[systemd-devel] How do I easily resolve conflicting jobs in custom units?
john at doubledog.org
Thu Mar 23 15:44:45 UTC 2017
On Thu, 2017-03-23 at 06:38 +0300, Andrei Borzenkov wrote:
> 22.03.2017 23:47, John Florian пишет:
> > I build an mostly-stateless appliance OS derived from Fedora (25
> > ATM)
> > and have several custom units to make it all possible. My units
> > had
> > worked great with F21, but are now giving me problems with
> > F25. One
> > pair of the custom units do some trickery to relocate sshd host
> > keys
> > from /etc/ssh to an alternate location that provides persistence:
> > <snip>
> Please make full log available as well as actual unit definitions
> are not started.
Okay, attached are a complete boot.log (journalctl > boot.log) as well
as the most relevant units. Please note that while I need a solution,
it's just as important I understand HOW to resolve this kind of issue.
I've struggled through similar problems in the past and I never feel
adept at the process, like I'm not using a fundamental tool for the job
and instead relying more on trial and error.
While there's no doubt a lot of change between F21 and F25, the one
thing that forced a change on my part was systemd transitioning from a
single sshd-keygen.service to a templated sshd-keygen at .service. For me
that meant the following change:
diff --git lib/systemd/sshd-persist-keys.service lib/systemd/sshd-
index d3508a8..7500b68 100644
@@ -1,8 +1,8 @@
Description=OpenSSH server - persist volatile keys for the AOS
diff --git lib/systemd/sshd-restore-keys.service lib/systemd/sshd-
index 475cede..85ac3bc 100644
@@ -1,7 +1,7 @@
Description=OpenSSH server - restore persisted keys for the AOS
+Before=sshd-keygen at rsa.service sshd-keygen at ecdsa.service sshd-keygen at e
I'd love to know of a better way for my sshd-restore-kes.service to be
coded such that it's unnecessary to list individual key types, but my
experience has led me to believe that targets only define a point in
time when a collection of units have completed and that there's no
equivalent to a point in time prior to any of them having begun. Thus
I found I couldn't use Before=sshd-keygen.target because keys were
being generated and restored concurrently rather than serially
(restored if possible and then the missing generated as needed).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 89846 bytes
Desc: not available
More information about the systemd-devel