Startup script for minimwatch - guidance sought

In short and describing my possibly erroneous understanding rather than that of the authors correct description: Minimserver is a media server using UPnP and running on a NAS. Minimwatch is a control app running on a client computer (my laptop in this case,) to manage minimserver remotely. For simplicity I refer here to minimwatch 2 version throughout.

For minimwatch to work on TW requires the use of a network helper app to manage the initial communication through the firewall between the control app and the media server.

With a great deal of help from contributors to the Networking forum on this site and in particular arvidjaar, I now have the solution for my problem.
The solution requires installing a program, conntrack-tools, editing the configuration file conntrackd.conf for this program, and then running a number of commands.

What I am now attempting is the create the startup script to automate this process and I seek some help with this please as I am not a coder and this is my first serious script.

Since I already have conntrack-tools installed and have already edited the configuration file, the startup script does not need to reproduce these initial actions but what is the correct approach when starting with, for example another TW laptop with Minimwatch installed and enabled but not yet connecting to minimserver.

I understand an acceptable way to use a startup script is to include as a shell script

/etc/init.d/start_minimserver.sh

which will run the script after it has fully booted. Is this correct?

The details of the script are as follows:-


#!/bin/bash
# With conntrackd.conf revised previously 
# Register ssdp helper in kernel:

nfct add helper ssdp inet tcp
nfct add helper ssdp inet udp

# Connect user helper to kernel:

systemctl start conntrackd.service

# Add rules to invoke ssdp helper:

iptables -t raw -A OUTPUT -p udp --dport 1900 -j CT --helper ssdp


All of these command are to be run as root and I need to understand the path or environment for these commands. The script certainly does not run at present but I have been testing in my home directory. Also should I chmod 600 /etc/init.d/start_minimwatch.sh and chown root.root /etc/init.d

Grateful for some guidance please.
Budgie2

Hi
Start your script with a systemd service, sysvinit is long gone…

Change the whole shebang in your script from #!/bin/bash to #!/usr/bin/bash

For example copy your script (as root user) to /usr/local/bin/


chmod 0755 /usr/local/bin/start_minimserver.sh

Create a systemd service in /etc/systemd/system/


# /etc/systemd/system/minimserver.service
#

[Unit]
Description=Start minimserver instance

[Service]
Type=simple
ExecStart=/usr/bin/bash -c "/usr/local/bin/start_minimserver.sh >/dev/null 2>&1"

[Install]
WantedBy=multi-user.target

Start the service and check the status, if you need to edit the service, run systemctl daemon-reload

Hi Malcolm,
Many thanks. Good job I asked. I still use a brown ball!
I think you are referring to minimwatch here throughout.
Will try now.

Having corrected my own mistake and done as you suggest still no joy.
I now need to find out what is going wrong, I assume with my script. All I did in the script is use the commands from arvidjaar’s post. I assume my edited conntrackd.conf is OK as this still works if I run each of the commands in turn as root.
So where do I start with the debugging?

OK so here is my script:-

#!/usr/bin/bash
# Install conntrack-tools.
# Confirm contrackd.conf is installed: /etc/conntrackd/contrackd.conf    
# Configure contrackd.conf to enable ssdp user helper in conntrackd.conf:
# by editing the template as follows. Note first of all hashes because this is for info.   
#
#General {
#    HashSize 32768
#    HashLimit 131072
#    Syslog on
#    LockFile /var/run/lock/conntrackd.lock
#
#    UNIX {
#        Path /var/run/conntrackd.sock
#    }
#
#    SocketBufferSize 262142
#    SocketBufferSizeMaxGrown 655355
#
#    # default SUSE systemd service unit file is of Type=notify
## turn this default off.
#    Systemd off
#}
#
#Stats {
#    LogFile on
#}
#
#Helper {
#    Type ssdp inet udp {
#        QueueNum 5
#        QueueLen 10240
#        Policy ssdp {
#            ExpectMax 8
#            ExpectTimeout 300
#        }
#    }
#    Type ssdp inet tcp {
#        QueueNum 5
#        QueueLen 10240
#        Policy ssdp {
#            ExpectMax 8
#            ExpectTimeout 300
#        }
#    }
#}
#
# 2. With conntrackd.conf revised 
# Register ssdp helper in kernel:

nfct add helper ssdp inet tcp
nfct add helper ssdp inet udp

# 3. Connect user helper to kernel:

systemctl start conntrackd.service

# 4. Add rules to invoke ssdp helper:

iptables -t raw -A OUTPUT -p udp --dport 1900 -j CT --helper ssdp



The long comment at the start is just my reminder on how to configure conntrackd.conf. The working stuff starts at comment 2.

