[systemd-devel] Transaction contains conflicting jobs 'restart' and 'stop'
Orion Poplawski
orion at cora.nwra.com
Thu Mar 10 21:11:51 UTC 2016
Uoti Urpala <uoti.urpala <at> pp1.inet.fi> writes:
>
> On Thu, 2016-03-10 at 17:51 +0000, Orion Poplawski wrote:
> > Orion Poplawski <orion <at> cora.nwra.com> writes:
> > >
> > > # systemctl restart firewalld
> > > Failed to restart firewalld.service: Transaction contains
> > > conflicting jobs
> > > 'restart' and 'stop' for fail2ban.service. Probably contradicting
> > > requirement dependencies configured.
>
> > It appears that this is a trigger for this issue. Removing the
> > conflicts=iptables.service removes it. This seems like a bug to me
> > though -
> > why is iptables being brought in if the PartOf= is a one-way dep?
>
> I guess it's because it's because firewalld.service has
> "Conflicts=iptables.service", and thus (re)starting firewalld.service
> stops iptables.service; fail2ban.service has PartOf to both, thus both
> the restart and stop are propagated, and conflict.
Can't the stop of iptables be dropped because the service is already stopped
(or more likely not even present)?
> Claiming a PartOf relationship to both of two conflicting services is
> the problem here. I doubt such a use case was what PartOf was designed
> to support.
The problem is that fail2ban can work with either iptables.service or
fail2ban.service, and we don't know which one the use wants to use. And we
need fail2ban to be restarted if either firewalld or iptables is restarted.
If there is some other supported way of achieving this, that would be
welcome. Otherwise this strikes be as something that should be able to be
handled as is.
More information about the systemd-devel
mailing list