[systemd-devel] Temporarily stopping a service while oneshot is running

Kai Krakow hurikhan77 at gmail.com
Tue Mar 21 19:31:42 UTC 2017

Am Tue, 21 Mar 2017 07:47:59 -0500
schrieb Ian Pilcher <arequipeno at gmail.com>:

> I have a oneshot service (run from a timer) that updates the TLS
> certificates in my mod_nss database.  Because NSS doesn't support
> concurrent access to the database, I need to temporarily shut down
> Apache while the certificate update service is running.
> Currently, I'm using the following entries in my .service file to
> accomplish this:
>    [Unit]
>    Description=Update TLS certificates in mod_nss database
>    # Restart Apache, even if this service fails for some reason
>    OnFailure=httpd.service
>    [Service]
>    Type=oneshot
>    # Shut down Apache to avoid concurrent access to the mod_nss
> database ExecStartPre=/usr/bin/systemctl stop httpd.service
>    ExecStart=/usr/local/bin/update-nss-certs
>    ExecStartPost=/usr/bin/systemctl start httpd.service
> Is this the best way to do this?  (I can't escape the feeling that
> there ought to be a more idiomatic way of accomplishing this.)

Would "Conflicts=" help here?

Or you simply do not use this as a service but better define a drop-in
for httpd.service:

# systemctl edit httpd.service


Now, upon starting (or restarting) the httpd.service, the certs are
updated. You can now program the timer to restart httpd. The minus in
front makes failing to do so non-fatal to the service startup.


Replies to list-only preferred.

More information about the systemd-devel mailing list