[Bug 1867410] [NEW] conntrackd started before networking fully brought up

Haw Loeung haw.loeung at canonical.com
Sat Mar 14 03:49:50 UTC 2020 

Public bug reported:

Hi,

We have conntrackd configured to start on an interface bond0.800 (so
VLAN 800). Unfortunately, it fails on startup / boot time but succeeds
post-boot. Looking at the logs, we're seeing this:

| Mar 13 11:18:20 myhost sh[1753]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
| Mar 13 11:18:20 myhost sh[1753]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
| Mar 13 11:18:20 myhost sh[2496]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
| Mar 13 11:18:20 myhost ifup[1793]: /sbin/ifup: waiting for lock on /run/network/ifstate.bond0
| Mar 13 11:18:20 myhost sh[2496]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
| Mar 13 11:18:20 myhost conntrack-tools[1725]: disabling external cache
| Mar 13 11:18:20 myhost conntrack-tools[1725]: can't open channel socket
| Mar 13 11:18:20 myhost conntrack-tools[1725]: initialization failed
| Mar 13 11:18:20 myhost conntrackd[1725]: ERROR: conntrackd cannot start, please check the logfile for more info
| Mar 13 11:18:20 myhost systemd[1]: conntrackd.service: Main process exited, code=exited, status=1/FAILURE
| Mar 13 11:18:20 myhost systemd[1]: Failed to start Conntrack Daemon.
| Mar 13 11:18:20 myhost systemd[1]: conntrackd.service: Unit entered failed state.
| Mar 13 11:18:20 myhost systemd[1]: conntrackd.service: Failed with result 'exit-code'.
| Mar 13 11:18:21 myhost systemd[1]: Started LSB: hpe System Health Monitor and Command line Utility Package..
| Mar 13 11:18:22 myhost sh[2496]: Waiting for DAD... Done
| Mar 13 11:18:22 myhost sh[2483]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
| Mar 13 11:18:22 myhost sh[2483]: message repeated 2 times: [ Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config]
| Mar 13 11:18:24 myhost sh[2483]: Waiting for DAD... Done
| Mar 13 11:18:28 myhost sh[1781]: Waiting for DAD... Done
| Mar 13 11:18:33 myhost systemd[1]: Started Raise network interfaces.

Perhaps it's a race with networking being fully brought up?

The systemd service file also has the following:

| $ cat /lib/systemd/system/conntrackd.service
| [Unit]
| Description=Conntrack Daemon
|
| [Service]
| Type=notify
| EnvironmentFile=-/usr/share/conntrackd/environmentfile
| EnvironmentFile=-/etc/default/conntrackd
| ExecStart=/usr/sbin/conntrackd -C "$CONFIG" $OPTIONS
| ProtectSystem=full
| ProtectHome=true
| #WatchdogSec=60
|
| [Install]
| WantedBy=multi-user.target

I think under '[Unit]', it needs the following to wait for networking to
fully be brought up:

| Wants=network-online.target
| After=network-online.target
| After=time-sync.target

** Affects: conntrack-tools (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: conntrack-tools (Ubuntu Xenial)
     Importance: Undecided
         Status: New

** Affects: conntrack-tools (Ubuntu Focal)
     Importance: Undecided
         Status: New

** Also affects: conntrack-tools (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: conntrack-tools (Ubuntu Xenial)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to conntrack-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1867410

Title:
  conntrackd started before networking fully brought up

Status in conntrack-tools package in Ubuntu:
  New
Status in conntrack-tools source package in Xenial:
  New
Status in conntrack-tools source package in Focal:
  New

Bug description:
  Hi,

  We have conntrackd configured to start on an interface bond0.800 (so
  VLAN 800). Unfortunately, it fails on startup / boot time but succeeds
  post-boot. Looking at the logs, we're seeing this:

  | Mar 13 11:18:20 myhost sh[1753]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
  | Mar 13 11:18:20 myhost sh[1753]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
  | Mar 13 11:18:20 myhost sh[2496]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
  | Mar 13 11:18:20 myhost ifup[1793]: /sbin/ifup: waiting for lock on /run/network/ifstate.bond0
  | Mar 13 11:18:20 myhost sh[2496]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
  | Mar 13 11:18:20 myhost conntrack-tools[1725]: disabling external cache
  | Mar 13 11:18:20 myhost conntrack-tools[1725]: can't open channel socket
  | Mar 13 11:18:20 myhost conntrack-tools[1725]: initialization failed
  | Mar 13 11:18:20 myhost conntrackd[1725]: ERROR: conntrackd cannot start, please check the logfile for more info
  | Mar 13 11:18:20 myhost systemd[1]: conntrackd.service: Main process exited, code=exited, status=1/FAILURE
  | Mar 13 11:18:20 myhost systemd[1]: Failed to start Conntrack Daemon.
  | Mar 13 11:18:20 myhost systemd[1]: conntrackd.service: Unit entered failed state.
  | Mar 13 11:18:20 myhost systemd[1]: conntrackd.service: Failed with result 'exit-code'.
  | Mar 13 11:18:21 myhost systemd[1]: Started LSB: hpe System Health Monitor and Command line Utility Package..
  | Mar 13 11:18:22 myhost sh[2496]: Waiting for DAD... Done
  | Mar 13 11:18:22 myhost sh[2483]: Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
  | Mar 13 11:18:22 myhost sh[2483]: message repeated 2 times: [ Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config]
  | Mar 13 11:18:24 myhost sh[2483]: Waiting for DAD... Done
  | Mar 13 11:18:28 myhost sh[1781]: Waiting for DAD... Done
  | Mar 13 11:18:33 myhost systemd[1]: Started Raise network interfaces.

  Perhaps it's a race with networking being fully brought up?

  The systemd service file also has the following:

  | $ cat /lib/systemd/system/conntrackd.service
  | [Unit]
  | Description=Conntrack Daemon
  |
  | [Service]
  | Type=notify
  | EnvironmentFile=-/usr/share/conntrackd/environmentfile
  | EnvironmentFile=-/etc/default/conntrackd
  | ExecStart=/usr/sbin/conntrackd -C "$CONFIG" $OPTIONS
  | ProtectSystem=full
  | ProtectHome=true
  | #WatchdogSec=60
  |
  | [Install]
  | WantedBy=multi-user.target

  I think under '[Unit]', it needs the following to wait for networking
  to fully be brought up:

  | Wants=network-online.target
  | After=network-online.target
  | After=time-sync.target

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/conntrack-tools/+bug/1867410/+subscriptions

More information about the foundations-bugs mailing list