[Kea-users] problem after upgrade from kea 261

Darren Ankney darren.ankney at gmail.com
Sun Dec 15 13:23:06 UTC 2024 

Hi Ralf,

If you install from packages instead of compiling, you are not
intended to use keactl, but rather systemd service files (which are
included) to control the processes.  See here:
https://kb.isc.org/docs/isc-kea-packages#managing-kea-services

Thank you,
Darren Ankney

On Sat, Dec 14, 2024 at 12:19 PM Ralf Figge via Kea-users
<kea-users at lists.isc.org> wrote:
>
> Hi Darren,
>
> Yes, i compile it. But only with make. In the repo i didn´t find keacrtl, so i build it from the source.
> kea-dhcp4,kea-dhcp-ddns and kea-ctrl-agent are from the debian packages, published from isc. You are right, it looks like a problem with apparmor. Journalctl found many deny like this: Dez 14 17:26:10 figge-vm kernel: audit: type=1400 audit(1734193570.893:13453): apparmor="DENIED" operation="mknod" profile="kea-ctrl-agent" name="/run/kea/logger_lockfile" pid=78908 comm="kea-ctrl-agent" requested_mask="c" denied_mask="c" fsuid=115 ouid=115 aa-status say: root at figge-vm:/inst# aa-status apparmor module is loaded. 35 profiles are loaded. 33 profiles are in enforce mode. /usr/bin/evince /usr/bin/evince-previewer /usr/bin/evince-previewer//sanitized_helper /usr/bin/evince-thumbnailer /usr/bin/evince//sanitized_helper /usr/bin/lxc-start /usr/bin/man /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/NetworkManager/nm-dhcp-helper /usr/lib/connman/scripts/dhclient-script /usr/lib/cups/backend/cups-pdf /usr/sbin/cups-browsed /usr/sbin/cupsd /usr/sbin/cupsd//third_party /{,usr/}sbin/dhclient kea-ctrl-agent kea-dhcp-ddns kea-dhcp4 kea-dhcp6 kea-lfc ..... Kea Profils are from November 2023. After a restart, kea-ctrl-agent and kea-dhcp-ddns run, but the dhcp servers not, apparmor say deny. regards Ralf  Am 14.12.2024 um 12:33 schrieb Darren Ankney:
>
> Hi Ralf,
>
> It seems that you compiled from source as I see you using keactrl to
> start the processes?  It also appears that you are root from your
> prompt.  One thing you can try is to execute the commands manually
> that keactrl shows being executed:
>
> /sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
> /sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf
> /sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
>
> But, I encourage you to check apparmor as I suspect that apparmor is
> tripping you up.  Debian 12 does not use plain text logs, so here is
> how you might check for apparmor problems (as root):
>
> journalctl -xe | grep audit | grep DENIED
>
> There are certainly specific switches to get journalctl to find
> exactly what you are after, but the above should work.
>
> A good source of information about apparmor:
> https://wiki.debian.org/AppArmor/HowToUse
>
> Thank you,
> Darren Ankney
>
> On Sat, Dec 14, 2024 at 3:33 AM Ralf Figge via Kea-users
> <kea-users at lists.isc.org> wrote:
>
> Hello,
> i use Debian 12. KEA 2.61 has run very well. I wanted to test some new
> featues from 2.7.5, so i has make an update ..
> After the update, i become follwing errors:
>
> root at figge-vm:/inst# keactrl version
> keactrl: 2.7.5-git
> kea-dhcp4: 2.7.5
> kea-dhcp6: 2.7.5
> kea-dhcp-ddns: 2.7.5
> kea-ctrl-agent: 2.7.5
> root at figge-vm:/inst# keactrl start
> INFO/keactrl: Starting /sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
> INFO/keactrl: Starting /sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf
> INFO/keactrl: Starting /sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
> root at figge-vm:/inst# Unable to use interprocess sync lockfile
> (Permission denied): /var/run/kea/logger_lockfile
> Unable to use interprocess sync lockfile (Permission denied):
> /var/run/kea/logger_lockfile
> Unable to use interprocess sync lockfile (Permission denied):
> /var/run/kea/logger_lockfile
> kea-dhcp4: Fatal error during start up: Unable to open PID file
> '/var/run/kea/kea-dhcp4.kea-dhcp4.pid' for write
> Unable to use interprocess sync lockfile (Permission denied):
> /var/run/kea/logger_lockfile
> Unable to use interprocess sync lockfile (Permission denied):
> /var/run/kea/logger_lockfile
> Service failed: Launch failed: Unable to open PID file
> '/var/run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid' for write
> Unable to use interprocess sync lockfile (Permission denied):
> /var/run/kea/logger_lockfile
> Service failed: Launch failed: Unable to open PID file
> '/var/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid' for write
>
> Have somebody has an idea, what is going  wrong with this update ?
> Starting over keactrl and systemctl does not work.
>
> Regards
> Ralf
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users

More information about the Kea-users mailing list