[systemd-devel] How do I easily resolve conflicting jobs in custom units?

Fri Mar 24 04:22:05 UTC 2017

23.03.2017 18:44, John Florian пишет:
> On Thu, 2017-03-23 at 06:38 +0300, Andrei Borzenkov wrote:
>> 22.03.2017 23:47, John Florian пишет:
>>> I build an mostly-stateless appliance OS derived from Fedora (25
>>> ATM)
>>> and have several custom units to make it all possible.  My units
>>> had
>>> worked great with F21, but are now giving me problems with
>>> F25.  One
>>> pair of the custom units do some trickery to relocate sshd host
>>> keys
>>> from /etc/ssh to an alternate location that provides persistence:
>>>
>>> <snip>
>>
>> Please make full log available as well as actual unit definitions
>> that
>> are not started.
>>
> 
> Okay, attached are a complete boot.log (journalctl > boot.log) as well
> as the most relevant units. Please note that while I need a solution,
> it's just as important I understand HOW to resolve this kind of issue.
> I've struggled through similar problems in the past and I never feel
> adept at the process, like I'm not using a fundamental tool for the job
> and instead relying more on trial and error.
> 
> While there's no doubt a lot of change between F21 and F25, the one

I do not use Fedora.

You still did not show definitions of units that have problem:
sshd.service, sshd-keygen.target, sshd.socket.

Providing output of

systemctl show sshd.service sshd-keygen.target sshd.socket

is probably better as it dumps full information.

> thing that forced a change on my part was systemd transitioning from a
> single sshd-keygen.service to a templated sshd-keygen at .service.  For me
> that meant the following change:
> 
> diff --git lib/systemd/sshd-persist-keys.service lib/systemd/sshd-
> persist-keys.service
> index d3508a8..7500b68 100644
> --- lib/systemd/sshd-persist-keys.service
> +++ lib/systemd/sshd-persist-keys.service
> @@ -1,8 +1,8 @@
>  [Unit]
>  Description=OpenSSH server - persist volatile keys for the AOS
> -After=sshd-keygen.service
> +After=sshd-keygen.target
>  Before=sshd.service
> -Wants=sshd-keygen.service
> +Wants=sshd-keygen.target
> 
>  [Service]
>  ExecStart=/usr/sbin/sshd-persist-keys
> diff --git lib/systemd/sshd-restore-keys.service lib/systemd/sshd-
> restore-keys.service
> index 475cede..85ac3bc 100644
> --- lib/systemd/sshd-restore-keys.service
> +++ lib/systemd/sshd-restore-keys.service
> @@ -1,7 +1,7 @@
>  [Unit]
>  Description=OpenSSH server - restore persisted keys for the AOS
>  After=aos-storage-init.service
> -Before=sshd-keygen.service
> +Before=sshd-keygen at rsa.service sshd-keygen at ecdsa.service sshd-keygen at e
> d25519.service
> 
>  [Service]
>  ExecStart=/usr/sbin/sshd-restore-keys
> 
> 
> I'd love to know of a better way for my sshd-restore-kes.service to be
> coded such that it's unnecessary to list individual key types, but my
> experience has led me to believe that targets only define a point in
> time when a collection of units have completed and that there's no
> equivalent to a point in time prior to any of them having begun.  Thus
> I found I couldn't use Before=sshd-keygen.target because keys were
> being generated and restored concurrently rather than serially
> (restored if possible and then the missing generated as needed).
> 