Page MenuHomeVyOS Platform
Create Task
Maniphest T5439

Upgrade to FRR version 9.0 added new daemons which must be adjusted
Closed, ResolvedPublicBUG
Actions

Description

https://vyos.dev/T5415 upgraded FRR to version 9.0 in VyOS 1.4-rolling.

This is causing a new daemon named mgmtd to be started who then listens at TCP2622 on ALL interfaces:

root@vyos:/home/vyos# netstat -atunp | grep -i mgmtd
tcp        0      0 0.0.0.0:2622            0.0.0.0:*               LISTEN      907/mgmtd           
tcp6       0      0 :::2622                 :::*                    LISTEN      907/mgmtd

The above is caused by missing entries in daemons-file used by FRR:

vyos@vyos:~$ ps auxwww | grep -i mgmtd
root         867  0.0  0.0   8556  3256 ?        S<s  13:19   0:00 /usr/lib/frr/watchfrr -d -F traditional zebra mgmtd bgpd ripd ripngd ospfd ospf6d isisd babeld ldpd eigrpd staticd bfdd
frr          907  0.0  0.0  10096  6380 ?        S<s  13:19   0:00 /usr/lib/frr/mgmtd -d -F traditional

More information about mgmtd:

https://docs.frrouting.org/en/latest/mgmtd.html

Most likely following files needs to be updated (if not more):

  • /usr/lib/python3/dist-packages/vyos/frr.py (example: variable _frr_daemons).
  • /usr/share/vyos/templates/frr/daemons.frr.tmpl

Current master of deamons default at FRR repo:

https://github.com/FRRouting/frr/blob/master/tools/etc/frr/daemons

Suggestion for daemons.frr.tmpl (did not account for additional settings which might need to be put into this file according to the above default from FRR repo):

zebra=yes
bgpd=yes
ospfd=yes
ospf6d=yes
ripd=yes
ripngd=yes
isisd=yes
pimd=no
ldpd=yes
nhrpd=no
eigrpd=yes
babeld=yes
sharpd=no
pbrd=no
bfdd=yes
staticd=yes
mgmtd=yes

vtysh_enable=yes
zebra_options="-s 90000000 --daemon -A 127.0.0.1
{%- if irdp is defined %} -M irdp{% endif -%}
{%- if snmp is defined and snmp.zebra is defined %} -M snmp{% endif -%}
"
bgpd_options="--daemon -A 127.0.0.1
{%- if bmp is defined %} -M bmp{% endif -%}
{%- if snmp is defined and snmp.bgpd is defined %} -M snmp{% endif -%}
"
ospfd_options="--daemon -A 127.0.0.1
{%- if snmp is defined and snmp.ospfd is defined %} -M snmp{% endif -%}
"
ospf6d_options="--daemon -A ::1
{%- if snmp is defined and snmp.ospf6d is defined %} -M snmp{% endif -%}
"
ripd_options="--daemon -A 127.0.0.1
{%- if snmp is defined and snmp.ripd is defined %} -M snmp{% endif -%}
"
ripngd_options="--daemon -A ::1"
isisd_options="--daemon -A 127.0.0.1
{%- if snmp is defined and snmp.isisd is defined %} -M snmp{% endif -%}
"
pimd_options="--daemon -A 127.0.0.1"
ldpd_options="--daemon -A 127.0.0.1
{%- if snmp is defined and snmp.ldpd is defined %} -M snmp{% endif -%}
"
nhrpd_options="--daemon -A 127.0.0.1"
eigrpd_options="--daemon -A 127.0.0.1"
babeld_options="--daemon -A 127.0.0.1"
sharpd_options="--daemon -A 127.0.0.1"
pbrd_options="--daemon -A 127.0.0.1"
bfdd_options="--daemon -A 127.0.0.1"
staticd_options="--daemon -A 127.0.0.1"
mgmtd_options="--daemon -A 127.0.0.1"

watchfrr_enable=no                   
valgrind_enable=no

Bonus: Isnt "watchfrr_enable=no" incorrect?

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.4-rolling-202308040317
Why the issue appeared?
Other
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

Apachez created this task.Aug 4 2023, 11:42 AM

Note, if mgmtd is of no use in VyOS then the preferred is to have it disabled all together (after updating daemons.tmpl in case it gets enabled in future).

c-po added a subscriber: c-po.Aug 5 2023, 6:20 AM

FRR mgmtd can not be disabled.

Fixed in

c-po added a comment.Aug 5 2023, 6:21 AM

Also watchfrr was disabled some time ago as FRR process handling was moved to systemd.

Closing this

c-po closed this task as Resolved.Aug 5 2023, 6:22 AM
c-po claimed this task.
c-po triaged this task as High priority.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Why the issue appeared? from Will be filled on close to Other.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.