NRPE Charm

NRPE charm creates conntrack check for LXD units

Bug #1659728 reported by Xav Paice on 2017-01-27

This bug report is a duplicate of: Bug #1673064: Conntrack check does not work in LXD containers. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	NRPE Charm	In Progress	Medium	Paul Gear
	nrpe (Juju Charms Collection)	In Progress	Medium	Paul Gear

Bug Description

When applying the nrpe charm to an LXD unit, the charm creates a check_conntrack service. That's great, but for LXD the check itself falls over. The check finds the conntrack module, and then can't find nf_conntrack_max.

It's happier if I add:

if ! [ -f /proc/sys/net/netfilter/nf_conntrack_max ] ; then
echo "OK: no conntrack max present"
exit $STATE_OK
fi

I'd prefer to be able to just disable the check with a setting.

Tags:

Related branches

~xavpaice/charm-nrpe:fix_conntrack

Merged into ~nrpe-charmers/charm-nrpe:master at revision dc1e367461b64c94f9fbe381c1c31d82af732f59

James Hebden (community): Approve on 2017-08-04

~paulgear/charm-nrpe/+git/nrpe-charm:master

Merged into ~nrpe-charmers/charm-nrpe:master at revision 59d13d70d78ce2e9b2392ad51929de0f91811781

Haw Loeung: Approve on 2017-05-01

~xavpaice/charm-nrpe:lp-1659728

Rejected for merging into ~nrpe-charmers/charm-nrpe:master

NRPE charm developers: Pending requested 2017-02-19

Xav Paice (xavpaice) on 2017-01-31

tags:

added: canonical-bootstack

Haw Loeung (hloeung) on 2017-04-07

Changed in nrpe (Juju Charms Collection):
status:	New → Confirmed
Changed in nrpe-charm:
status:	New → Confirmed

Haw Loeung (hloeung) on 2017-04-07

Changed in nrpe-charm:
assignee:	nobody → Paul Gear (paulgear)
Changed in nrpe (Juju Charms Collection):
assignee:	nobody → Paul Gear (paulgear)
Changed in nrpe-charm:
status:	Confirmed → In Progress
Changed in nrpe (Juju Charms Collection):
status:	Confirmed → In Progress
Changed in nrpe-charm:
importance:	Undecided → Medium
Changed in nrpe (Juju Charms Collection):
importance:	Undecided → Medium

Revision history for this message

Xav Paice (xavpaice) wrote on 2017-07-31:

Fix was committed in response to https://bugs.launchpad.net/nrpe-charm/+bug/1673064 but this doesn't work on every occasion. I'm struggling to find a smoking gun for what's different but the fix committed checks for the conntrack module, which is loaded on these lxd containers:

ubuntu@juju-a8345d-0-lxd-9:~$ lsmod | grep conntrack
xt_conntrack 16384 0
x_tables 36864 16 xt_comment,ipt_REJECT,iptable_mangle,ip_tables,ebtables,iptable_filter,xt_tcpudp,iptable_raw,ipt_MASQUERADE,xt_connmark,ip6table_mangle,xt_CHECKSUM,ip6table_filter,ip6table_raw,xt_conntrack,ip6_tables
nf_conntrack_ipv6 20480 3
nf_conntrack_ipv4 16384 5
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_defrag_ipv6 36864 2 nf_conntrack_ipv6,openvswitch
nf_conntrack 110592 9 nf_conntrack_ipv6,openvswitch,nf_conntrack_ipv4,xt_connmark,nf_nat_ipv6,nf_nat_masquerade_ipv4,xt_conntrack,nf_nat_ipv4,nf_nat

However, the actual check shows that nf_conntrack_max doesn't exist:
ubuntu@juju-a8345d-0-lxd-9:~$ sysctl net.netfilter.nf_conntrack_max
sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_max: No such file or directory

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1673064 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.