Hi, thank you for your effort on this. you might be right: in memfile_lease_mgr.cc: process_.reset(new ProcessSpawn(ProcessSpawn::ASYNC, executable, args)); in process_spawn.h: ProcessSpawn(const SpawnMode mode, const std::string& executable, const ProcessArgs& args = ProcessArgs(), const ProcessEnvVars& vars = ProcessEnvVars(), const bool inherit_env = false); so by default the lfc is spawned with empty environment, so unless called explicitly by the service, kea spawns it with empty environment. this is indeed an issue. opened issue: https://gitlab.isc.org/isc-projects/kea/-/issues/3450 Regards, Razvan
-----Original Message----- From: Martijn <[email protected]> To: Kea <[email protected]> Cc: Martijn <[email protected]> Date: Tuesday, 11 June 2024 2:54 PM EEST Subject: Re: [Kea-users] kea-lfc not using KEA_LOCKFILE_DIR Thanks for your replies @Darren, documentation seems quite sparse regarding this, which is why I opted to read through the source code (by searching for the error string). This indicated that kea-lfc uses the environment variable, if it is set. There seems to be no other way to define this configuration for kea-lfc. @Razvan, this indeed seems to be the issue. Upon reading man sudoers: > By default, the env_reset flag is enabled. This causes commands to be executed with a new, minimal environment. I did check this before writing, but I might have made a syntax error, causing bash to interpret the command in the current context instead of inside a forked process. $ export FOO=bar $ echo $FOO bar $ sudo -u _kea echo $FOO bar For the record, the correct command seems to be: $ sudo -u _kea bash -c 'echo $FOO' I confirmed kea-lfc to be using the specified location for the logger lock like this: $ sudo -u _kea bash _kea$ export KEA_LOCKFILE_DIR=/run/lock/kea-VRF039 _kea$ echo $KEA_LOCKFILE_DIR /run/lock/kea-VRF039 _kea$ kea-lfc ... (no output, it seems to direct logs to /dev/log) _kea$ strace !! ... openat(AT_FDCWD, "/run/lock/kea-VRF039/logger_lockfile", O_RDWR|O_CREAT, 0660) ... Anyways, it is still not clear to me why the environment variable set in the systemd unit file isn't coming through to the forked kea-lfc process. kea-dhcp4 uses it just fine. And I can confirm the variable exists in the context of the process by `cat /proc/{kea PID}/environ`, which lists KEA_LOCKFILE_DIR with the correct value. I guess this could either have to do with similar env_reset behaviour for forked processes by systemd managed services or the way kea-dhcp4 spawns kea-lfc. I will investigate further. Thank you for your assistance. Regards, Martijn On ma, jun 10 2024 at 20:07:14 +00:00:00, Razvan Becheriu <[email protected]> wrote: > Hi, > > some clarifications: > the -p command line parameter in lfc executable is referring to the > pid file used for lease file operations, while the KEA_LOCKFILE_DIR > is used for the lockfile used for logging. > > I have tested your scenario and it seems to be working. I guess the > problem on your side is that the exported environment variable is not > inherited by the root environment when doing sudo -u ... > > the easiest way to pass the environment variable is to add it just > before the executable: > > sudo -u ... KEA_LOCKFILE_DIR=/var/lib/kea-VRF039/ /usr/sbin/kea-lfc > -4 ... > > to achieve this using services, please consult the man for options > regarding environment variables in the service file. > > I hope this helps. > > Razvan > > > > >> From:Darren <[email protected]> >> To:Kea <[email protected]> >> Date:Monday, 10 June 2024 10:01 PM EEST >> Subject:Re: [Kea-users] kea-lfc not using KEA_LOCKFILE_DIR >> >> Hi Martijn, >> >> Looking in the ARM, I only find KEA_LOCKFILE_DIR mentioned here: >> https://kea.readthedocs.io/en/kea-2.4.1/arm/logging.html#logging-during-kea-startup >> which pertains only to controlling destination of logging while Kea >> is >> starting up (before it has read the configuration file completely). >> These environment variables don't seem to have anything to do with >> `kea-lfc`. Can you point to where you saw that `kea-lfc` should >> respect these environment variables? >> >> Thank you, >> Darren Ankney >> >> On