Re: [systemd-devel] systemd behavior during shutdown

2018-09-23 Thread Tiwari, Hari Sahaya 
Hi,

Any insights on below error which I am seeing.
Is it something expected with "DefaultDependencies=False"?

Thanks,
Hari.

-Original Message-
From: Tiwari, Hari Sahaya 
Sent: Thursday, September 20, 2018 12:15 AM
To: 'Zbigniew Jędrzejewski-Szmek' 
Cc: systemd-devel@lists.freedesktop.org
Subject: RE: [systemd-devel] systemd behavior during shutdown

HI,
Many thanks for the reply.

I tried putting DefaultDependencies=false in both .socket & .service files.
I was able to verify that socket was still in "listening" state when my other 
systemd service tried to start a new connection with socket.
Also the "Suppressing connection request since unit stop is scheduled" message 
is no more seen.

Now I am getting below error when the new connection is requested.

Sep 19 23:31:33 jara1 systemd[1]: hacl-cfg.socket: Incoming traffic Sep 19 
23:31:33 jara1 systemd[1]: hacl-cfg@6-127.0.0.1:5302-127.0.0.1:63714.service: 
Trying to enqueue job 
hacl-cfg@6-127.0.0.1:5302-127.0.0.1:63714.service/start/replace
Sep 19 23:31:33 jara1 systemd[1]: Requested transaction contradicts existing 
jobs: Transaction is destructive.
Sep 19 23:31:33 jara1 systemd[1]: hacl-cfg.socket: One connection closed, 1 
left.
Sep 19 23:31:33 jara1 systemd[1]: hacl-cfg.socket: Failed to queue service 
startup job (Maybe the service file is missing or not a non-template unit?): 
Transaction is destructive.
Sep 19 23:31:33 jara1 systemd[1]: hacl-cfg.socket: Changed listening -> failed

Do I have to set some other parameter in the systemd unit files ?

Following are the contents of systemd files, Service File
---
# cat hacl-cfg@.service
[Unit]
Description=config TCP service
Requires=hacl-cfg.socket
DefaultDependencies=false

[Service]
ExecStart=/opt/cmcluster/bin/cmclconfd -c StandardInput=socket KillMode=process

[Install]
WantedBy=multi-user.target

Socket File
-
# cat hacl-cfg.socket
[Unit]
Description= config TCP socket
DefaultDependencies=false

[Socket]
ListenStream=5302
Accept=true
MaxConnections=900

[Install]
WantedBy=sockets.target


Service file which tries to open a new connection with hacl-cfg.socket during 
shutdown

# cat test.service
[Unit]
Description=test Service

[Service]
ExecStart=/bin/test start
ExecStop=/bin/test stop
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target


Thanks,
Hari.

-Original Message-
From: Zbigniew Jędrzejewski-Szmek [mailto:zbys...@in.waw.pl]
Sent: Wednesday, September 19, 2018 12:11 PM
To: Tiwari, Hari Sahaya 
Cc: systemd-devel@lists.freedesktop.org
Subject: Re: [systemd-devel] systemd behavior during shutdown

On Wed, Sep 19, 2018 at 05:01:33AM +, Tiwari, Hari Sahaya wrote:
> Hi,
> 
> I am facing one issue with systemd where systems socket is not opening a new 
> connection during shutdown.
> I get below logs,
> 
> Sep 12 20:01:32 jara2 systemd[1]: mytestX.socket: Incoming traffic Sep
> 12 20:01:32 jara2 systemd[1]: mytestX.socket: Suppressing connection request 
> since unit stop is scheduled.
> 
> I have one systemd service which is trying to open a new connection during 
> shutdown sequence but looks like systemd sockets stop accepting new 
> connections as soon as they are marked for stop.
> I tried putting various combination of dependencies but that didn't help. 
> Everytime getting the above message.
> 
> Is there any parameter which can be set in unit files to resolve this issue? 
> Any pointers will be appreciated.

Hi,

yes, this is intentional. It was added to avoid the situation where services 
are stop and subsequently restarted during shutdown because something opens a 
connection, leading to loops.

If you absolutely need to open a connection to a socket activated unit, then 
you could try making the .socket and .service units have 
DefaultDependencies=false, so that they will not conflict with shutdown.target 
and the start jobs will not be created for them. But then you need to make sure 
that they actually *are* stopped at the right time, but issuing a 'systemctl 
stop' request for them.
This can be done, but will be messy, so I'd use a different approach if 
possible.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] exim4 only queues mails sent by systemd service

2018-09-23 Thread Kamil Jońca 
It is something strange with sending mails from systemd system service:
assume we have service file /etc/systemd/system/mailtest.service:

--8<---cut here---start->8---
[Unit]
Description="Test maili"
[Service]
#User=kjonca
NoNewPrivileges=false
Type=oneshot
ExecStart=-zsh -c 'echo xxx|mail news'
ExecStart=-zsh -c 'echo xxx|mutt -F /dev/null -s subject -e \'set copy=no\' 
kjonca'
--8<---cut here---end--->8---

When I call
sudo systemctl start mailtest.service
Two messages are put in exim queue, but not deliveried immediately.
Why? What am I missing?
Morevoer this service run as "--user" service works as expected - mails
are delivered at once.
Does systemd interfere with processes (suid/sgid? file access limitations?)
KJ
-- 
http://wolnelektury.pl/wesprzyj/teraz/
Hold the MAYO & pass the COSMIC AWARENESS ...
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] bpfilter blocks root unmount during shutdown

2018-09-23 Thread Andrei Borzenkov 
Dracut /shutdown script first tries to kill all processes still running
off old root. Unfortunately this fails for special user process that
runs bpfilter because it does not include reference to /oldroot in
places where dracut looks for in kilall_proc_mountpoint()

10:~ # ps -ef | fgrep '[none]'
root   984 2  0 09:46 ?00:00:00 [none]

/proc/984:
total 0
dr-xr-xr-x 2 root 0 0 Sep 23 10:11 attr
-r 1 root 0 0 Sep 23 10:11 auxv
-r--r--r-- 1 root 0 0 Sep 23 10:11 cgroup
--w--- 1 root 0 0 Sep 23 10:11 clear_refs
-r--r--r-- 1 root 0 0 Sep 23 10:10 cmdline
-rw-r--r-- 1 root 0 0 Sep 23 10:11 comm
-rw-r--r-- 1 root 0 0 Sep 23 10:11 coredump_filter
-r--r--r-- 1 root 0 0 Sep 23 10:11 cpuset
lrwxrwxrwx 1 root 0 0 Sep 23 10:11 cwd -> /
-r 1 root 0 0 Sep 23 10:11 environ
lrwxrwxrwx 1 root 0 0 Sep 23 10:11 exe -> / (deleted)
-rw-r--r-- 1 root 0 0 Sep 23 10:11 fail-nth
dr-x-- 2 root 0 0 Sep 23 10:11 fd
dr-x-- 2 root 0 0 Sep 23 10:11 fdinfo
-rw-r--r-- 1 root 0 0 Sep 23 10:11 gid_map
-r 1 root 0 0 Sep 23 10:11 io
-r--r--r-- 1 root 0 0 Sep 23 10:11 latency
-r--r--r-- 1 root 0 0 Sep 23 10:11 limits
-rw-r--r-- 1 root 0 0 Sep 23 10:11 loginuid
-rw-r--r-- 1 root 0 0 Sep 23 10:11 make-it-fail
dr-x-- 2 root 0 0 Sep 23 10:11 map_files
-r--r--r-- 1 root 0 0 Sep 23 10:10 maps
-rw--- 1 root 0 0 Sep 23 10:11 mem
-r--r--r-- 1 root 0 0 Sep 23 10:11 mountinfo
-r--r--r-- 1 root 0 0 Sep 23 10:11 mounts
-r 1 root 0 0 Sep 23 10:11 mountstats
dr-xr-xr-x 6 root 0 0 Sep 23 10:11 net
dr-x--x--x 2 root 0 0 Sep 23 10:11 ns
-r--r--r-- 1 root 0 0 Sep 23 10:11 numa_maps
-rw-r--r-- 1 root 0 0 Sep 23 10:11 oom_adj
-r--r--r-- 1 root 0 0 Sep 23 10:11 oom_score
-rw-r--r-- 1 root 0 0 Sep 23 10:11 oom_score_adj
-r 1 root 0 0 Sep 23 10:11 pagemap
-r 1 root 0 0 Sep 23 10:11 patch_state
-r 1 root 0 0 Sep 23 10:11 personality
-rw-r--r-- 1 root 0 0 Sep 23 10:11 projid_map
lrwxrwxrwx 1 root 0 0 Sep 23 10:11 root -> /
-rw-r--r-- 1 root 0 0 Sep 23 10:11 sched
-r--r--r-- 1 root 0 0 Sep 23 10:11 schedstat
-r--r--r-- 1 root 0 0 Sep 23 10:11 sessionid
-rw-r--r-- 1 root 0 0 Sep 23 10:11 setgroups
-r--r--r-- 1 root 0 0 Sep 23 10:11 smaps
-r--r--r-- 1 root 0 0 Sep 23 10:11 smaps_rollup
-r 1 root 0 0 Sep 23 10:11 stack
-r--r--r-- 1 root 0 0 Sep 23 10:10 stat
-r--r--r-- 1 root 0 0 Sep 23 10:11 statm
-r--r--r-- 1 root 0 0 Sep 23 10:10 status
-r 1 root 0 0 Sep 23 10:11 syscall
dr-xr-xr-x 3 root 0 0 Sep 23 10:11 task
-r--r--r-- 1 root 0 0 Sep 23 10:11 timers
-rw-rw-rw- 1 root 0 0 Sep 23 10:11 timerslack_ns
-rw-r--r-- 1 root 0 0 Sep 23 10:11 uid_map
-r--r--r-- 1 root 0 0 Sep 23 10:11 wchan

/proc/984/fd:
total 0
lr-x-- 1 root 0 64 Sep 23 10:11 0 -> pipe:[19409]
l-wx-- 1 root 0 64 Sep 23 10:11 1 -> pipe:[19410]
lrwx-- 1 root 0 64 Sep 23 10:11 2 -> /oldsys/dev/console


But it does contain reference to /oldroot in its mapped libraries list
(/proc/984/maps):

563b63002000-563b63003000 r--p  00:05 19404
/ (deleted)
563b63003000-563b63004000 r-xp 1000 00:05 19404
/ (deleted)
563b63004000-563b63005000 r--p 2000 00:05 19404
/ (deleted)
563b63005000-563b63006000 r--p 2000 00:05 19404
/ (deleted)
563b63006000-563b63007000 rw-p 3000 00:05 19404
/ (deleted)
563b63fb4000-563b63fd5000 rw-p  00:00 0
[heap]
7fa3a46cc000-7fa3a4882000 r-xp  00:2a 7728
/oldroot/lib64/libc-2.27.so
7fa3a4882000-7fa3a4a82000 ---p 001b6000 00:2a 7728
/oldroot/lib64/libc-2.27.so
7fa3a4a82000-7fa3a4a86000 r--p 001b6000 00:2a 7728
/oldroot/lib64/libc-2.27.so
7fa3a4a86000-7fa3a4a88000 rw-p 001ba000 00:2a 7728
/oldroot/lib64/libc-2.27.so
7fa3a4a88000-7fa3a4a8c000 rw-p  00:00 0
7fa3a4a8c000-7fa3a4ab1000 r-xp  00:2a 7720
/oldroot/lib64/ld-2.27.so
7fa3a4ca7000-7fa3a4ca9000 rw-p  00:00 0
7fa3a4cb1000-7fa3a4cb2000 r--p 00025000 00:2a 7720
/oldroot/lib64/ld-2.27.so
7fa3a4cb2000-7fa3a4cb3000 rw-p 00026000 00:2a 7720
/oldroot/lib64/ld-2.27.so
7fa3a4cb3000-7fa3a4cb4000 rw-p  00:00 0
7ffea03b4000-7ffea03d5000 rw-p  00:00 0
[stack]
7ffea03df000-7ffea03e2000 r--p  00:00 0
[vvar]
7ffea03e2000-7ffea03e4000 r-xp  00:00 0
[vdso]
ff60-ff601000 r-xp  00:00 0
[vsyscall]

So the quick fix would be to extend check for root references to also
look into /proc/$PID/maps. Something like (verified):

--- dracut-lib.sh.orig  2018-09-18 13:24:49.0 +0300
+++ dracut-lib.sh   2018-09-23 10:31:13.300054544 +0300
@@ -118,7 +118,7 @@ killall_proc_mountpoint() {
 esac
 [ -e "/proc/$_pid/exe" ] || continue
 [ -e "/proc/$_pid/root" ] || continue
-strstr "$(ls -l -- "/proc/$_pid" "/proc/$_pid/fd" 2>/dev/null)"
"$1" && kill -9 "$_pid"
+strstr "$(ls -l -- "/proc/$_pid" "/proc/$_pid/fd" 2>/dev/null;
cat "/proc/$_pid/maps" 2> /dev/null)" "$1" && kill -9 "$_pid"
 done
 }


Note that there are also other places that use similar check (most
obvious being /shutdown script