fix #5213: ceph-osd postinst: add patch to avoid connection freezes

Assume there is an open TCP connection to a VM, and ceph-osd is installed/upgraded on the host on which the PVE firewall is active. Currently, ceph-osd postinst reloads all sysctl settings. Thus, installing/upgrading ceph-osd will set the sysctl setting `net.bridge.bridge-nf-call-iptables` to 0. The PVE firewall will flip the setting back to 1 in its next iteration (in <10 seconds). But while the setting is 0, conntrack will not see packets of the existing TCP connection. When the setting is flipped back to 1, conntrack will see packets again, but may consider the seq/ack numbers of new packets out-of-window, mark them as invalid and drop them. This will freeze the TCP connection. To avoid this, add a patch that modifies the ceph-osd postinst to only apply settings from the sysctl settings file shipped with ceph-osd, and only apply them on fresh install. As the ceph-osd sysctl settings do not set `net.bridge.bridge-nf-call-iptables`, this will avoid the temporary flip to 0 when installing/upgrading ceph-osd. Signed-off-by: Friedrich Weber <f.weber@proxmox.com> (cherry picked from commit c82d073dcc) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-04-28 14:52:58 +00:00 · 2024-02-15 10:40:55 +01:00 · 2024-02-15 10:40:55 +01:00 · f19ec7906d
commit f19ec7906d
parent 703321692a
2 changed files with 48 additions and 0 deletions
--- a/patches/0024-ceph-osd-postinst-avoid-reloading-all-sysctl-setting.patch
+++ b/patches/0024-ceph-osd-postinst-avoid-reloading-all-sysctl-setting.patch
@ -0,0 +1,47 @@
+From 232b1fa3210a56354b27f9c6154819307412b91c Mon Sep 17 00:00:00 2001
+From: Friedrich Weber <f.weber@proxmox.com>
+Date: Thu, 8 Feb 2024 16:20:08 +0100
+Subject: [PATCH] ceph-osd postinst: do not always reload all sysctl settings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ceph-osd installs a /etc/sysctl.d/30-ceph-osd.conf with custom sysctl
+settings. Currently, in order to apply them, ceph-osd postinst always
+restarts procps. However, this triggers a reload of *all* sysctl
+settings when installing or upgrading the ceph-osd package. This may
+needlessly reset unrelated settings manually changed by the user.
+
+To avoid this, invoke /lib/systemd/systemd-sysctl manually to apply
+the custom sysctl settings only, and only do so on fresh installs of
+the package.
+
+If 30-ceph-osd.conf is changed in the future, the ceph-osd postinst
+will need to be adjusted to apply the sysctl settings on upgrade too.
+
+Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
+---
+ debian/ceph-osd.postinst | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/debian/ceph-osd.postinst b/debian/ceph-osd.postinst
+index 04e33b8601f..2bcd8d4dcb4 100644
+--- a/debian/ceph-osd.postinst
+++ b/debian/ceph-osd.postinst
+@@ -24,7 +24,11 @@ set -e
+ 
+ case "$1" in
+     configure)
+-	[ -x /etc/init.d/procps ] && invoke-rc.d procps restart || :
+	# apply (only) new parameters, but only on fresh install
+	if [ -z "$2" ]; then
+	    /lib/systemd/systemd-sysctl /etc/sysctl.d/30-ceph-osd.conf \
+		    >/dev/null || :
+	fi
+ 	[ -x /sbin/start ] && start ceph-osd-all || :
+     ;;
+     abort-upgrade|abort-remove|abort-deconfigure)
+-- 
+2.39.2
+
--- a/patches/series
+++ b/patches/series
@ -15,3 +15,4 @@
 0021-backport-mgr-dashboard-simplify-authentication-proto.patch
 0022-mgr-dashboard-remove-ability-to-create-and-check-TLS.patch
 0023-rocksb-inherit-parent-cmake-cxx-flags.patch
+0024-ceph-osd-postinst-avoid-reloading-all-sysctl-setting.patch