We have (at least) three different sources for controlling conntrackd daemon state:
- /usr/libexec/vyos/conf_mode/conntrack_sync.py uses systemctl restart conntrackd.service
- /etc/logrotate.d/conntrackd uses invoke-rc.d conntrackd restart that normally is transparently translated to the systemctl command
- /usr/libexec/vyos/vyos-vrrp-conntracksync.sh uses $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
vyos-vrrp-conntracksync.sh try to start the daemon if cannot receive statistics from it, what not always mean that conntrackd is not running. And it uses the wrong path to a configuration. Because of this, in the worst case we may get two daemons running at the same time:
root 7546 0.0 0.2 11776 2584 ? Ss 14:47 0:00 /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d root 7994 1.7 0.7 15680 7256 ? Ss 14:47 0:00 /usr/sbin/conntrackd -C /run/conntrackd/conntrackd.conf
We may analyze the logic - maybe we can avoid starting the conntrackd from vyos-vrrp-conntracksync.sh at all. But the very quick fix for the problem is using the systemctl restart conntrackd.service there, like in other places. Systemd should take care of the rest.