OpenVZ CTID.start script fails on stunnel4

Discussion in 'Debian Appliance Builder' started by apmuthu, Aug 17, 2013.

  1. apmuthu

    apmuthu Member

    Joined:
    Feb 26, 2009
    Messages:
    744
    Likes Received:
    3
    DAB based Debian Squeeze container (CTID/VEID: 102) with stunnel4 installed.
    Tested on both PVE 1.9 and PVE 3.0.

    /etc/init.d/stunnel4 not set to execute automatically in insserv:
    Code:
    insserv -r stunnel4
    Enabled the /etc/default/stunnel4 file:
    Code:
    # /etc/default/stunnel
    # Julien LEMOINE <speedblue@debian.org>
    # September 2003
    
    # Change to one to enable stunnel automatic startup
    [B]ENABLED=1[/B]
    FILES="/etc/stunnel/*.conf"
    OPTIONS=""
    
    # Change to one to enable ppp restart scripts
    PPP_RESTART=0
    
    
    Default /etc/init.d/stunnel4 file used:
    Code:
    #! /bin/sh -e
    ### BEGIN INIT INFO
    # Provides:          stunnel4
    # Required-Start:    $local_fs $remote_fs
    # Required-Stop:     $local_fs $remote_fs
    # Should-Start:      $syslog
    # Should-Stop:       $syslog
    # Default-Start:     2 3 4 5
    # Default-Stop:      0 1 6
    # Short-Description: Start or stop stunnel 4.x (SSL tunnel for network daemons)
    ### END INIT INFO
    
    DEFAULTPIDFILE="/var/run/stunnel4.pid"
    DAEMON=/usr/bin/stunnel4
    NAME=stunnel
    DESC="SSL tunnels"
    FILES="/etc/stunnel/*.conf"
    OPTIONS=""
    ENABLED=0
    
    get_pids() {
       local file=$1
       if test -f $file; then
         CHROOT=`grep "^chroot" $file|sed "s;.*= *;;"`
         PIDFILE=`grep "^pid" $file|sed "s;.*= *;;"`
         if [ "$PIDFILE" = "" ]; then
           PIDFILE=$DEFAULTPIDFILE
         fi
         if test -f $CHROOT/$PIDFILE; then
           cat $CHROOT/$PIDFILE
         fi
       fi
    }
    
    startdaemons() {
      if ! [ -d /var/run/stunnel4 ]; then
        rm -rf /var/run/stunnel4
        install -d -o stunnel4 -g stunnel4 /var/run/stunnel4
      fi
      for file in $FILES; do 
        if test -f $file; then
          ARGS="$file $OPTIONS"
          PROCLIST=`get_pids $file`
          if [ "$PROCLIST" ] && kill -0 $PROCLIST 2>/dev/null; then
            echo -n "[Already running: $file] "
          elif $DAEMON $ARGS; then
        echo -n "[Started: $file] "
          else
        echo "[Failed: $file]"
        echo "You should check that you have specified the pid= in you configuration file"
        exit 1
          fi
        fi
      done;
    }
    
    killdaemons()
    {
      for file in $FILES; do
        PROCLIST=`get_pids $file`
        if [ "$PROCLIST" ] && kill -0 $PROCLIST 2>/dev/null; then
           kill $PROCLIST
           echo -n "[stopped: $file] "
        fi
      done
    }
    
    if [ "x$OPTIONS" != "x" ]; then
      OPTIONS="-- $OPTIONS"
    fi
    
    test -f /etc/default/stunnel4 && . /etc/default/stunnel4
    if [ "$ENABLED" = "0" ] ; then
      echo "$DESC disabled, see /etc/default/stunnel4"
      exit 0
    fi
    
    test -x $DAEMON || exit 0
    
    set -e
    
    case "$1" in
      start)
            echo -n "Starting $DESC: "
            startdaemons
            echo "$NAME."
            ;;
      stop)
            echo -n "Stopping $DESC: "
            killdaemons
            echo "$NAME."
            ;;
    #force-reload does not send a SIGHUP, since SIGHUP is interpreted as a 
    #quit signal by stunnel. I reported this problem to upstream authors.
      force-reload|restart)
            echo -n "Restarting $DESC: "
            killdaemons
            sleep 5
            startdaemons
            echo "$NAME."
            ;;
      *)
            N=/etc/init.d/$NAME
            echo "Usage: $N {start|stop|force-reload|restart}" >&2
            exit 1
            ;;
    esac
    
    exit 0
    
    
    CTID 102 used:
    The following files are present in the /etc/vz/conf folder (PVE 1.9):
    102.conf
    102.start
    Code:
    #!/usr/bin/bash
    
    /etc/init.d/stunnel4 start
    
    
    102.stop
    Code:
    #!/usr/bin/bash
    
    /etc/init.d/stunnel4 stop
    
    
    There seem to be practically no examples of the CTID.start and CTID.stop scripts on the net and in the manual for vzctl.

    On starting the container, the start process just hangs.

    On the host, 3 processes (other than grep) show up for the command:
    Code:
    # ps aux | grep "/usr/sbin/vzctl start 102"
    root       15039  0.0  0.0  10164   888 ?        S    09:55   0:00 /usr/sbin/vzctl start 102
    root       [B]15043[/B]  0.0  0.0  10164   440 ?        Ss   09:55   0:00 /usr/sbin/vzctl start 102
    root       [B]15116[/B]  0.0  0.0  10164   304 ?        S    09:55   0:00 /usr/sbin/vzctl start 102
    root       15139  0.0  0.0   3888   656 pts/0    S+   09:55   0:00 grep /usr/sbin/vzctl start 102
    
    Killing the 2nd or the 3rd PID above releases the hung up status of the container and reverts it a stopped state.

    On doing a pvebash 102 private and then a dmesg | tail we find that the /proc is not mounted as yet.

    The Container boots up nicely if the 102.start script is removed. The manual execution of it's contents:
    Code:
    /etc/init.d/stunnel4 start
    also executes correctly.
    The 102.stop script does not complain when the container is shutdown then.

    Attempted to introduce sleep 5 in 102.start to no avail.

    Any ideas on getting stunnel to work with the new insserv in OpenVZ containers?
     
    #1 apmuthu, Aug 17, 2013
    Last edited: Aug 17, 2013
  2. apmuthu

    apmuthu Member

    Joined:
    Feb 26, 2009
    Messages:
    744
    Likes Received:
    3
    Re: OpenVZ CTID.start script fails on stunnel4 - Solved

    The issue has been solved and documented in the Wiki
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice