Re: [systemd-devel] Why working this on reboot but not on start up
On Tue, 30.09.14 13:24, Günther J. Niederwimmer (g...@gjn.priv.at) wrote: Hello, I have a problem to run this correct, it is working on a reboot but not on start up. Can any help me for this Problem, Thanks. I make a new service File for the kerberos initialisation this is my construct is any wrong in this files? /etc/tmpfiles.d/kinit.conf d /run/user/0/krb5cc 1777 root root - This won't work. We nowadays mount /run/user/$UID as a tmpfs at the time of first login of a user, and unmount it at time of last logout. Creating a dir in that directory will hence have little effect during runtime, as it will be overmounted as you log in. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
Hello Profis. Thank's for the answer. Am Donnerstag, 2. Oktober 2014, 12:16:49 schrieb Lennart Poettering: On Tue, 30.09.14 13:24, Günther J. Niederwimmer (g...@gjn.priv.at) wrote: Hello, I have a problem to run this correct, it is working on a reboot but not on start up. Can any help me for this Problem, Thanks. I make a new service File for the kerberos initialisation this is my construct is any wrong in this files? /etc/tmpfiles.d/kinit.conf d /run/user/0/krb5cc 1777 root root - This won't work. We nowadays mount /run/user/$UID as a tmpfs at the time of first login of a user, and unmount it at time of last logout. Creating a dir in that directory will hence have little effect during runtime, as it will be overmounted as you log in. Is it possible to test if the file / link exist (/run/user/0/krb5cc/tkt) with systemd and restart when not. now I found a way to start kinit on the KVM Clients but not on the Host :(. google don't help -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
On Thu, 02.10.14 12:34, Günther J. Niederwimmer (g...@gjn.priv.at) wrote: Hello Profis. Thank's for the answer. Am Donnerstag, 2. Oktober 2014, 12:16:49 schrieb Lennart Poettering: On Tue, 30.09.14 13:24, Günther J. Niederwimmer (g...@gjn.priv.at) wrote: Hello, I have a problem to run this correct, it is working on a reboot but not on start up. Can any help me for this Problem, Thanks. I make a new service File for the kerberos initialisation this is my construct is any wrong in this files? /etc/tmpfiles.d/kinit.conf d /run/user/0/krb5cc 1777 root root - This won't work. We nowadays mount /run/user/$UID as a tmpfs at the time of first login of a user, and unmount it at time of last logout. Creating a dir in that directory will hence have little effect during runtime, as it will be overmounted as you log in. Is it possible to test if the file / link exist (/run/user/0/krb5cc/tkt) with systemd and restart when not. No, this is not available. now I found a way to start kinit on the KVM Clients but not on the Host :(. Note that this won't work at all with more recent krb versions as they nowadays use the kernel user keyring to store the tickets in... But anyway, I am no kerberos guru, I am not sure I grok what you are trying to do. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
On Thu, Oct 2, 2014 at 1:38 PM, Lennart Poettering lenn...@poettering.net wrote: Note that this won't work at all with more recent krb versions as they nowadays use the kernel user keyring to store the tickets in... It will work just fine; the DIR: and FILE: cache types aren't going to be removed any time soon. (Using KEYRING: as the default location seems to be Fedora-specific too; I have 1.12.2 on Arch and it still defaults to FILE:.) And Günther's service is meant to obtain *host* credentials, where one of DIR: or FILE: is pretty much a requirement anyway (used by e.g. mounting NFS/CIFS shares on boot) – unless I missed something, `rpc.gssd` still only looks for FILE:/tmp/krb5cc_$UID and DIR:/run/user/$UID/krb5cc... -- Mantas Mikulėnas graw...@gmail.com ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
