Bug#960672: [Pkg-sssd-devel] Bug#960672: sssd: Update service file

[Timo Aaltonen]

On 1.7.2020 11.57, Jörg Behrmann wrote:
> On 01.07.20 09:14, Timo Aaltonen wrote:
>> I'm not doing this, instead I'll add DEBUG_LOGGER template to
>> /etc/default/sssd and mention that DAEMON_OPTS is only used for the
>> initscript.
>>
> 
> I would like to argue, that the total removal of the coupling of the
> service file and /etc/defaults/sssd might be the better way forward.
> 
> The current state is that /etc/defaults/sssd has no effect on
> sssd.service. I don't think it's a good idea to introduce it now, since
> it's a hidden layer of configuration that cannot be accessed via
> `systemctl cat`.
> 
> It's perfectly fine for init scripts to use /etc/defaults, as there is
> no better mechanism to alter configuration, but for systemd unit files
> drop-ins are far superior, since `systemctl cat` aggregates them,
> shifting the burden of piecing together the configuration away from admins.
> 
> Furthermore, using drop-ins in /lib/systemd/system/sssd.service.d would
> allow to carry Debian changes to the default config in files that could
> be changed atomically on updates without interfering with locally
> supplied changes.

Feel free to suggest that upstream then, they still use sysconfig for
the daemon configuration, and expect us to have /etc/default/sssd, as
shown in the commit that introduced DEBUG_LOGGER:

commit a7277fecf7a65ab6c83b36f009c558cdfbf997d2
Author: Lukas Slebodnik 
Date:   Mon Oct 23 18:03:46 2017 +0200

SYSTEMD: Replace parameter --debug-to-files with ${DEBUG_LOGGER}

Users can set variable DEBUG_LOGGER in environment files
(/etc/sysconfig/sssd or /etc/default/sssd; depending on the
distribution)
to override default logging to files.

e.g.
DEBUG_LOGGER=--logger=stderr
DEBUG_LOGGER=--logger=journald

Resolves:
https://pagure.io/SSSD/sssd/issue/3433


-- 
t



signature.asc
Description: OpenPGP digital signature

Bug#960672: [Pkg-sssd-devel] Bug#960672: sssd: Update service file

[Jörg Behrmann]

On 01.07.20 09:14, Timo Aaltonen wrote:
> I'm not doing this, instead I'll add DEBUG_LOGGER template to
> /etc/default/sssd and mention that DAEMON_OPTS is only used for the
> initscript.
> 

I would like to argue, that the total removal of the coupling of the
service file and /etc/defaults/sssd might be the better way forward.

The current state is that /etc/defaults/sssd has no effect on
sssd.service. I don't think it's a good idea to introduce it now, since
it's a hidden layer of configuration that cannot be accessed via
`systemctl cat`.

It's perfectly fine for init scripts to use /etc/defaults, as there is
no better mechanism to alter configuration, but for systemd unit files
drop-ins are far superior, since `systemctl cat` aggregates them,
shifting the burden of piecing together the configuration away from admins.

Furthermore, using drop-ins in /lib/systemd/system/sssd.service.d would
allow to carry Debian changes to the default config in files that could
be changed atomically on updates without interfering with locally
supplied changes.




signature.asc
Description: OpenPGP digital signature

Bug#960672: [Pkg-sssd-devel] Bug#960672: sssd: Update service file

[Timo Aaltonen]

On 15.5.2020 12.43, Jörg Behrmann wrote:
> Package: sssd
> Version: 1.16.3-3.2
> Severity: normal
> Tags: patch
> 
> The service file for sssd seems to be the upstream one, but on Debian it has
> some minor issues:
> 
> 1. PIDFile is set to /var/run/sssd.pid via PIDFile=@pidpath@/sssd.pid during 
> the
>build, but systemd-analyze complains
> 
>/lib/systemd/system/sssd.service:13: PIDFile= references a path below 
> legacy directory /var/run/, updating /var/run/sssd.pid → /run/sssd.pid; 
> please update the unit file accordingly.
> 
>The path is automatically updated, but it does produce unnecessary logspam.
> 
>The configure script seems to have an option --with-pid-path to change 
> this.

this is done in git

> 2. The EnvironmentFile is set to -/etc/default/sssd, but said file says that 
> it
>is only used for /etc/init.d/sssd and its DAEMON_OPTS, that are thankfully
>unused in the service file, would daemonize sssd in contradiction to the
>explicit foreground option in ExecStart and also use the deprecated
>--debug-to-files option (via its shorthand -f).
> 
>It would be best to just remove the line, although this would need to be 
> done
>in all sssd service files.
> 
> 3. The DEBUG_LOGGER environment variable should be unnecessary, when all sssd
>services are socket activated, and --logger could be set on the ExecStart
>line, making the configuration clearer.
> 
> Attached is how the sssd.service file could look. I do understand, though, 
> that
> all the service files for the socket activated mode of service would need to 
> be
> changed as well. I would do the busy work if needed.

I'm not doing this, instead I'll add DEBUG_LOGGER template to
/etc/default/sssd and mention that DAEMON_OPTS is only used for the
initscript.


-- 
t

Bug#960672: sssd: Update service file

[Jörg Behrmann]

Package: sssd
Version: 1.16.3-3.2
Severity: normal
Tags: patch

The service file for sssd seems to be the upstream one, but on Debian it has
some minor issues:

1. PIDFile is set to /var/run/sssd.pid via PIDFile=@pidpath@/sssd.pid during the
   build, but systemd-analyze complains

   /lib/systemd/system/sssd.service:13: PIDFile= references a path below legacy 
directory /var/run/, updating /var/run/sssd.pid → /run/sssd.pid; please update 
the unit file accordingly.

   The path is automatically updated, but it does produce unnecessary logspam.

   The configure script seems to have an option --with-pid-path to change this.

2. The EnvironmentFile is set to -/etc/default/sssd, but said file says that it
   is only used for /etc/init.d/sssd and its DAEMON_OPTS, that are thankfully
   unused in the service file, would daemonize sssd in contradiction to the
   explicit foreground option in ExecStart and also use the deprecated
   --debug-to-files option (via its shorthand -f).

   It would be best to just remove the line, although this would need to be done
   in all sssd service files.

3. The DEBUG_LOGGER environment variable should be unnecessary, when all sssd
   services are socket activated, and --logger could be set on the ExecStart
   line, making the configuration clearer.

Attached is how the sssd.service file could look. I do understand, though, that
all the service files for the socket activated mode of service would need to be
changed as well. I would do the busy work if needed.

-- System Information:
Debian Release: 10.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-0.bpo.2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sssd depends on:
ii  python3-sss  1.16.3-3.2
ii  sssd-ad  1.16.3-3.2
ii  sssd-common  1.16.3-3.2
ii  sssd-ipa 1.16.3-3.2
ii  sssd-krb51.16.3-3.2
ii  sssd-ldap1.16.3-3.2
ii  sssd-proxy   1.16.3-3.2

sssd recommends no packages.

sssd suggests no packages.

-- no debconf information
[Unit]
Description=System Security Services Daemon
# SSSD must be running before we permit user sessions
Before=systemd-user-sessions.service nss-user-lookup.target
Wants=nss-user-lookup.target

[Service]
ExecStart=/usr/sbin/sssd -i --logger=files
Type=notify
NotifyAccess=main
PIDFile=/run/sssd.pid

[Install]
WantedBy=multi-user.target