Re: [systemd-devel] Handle device node timeout?
Hi, On Mon, Feb 19, 2024 at 11:18:13AM +0100, Lennart Poettering wrote: > On Di, 16.01.24 16:06, Mikko Rapeli (mikko.rap...@linaro.org) wrote: > > > Hi, > > > > I have services which depend on a specific device node. How can I run > > some recovery actions when the default 90s timeout for finding this > > device is hit? > > > > OnFailure= doesn't work as the service is not even started. > > > > Specifically the case is about supporting TPM2 encrypted rootfs but falling > > back to plain-text rootfs generation if there is no TPM2 device. Currently > > my initramfs works with TPM2 but without it fails with: > > In git main there's new infra to deal with this case: > > https://github.com/systemd/systemd/pull/30194 > > That should hopefully solve this systematically and generically. Thanks, I will try to port these patches to our systemd 254.4. Cheers, -Mikko
Re: [systemd-devel] Handle device node timeout?
On Di, 16.01.24 16:06, Mikko Rapeli (mikko.rap...@linaro.org) wrote: > Hi, > > I have services which depend on a specific device node. How can I run > some recovery actions when the default 90s timeout for finding this > device is hit? > > OnFailure= doesn't work as the service is not even started. > > Specifically the case is about supporting TPM2 encrypted rootfs but falling > back to plain-text rootfs generation if there is no TPM2 device. Currently > my initramfs works with TPM2 but without it fails with: In git main there's new infra to deal with this case: https://github.com/systemd/systemd/pull/30194 That should hopefully solve this systematically and generically. Lennart -- Lennart Poettering, Berlin
Re: [systemd-devel] Handle device node timeout?
On Tue, Jan 16, 2024 at 04:06:46PM +0200, Mikko Rapeli wrote: > I have services which depend on a specific device node. How can I run > some recovery actions when the default 90s timeout for finding this > device is hit? (Not sure if it is the best practice to do a plain-text fall back in case crypted device setup fails.) > OnFailure= doesn't work as the service is not even started. Compare it to how emergency.target is implemented. You could hook into primary target's OnFailure= and start another target with alternative device. > Fix is to remove Encrypt=tpm2 from systemd-repart config to generate plain > ext4 rootfs. Running the recovery scripts manually in emergency console > works, but I > can't figure out how to trigger this recovery automatically. You could let emergency.target pull in your recovery. (But as I pondered above a separate target may be a better approach than overloading emergency.) HTH, Michal signature.asc Description: PGP signature
[systemd-devel] Handle device node timeout?
Hi, I have services which depend on a specific device node. How can I run some recovery actions when the default 90s timeout for finding this device is hit? OnFailure= doesn't work as the service is not even started. Specifically the case is about supporting TPM2 encrypted rootfs but falling back to plain-text rootfs generation if there is no TPM2 device. Currently my initramfs works with TPM2 but without it fails with: [ TIME ] Timed out waiting for device /dev/gpt-auto-root. [DEPEND] Dependency failed for Initrd Root Device. [DEPEND] Dependency failed for Root Partition. [DEPEND] Dependency failed for Initrd Root File System. [DEPEND] Dependency failed for /sysroot/usr. [DEPEND] Dependency failed for Initrd File Systems. [DEPEND] Dependency failed for TPM2 PCR File System Measurement of /sysroot. [ TIME ] Timed out waiting for device /dev/tpmrm0. [DEPEND] Dependency failed for Repartition Root Disk. [DEPEND] Dependency failed for TPM2 PCR Machine ID Measurement. [ OK ] Stopped Dispatch Password Requests to Console Directory Watch. [ OK ] Reached target Timer Units. [ OK ] Reached target Socket Units. [ OK ] Started Emergency Shell. [ OK ] Reached target Emergency Mode. Fix is to remove Encrypt=tpm2 from systemd-repart config to generate plain ext4 rootfs. Running the recovery scripts manually in emergency console works, but I can't figure out how to trigger this recovery automatically. Using systemd 254.4 from yocto: sh-5.2# systemctl --version systemd 254 (254.4^) +PAM +AUDIT +SELINUX -APPARMOR +IMA -SMACK +SECCOMP -GCRYPT -GNUTLS +OPENSSL +ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE +TPM2 -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=hybrid Cheers, -Mikko