<p dir="ltr">Nested jobs are problematic as they usually result in a deadlock – you'll have to use "/bin/systemctl --no-block restart docker" there.</p>
<p dir="ltr">Though the whole setup in general seems suspicious...</p>
<br><div class="gmail_quote"><div dir="ltr">On Sat, Apr 8, 2017, 18:29 Alex Chistyakov <<a href="mailto:alexclear@gmail.com">alexclear@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br class="gmail_msg">
<br class="gmail_msg">
I am trying to establish a connection between firewalld and docker<br class="gmail_msg">
services. I extended the default firewalld.service unit file by adding<br class="gmail_msg">
the following:<br class="gmail_msg">
<br class="gmail_msg">
[Service]<br class="gmail_msg">
ExecStartPost=-/bin/bash -c '/usr/bin/test -f /etc/default/docker &&<br class="gmail_msg">
/bin/systemctl stop docker && /bin/systemctl start docker'<br class="gmail_msg">
<br class="gmail_msg">
to /etc/systemd/system/firewalld.service.d/docker.conf.<br class="gmail_msg">
<br class="gmail_msg">
But this did not work, firewalld service timed out on start:<br class="gmail_msg">
<br class="gmail_msg">
root@ubuntu-xenial:~# systemctl status firewalld<br class="gmail_msg">
● firewalld.service - firewalld - dynamic firewall daemon<br class="gmail_msg">
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled;<br class="gmail_msg">
vendor preset: enabled)<br class="gmail_msg">
  Drop-In: /etc/systemd/system/firewalld.service.d<br class="gmail_msg">
           └─docker.conf<br class="gmail_msg">
   Active: failed (Result: timeout) since Sat 2017-04-08 14:39:45 UTC;<br class="gmail_msg">
1min 35s ago<br class="gmail_msg">
  Process: 26050 ExecStartPost=/bin/bash -c /usr/bin/test -f<br class="gmail_msg">
/etc/default/docker && /bin/systemctl stop docker && /bin/systemctl<br class="gmail_msg">
start docker (code=killed, signal=TERM)<br class="gmail_msg">
  Process: 26000 ExecStart=/usr/sbin/firewalld --nofork --nopid<br class="gmail_msg">
(code=exited, status=0/SUCCESS)<br class="gmail_msg">
 Main PID: 26000 (code=exited, status=0/SUCCESS)<br class="gmail_msg">
<br class="gmail_msg">
Apr 08 14:38:10 ubuntu-xenial systemd[1]: Starting firewalld - dynamic<br class="gmail_msg">
firewall daemon...<br class="gmail_msg">
Apr 08 14:39:41 ubuntu-xenial systemd[1]: firewalld.service:<br class="gmail_msg">
Start-post operation timed out. Stopping.<br class="gmail_msg">
Apr 08 14:39:45 ubuntu-xenial systemd[1]: Failed to start firewalld -<br class="gmail_msg">
dynamic firewall daemon.<br class="gmail_msg">
Apr 08 14:39:45 ubuntu-xenial systemd[1]: firewalld.service: Unit<br class="gmail_msg">
entered failed state.<br class="gmail_msg">
Apr 08 14:39:45 ubuntu-xenial systemd[1]: firewalld.service: Failed<br class="gmail_msg">
with result 'timeout'.<br class="gmail_msg">
<br class="gmail_msg">
I am aware of BindTo and Requires but I would like to restart the<br class="gmail_msg">
docker service on every state change of firewalld so these directives<br class="gmail_msg">
do not solve my problem.<br class="gmail_msg">
<br class="gmail_msg">
Thank you,<br class="gmail_msg">
<br class="gmail_msg">
--<br class="gmail_msg">
SY,<br class="gmail_msg">
Alex<br class="gmail_msg">
_______________________________________________<br class="gmail_msg">
systemd-devel mailing list<br class="gmail_msg">
<a href="mailto:systemd-devel@lists.freedesktop.org" class="gmail_msg" target="_blank">systemd-devel@lists.freedesktop.org</a><br class="gmail_msg">
<a href="https://lists.freedesktop.org/mailman/listinfo/systemd-devel" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a><br class="gmail_msg">
</blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><p dir="ltr">Mantas Mikulėnas <<a href="mailto:grawity@gmail.com">grawity@gmail.com</a>><br>
Sent from my phone</p>
</div>