Tue, Jun 4, 2024 at 10:43 AM Martijn via Kea-users >> <[email protected]> wrote: >> > >> > Hi, >> > >> > We are currently implementing Kea for a multi tenant/VRF scenario. >> We do this by running multiple instances of kea-dhcp4 with a systemd >> unit template. Because we have multiple Kea instances running, we >> need separate folders for storing PIDs, lock files and configs. So >> far, this is working fine. The Kea service is running, establishing >> HA session and serving requests. >> > >> > We just have a problem with the periodic lease file cleaning >> performed by kea-lfc, while the lease file cleanup seems to be >> successful. It is logging errors relating to using a lock file for >> the logger. >> > >> > Jun 04 15:49:27 dhcp-01 kea-dhcp4-VRF039[1395]: INFO >> DHCPSRV_MEMFILE_LFC_START starting Lease File Cleanup >> > Jun 04 15:49:27 dhcp-01 kea-dhcp4-VRF039[1395]: INFO >> DHCPSRV_MEMFILE_LFC_EXECUTE executing Lease File Cleanup using: >> /usr/sbin/kea-lfc -4 -x /var/lib/kea-VRF039/dhcp4.leases.2 -i >> /var/lib/kea-VRF039/dhcp4.leases.1 -o >> /var/lib/kea-VRF039/dhcp4.leases.output -f >> /var/lib/kea-VRF039/dhcp4.leases.completed -p >> /var/lib/kea-VRF039/dhcp4.leases.pid -c ignored-path >> > Jun 04 15:49:28 dhcp-01 kea-dhcp4-VRF039[2571]: Unable to use >> interprocess sync lockfile (No such file or directory): >> /var/run/kea/logger_lockfile >> > Jun 04 15:49:28 dhcp-01 kea-dhcp4-VRF039[2571]: Unable to use >> interprocess sync lockfile (No such file or directory): >> /var/run/kea/logger_lockfile >> > ---- 6 more identical messages ---- >> > >> > I have tried manually running the process with the specified >> arguments from the log message and setting the KEA_LOCKFILE_DIR >> environment variable. However, kea-lfc still doesn’t seem to use >> the environment variable. >> > >> > $ export KEA_LOCKFILE_DIR=/run/lock/kea-VRF039 >> > $ echo $KEA_LOCKFILE_DIR >> > /run/lock/kea-VRF039 >> > >> > $ sudo -u _kea -g _kea \ >> > /usr/sbin/kea-lfc -4 \ >> > -x /var/lib/kea-VRF039/dhcp4.leases.2 \ >> > -i /var/lib/kea-VRF039/dhcp4.leases.1 \ >> > -o /var/lib/kea-VRF039/dhcp4.leases.output \ >> > -f /var/lib/kea-VRF039/dhcp4.leases.completed \ >> > -p /var/lib/kea-VRF039/dhcp4.leases.pid \ >> > -c ignored-path >> > >> > Unable to use interprocess sync lockfile (No such file or >> directory): /var/run/kea/logger_lockfile >> > Unable to use interprocess sync lockfile (No such file or >> directory): /var/run/kea/logger_lockfile >> > Unable to use interprocess sync lockfile (No such file or >> directory): /var/run/kea/logger_lockfile >> > Unable to use interprocess sync lockfile (No such file or >> directory): /var/run/kea/logger_lockfile >> > Unable to use interprocess sync lockfile (No such file or >> directory): /var/run/kea/logger_lockfile >> > Unable to use interprocess sync lockfile (No such file or >> directory): /var/run/kea/logger_lockfile >> > Unable to use interprocess sync lockfile (No such file or >> directory): /var/run/kea/logger_lockfile >> > >> > >> > I have read through the code and it seems like the environment >> variable should be used. So I am not sure what’s going wrong. I >> have found an issue on the nixpkgs GitHub which seems to describe >> the same issue (kea-lfc not using KEA_LOCKFILE_DIR) >> https://github.com/NixOS/nixpkgs/issues/265826 >> > >> > Is this a known issue or am I doing something wrong? >> > >> > Some additional info: >> > Distro: Ubuntu 24.04 LTS >> > Using the package from ubuntu APT sources: >> > Package: kea-dhcp4-server >> > Version: 2.4.1-3build3 >> > >> > >> > Regards, >> > >> > Martijn >> > -- >> > ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >> > >> > To unsubscribe visit >> https://lists.isc.org/mailman/listinfo/kea-users. >> > >> > Kea-users mailing list >> > [email protected] >> > https://lists.isc.org/mailman/listinfo/kea-users >> -- >> ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >> >> To unsubscribe visit >> https://lists.isc.org/mailman/listinfo/kea-users. >> >> Kea-users mailing list >> [email protected] >> https://lists.isc.org/mailman/listinfo/kea-users -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
