diff options
author | zsdc <taras@vyos.io> | 2023-10-04 01:57:33 +0300 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2023-10-14 06:57:06 +0000 |
commit | 6cb00c9a7eb7de811e4a5f13d608062fb8e3b5e7 (patch) | |
tree | 10a308de02fdcc77a3dc01820b5723a105fe9daa /src/migration-scripts/openconnect | |
parent | 688bde775690a2f3c6d6038b122d14c3d9efa95c (diff) | |
download | vyos-1x-6cb00c9a7eb7de811e4a5f13d608062fb8e3b5e7.tar.gz vyos-1x-6cb00c9a7eb7de811e4a5f13d608062fb8e3b5e7.zip |
pmacct: T5232: Fixed pmacct service control via systemctl
pmacct daemons have one very important specific - they handle control signals in
the same loop as packets. And packets waiting is blocking operation.
Because of this, when systemctl sends SIGTERM to uacctd, this signal has no
effect until uacct receives at least one packet via nflog. In some cases, this
leads to a 90-second timeout, sending SIGKILL, and improperly finished tasks.
As a result, a working folder is not cleaned properly.
This commit contains several changes to fix service issues:
- add a new nftables table for pmacct with a single rule to get the ability to
send a packet to nflog and unlock uacctd
- remove PID file options from the uacctd and a systemd service file. Systemd
can detect proper PID, and PIDfile is created by uacctd too late, which leads
to extra errors in systemd logs
- KillMode changed to mixed. Without this, SIGTERM is sent to all plugins and
the core process exits with status 1 because it loses connection to plugins too
early. As a result, we have errors in logs, and the systemd service is in a
failed state.
- added logging to uacctd
- systemctl service modified to send packets to specific address during a service
stop which unlocks uacctd and allows systemctl to finish its work properly
(cherry picked from commit e364e9813b6833f6b108e7177ef7ea2d9e7bac33)
Diffstat (limited to 'src/migration-scripts/openconnect')
0 files changed, 0 insertions, 0 deletions