OpenVZ CTID.start script fails on stunnel4

apmuthu

Member
Feb 26, 2009
744
3
18
Chennai - India & Singapore
DAB based Debian Squeeze container (CTID/VEID: 102) with stunnel4 installed.
Tested on both PVE 1.9 and PVE 3.0.

/etc/init.d/stunnel4 not set to execute automatically in insserv:
Code:
insserv -r stunnel4
Enabled the /etc/default/stunnel4 file:
Code:
# /etc/default/stunnel
# Julien LEMOINE <speedblue@debian.org>
# September 2003

# Change to one to enable stunnel automatic startup
[B]ENABLED=1[/B]
FILES="/etc/stunnel/*.conf"
OPTIONS=""

# Change to one to enable ppp restart scripts
PPP_RESTART=0
Default /etc/init.d/stunnel4 file used:
Code:
#! /bin/sh -e
### BEGIN INIT INFO
# Provides:          stunnel4
# Required-Start:    $local_fs $remote_fs
# Required-Stop:     $local_fs $remote_fs
# Should-Start:      $syslog
# Should-Stop:       $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start or stop stunnel 4.x (SSL tunnel for network daemons)
### END INIT INFO

DEFAULTPIDFILE="/var/run/stunnel4.pid"
DAEMON=/usr/bin/stunnel4
NAME=stunnel
DESC="SSL tunnels"
FILES="/etc/stunnel/*.conf"
OPTIONS=""
ENABLED=0

get_pids() {
   local file=$1
   if test -f $file; then
     CHROOT=`grep "^chroot" $file|sed "s;.*= *;;"`
     PIDFILE=`grep "^pid" $file|sed "s;.*= *;;"`
     if [ "$PIDFILE" = "" ]; then
       PIDFILE=$DEFAULTPIDFILE
     fi
     if test -f $CHROOT/$PIDFILE; then
       cat $CHROOT/$PIDFILE
     fi
   fi
}

startdaemons() {
  if ! [ -d /var/run/stunnel4 ]; then
    rm -rf /var/run/stunnel4
    install -d -o stunnel4 -g stunnel4 /var/run/stunnel4
  fi
  for file in $FILES; do 
    if test -f $file; then
      ARGS="$file $OPTIONS"
      PROCLIST=`get_pids $file`
      if [ "$PROCLIST" ] && kill -0 $PROCLIST 2>/dev/null; then
        echo -n "[Already running: $file] "
      elif $DAEMON $ARGS; then
    echo -n "[Started: $file] "
      else
    echo "[Failed: $file]"
    echo "You should check that you have specified the pid= in you configuration file"
    exit 1
      fi
    fi
  done;
}

killdaemons()
{
  for file in $FILES; do
    PROCLIST=`get_pids $file`
    if [ "$PROCLIST" ] && kill -0 $PROCLIST 2>/dev/null; then
       kill $PROCLIST
       echo -n "[stopped: $file] "
    fi
  done
}

if [ "x$OPTIONS" != "x" ]; then
  OPTIONS="-- $OPTIONS"
fi

test -f /etc/default/stunnel4 && . /etc/default/stunnel4
if [ "$ENABLED" = "0" ] ; then
  echo "$DESC disabled, see /etc/default/stunnel4"
  exit 0
fi

test -x $DAEMON || exit 0

set -e

case "$1" in
  start)
        echo -n "Starting $DESC: "
        startdaemons
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        killdaemons
        echo "$NAME."
        ;;
#force-reload does not send a SIGHUP, since SIGHUP is interpreted as a 
#quit signal by stunnel. I reported this problem to upstream authors.
  force-reload|restart)
        echo -n "Restarting $DESC: "
        killdaemons
        sleep 5
        startdaemons
        echo "$NAME."
        ;;
  *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|force-reload|restart}" >&2
        exit 1
        ;;
esac

exit 0
CTID 102 used:
The following files are present in the /etc/vz/conf folder (PVE 1.9):
102.conf
102.start
Code:
#!/usr/bin/bash

/etc/init.d/stunnel4 start
102.stop
Code:
#!/usr/bin/bash

/etc/init.d/stunnel4 stop
There seem to be practically no examples of the CTID.start and CTID.stop scripts on the net and in the manual for vzctl.

On starting the container, the start process just hangs.

On the host, 3 processes (other than grep) show up for the command:
Code:
# ps aux | grep "/usr/sbin/vzctl start 102"
root       15039  0.0  0.0  10164   888 ?        S    09:55   0:00 /usr/sbin/vzctl start 102
root       [B]15043[/B]  0.0  0.0  10164   440 ?        Ss   09:55   0:00 /usr/sbin/vzctl start 102
root       [B]15116[/B]  0.0  0.0  10164   304 ?        S    09:55   0:00 /usr/sbin/vzctl start 102
root       15139  0.0  0.0   3888   656 pts/0    S+   09:55   0:00 grep /usr/sbin/vzctl start 102
Killing the 2nd or the 3rd PID above releases the hung up status of the container and reverts it a stopped state.

On doing a pvebash 102 private and then a dmesg | tail we find that the /proc is not mounted as yet.

The Container boots up nicely if the 102.start script is removed. The manual execution of it's contents:
Code:
/etc/init.d/stunnel4 start
also executes correctly.
The 102.stop script does not complain when the container is shutdown then.

Attempted to introduce sleep 5 in 102.start to no avail.

Any ideas on getting stunnel to work with the new insserv in OpenVZ containers?
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!