Hello, Am Donnerstag, 2. Oktober 2014, 12:38:42 schrieb Lennart Poettering: On Thu, 02.10.14 12:34, Günther J. Niederwimmer (g...@gjn.priv.at) wrote: this is my construct is any wrong in this files? /etc/tmpfiles.d/kinit.conf d /run/user/0/krb5cc 1777 root root - This won't work. We nowadays mount /run/user/$UID as a tmpfs at the time of first login of a user, and unmount it at time of last logout. Creating a dir in that directory will hence have little effect during runtime, as it will be overmounted as you log in. Is it possible to test if the file / link exist (/run/user/0/krb5cc/tkt) with systemd and restart when not. No, this is not available. now I found a way to start kinit on the KVM Clients but not on the Host :(. Note that this won't work at all with more recent krb versions as they nowadays use the kernel user keyring to store the tickets in... But anyway, I am no kerberos guru, I am not sure I grok what you are trying to do. I like only to do after reboot or start a kinit -k host/... with a timer. on the the KVM-Host the kerberos server is a KVM-client. I have with sytemctl status kinit a 0/SUCCSESS but no tkt file Thats all :-(. On a older system I make it with crons extra character @reboot but this is no longer working. I can't say way ? -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
On Tue, Sep 30, 2014 at 8:24 PM, Günther J. g...@gjn.priv.at wrote: Hello, Am Dienstag, 30. September 2014, 20:38:10 schrieb Andrei Borzenkov: В Tue, 30 Sep 2014 13:24:13 +0200 Günther J. Niederwimmer g...@gjn.priv.at пишет: Hello, I have a problem to run this correct, it is working on a reboot but not on start up. What does not work means exactly? Bette I say it works sometime but the most of the Time not Can any help me for this Problem, Thanks. Without clear explanation what working and what not working is? Unlikely. I have a 0/SUCCESS in the status but I have no Principal What do you have in the system log then? Doesn't kinit output any error messages to the journal? Also, *where* are you looking for the tickets? Your .service unit does not specify the cache location anywhere, so kinit might not be using the location you expect – it might be using FILE:/tmp/krb5cc_0 or something such. After=SuSEfirewall2_setup.service [Service] Type=simple Do you really mean it? I'd rather expect oneshot here. I have a systemd Error with oneshot What error? Type=simple is really wrong for kinit. It would be fine for k5start. ExecStart=/usr/bin/kinit -k host/asmtp.gjn.prv Restart=on-failure RestartSec=30 [Install] WantedBy=multi-user.target /etc/systemd/system/kinit.timer [Unit] Description=Fist Initialisation of KRB5 [Timer] OnBootSec=3min [Install] WantedBy=timers.target Why do you need to start it two times - once as normal service and second time as timer? Normal, I like to start only with timer service. Then why does your .service have an [Install] section? /// I suggest using `k5start` instead, as a regular `kinit` will just obtain a ticket but won't do anything when it expires in a few hours. [Unit] After=network.target [Service] Type=forking ExecStart=/usr/bin/k5start -k FILE:/tmp/krb5cc_host -L -b -K 30 -f /etc/krb5.keytab -u host/asmtp.gjn.prv Restart=on-failure [Install] WantedBy=multi-user.target -- Mantas Mikulėnas graw...@gmail.com ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
В Thu, 2 Oct 2014 13:55:19 +0300 Mantas Mikulėnas graw...@gmail.com пишет: On Tue, Sep 30, 2014 at 8:24 PM, Günther J. g...@gjn.priv.at wrote: Hello, Am Dienstag, 30. September 2014, 20:38:10 schrieb Andrei Borzenkov: В Tue, 30 Sep 2014 13:24:13 +0200 Günther J. Niederwimmer g...