[Focal-only] openvpn postinst script restarts with init.d, resulting in duplicate openvpn processes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Incomplete
|
Low
|
Unassigned | ||
Groovy |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
On Ubuntu 20.04.2 with openvpn 2.4.7-1ubuntu2.
The postinst script for openvpn has the following:
if [ -x "/etc/init.
pathfind invoke-rc.d
if [ $? = 0 ]; then
invoke-rc.d openvpn cond-restart || invoke-rc.d openvpn restart
else
/etc/
fi
fi
and since cond-restart isn't one of start,stop,restart, or try-restart, invoke-rc.d will kill the openvpn processes managed by systemd and start a new process using the init.d script. If the systemd service is later restarted, this results in two processes for the same openvpn configuration that conflict with each other.
Some ways this could be fixed:
1. Don't run the cond-restart in the postinst script
2. Change inti.d to defer to systemd to start the daemon, at least for cond-restart
3. Stop using the init.d script altogether.
3. Change the systemd service to make sure to kill conflicting processes as part of a restart.
tags: | added: systemd |
tags: | added: bitesize |
tags: | removed: bitesize |
Changed in openvpn (Ubuntu Focal): | |
assignee: | Bryce Harrington (bryce) → nobody |
status: | In Progress → Incomplete |
Hello Thayne,
Thank you for taking out time to file this bug and help make Ubuntu server better. Your bug report and suggestions make sense. And furthermore, Debian has dropped it as well in the subsequent releases: /salsa. debian. org/debian/ openvpn/ -/commit/ 5cc614d90d3150e 26e87ac55c44cf6 e358011156
https:/
So this is for sure actionable. Since this has already been fixed in Groovy, Hirsute, and Impish, somebody will need to prepare an SRU[1] for this to Focal. Also, since this isn't something that requires immediate attention, I am marking this as of "low" severity so that it could be piggy-backed with other fixes.
In case you're interested in preparing the update by following the process, let us know :)
Thanks!
[1]: https:/ /wiki.ubuntu. com/StableRelea seUpdates