ERROR: failed to invoke conntrackd -c
==> do not drop the privileges in keepalived.conf
conntrack-tools: ignoring flush command, commit still in progress
==> dirty workaround: added delay of 1 second in the HA script
Aug 9 09:43:52 pmr2 Keepalived_vrrp: (guest-vip): send advert error 1 (Operation not permitted)
==> allow protocol vrrp altogether…
[warning] scheduler configuration failed: Operation not permitted. Likely a bug in conntrackd, please report it. Continuing with system default scheduler. [ERROR] can't open channel socket: No such device [ERROR] initialization failed [ERROR] conntrackd cannot start, please review your configuration
==> things were not in place – double check interface names in conntrackd config
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
==> that happens without filtering in place – we need some rule to enable connection tracking
(seen on debian bookworm with kernel 5.16.20 domU)
Warning: Extension state revision 0 not supported, missing kernel module?
==> if you want iptables, then you need to switch to legacy