Hi Darren,
Yes, i compile it. But only with make. In the repo i didn´t find
keacrtl, so i build it from the source.
kea-dhcp4,kea-dhcp-ddns and kea-ctrl-agent are from the debian packages,
published from isc. You are right, it looks like a problem with
apparmor. Journalctl found many deny like this: Dez 14 17:26:10 figge-vm
kernel: audit: type=1400 audit(1734193570.893:13453): apparmor="DENIED"
operation="mknod" profile="kea-ctrl-agent"
name="/run/kea/logger_lockfile" pid=78908 comm="kea-ctrl-agent"
requested_mask="c" denied_mask="c" fsuid=115 ouid=115 aa-status say:
root@figge-vm:/inst# aa-status apparmor module is loaded. 35 profiles
are loaded. 33 profiles are in enforce mode. /usr/bin/evince
/usr/bin/evince-previewer /usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer /usr/bin/evince//sanitized_helper
/usr/bin/lxc-start /usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script /usr/lib/cups/backend/cups-pdf
/usr/sbin/cups-browsed /usr/sbin/cupsd /usr/sbin/cupsd//third_party
/{,usr/}sbin/dhclient kea-ctrl-agent kea-dhcp-ddns kea-dhcp4 kea-dhcp6
kea-lfc ..... Kea Profils are from November 2023. After a restart,
kea-ctrl-agent and kea-dhcp-ddns run, but the dhcp servers not, apparmor
say deny. regards Ralf Am 14.12.2024 um 12:33 schrieb Darren Ankney:
Hi Ralf,
It seems that you compiled from source as I see you using keactrl to
start the processes? It also appears that you are root from your
prompt. One thing you can try is to execute the commands manually
that keactrl shows being executed:
/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
/sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf
/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
But, I encourage you to check apparmor as I suspect that apparmor is
tripping you up. Debian 12 does not use plain text logs, so here is
how you might check for apparmor problems (as root):
journalctl -xe | grep audit | grep DENIED
There are certainly specific switches to get journalctl to find
exactly what you are after, but the above should work.
A good source of information about apparmor:
https://wiki.debian.org/AppArmor/HowToUse
Thank you,
Darren Ankney
On Sat, Dec 14, 2024 at 3:33 AM Ralf Figge via Kea-users
<kea-users@lists.isc.org> wrote:
Hello,
i use Debian 12. KEA 2.61 has run very well. I wanted to test some new
featues from 2.7.5, so i has make an update ..
After the update, i become follwing errors:
root@figge-vm:/inst# keactrl version
keactrl: 2.7.5-git
kea-dhcp4: 2.7.5
kea-dhcp6: 2.7.5
kea-dhcp-ddns: 2.7.5
kea-ctrl-agent: 2.7.5
root@figge-vm:/inst# keactrl start
INFO/keactrl: Starting /sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
INFO/keactrl: Starting /sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf
INFO/keactrl: Starting /sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
root@figge-vm:/inst# Unable to use interprocess sync lockfile
(Permission denied): /var/run/kea/logger_lockfile
Unable to use interprocess sync lockfile (Permission denied):
/var/run/kea/logger_lockfile
Unable to use interprocess sync lockfile (Permission denied):
/var/run/kea/logger_lockfile
kea-dhcp4: Fatal error during start up: Unable to open PID file
'/var/run/kea/kea-dhcp4.kea-dhcp4.pid' for write
Unable to use interprocess sync lockfile (Permission denied):
/var/run/kea/logger_lockfile
Unable to use interprocess sync lockfile (Permission denied):
/var/run/kea/logger_lockfile
Service failed: Launch failed: Unable to open PID file
'/var/run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid' for write
Unable to use interprocess sync lockfile (Permission denied):
/var/run/kea/logger_lockfile
Service failed: Launch failed: Unable to open PID file
'/var/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid' for write
Have somebody has an idea, what is going wrong with this update ?
Starting over keactrl and systemctl does not work.
Regards
Ralf
--
ISC funds the development of this software with paid support subscriptions.
Contact us athttps://www.isc.org/contact/ for more information.
To unsubscribe visithttps://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
