Page MenuHomeVyOS Platform
Create Task
Maniphest T6163

kea-dhcp4-server crashes due to incorrect lease file permissions after 1.5-rolling-202403120022 -> 1.5-rolling-202403230018 upgrade
Closed, ResolvedPublicBUG
Actions

Description

After I upgraded to the 1.5-rolling-202403230018 release (from 1.5-rolling-202403120022), Kea's dhcpv4 lease file /config/dhcp/dhcp4-leases.csv was owned by the wrong user, causing the service to fail to start. During the upgrade, I chose to preserve the current configuration.

Mar 23 12:33:17 vyos kea-dhcp4[3984]: 2024-03-23 12:33:17.849 ERROR [kea-dhcp4.dhcp4/3984.140361842567616] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /run/kea/kea-dhcp4.conf, reason: Unable to open database: unable to open '/config/dhcp/dhcp4-leases.csv.2'
Mar 23 12:33:17 vyos kea-dhcp4[3984]: 2024-03-23 12:33:17.849 ERROR [kea-dhcp4.dhcp4/3984.140361842567616] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/run/kea/kea-dhcp4.conf': Unable to open database: unable to open '/config/dhcp/dhcp4-leases.csv.2'

The ownership looks like this:

-rw-r--r-- 1 arpwatch vyattacfg  276 Mar 23 12:31 dhcp4-leases.csv
-rw-r--r-- 1 arpwatch vyattacfg 3724 Mar 23 12:31 dhcp4-leases.csv.2

I believe the issue is that the UIDs are off by one, compared to what they were before. On the 1.5-rolling-202403230018 update, we have:

chenxiaolong@vyos:~$ cat /usr/lib/live/mount/rootfs/1.5-rolling-202403230018.squashfs/etc/passwd  | grep -e _kea -e arpwatch
_kea:x:107:114:Kea DHCP User,,,:/var/lib/kea:/bin/false
arpwatch:x:108:115:ARP Watcher,,,:/var/lib/arpwatch:/bin/sh

On the previous 1.5-rolling-202403120022 release, we have:

chenxiaolong@vyos:~$ sudo mount -o ro /usr/lib/live/mount/persistence/boot/1.5-rolling-202403120022/1.5-rolling-202403120022.squashfs /mnt
chenxiaolong@vyos:~$ cat /mnt/etc/passwd | grep -e _kea -e arpwatch
_kea:x:108:114:Kea DHCP User,,,:/var/lib/kea:/bin/false
arpwatch:x:109:115:ARP Watcher,,,:/var/lib/arpwatch:/bin/sh

_keas previous UID of 108 is now 107, and 108 is instead arpwatch.

Manually running chown _kea on the files fixed the problem. Would it be possible to have VyOS chown the relevant files on boot?

Details

Difficulty level
Unknown (require assessment)
Version
1.5-rolling-202403230018
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Package upgrade

Related Objects

Event Timeline

chenxiaolong created this task.Mar 23 2024, 5:28 PM
chenxiaolong updated the task description. (Show Details)Mar 23 2024, 5:30 PM
pasik added a subscriber: pasik.Mar 23 2024, 6:29 PM
Viacheslav assigned this task to sarthurdev.Sun, Mar 31, 11:08 AM
Viacheslav triaged this task as High priority.
lucasec added a subscriber: lucasec.Tue, Apr 2, 3:32 AM
sarthurdev changed the task status from Open to Confirmed.Sun, Apr 7, 6:11 PM
sarthurdev merged a task: T6137: dhcp files and directory permission not correct after image uprgading .Sun, Apr 7, 6:17 PM
sarthurdev added subscribers: opswill, dmbaturin, Ironeagle.
sarthurdev changed the task status from Confirmed to Needs testing.Sun, Apr 7, 8:14 PM
sarthurdev moved this task from Need Triage to In Progress on the VyOS 1.5 Circinus board.

PR: https://github.com/vyos/vyos-1x/pull/3277

chenxiaolong added a comment.Sat, Apr 13, 6:06 PM

Thanks for the quick fix! I intentionally messed with the file ownership and can confirm that VyOS 1.5-rolling-202404130016 will correct them to the proper values.

sarthurdev closed this task as Resolved.Mon, Apr 15, 2:48 PM
sarthurdev moved this task from In Progress to Finished on the VyOS 1.5 Circinus board.