[systemd-devel] Transaction contains conflicting jobs 'restart' and 'stop'
Orion Poplawski
orion at cora.nwra.com
Sat Mar 12 05:18:43 UTC 2016
Andrei Borzenkov <arvidjaar <at> gmail.com> writes:
> 11.03.2016 00:11, Orion Poplawski пишет:
> > Uoti Urpala <uoti.urpala <at> pp1.inet.fi> writes:
> >> On Thu, 2016-03-10 at 17:51 +0000, Orion Poplawski wrote:
> >>> It appears that this is a trigger for this issue. Removing the
> >>> conflicts=iptables.service removes it. This seems like a bug to me
> >>> though -
> >>> why is iptables being brought in if the PartOf= is a one-way dep?
> >>
> >> I guess it's because it's because firewalld.service has
> >> "Conflicts=iptables.service", and thus (re)starting firewalld.service
> >> stops iptables.service; fail2ban.service has PartOf to both, thus both
> >> the restart and stop are propagated, and conflict.
> >
> > Can't the stop of iptables be dropped because the service is already stopped
> > (or more likely not even present)?
>
> One possible implementation is to have firewall.target and make all
> other services (firewalld, iptables and fail2ban) PartOf this target.
> You would then start/stop firewall.target instead of individual services.
I tried this, but I get the same problem:
# systemctl restart firewall.target
Failed to restart firewall.target: Transaction contains conflicting jobs
'restart' and 'stop' for iptables.service. Probably contradicting
requirement dependencies configured.
Also, this doesn't solve the issue of restarting fail2ban if firewalld is
restarted via "systemctl restart fail2ban" (which someone will do I'm sure),
unless there is some other dependency that needs to be setup between the
various units that I don't understand. Not very familiar with configuring
targets.
More information about the systemd-devel
mailing list