@gjn.priv.at пишет: Hello, I have a problem to run this correct, it is working on a reboot but not on start up. What does not work means exactly? Bette I say it works sometime but the most of the Time not Can any help me for this Problem, Thanks. Without clear explanation what working and what not working is? Unlikely. I have a 0/SUCCESS in the status but I have no Principal What do you have in the system log then? Doesn't kinit output any error messages to the journal? Also, *where* are you looking for the tickets? Your .service unit does not specify the cache location anywhere, so kinit might not be using the location you expect – it might be using FILE:/tmp/krb5cc_0 or something such. It is openSUSE so tickets go into /run/user/uid/something-I-forgot And yes, this turned out to be a problem for services started by root because this directory does not yet exist. After=SuSEfirewall2_setup.service [Service] Type=simple Do you really mean it? I'd rather expect oneshot here. I have a systemd Error with oneshot What error? Type=simple is really wrong for kinit. It would be fine for k5start. ExecStart=/usr/bin/kinit -k host/asmtp.gjn.prv Restart=on-failure RestartSec=30 [Install] WantedBy=multi-user.target /etc/systemd/system/kinit.timer [Unit] Description=Fist Initialisation of KRB5 [Timer] OnBootSec=3min [Install] WantedBy=timers.target Why do you need to start it two times - once as normal service and second time as timer? Normal, I like to start only with timer service. Then why does your .service have an [Install] section? /// I suggest using `k5start` instead, as a regular `kinit` will just obtain a ticket but won't do anything when it expires in a few hours. [Unit] After=network.target [Service] Type=forking ExecStart=/usr/bin/k5start -k FILE:/tmp/krb5cc_host -L -b -K 30 -f /etc/krb5.keytab -u host/asmtp.gjn.prv Restart=on-failure [Install] WantedBy=multi-user.target ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
В Thu, 02 Oct 2014 12:53:45 +0200 Günther J. Niederwimmer g...@gjn.priv.at пишет: Hello, Am Donnerstag, 2. Oktober 2014, 12:38:42 schrieb Lennart Poettering: On Thu, 02.10.14 12:34, Günther J. Niederwimmer (g...@gjn.priv.at) wrote: this is my construct is any wrong in this files? /etc/tmpfiles.d/kinit.conf d /run/user/0/krb5cc 1777 root root - This won't work. We nowadays mount /run/user/$UID as a tmpfs at the time of first login of a user, and unmount it at time of last logout. Creating a dir in that directory will hence have little effect during runtime, as it will be overmounted as you log in. Is it possible to test if the file / link exist (/run/user/0/krb5cc/tkt) with systemd and restart when not. Start with redefining kerberos cache to be somewhere else, in a directory that is known to exist. Like /tmp :) No, this is not available. now I found a way to start kinit on the KVM Clients but not on the Host :(. Note that this won't work at all with more recent krb versions as they nowadays use the kernel user keyring to store the tickets in... But anyway, I am no kerberos guru, I am not sure I grok what you are trying to do. I like only to do after reboot or start a kinit -k host/... with a timer. on the the KVM-Host the kerberos server is a KVM-client. I have with sytemctl status kinit a 0/SUCCSESS but no tkt file And couple of posts before you said you had an ERROR ... How do you check whether tkt file exists? Heck, add ExecStartPost which does ls -lr /run/user/0 which at least will prove that this file existed right after kinit completed. Or not ... Thats all :-(. On a older system I make it with crons extra character @reboot but this is no longer working. I can't say way ? ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
On Tue, Sep 30, 2014 at 9:24 PM, Günther J. g...@gjn.priv.at wrote: Hello, Am Dienstag, 30. September 2014, 20:38:10 schrieb Andrei Borzenkov: В Tue, 30 Sep 2014 13:24:13 +0200 Günther J. Niederwimmer g...@gjn.priv.at пишет: Hello, I have a problem to run this correct, it is working on a reboot but not on start up. What does not work means exactly? Bette I say it works sometime but the most of the Time not Can any help me for this Problem, Thanks. Without clear explanation what working and what not working is? Unlikely. I have a 0/SUCCESS in the status but I have no Principal I'm confused. You mean - you have no ticket for principal, or that TGT replies that your principal does not exist? I make a new service File for the kerberos initialisation this is my construct is any wrong in this files? /etc/tmpfiles.d/kinit.conf d /run/user/0/krb5cc 1777 root root - /etc/systemd/system/kinit.service [Unit] Description=Kerberos initial