API apply_changes problem

On certain installations and sizes the API Call “apply_changes” will drop audio for a few seconds.
I am open to show this problem remotely since it might be hard reproduce. But some users had this issue.

There is clearly something happening that will not even allow ping (icmp) to go through. Up to some seconds of downtime. This will not effect new small installations much but as soon as you have some extensions, routes and so on the downtime will extend. Even if you have the best hardware in the world.
Maybe this issue happened on some update and new installations are not effected at all.

There is clearly something different happening then like in the Web-Gui apply changes.

Maybe if we can not find a solution for the “apply ALL changes” we could have a way to apply certain modules through the API?

Please help accordingly. Thanks.

EDIT, here we go:
firewalld is involved somehow on the “apply changes” API. This will cause the dropouts.
dump_asterisk_c is only at 10% CPU. firewalld at 11%.
After everything is done firewalld is not even found anywhere in TOP. So consuming almost none CPU anymore. Hope this helps finding this.

  507 root      20   0  408728  71304   4224 S  11,0  7,0   2:54.73 firewalld
25483 root      20   0  364004  42892  12404 S  10,3  4,2   0:01.31 dump_asterisk_c

Edit2:
When Firewall is disabled, this problem does not happen.

Are you using the latest version?

I have a server with multiple tenants and a lot of data, and I don’t see the firewall at the top. Maybe, just maybe, it is something that enables the O.S on its own.

I can tell you by evidence that the code never sent a request to reload the firewall nor fail2ban.

The server you are using is one migrated from V2?

Version 3.1.1-1
Any way to see if it was an Update from V2? Can not remember 100% but should have always been V3.

Still really strange because the exact same thing is happening when the Firewall is disabled and enabled again.

Any way to reset Firewall and Fail2ban to defaults?

On apply_changes API it seems that firewall-cmd (/usr/bin/firewall-cmd) is executed somehow. Just saw that multiple times only when running apply_changes API. “ipset” as well.

image

{"status":"success","message":"All the changes has been successfully applied on tenant vitalpbx","data":[]}

Okay, here we go:
Uninstalled Geo-Firewall: fixed. no problem anymore.
Sadly, once more: Geo-Firewall causing pain.
Just disable it does not work. Uninstall necessary.

Hope this helps to find and fix the problem.
Thanks

1 Like