Here is the result from running the script on its own from my console:-

alastair@localhost:~/Working/Scripts> ./start_minimwatch.sh  
./start_minimwatch.sh: line 51: nfct: command not found 
./start_minimwatch.sh: line 52: nfct: command not found 
Job for conntrackd.service failed because the control process exited with error code. 
See "systemctl status conntrackd.service" and "journalctl -xe" for details. 
./start_minimwatch.sh: line 60: iptables: command not found 
alastair@localhost:~/Working/Scripts> 


I was asked to enter the root pw in the middle of this, entered it as required but still the conntrackd.service failed.

Here is the resulting information from seeing the details from in the failed output:-

alastair@localhost:~/Working/Scripts> sudo systemctl status conntrackd.service 
[sudo] password for root:  
**●** conntrackd.service - Connection tracking userspace daemon 
     Loaded: loaded (/usr/lib/systemd/system/conntrackd.service; disabled; vendor preset: disabled) 
     Active: **failed** (Result: exit-code) since Wed 2021-03-17 14:04:08 GMT; 2min 29s ago 
       Docs: man:conntrackd(8) 
             man:conntrackd.conf(5) 
    Process: 4099 ExecStartPre=/bin/rm -f $CONNTRACKD_LOCKFILE (code=exited, status=0/SUCCESS) 
    Process: 4100 ExecStart=/usr/sbin/conntrackd $CONNTRACKD_OPTIONS **(code=exited, status=1/FAILURE)**
   Main PID: 4100 (code=exited, status=1/FAILURE) 

Mar 17 14:04:08 localhost.localdomain systemd[1]: conntrackd.service: Scheduled restart job, restart counter is at 5. 
Mar 17 14:04:08 localhost.localdomain systemd[1]: Stopped Connection tracking userspace daemon. 
Mar 17 14:04:08 localhost.localdomain systemd[1]: **conntrackd.service: Start request repeated too quickly.**
Mar 17 14:04:08 localhost.localdomain systemd[1]: **conntrackd.service: Failed with result 'exit-code'.**
Mar 17 14:04:08 localhost.localdomain systemd[1]: **Failed to start Connection tracking userspace daemon.**
alastair@localhost:~/Working/Scripts> 


And also:-

alastair@localhost:~/Working/Scripts> sudo journalctl -xe 
░░Automatic restarting of the unit conntrackd.service has been scheduled, as the result for
░░the configured Restart= setting for the unit.
Mar 17 14:04:08 localhost.localdomain systemd[1]: Stopped Connection tracking userspace daemon. 
░░Subject: A stop job for unit conntrackd.service has finished
░░Defined-By: systemd
░░Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░A stop job for unit conntrackd.service has finished.
░░
░░The job identifier is 4319 and the job result is done.
Mar 17 14:04:08 localhost.localdomain systemd[1]: **conntrackd.service: Start request repeated too quickly.**
Mar 17 14:04:08 localhost.localdomain systemd[1]: **conntrackd.service: Failed with result 'exit-code'.**
░░Subject: Unit failed
░░Defined-By: systemd
░░Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░The unit conntrackd.service has entered the 'failed' state with result 'exit-code'.
Mar 17 14:04:08 localhost.localdomain systemd[1]: **Failed to start Connection tracking userspace daemon.**
░░Subject: A start job for unit conntrackd.service has failed
░░Defined-By: systemd
░░Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░A start job for unit conntrackd.service has finished with a failure.
░░
░░The job identifier is 4319 and the job result is failed.
Mar 17 14:06:37 localhost.localdomain sudo[4395]: **alastair : TTY=pts/1 ; PWD=/home/alastair/Working/Scripts ; USER=r**>
Mar 17 14:06:37 localhost.localdomain sudo[4395]: pam_unix(sudo:session): session opened for user root(uid=0) by ala>
Mar 17 14:06:39 localhost.localdomain sudo[4395]: pam_unix(sudo:session): session closed for user root 
Mar 17 14:07:09 localhost.localdomain smartd[855]: Device: /dev/sda [SAT], SMART Usage Attribute: 194 Temperature_Ce>
Mar 17 14:08:37 localhost.localdomain sudo[4649]: **alastair : TTY=pts/1 ; PWD=/home/alastair/Working/Scripts ; USER=r**>
Mar 17 14:08:37 localhost.localdomain sudo[4649]: pam_unix(sudo:session): session opened for user root(uid=0) by ala>

