[Kea-users] kea-lfc not using KEA_LOCKFILE_DIR

Razvan Becheriu razvan at isc.org
Tue Jun 11 12:56:40 UTC 2024 

 
Hi, 
  
thank you for your effort on this. you might be right: 
  
in memfile_lease_mgr.cc: 
  
    process_.reset(new ProcessSpawn(ProcessSpawn::ASYNC, executable, args)); 
  
in process_spawn.h: 
  
 
    ProcessSpawn(const SpawnMode mode, 
                 const std::string& executable, 
                 const ProcessArgs& args = ProcessArgs(), 
                 const ProcessEnvVars& vars = ProcessEnvVars(), 
                 const bool inherit_env = false); 
  
so by default the lfc is spawned with empty environment, so unless called explicitly by the service, kea spawns it with empty environment. 
  
this is indeed an issue. 
  
opened issue: 
  
https://gitlab.isc.org/isc-projects/kea/-/issues/3450 
  
Regards, 
Razvan 
   
  
 
 
 
 

-----Original Message-----

From: Martijn <kea-users at lists.isc.org>
To: Kea <kea-users at lists.isc.org>
Cc: Martijn <martijnremmen at icloud.com>
Date: Tuesday, 11 June 2024 2:54 PM EEST
Subject: Re: [Kea-users] kea-lfc not using KEA_LOCKFILE_DIR

Thanks for your replies

@Darren, documentation seems quite sparse regarding this, which is why 
I opted to read through the source code (by searching for the error 
string). This indicated that kea-lfc uses the environment variable, if 
it is set. There seems to be no other way to define this configuration 
for kea-lfc.

@Razvan, this indeed seems to be the issue. Upon reading man sudoers:
> By default, the env_reset flag is enabled. This causes commands to 
be executed with a new, minimal environment.

I did check this before writing, but I might have made a syntax error, 
causing bash to interpret the command in the current context instead of 
inside a forked process.
$ export FOO=bar
$ echo $FOO
bar
$ sudo -u _kea echo $FOO
bar

For the record, the correct command seems to be:
$ sudo -u _kea bash -c 'echo $FOO'

I confirmed kea-lfc to be using the specified location for the logger 
lock like this:

$ sudo -u _kea bash
_kea$ export KEA_LOCKFILE_DIR=/run/lock/kea-VRF039
_kea$ echo $KEA_LOCKFILE_DIR
/run/lock/kea-VRF039
_kea$ kea-lfc ...
(no output, it seems to direct logs to /dev/log)
_kea$ strace !!
...
openat(AT_FDCWD, "/run/lock/kea-VRF039/logger_lockfile", 
O_RDWR|O_CREAT, 0660)
...

Anyways, it is still not clear to me why the environment variable set 
in the systemd unit file isn't coming through to the forked kea-lfc 
process. kea-dhcp4 uses it just fine. And I can confirm the variable 
exists in the context of the process by `cat /proc/{kea PID}/environ`, 
which lists KEA_LOCKFILE_DIR with the correct value.

I guess this could either have to do with similar env_reset behaviour 
for forked processes by systemd managed services or the way kea-dhcp4 
spawns kea-lfc.

I will investigate further. Thank you for your assistance.


