ndppd icon indicating copy to clipboard operation
ndppd copied to clipboard

Published 20 hours ago verified publisher icon DanielAdolfsson

ndppd does not wait for docker interfaces

Open fansari opened this issue 1 year ago • 0 comments

In my scenario I use ndppd for docker interfaces (which is quite a typical scenario I guess).

But on startup the daemon complains that it cannot bind to the interfaces (because there are not available yet).

With "top" I see that ndppd is taking 100% of the CPU time after boot.

Mar 14 12:36:10 myhost.mydomain systemd[1]: Starting NDP Proxy Daemon...
Mar 14 12:36:10 myhost.mydomain ndppd[748]: (notice) ndppd (NDP Proxy Daemon) version 0.2.4
Mar 14 12:36:10 myhost.mydomain ndppd[748]: (notice) Using configuration file '/etc/ndppd.conf'
Mar 14 12:36:10 myhost.mydomain systemd[1]: ndppd.service: Can't open PID file /run/ndppd/ndppd.pid (yet?) after start: Operation not permitted
Mar 14 12:36:10 myhost.mydomain ndppd[757]: (error) Failed to bind to interface 'docker0'
Mar 14 12:36:10 myhost.mydomain ndppd[757]: (error) Failed to bind to interface 'br_nginx'
Mar 14 12:36:10 myhost.mydomain systemd[1]: Started NDP Proxy Daemon.
Mar 14 12:36:12 myhost.mydomain ndppd[757]: (error) Failed to read from interface '%s'
Mar 14 12:37:30 myhost.mydomain systemd[1]: Stopping NDP Proxy Daemon...
Mar 14 12:37:30 myhost.mydomain ndppd[757]: (error) Shutting down...
Mar 14 12:37:30 myhost.mydomain ndppd[757]: (notice) Bye
Mar 14 12:37:30 myhost.mydomain systemd[1]: ndppd.service: Deactivated successfully.
Mar 14 12:37:30 myhost.mydomain systemd[1]: Stopped NDP Proxy Daemon.
Mar 14 12:37:30 myhost.mydomain systemd[1]: ndppd.service: Consumed 2.069s CPU time.
Mar 14 12:37:30 myhost.mydomain systemd[1]: Starting NDP Proxy Daemon...
Mar 14 12:37:30 myhost.mydomain ndppd[1804]: (notice) ndppd (NDP Proxy Daemon) version 0.2.4
Mar 14 12:37:30 myhost.mydomain ndppd[1804]: (notice) Using configuration file '/etc/ndppd.conf'
Mar 14 12:37:30 myhost.mydomain systemd[1]: ndppd.service: Can't open PID file /run/ndppd/ndppd.pid (yet?) after start: Operation not permitted
Mar 14 12:37:30 myhost.mydomain systemd[1]: Started NDP Proxy Daemon.

My first try was to startup my container with a systemd service and then configure the npppd.service with a "Require" and "After" statement for this service. But this did not help (probably because systemd does not wait until interface and container are up).

I have configured a workaround now with a systemd timer which simply restarts the ndppd one minute after boot.

What is the proper way to configure this?

# /etc/ndppd.conf

proxy ens18 {
  rule 2xxx::xxxx:xxxx:xxxx::/80 {
    iface docker0
  }
  rule 2yyy::yyyy:yyyy:yyyy::/80 {
    iface br_nginx
  }
}

Tested with ndppd-0.2.5-6.el9.x86_64 on CentOS Stream 9.

fansari avatar Mar 14 '23 12:03 fansari