Too much for me I fear. Now what?

Budgie2

Hi
So are conntrack-tools installed? Use the full path to nfct which is /usr/sbin/nfct

Yes they are. I have used the full path for nfct and also for iptables which I think is correct. Still no joy but here is the reason:-

alastair@localhost:~> sudo systemctl status conntrackd.service 
[sudo] password for root:  
● conntrackd.service - Connection tracking userspace daemon 
     Loaded: loaded (/usr/lib/systemd/system/conntrackd.service; disabled; vendor preset: disabled) 
     Active: inactive (dead) 
       Docs: man:conntrackd(8) 
             man:conntrackd.conf(5) 
alastair@localhost:~>

There is a clue here but I have no idea why this happens when using the startup script but when running each command as root, one at a time, works.

Sorry that I jump in without reading much about this problem, but a script is run and the first error says

./start_minimwatch.sh: line 51: nfct: command not found 

So isn’t that the first thing to tackle? And isn’t all you have further in that post of no value as long as you haven’t resolved this?

And that line of your posts is the first lien after all the comment:

nfct add helper ssdp inet tcp

I do not know where nfct is, but an absolute path (as advised already in this thread) might help.

Hi Henk,
You are correct and I have addressed this issue but still have problems so if you can join in please do. Netfilter is well beyond limits of my knowledge.
Regards
Budge

in fact I have no idea about the subject. But I only wondered why you posted so much in that post after it was clear that the first statement already gave an error. Thought you missed that.

BTW, some general remarks about running in the background during boot.
When running script from a terminal (I assume you do that as root, because I guess it will run as root also during boot) is successful, that is something, but it is no promise that it will run successful in the background. Envirinment variables you take for granted might not be set at all. The PATH variable is only one, although an obvious one, of them. using absolute paths for everything makes you of course PATH independent, but please check for other variables that might influence what happens.

And starting things at boot, it might be (and often is) important to run things after and/or before other things (a good one is e.g. network must be up for certain scripts to succeed in their goal).

Hi
So take that line out of your script, start that service then your own service.

Hi Malcolm,
I think I am losing the plot here. My intention is to be able to boot my laptop and when all booting is done, have my normal starting screen with minimwatch working.

I cannot believe I should be required to take actions like starting a service and then starting another. The whole point is to automate the full startup.

There are complexities which are well beyond me, including timing so that my script runs only after the boot process, including completing network connections, has been completed but it should be possible to automate everything. How do I do this?

Hi
Yes, but your logic is flawed, the reason I asked you to start the service is to see if it starts and runs, therefore it can be removed from the script and enabled and started separately and in your new service it’s added as a prerequisite, as such;


After=conntrackd

If you looked at a sysvinit scenario it’s the same as rc levels, this has to be running before I can start this and that…

Small steps…

  1. Stop using sudo. It might be required for other distros, but does not always work for everything in openSUSE. “Su”(or “su -” if you need to reset environmental parameters to the new user) to whatever account you want (default is root) which actually changes your session authentication instead of impersonating. When you sudo, it won’t grant you full elevated permissions and your environmental variables remain the same as your normal, logged in User.

  2. Try re-ordering your script… To me, the proper sequence is always to set up the environment before executing the process so in your case it makes more sense to me to set up your firewall rules before starting the daemon. It might not make a difference most of the time but of course if the daemon were to actually attempt configuration and connection before the firewall rules are in place, it will fail. Besides… why are you creating a firewall rule at all in your script? Would things work better if the rule was entered into firewalld so it’s set up automatically on boot?

TSU