Regards,
Martijn


On ma, jun 10 2024 at 20:07:14 +00:00:00, Razvan Becheriu 
<razvan at isc.org> wrote:
> Hi,
> 
> some clarifications:
> the -p command line parameter in lfc executable is referring to the 
> pid file used for lease file operations, while the KEA_LOCKFILE_DIR 
> is used for the lockfile used for logging.
> 
> I have tested your scenario and it seems to be working. I guess the 
> problem on your side is that the exported environment variable is not 
> inherited by the root environment when doing sudo -u ...
> 
> the easiest way to pass the environment variable is to add it just 
> before the executable:
> 
> sudo -u ... KEA_LOCKFILE_DIR=/var/lib/kea-VRF039/ /usr/sbin/kea-lfc 
> -4 ...
> 
> to achieve this using services, please consult the man for options 
> regarding environment variables in the service file.
> 
> I hope this helps.
> 
> Razvan
> 
> 
> 
> 
>> From:Darren <darren.ankney at gmail.com>
>> To:Kea <kea-users at lists.isc.org>
>> Date:Monday, 10 June 2024 10:01 PM EEST
>> Subject:Re: [Kea-users] kea-lfc not using KEA_LOCKFILE_DIR
>> 
>> Hi Martijn,
>> 
>> Looking in the ARM, I only find KEA_LOCKFILE_DIR mentioned here:
>> https://kea.readthedocs.io/en/kea-2.4.1/arm/logging.html#logging-during-kea-startup
>> which pertains only to controlling destination of logging while Kea 
>> is
>> starting up (before it has read the configuration file completely).
>> These environment variables don't seem to have anything to do with
>> `kea-lfc`. Can you point to where you saw that `kea-lfc` should
>> respect these environment variables?
>> 
>> Thank you,
>> Darren Ankney
>> 
>> On Tue, Jun 4, 2024 at 10:43 AM Martijn via Kea-users
>> <kea-users at lists.isc.org> wrote:
>> >
>> > Hi,
>> >
>> > We are currently implementing Kea for a multi tenant/VRF scenario. 
>> We do this by running multiple instances of kea-dhcp4 with a systemd 
>> unit template. Because we have multiple Kea instances running, we 
>> need separate folders for storing PIDs, lock files and configs. So 
>> far, this is working fine. The Kea service is running, establishing 
>> HA session and serving requests.
>> >
>> > We just have a problem with the periodic lease file cleaning 
>> performed by kea-lfc, while the lease file cleanup seems to be 
>> successful. It is logging errors relating to using a lock file for 
>> the logger.
>> >
>> > Jun 04 15:49:27 dhcp-01 kea-dhcp4-VRF039[1395]: INFO 
>> DHCPSRV_MEMFILE_LFC_START starting Lease File Cleanup
>> > Jun 04 15:49:27 dhcp-01 kea-dhcp4-VRF039[1395]: INFO 
>> DHCPSRV_MEMFILE_LFC_EXECUTE executing Lease File Cleanup using: 
>> /usr/sbin/kea-lfc -4 -x /var/lib/kea-VRF039/dhcp4.leases.2 -i 
>> /var/lib/kea-VRF039/dhcp4.leases.1 -o 
>> /var/lib/kea-VRF039/dhcp4.leases.output -f 
>> /var/lib/kea-VRF039/dhcp4.leases.completed -p 
>> /var/lib/kea-VRF039/dhcp4.leases.pid -c ignored-path
>> > Jun 04 15:49:28 dhcp-01 kea-dhcp4-VRF039[2571]: Unable to use 
>> interprocess sync lockfile (No such file or directory): 
>> /var/run/kea/logger_lockfile
>> > Jun 04 15:49:28 dhcp-01 kea-dhcp4-VRF039[2571]: Unable to use 
>> interprocess sync lockfile (No such file or directory): 
>> /var/run/kea/logger_lockfile
>> > ---- 6 more identical messages ----
>> >
>> > I have tried manually running the process with the specified 
>> arguments from the log message and setting the KEA_LOCKFILE_DIR 
>> environment variable. However, kea-lfc still doesn’t seem to use 
>> the environment variable.
>> >
>> > $ export KEA_LOCKFILE_DIR=/run/lock/kea-VRF039
>> > $ echo $KEA_LOCKFILE_DIR
>> > /run/lock/kea-VRF039
>> >
>> > $ sudo -u _kea -g _kea \
>> > /usr/sbin/kea-lfc -4 \
>> > -x /var/lib/kea-VRF039/dhcp4.leases.2 \
>> > -i /var/lib/kea-VRF039/dhcp4.leases.1 \
>> > -o /var/lib/kea-VRF039/dhcp4.leases.output \
>> > -f /var/lib/kea-VRF039/dhcp4.leases.completed \
>> > -p /var/lib/kea-VRF039/dhcp4.leases.pid \
>> > -c ignored-path
>> >
>> > Unable to use interprocess sync lockfile (No such file or 
>> directory): /var/run/kea/logger_lockfile
>> > Unable to use interprocess sync lockfile (No such file or 
>> directory): /var/run/kea/logger_lockfile
>> > Unable to use interprocess sync lockfile (No such file or 
>> directory): /var/run/kea/logger_lockfile
>> > Unable to use interprocess sync lockfile (No such file or 
>> directory): /var/run/kea/logger_lockfile
>> > Unable to use interprocess sync lockfile (No such file or 
>> directory): /var/run/kea/logger_lockfile
>> > Unable to use interprocess sync lockfile (No such file or 
>> directory): /var/run/kea/logger_lockfile
>> > Unable to use interprocess sync lockfile (No such file or 
>> directory): /var/run/kea/logger_lockfile
>> >
>> >
>> > I have read through the code and it seems like the environment 
>> variable should be used. So I am not sure what’s going wrong. I 
>> have found an issue on the nixpkgs GitHub which seems to describe 
>> the same issue (kea-lfc not using KEA_LOCKFILE_DIR) 
>> https://github.com/NixOS/nixpkgs/issues/265826
>> >
>> > Is this a known issue or am I doing something wrong?
>> >
>> > Some additional info:
>> > Distro: Ubuntu 24.04 LTS
>> > Using the package from ubuntu APT sources:
>> > Package: kea-dhcp4-server
>> > Version: 2.4.1-3build3
>> >
>> >
>> > Regards,
>> >
>> > Martijn
>> > --
>> > ISC funds the development of this software with paid support 
>> subscriptions. Contact us at https://www.isc.org/contact/ for more 
>> information.
>> >
>> > To unsubscribe visit 
>> https://lists.isc.org/mailman/listinfo/kea-users.
>> >
>> > Kea-users mailing list
>> > Kea-users at lists.isc.org
>> > https://lists.isc.org/mailman/listinfo/kea-users
>> --
>> ISC funds the development of this software with paid support 
>> subscriptions. Contact us at https://www.isc.org/contact/ for more 
>> information.
>> 
>> To unsubscribe visit 
>> https://lists.isc.org/mailman/listinfo/kea-users.
>> 
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users


-- 
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
Kea-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240611/8589d156/attachment-0001.htm>

More information about the Kea-users mailing list