root by vyos(uid=0)
Oct 06 01:07:06 vyos vyos-configd[583]: Received message: {"type": "node", "data": "/usr/libexec/vyos/conf_mode/conntrack_sync.py"}
Oct 06 01:07:06 vyos vyos-configd[583]: Sending response 8
Oct 06 01:07:06 vyos python3[2283]: Report time:      2022-10-06 01:07:06
Oct 06 01:07:06 vyos python3[2283]: Image version:    VyOS 1.3.2
Oct 06 01:07:06 vyos python3[2283]: Release train:    equuleus
Oct 06 01:07:06 vyos python3[2283]: Built by:         Sentrium S.L.
Oct 06 01:07:06 vyos python3[2283]: Built on:         Mon 05 Sep 2022 09:23 UTC
Oct 06 01:07:06 vyos python3[2283]: Build UUID:       1ceaab3a-4f4e-4692-b551-7c05e1da0a77
Oct 06 01:07:06 vyos python3[2283]: Build commit ID:  7ce86511888635
Oct 06 01:07:06 vyos Architecture[2283]:     x86_64
Oct 06 01:07:06 vyos python3[2283]: Boot via:         installed image
Oct 06 01:07:06 vyos python3[2283]: System type:      Microsoft Hyper-V guest
Oct 06 01:07:06 vyos python3[2283]: Hardware vendor:  Microsoft Corporation
Oct 06 01:07:06 vyos python3[2283]: Hardware model:   Virtual Machine
Oct 06 01:07:06 vyos python3[2283]: Hardware S/N:     1551-0148-9191-0402-1082-0951-46
Oct 06 01:07:06 vyos python3[2283]: Hardware UUID:    8bd03b74-548b-5a40-bdd9-cd4141dc3ee7
Oct 06 01:07:06 vyos python3[2283]: Traceback (most recent call last):
Oct 06 01:07:06 vyos python3[2283]:   File "/usr/libexec/vyos/conf_mode/vrrp.py", line 161, in <module>
Oct 06 01:07:06 vyos python3[2283]:     verify(c)
Oct 06 01:07:06 vyos python3[2283]:   File "/usr/libexec/vyos/conf_mode/vrrp.py", line 133, in verify
Oct 06 01:07:06 vyos python3[2283]:     if member not in vrrp['group']:
Oct 06 01:07:06 vyos KeyError[2283]: 'group'
Oct 06 01:07:06 vyos systemd[1]: Starting Conntrack Daemon...
Oct 06 01:07:06 vyos conntrackd[2295]: [Thu Oct  6 01:07:06 2022] (pid=2295) [ERROR] parsing config file in line (9), symbol '[': syntax error
Oct 06 01:07:06 vyos systemd[1]: conntrackd.service: Main process exited, code=exited, status=1/FAILURE
Oct 06 01:07:06 vyos systemd[1]: conntrackd.service: Failed with result 'exit-code'.
Oct 06 01:07:06 vyos systemd[1]: Failed to start Conntrack Daemon.
Oct 06 01:07:06 vyos sudo[2275]: pam_unix(sudo:session): session closed for user root
Oct 06 01:07:06 vyos systemd[1523]: opt-vyatta-config-tmp-new_config_1945.mount: Succeeded.
Oct 06 01:07:06 vyos systemd[1]: opt-vyatta-config-tmp-new_config_1945.mount: Succeeded.
Oct 06 01:07:06 vyos systemd[1]: conntrackd.service: Service RestartSec=100ms expired, scheduling restart.
Oct 06 01:07:06 vyos systemd[1]: conntrackd.service: Scheduled restart job, restart counter is at 1.
Oct 06 01:07:06 vyos systemd[1]: Stopped Conntrack Daemon.
Oct 06 01:07:06 vyos systemd[1]: Starting Conntrack Daemon...
Oct 06 01:07:06 vyos conntrackd[2307]: [Thu Oct  6 01:07:06 2022] (pid=2307) [ERROR] parsing config file in line (9), symbol '[': syntax error
Oct 06 01:07:06 vyos systemd[1]: conntrackd.service: Main process exited, code=exited, status=1/FAILURE
Oct 06 01:07:06 vyos systemd[1]: conntrackd.service: Failed with result 'exit-code'.
Oct 06 01:07:06 vyos systemd[1]: Failed to start Conntrack Daemon.
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Service RestartSec=100ms expired, scheduling restart.
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Scheduled restart job, restart counter is at 2.
Oct 06 01:07:07 vyos systemd[1]: Stopped Conntrack Daemon.
Oct 06 01:07:07 vyos systemd[1]: Starting Conntrack Daemon...
Oct 06 01:07:07 vyos conntrackd[2323]: [Thu Oct  6 01:07:07 2022] (pid=2323) [ERROR] parsing config file in line (9), symbol '[': syntax error
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Main process exited, code=exited, status=1/FAILURE
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Failed with result 'exit-code'.
Oct 06 01:07:07 vyos systemd[1]: Failed to start Conntrack Daemon.
Oct 06 01:07:07 vyos sudo[2325]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/mv /tmp/config.boot.2318 /opt/vyatta/etc/config/archive/config.boot
Oct 06 01:07:07 vyos sudo[2325]: pam_unix(sudo:session): session opened for user root by vyos(uid=0)
Oct 06 01:07:07 vyos sudo[2325]: pam_unix(sudo:session): session closed for user root
Oct 06 01:07:07 vyos sudo[2327]:     vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/sbin/logrotate -f -s /opt/vyatta/etc/config/archive/lr.state /opt/vyatta/etc/config/archive/lr.conf
Oct 06 01:07:07 vyos sudo[2327]: pam_unix(sudo:session): session opened for user root by vyos(uid=0)
Oct 06 01:07:07 vyos sudo[2327]: pam_unix(sudo:session): session closed for user root
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Service RestartSec=100ms expired, scheduling restart.
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Scheduled restart job, restart counter is at 3.
Oct 06 01:07:07 vyos systemd[1]: Stopped Conntrack Daemon.
Oct 06 01:07:07 vyos systemd[1]: Starting Conntrack Daemon...
Oct 06 01:07:07 vyos conntrackd[2332]: [Thu Oct  6 01:07:07 2022] (pid=2332) [ERROR] parsing config file in line (9), symbol '[': syntax error
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Main process exited, code=exited, status=1/FAILURE
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Failed with result 'exit-code'.
Oct 06 01:07:07 vyos systemd[1]: Failed to start Conntrack Daemon.
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Service RestartSec=100ms expired, scheduling restart.
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Scheduled restart job, restart counter is at 4.
Oct 06 01:07:07 vyos systemd[1]: Stopped Conntrack Daemon.
Oct 06 01:07:07 vyos systemd[1]: Starting Conntrack Daemon...
Oct 06 01:07:07 vyos conntrackd[2333]: [Thu Oct  6 01:07:07 2022] (pid=2333) [ERROR] parsing config file in line (9), symbol '[': syntax error
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Main process exited, code=exited, status=1/FAILURE
Oct 06 01:07:07 vyos systemd[1]: conntrackd.service: Failed with result 'exit-code'.
Oct 06 01:07:07 vyos systemd[1]: Failed to start Conntrack Daemon.
Oct 06 01:07:08 vyos systemd[1]: conntrackd.service: Service RestartSec=100ms expired, scheduling restart.
Oct 06 01:07:08 vyos systemd[1]: conntrackd.service: Scheduled restart job, restart counter is at 5.
Oct 06 01:07:08 vyos systemd[1]: Stopped Conntrack Daemon.
Oct 06 01:07:08 vyos systemd[1]: conntrackd.service: Start request repeated too quickly.
Oct 06 01:07:08 vyos systemd[1]: conntrackd.service: Failed with result 'exit-code'.
Oct 06 01:07:08 vyos systemd[1]: Failed to start Conntrack Daemon.

