shooting troubles on conntrack-tools

    ERROR: failed to invoke conntrackd -c

==> do not drop the privileges in keepalived.conf

    conntrack-tools[15110]: ignoring flush command, commit still in progress

==> dirty workaround: added delay of 1 second in the HA script

    Aug  9 09:43:52 pmr2 Keepalived_vrrp[851]: (guest-vip): send advert error 1 (Operation not permitted)

==> allow protocol vrrp altogether…

    [warning] scheduler configuration failed: Operation not permitted. Likely a bug in conntrackd, please report it. Continuing with system default scheduler.
    [ERROR] can't open channel socket: No such device
    [ERROR] initialization failed
    [ERROR] conntrackd cannot start, please review your configuration

==> things were not in place – double check interface names in conntrackd config

    nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.

==> that happens without filtering in place – we need some rule to enable connection tracking

(seen on debian bookworm with kernel 5.16.20 domU)

    Warning: Extension state revision 0 not supported, missing kernel module?

==> if you want iptables, then you need to switch to legacy

Copyright © 2024 Pierre-Philipp Braun