[systemd-devel] Support for pre-restart check

Reindl Harald h.reindl at thelounge.net
Wed Jul 30 06:22:36 PDT 2014 

Am 30.07.2014 15:04, schrieb Jóhann B. Guðmundsson:
> On 07/30/2014 12:34 PM, Reindl Harald wrote:
>> *how* should that both help in calling "apachectl -t" *before* stop the
>> service and in case of a error-repsonse keep it running?
> 
> ExecStartPre= takes care of the startup check as in the usecase when 
> the unit is not running and you initially configured the Apache daemon

first: please don't ignore the last paragraphs!

takes care about what?
the service would fail with or without that

> Adding ExecStop= "before" actual ExecStop= line to stop the daemon 
> takes care of preventing you from restarting you if you made configuration 
> changes while the daemon/services was running should not continue with 
> the stop process if the ExecStop command fails.

but you don't need "ExecStop" for most services

systemd sends SIGTERM and so ExecStopPre would also affect
services without "ExecStop" lines which are most of mine

why? because they don't need CAP_KILL!
that's from production, no "ExecStop" used

[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/httpd
Environment="PATH=/usr/bin:/usr/sbin"
ExecStart=/usr/sbin/httpd $OPTIONS -D FOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
Restart=always
RestartSec=1
PrivateTmp=yes
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
InaccessibleDirectories=/home
InaccessibleDirectories=/media
InaccessibleDirectories=/root
InaccessibleDirectories=/proc
InaccessibleDirectories=/sys
InaccessibleDirectories=/run/console
InaccessibleDirectories=/run/dbus
InaccessibleDirectories=/run/lock
InaccessibleDirectories=/run/mount
InaccessibleDirectories=/run/systemd/generator
InaccessibleDirectories=/run/systemd/system
InaccessibleDirectories=/run/systemd/users
InaccessibleDirectories=/run/udev
InaccessibleDirectories=/run/user
InaccessibleDirectories=/var/lib/dbus
InaccessibleDirectories=/var/lib/rpm
InaccessibleDirectories=/var/lib/systemd
InaccessibleDirectories=/var/lib/yum
InaccessibleDirectories=/var/spool

> Anyway beside that point daemon,services that actual come with configuration 
> file syntax checkers like apache does (maybe in what 20 or so range), are 
> few and far between let alone those configuration syntax checker that
> actually exist out there fail properly if they do...

step away from syntax checkers shipped with daemons, they are
only one usecase (and maybe there would be some more in a few
years with reliebale ways to use them with systemd)

"ExecStopPost" could be any script written by the local administrator
which says "you don't stop that service in case service A and B are
runnining which *hard fail* if you take them away the database and
so i ordered start/shutdown of the machine correctly but without
hard Requires= and their drawbacks in units files" *

drawbacks of Requires=:
stop one service required by others stops them too, but start it don't
start them at the same moment which is good because as example "mysqld"
can run without "dbmail-imapd" but not the other way round

so one could optimize the environment that restart/stop mysqld only
is possible if dbamil-imapd is not running and "systemctl restart
dbmail-imapd.service mysqld.service" does the correct order by
After=/Before= in the services depending on mysqld

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140730/66e0453e/attachment.sig>

More information about the systemd-devel mailing list