kinit Wants=SuSEfirewall2_setup.service Why Kerberos initialization *wants* firewall? I can understand After, but I have hard time to understand Wants here. The kerberos Server is on a other System (KVM Client) OK I delete the Wants ;) and change After=network.target After=SuSEfirewall2_setup.service [Service] Type=simple Do you really mean it? I'd rather expect oneshot here. I have a systemd Error with oneshot Well, in both cases it looks like kinit fails to obtain a ticket. So this is the real problem you need to debug. systemd can assist here by capturing output of kinit for further analysis, but that's probably all. Try asking kerberos guys how to enable verbose debugging of kinit. ExecStart=/usr/bin/kinit -k host/asmtp.gjn.prv Restart=on-failure RestartSec=30 [Install] WantedBy=multi-user.target /etc/systemd/system/kinit.timer [Unit] Description=Fist Initialisation of KRB5 [Timer] OnBootSec=3min [Install] WantedBy=timers.target Why do you need to start it two times - once as normal service and second time as timer? Normal, I like to start only with timer service. -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
В Tue, 30 Sep 2014 13:24:13 +0200 Günther J. Niederwimmer g...@gjn.priv.at пишет: Hello, I have a problem to run this correct, it is working on a reboot but not on start up. What does not work means exactly? Can any help me for this Problem, Thanks. Without clear explanation what working and what not working is? Unlikely. I make a new service File for the kerberos initialisation this is my construct is any wrong in this files? /etc/tmpfiles.d/kinit.conf d /run/user/0/krb5cc 1777 root root - /etc/systemd/system/kinit.service [Unit] Description=Kerberos initial kinit Wants=SuSEfirewall2_setup.service Why Kerberos initialization *wants* firewall? I can understand After, but I have hard time to understand Wants here. After=SuSEfirewall2_setup.service [Service] Type=simple Do you really mean it? I'd rather expect oneshot here. ExecStart=/usr/bin/kinit -k host/asmtp.gjn.prv Restart=on-failure RestartSec=30 [Install] WantedBy=multi-user.target /etc/systemd/system/kinit.timer [Unit] Description=Fist Initialisation of KRB5 [Timer] OnBootSec=3min [Install] WantedBy=timers.target Why do you need to start it two times - once as normal service and second time as timer? Thanks for the help. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Why working this on reboot but not on start up
Hello, Am Dienstag, 30. September 2014, 20:38:10 schrieb Andrei Borzenkov: В Tue, 30 Sep 2014 13:24:13 +0200 Günther J. Niederwimmer g...@gjn.priv.at пишет: Hello, I have a problem to run this correct, it is working on a reboot but not on start up. What does not work means exactly? Bette I say it works sometime but the most of the Time not Can any help me for this Problem, Thanks. Without clear explanation what working and what not working is? Unlikely. I have a 0/SUCCESS in the status but I have no Principal I make a new service File for the kerberos initialisation this is my construct is any wrong in this files? /etc/tmpfiles.d/kinit.conf d /run/user/0/krb5cc 1777 root root - /etc/systemd/system/kinit.service [Unit] Description=Kerberos initial kinit Wants=SuSEfirewall2_setup.service Why Kerberos initialization *wants* firewall? I can understand After, but I have hard time to understand Wants here. The kerberos Server is on a other System (KVM Client) OK I delete the Wants ;) and change After=network.target After=SuSEfirewall2_setup.service [Service] Type=simple Do you really mean it? I'd rather expect oneshot here. I have a systemd Error with oneshot ExecStart=/usr/bin/kinit -k host/asmtp.gjn.prv Restart=on-failure RestartSec=30 [Install] WantedBy=multi-user.target /etc/systemd/system/kinit.timer [Unit] Description=Fist Initialisation of KRB5 [Timer] OnBootSec=3min [Install] WantedBy=timers.target Why do you need to start it two times - once as normal service and second time as timer? Normal, I like to start only with timer service. -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel