Page MenuHomeVyOS Platform

kea-dhcp4-server crashes due to incorrect lease file permissions after 1.5-rolling-202403120022 -> 1.5-rolling-202403230018 upgrade
Needs testing, HighPublicBUG

Description

After I upgraded to the 1.5-rolling-202403230018 release (from 1.5-rolling-202403120022), Kea's dhcpv4 lease file /config/dhcp/dhcp4-leases.csv was owned by the wrong user, causing the service to fail to start. During the upgrade, I chose to preserve the current configuration.

Mar 23 12:33:17 vyos kea-dhcp4[3984]: 2024-03-23 12:33:17.849 ERROR [kea-dhcp4.dhcp4/3984.140361842567616] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /run/kea/kea-dhcp4.conf, reason: Unable to open database: unable to open '/config/dhcp/dhcp4-leases.csv.2'
Mar 23 12:33:17 vyos kea-dhcp4[3984]: 2024-03-23 12:33:17.849 ERROR [kea-dhcp4.dhcp4/3984.140361842567616] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/run/kea/kea-dhcp4.conf': Unable to open database: unable to open '/config/dhcp/dhcp4-leases.csv.2'

The ownership looks like this:

-rw-r--r-- 1 arpwatch vyattacfg  276 Mar 23 12:31 dhcp4-leases.csv
-rw-r--r-- 1 arpwatch vyattacfg 3724 Mar 23 12:31 dhcp4-leases.csv.2

I believe the issue is that the UIDs are off by one, compared to what they were before. On the 1.5-rolling-202403230018 update, we have:

chenxiaolong@vyos:~$ cat /usr/lib/live/mount/rootfs/1.5-rolling-202403230018.squashfs/etc/passwd  | grep -e _kea -e arpwatch
_kea:x:107:114:Kea DHCP User,,,:/var/lib/kea:/bin/false
arpwatch:x:108:115:ARP Watcher,,,:/var/lib/arpwatch:/bin/sh

On the previous 1.5-rolling-202403120022 release, we have:

chenxiaolong@vyos:~$ sudo mount -o ro /usr/lib/live/mount/persistence/boot/1.5-rolling-202403120022/1.5-rolling-202403120022.squashfs /mnt
chenxiaolong@vyos:~$ cat /mnt/etc/passwd | grep -e _kea -e arpwatch
_kea:x:108:114:Kea DHCP User,,,:/var/lib/kea:/bin/false
arpwatch:x:109:115:ARP Watcher,,,:/var/lib/arpwatch:/bin/sh

_keas previous UID of 108 is now 107, and 108 is instead arpwatch.

Manually running chown _kea on the files fixed the problem. Would it be possible to have VyOS chown the relevant files on boot?

Details

Difficulty level
Unknown (require assessment)
Version
1.5-rolling-202403230018
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Package upgrade