Details

Version
1.3.2
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

Unknown Object (User) created this task.Oct 6 2022, 1:35 AM
Unknown Object (User) triaged this task as High priority.
Unknown Object (User) created this object in space S1 VyOS Public.
pasik subscribed.Oct 6 2022, 7:02 AM
Viacheslav edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).Oct 10 2022, 10:25 AM
Viacheslav changed the task status from Open to Confirmed.Oct 10 2022, 1:25 PM
Viacheslav added a project: VyOS 1.4 Sagitta.
Viacheslav changed the task status from Confirmed to In progress.Oct 10 2022, 1:30 PM
Viacheslav claimed this task.
Viacheslav added a comment.Oct 10 2022, 2:11 PM

PR https://github.com/vyos/vyos-1x/pull/1576

vyos@r14# sudo systemctl status conntrackd
● conntrackd.service - Conntrack Daemon
     Loaded: loaded (/lib/systemd/system/conntrackd.service; disabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/conntrackd.service.d
             └─override.conf
     Active: active (running) since Mon 2022-10-10 16:55:42 EEST; 15min ago
       Docs: man:conntrackd(8)
             man:conntrackd.conf(5)
   Main PID: 19192 (conntrackd)
      Tasks: 1 (limit: 9404)
     Memory: 2.5M
        CPU: 92ms
     CGroup: /system.slice/conntrackd.service
             └─19192 /usr/sbin/conntrackd -C /run/conntrackd/conntrackd.conf
Viacheslav changed the subtype of this task from "Task" to "Bug".Oct 10 2022, 2:11 PM
Restricted Repository Identity mentioned this in rVYOSONEXadc9af198365: Merge pull request #1576 from sever-sever/T4730.Oct 10 2022, 4:35 PM
Viacheslav mentioned this in rVYOSONEX98f4cc81235b: conntrack-sync: T4730: Fix listen-address jinja2 template.Oct 10 2022, 4:35 PM
Viacheslav added a comment.Oct 11 2022, 1:07 PM

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1582

Viacheslav moved this task from Open to Finished on the VyOS 1.4 Sagitta board.Oct 12 2022, 9:47 AM
Restricted Repository Identity mentioned this in rVYOSONEXf54f1387c7e5: Merge pull request #1582 from sever-sever/T4730-eq.Oct 12 2022, 12:10 PM
Viacheslav mentioned this in rVYOSONEX15a649e163fa: conntrack-sync: T4730: Fix listen-address jinja2 template.Oct 12 2022, 12:10 PM
Viacheslav closed this task as Resolved.Oct 12 2022, 12:10 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
dmbaturin mentioned this in 1.3.3.May 19 2023, 1:04 PM