From: Friedrich Weber <f.weber@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH ceph master 1/3] fix #5213: ceph-osd postinst: add patch to avoid connection freezes
Date: Thu, 15 Feb 2024 10:40:54 +0100 [thread overview]
Message-ID: <20240215094056.66233-2-f.weber@proxmox.com> (raw)
In-Reply-To: <20240215094056.66233-1-f.weber@proxmox.com>
Assume there is an open TCP connection to a VM, and ceph-osd is
installed/upgraded on the host on which the PVE firewall is active.
Currently, ceph-osd postinst reloads all sysctl settings. Thus,
installing/upgrading ceph-osd will set the sysctl setting
`net.bridge.bridge-nf-call-iptables` to 0. The PVE firewall will flip
the setting back to 1 in its next iteration (in <10 seconds). But
while the setting is 0, conntrack will not see packets of the existing
TCP connection. When the setting is flipped back to 1, conntrack will
see packets again, but may consider the seq/ack numbers of new packets
out-of-window, mark them as invalid and drop them. This will freeze
the TCP connection.
To avoid this, add a patch that modifies the ceph-osd postinst to only
apply settings from the sysctl settings file shipped with ceph-osd,
and only apply them on fresh install. As the ceph-osd sysctl settings
do not set `net.bridge.bridge-nf-call-iptables`, this will avoid the
temporary flip to 0 when installing/upgrading ceph-osd.
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
---
...t-avoid-reloading-all-sysctl-setting.patch | 47 +++++++++++++++++++
patches/series | 1 +
2 files changed, 48 insertions(+)
create mode 100644 patches/0015-ceph-osd-postinst-avoid-reloading-all-sysctl-setting.patch
diff --git a/patches/0015-ceph-osd-postinst-avoid-reloading-all-sysctl-setting.patch b/patches/0015-ceph-osd-postinst-avoid-reloading-all-sysctl-setting.patch
new file mode 100644
index 000000000..947175605
--- /dev/null
+++ b/patches/0015-ceph-osd-postinst-avoid-reloading-all-sysctl-setting.patch
@@ -0,0 +1,47 @@
+From 232b1fa3210a56354b27f9c6154819307412b91c Mon Sep 17 00:00:00 2001
+From: Friedrich Weber <f.weber@proxmox.com>
+Date: Thu, 8 Feb 2024 16:20:08 +0100
+Subject: [PATCH] ceph-osd postinst: do not always reload all sysctl settings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ceph-osd installs a /etc/sysctl.d/30-ceph-osd.conf with custom sysctl
+settings. Currently, in order to apply them, ceph-osd postinst always
+restarts procps. However, this triggers a reload of *all* sysctl
+settings when installing or upgrading the ceph-osd package. This may
+needlessly reset unrelated settings manually changed by the user.
+
+To avoid this, invoke /lib/systemd/systemd-sysctl manually to apply
+the custom sysctl settings only, and only do so on fresh installs of
+the package.
+
+If 30-ceph-osd.conf is changed in the future, the ceph-osd postinst
+will need to be adjusted to apply the sysctl settings on upgrade too.
+
+Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
+---
+ debian/ceph-osd.postinst | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/debian/ceph-osd.postinst b/debian/ceph-osd.postinst
+index 04e33b8601f..2bcd8d4dcb4 100644
+--- a/debian/ceph-osd.postinst
++++ b/debian/ceph-osd.postinst
+@@ -24,7 +24,11 @@ set -e
+
+ case "$1" in
+ configure)
+- [ -x /etc/init.d/procps ] && invoke-rc.d procps restart || :
++ # apply (only) new parameters, but only on fresh install
++ if [ -z "$2" ]; then
++ /lib/systemd/systemd-sysctl /etc/sysctl.d/30-ceph-osd.conf \
++ >/dev/null || :
++ fi
+ [ -x /sbin/start ] && start ceph-osd-all || :
+ ;;
+ abort-upgrade|abort-remove|abort-deconfigure)
+--
+2.39.2
+
diff --git a/patches/series b/patches/series
index 865caf23d..6ad754713 100644
--- a/patches/series
+++ b/patches/series
@@ -12,3 +12,4 @@
0012-backport-mgr-dashboard-simplify-authentication-proto.patch
0013-mgr-dashboard-remove-ability-to-create-and-check-TLS.patch
0014-rocksb-inherit-parent-cmake-cxx-flags.patch
+0015-ceph-osd-postinst-avoid-reloading-all-sysctl-setting.patch
--
2.39.2
next prev parent reply other threads:[~2024-02-15 9:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-15 9:40 [pve-devel] [PATCH ceph master+quincy-stable-8 0/3] fix #5213: avoid connection freezes when installing/upgrading ceph-osd Friedrich Weber
2024-02-15 9:40 ` Friedrich Weber [this message]
2024-02-15 13:16 ` [pve-devel] applied: [PATCH ceph master 1/3] fix #5213: ceph-osd postinst: add patch to avoid connection freezes Thomas Lamprecht
2024-02-16 13:54 ` Friedrich Weber
2024-02-15 9:40 ` [pve-devel] [PATCH ceph quincy-stable-8 2/3] " Friedrich Weber
2024-02-15 13:17 ` [pve-devel] applied: " Thomas Lamprecht
2024-02-15 9:40 ` [pve-devel] [PATCH ceph master 3/3] buildsys: add check for changed ceph-osd sysctl settings Friedrich Weber
2024-02-15 13:20 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240215094056.66233-2-f.weber@proxmox.com \
--to=f.weber@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox