Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
On Wed, Jan 24, 2018 at 08:57:18AM +0100, Reindl Harald wrote:
>
>
> Am 24.01.2018 um 08:13 schrieb Yubin Ruan:
> > On Tue, Jan 23, 2018 at 04:10:10PM +0100, Lennart Poettering wrote:
> > > On Di, 23.01.18 09:09, Reindl Harald (h.rei...@thelounge.net) wrote:
> > > > depeding on how your network is configured use "network.service" or
> > > > "networkmanager.service" (or however the networkmanager service is
> > > > called in
> > > > detail, i don#t use it)
> > >
> > > Nope. Use "network-online.target" if you are looking for a generic
> > > unit to order after that is reached only after the network has been
> > > "configured" for the first time, for some vague definition of
> > > "configured", that is up to the networking implementation to fill with
> > > sense...
> >
> > Now I have these in the configuration file
> >
> > [Unit]
> > Description=Sync mail
> > Wants=network-online.target
> > After=network.target network-online.target
> >
> > [Service]
> > Type=oneshot
> > ExecStart=/path/to/the/script
> > TimeoutStartSec=1min30s
> >
> > [Install]
> > WantedBy=default.target
> >
> > However the script is still broken at system startup. Hmm...I am using a
> > Ubuntu 16.04LTS. I will post if there are any news
>
> AGAIN: how is your network started
>
> Lennart is *not* correct - at least on Fedora all the wait-online stuff
> don't work while "After=network.service" does when you still ue the cliassic
> network.service for a lot of obvious reasons
>
> [root@srv-rhsoft:~]$ cat /etc/rc.d/init.d/network
> #! /bin/bash
> #
> # network Bring up/down networking
> #
> # chkconfig: - 10 90
> # description: Activates/Deactivates all network interfaces configured to \
> # start at boot time.
> #
> ### BEGIN INIT INFO
> # Provides: $network
> # Should-Start: iptables ip6tables NetworkManager-wait-online NetworkManager
> $network-pre
> # Short-Description: Bring up/down networking
> # Description: Bring up/down networking
> ### END INIT INFO
Below are /etc/init.d/networking and /etc/init.d/network-manager respectively.
It seems that it is /etc/init.d/networking that is responsible for bringing up
the network.
##
# /etc/init.d/networking
##
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: networking ifupdown
# Required-Start:mountkernfs $local_fs urandom
# Required-Stop: $local_fs
# Default-Start: S
# Default-Stop: 0 6
# Short-Description: Raise network interfaces.
# Description: Prepare /run/network directory, ifstate file and raise
network interfaces, or take them down.
### END INIT INFO
PATH="/sbin:/bin"
RUN_DIR="/run/network"
IFSTATE="$RUN_DIR/ifstate"
STATEDIR="$RUN_DIR/state"
[ -x /sbin/ifup ] || exit 0
[ -x /sbin/ifdown ] || exit 0
. /lib/lsb/init-functions
CONFIGURE_INTERFACES=yes
EXCLUDE_INTERFACES=
VERBOSE=no
[ -f /etc/default/networking ] && . /etc/default/networking
verbose=""
[ "$VERBOSE" = yes ] && verbose=-v
process_exclusions() {
set -- $EXCLUDE_INTERFACES
exclusions=""
for d
do
exclusions="-X $d $exclusions"
done
echo $exclusions
}
process_options() {
[ -e /etc/network/options ] || return 0
log_warning_msg "/etc/network/options still exists and it will be IGNORED!
Please use /etc/sysctl.conf instead."
}
check_ifstate() {
if [ ! -d "$RUN_DIR" ] ; then
if ! mkdir -p "$RUN_DIR" ; then
log_failure_msg "can't create $RUN_DIR"
exit 1
fi
if ! chown root:netdev "$RUN_DIR" ; then
log_warning_msg "can't chown $RUN_DIR"
fi
fi
if [ ! -r "$IFSTATE" ] ; then
if ! :> "$IFSTATE" ; then
log_failure_msg "can't initialise $IFSTATE"
exit 1
fi
fi
}
check_network_file_systems() {
[ -e /proc/mounts ] || return 0
if [ -e /etc/iscsi/iscsi.initramfs ]; then
log_warning_msg "not deconfiguring network interfaces: iSCSI root is
mounted."
exit 0
fi
while read DEV MTPT FSTYPE REST; do
case $DEV in
/dev/nbd*|/dev/nd[a-z]*|/dev/etherd/e*|curlftpfs*)
log_warning_msg "not deconfiguring network interfaces: network
devices still mounted."
exit 0
;;
esac
case $FSTYPE in
nfs|nfs4|smbfs|ncp|ncpfs|cifs|coda|ocfs2|gfs|pvfs|pvfs2|fuse.httpfs|fuse.curlftpfs)
log_warning_msg "not deconfiguring network interfaces: network file
systems still mounted."
exit 0
;;
esac
done < /proc/mounts
}
check_network_swap() {
[ -e /proc/swaps ] || return 0
while read DEV MTPT FSTYPE REST; do
case $DEV in
/dev/nbd*|/dev/nd[a-z]*|/dev/etherd/e*)
log_warning_msg "not deconfiguring network interfaces: network swap
still mounted."
exit 0
;;
esac
done < /proc/swaps
}
ifup_hotplug () {
if [ -d /sys/class/net ]
then
ifaces=
Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
Am 24.01.2018 um 09:59 schrieb Yubin Ruan: On Wed, Jan 24, 2018 at 08:57:18AM +0100, Reindl Harald wrote: Am 24.01.2018 um 08:13 schrieb Yubin Ruan: On Tue, Jan 23, 2018 at 04:10:10PM +0100, Lennart Poettering wrote: On Di, 23.01.18 09:09, Reindl Harald (h.rei...@thelounge.net) wrote: depeding on how your network is configured use "network.service" or "networkmanager.service" (or however the networkmanager service is called in detail, i don#t use it) Nope. Use "network-online.target" if you are looking for a generic unit to order after that is reached only after the network has been "configured" for the first time, for some vague definition of "configured", that is up to the networking implementation to fill with sense... Now I have these in the configuration file [Unit] Description=Sync mail Wants=network-online.target After=network.target network-online.target [Service] Type=oneshot ExecStart=/path/to/the/script TimeoutStartSec=1min30s [Install] WantedBy=default.target However the script is still broken at system startup. Hmm...I am using a Ubuntu 16.04LTS. I will post if there are any news AGAIN: how is your network started Lennart is *not* correct - at least on Fedora all the wait-online stuff don't work while "After=network.service" does when you still ue the cliassic network.service for a lot of obvious reasons well, then try "After=networking.service network-manager.service" despite what others saying about targets - iam dong the same with "After=network.service" on Fedora for some years on 30 production servers and it works just fine in fact we have "After=network.service systemd-networkd.service network-online.target" on any service which needs networking on Fedora and RHEL7 Below are /etc/init.d/networking and /etc/init.d/network-manager respectively. It seems that it is /etc/init.d/networking that is responsible for bringing up the network. ## # /etc/init.d/networking ## # /etc/init.d/network-manager ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
Am 24.01.2018 um 08:13 schrieb Yubin Ruan: On Tue, Jan 23, 2018 at 04:10:10PM +0100, Lennart Poettering wrote: On Di, 23.01.18 09:09, Reindl Harald (h.rei...@thelounge.net) wrote: depeding on how your network is configured use "network.service" or "networkmanager.service" (or however the networkmanager service is called in detail, i don#t use it) Nope. Use "network-online.target" if you are looking for a generic unit to order after that is reached only after the network has been "configured" for the first time, for some vague definition of "configured", that is up to the networking implementation to fill with sense... Now I have these in the configuration file [Unit] Description=Sync mail Wants=network-online.target After=network.target network-online.target [Service] Type=oneshot ExecStart=/path/to/the/script TimeoutStartSec=1min30s [Install] WantedBy=default.target However the script is still broken at system startup. Hmm...I am using a Ubuntu 16.04LTS. I will post if there are any news AGAIN: how is your network started Lennart is *not* correct - at least on Fedora all the wait-online stuff don't work while "After=network.service" does when you still ue the cliassic network.service for a lot of obvious reasons [root@srv-rhsoft:~]$ cat /etc/rc.d/init.d/network #! /bin/bash # # network Bring up/down networking # # chkconfig: - 10 90 # description: Activates/Deactivates all network interfaces configured to \ # start at boot time. # ### BEGIN INIT INFO # Provides: $network # Should-Start: iptables ip6tables NetworkManager-wait-online NetworkManager $network-pre # Short-Description: Bring up/down networking # Description: Bring up/down networking ### END INIT INFO ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
On Tue, Jan 23, 2018 at 04:10:10PM +0100, Lennart Poettering wrote: > On Di, 23.01.18 09:09, Reindl Harald (h.rei...@thelounge.net) wrote: > > > > I got in the configuration file > > > > > >[Unit] > > >After=network.target > > > > > > Isn't this enough to get the initialization order right? > > > > no, the target does more or less nothing useful > > Well, it doesn't do what Yubin assumes it does, but it certainly does > something "useful": while it doesn't make the network *connectivity* > is up, it does make sure the network *subsystem* is. And that does have > uses: during shutdown it makes sure that your service is terminated > before the network subsystem goes away. During start-up otoh it is > indeed with little effect usually. > > > depeding on how your network is configured use "network.service" or > > "networkmanager.service" (or however the networkmanager service is called in > > detail, i don#t use it) > > Nope. Use "network-online.target" if you are looking for a generic > unit to order after that is reached only after the network has been > "configured" for the first time, for some vague definition of > "configured", that is up to the networking implementation to fill with > sense... Now I have these in the configuration file [Unit] Description=Sync mail Wants=network-online.target After=network.target network-online.target [Service] Type=oneshot ExecStart=/path/to/the/script TimeoutStartSec=1min30s [Install] WantedBy=default.target However the script is still broken at system startup. Hmm...I am using a Ubuntu 16.04LTS. I will post if there are any news. -- Yubin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
On Di, 23.01.18 09:09, Reindl Harald (h.rei...@thelounge.net) wrote: > > I got in the configuration file > > > >[Unit] > >After=network.target > > > > Isn't this enough to get the initialization order right? > > no, the target does more or less nothing useful Well, it doesn't do what Yubin assumes it does, but it certainly does something "useful": while it doesn't make the network *connectivity* is up, it does make sure the network *subsystem* is. And that does have uses: during shutdown it makes sure that your service is terminated before the network subsystem goes away. During start-up otoh it is indeed with little effect usually. > depeding on how your network is configured use "network.service" or > "networkmanager.service" (or however the networkmanager service is called in > detail, i don#t use it) Nope. Use "network-online.target" if you are looking for a generic unit to order after that is reached only after the network has been "configured" for the first time, for some vague definition of "configured", that is up to the networking implementation to fill with sense... Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
On Wed, 24 Jan 2018, Yubin Ruan wrote: On Mon, Jan 22, 2018 at 01:54:36PM +0100, Lennart Poettering wrote: On So, 21.01.18 19:12, Yubin Ruan (ablacktsh...@gmail.com) wrote: Hi, I use offlineimap to synchronize my emails. I want it to do a synchronization at system startup so recently I add a systemd service for it. However I always get error like this: EOF occurred in violation of protocol (_ssl.c:590) This suggests your network doesn't work when you invoke this. 1. usually (after system startup) the same service is invoked by a timer and it works well so there is no problem with the script. 2. I believe the network is reachable, because the system will auto-connect WIFI after system startup. Maybe the initialization order is not configured properly? If so please see my mail service file below. Well, this is necessarily racy: your network setup races agains your offlineimap invocation... I got in the configuration file [Unit] After=network.target Isn't this enough to get the initialization order right? No, network.target is mostly about ordering things correctly during shutdown. You need to do two things: * Use After=network-online.target in your unit. * Enable some _other_ service that detects when the network is "online" (whatever that means), and that is ordered Before=network-online.target. If you are using systemd-networkd, for instance, this service is systemd-networkd-wait-online.service. If you are using NetworkManager, you want NetworkManager-wait-online.service. See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ for further details. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
Am 23.01.2018 um 19:05 schrieb Yubin Ruan: Well, this is necessarily racy: your network setup races agains your offlineimap invocation... I got in the configuration file [Unit] After=network.target Isn't this enough to get the initialization order right? no, the target does more or less nothing usefull depeding on how your network is configured use "network.service" or "networkmanager.service" (or however the networkmanager service is called in detail, i don#t use it) ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
On Mon, Jan 22, 2018 at 01:54:36PM +0100, Lennart Poettering wrote: > On So, 21.01.18 19:12, Yubin Ruan (ablacktsh...@gmail.com) wrote: > > > Hi, > > > > I use offlineimap to synchronize my emails. I want it to do a > > synchronization > > at system startup so recently I add a systemd service for it. However I > > always > > get error like this: > > > >EOF occurred in violation of protocol (_ssl.c:590) > > This suggests your network doesn't work when you invoke this. > > > 1. usually (after system startup) the same service is invoked by a timer > > and it works well so there is no problem with the script. > > > > 2. I believe the network is reachable, because the system will > > auto-connect WIFI after system startup. Maybe the initialization order > > is > > not configured properly? If so please see my mail service file > > below. > > Well, this is necessarily racy: your network setup races agains your > offlineimap invocation... I got in the configuration file [Unit] After=network.target Isn't this enough to get the initialization order right? -- Yubin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
El 21-01-2018 a las 8:12, Yubin Ruan escribió: Hi, I use offlineimap to synchronize my emails. I want it to do a synchronization at system startup so recently I add a systemd service for it. However I always get error like this: EOF occurred in violation of protocol (_ssl.c:590) Socket was closed but not the SSL session.. not a systemd problem.. Currently I don't know what the problem is, but: 1. usually (after system startup) the same service is invoked by a timer and it works well so there is no problem with the script. It is racing against initial network setup.. once the network settles it works as expected. 2. I believe the network is reachable, because the system will auto-connect WIFI after system startup. Maybe the initialization order is not configured properly? If so please see my mail service file below. You may want to order your services after network-online and enable the systemd-network-online service.. however that may still race. I heard that to perform a SSL handshake the system have to contain some randomness (such that some random keys can be generated), Correct, but any of the ssl libraries in linux will inmediately return or terminate the process in case of a entropy failure, because such failure is fatal and the whole security of the ssl session is screwed. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
On So, 21.01.18 19:12, Yubin Ruan (ablacktsh...@gmail.com) wrote: > Hi, > > I use offlineimap to synchronize my emails. I want it to do a synchronization > at system startup so recently I add a systemd service for it. However I always > get error like this: > >EOF occurred in violation of protocol (_ssl.c:590) This suggests your network doesn't work when you invoke this. > 1. usually (after system startup) the same service is invoked by a timer > and it works well so there is no problem with the script. > > 2. I believe the network is reachable, because the system will > auto-connect WIFI after system startup. Maybe the initialization order is > not configured properly? If so please see my mail service file > below. Well, this is necessarily racy: your network setup races agains your offlineimap invocation... > I heard that to perform a SSL handshake the system have to contain some > randomness (such that some random keys can be generated), so maybe a SSL > handshake at system startup is deemed to fail? I doubt this is related. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] SSL handshake error from offlineimap when using systemd to initialize
Hi, I use offlineimap to synchronize my emails. I want it to do a synchronization at system startup so recently I add a systemd service for it. However I always get error like this: EOF occurred in violation of protocol (_ssl.c:590) *** Finished account 'BLACK' in 0:00 ERROR: Exceptions occurred during the run! ERROR: While attempting to sync account 'BLACK' EOF occurred in violation of protocol (_ssl.c:590) Traceback: File "/usr/share/offlineimap/offlineimap/accounts.py", line 263, in syncrunner self.__sync() File "/usr/share/offlineimap/offlineimap/accounts.py", line 326, in __sync remoterepos.getfolders() File "/usr/share/offlineimap/offlineimap/repository/IMAP.py", line 384, in getfolders imapobj = self.imapserver.acquireconnection() File "/usr/share/offlineimap/offlineimap/imapserver.py", line 483, in acquireconnection tls_level=self.tlslevel, File "/usr/share/offlineimap/offlineimap/imaplibutil.py", line 186, in __init__ super(WrappedIMAP4_SSL, self).__init__(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/imaplib2.py", line 2138, in __init__ IMAP4.__init__(self, host, port, debug, debug_file, identifier, timeout, debug_buf_lvl) File "/usr/lib/python2.7/dist-packages/imaplib2.py", line 357, in __init__ self.open(host, port) File "/usr/share/offlineimap/offlineimap/imaplibutil.py", line 194, in open super(WrappedIMAP4_SSL, self).open(host, port) File "/usr/lib/python2.7/dist-packages/imaplib2.py", line 2151, in open self.ssl_wrap_socket() File "/usr/lib/python2.7/dist-packages/imaplib2.py", line 522, in ssl_wrap_socket self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile, ca_certs=self.ca_certs, cert_reqs=cert_reqs, ssl_version=ssl_version) File "/usr/lib/python2.7/ssl.py", line 933, in wrap_socket ciphers=ciphers) File "/usr/lib/python2.7/ssl.py", line 601, in __init__ self.do_handshake() File "/usr/lib/python2.7/ssl.py", line 830, in do_handshake self._sslobj.do_handshake() Currently I don't know what the problem is, but: 1. usually (after system startup) the same service is invoked by a timer and it works well so there is no problem with the script. 2. I believe the network is reachable, because the system will auto-connect WIFI after system startup. Maybe the initialization order is not configured properly? If so please see my mail service file below. I heard that to perform a SSL handshake the system have to contain some randomness (such that some random keys can be generated), so maybe a SSL handshake at system startup is deemed to fail? FYI, this is my systemd mail service file: # ~/.config/systemd/user/mail.service # this file is enabled with "systemctl --user enable mail.service [Unit] Description=Sync mail After=network.target [Service] Type=oneshot ExecStart=/path/to/the/script/mmail TimeoutStartSec=1min30s [Install] WantedBy=default.target -- Yubin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
