Re: [gentoo-user] Systemd query ...
On Wed, May 17, 2023 at 6:18 AM Jacques Montier wrote: > > Well, well, Rich, you are completely right, you've found the key ! > I have that line in make.conf > INSTALL_MASK="/lib/systemd/system /usr/lib/systemd/system" > I now see where it comes from. > On the same machine, I have another OpenRC Gentoo with systemd masqued. > I just copîed the make.conf without uncommenting that line... How silly i am > !!! > So I delete that bl...y line ! > So, I realize this will be controversial, but this is why I don't make super-minimalistic builds. If I were trying to make a Gentoo build to run on a C64 or something and every last inode counted, then sure. However, things like text files simply don't do anything if nothing reads them. These days I also tend to be generous with building kernel modules - it slows down kernel builds, but it has no impact on running kernels if they aren't actually loaded. I also use -mtune these days and not -march. Sure, you lose a little performance, but if I lose a motherboard then I can just build a new PC, stick my hard drive in it, and it will just work. Now, if you're building disposable workers in some cluster that processes lots of jobs, then sure that extra few percent performance might be worth it, but then the individual hosts are all disposable anyway. Otherwise, I've found it is much better to optimize things for MY time than CPU time. -- Rich
Re: [gentoo-user] Systemd query ...
Le mer. 17 mai 2023 à 11:30, Rich Freeman a écrit : > On Wed, May 17, 2023 at 4:43 AM Jacques Montier > wrote: > > > > As I didn't mask anything, I don't understand why this file was not > installed as it was declared in the apache ebuild... > > You don't have anything set in INSTALL_MASK? Check "emerge --info > www-servers/apache" > > You might want to check the build log for anything. I don't think > there is anything conditional about systemd_newunit, and it is > supposed to generate a fatal error if it fails. > > -- > Rich > > Well, well, Rich, you are completely right, you've found the key ! I have that line in make.conf INSTALL_MASK="/lib/systemd/system /usr/lib/systemd/system" I now see where it comes from. On the same machine, I have another OpenRC Gentoo with systemd masqued. I just copîed the make.conf without uncommenting that line... How silly i am !!! So I delete that bl...y line ! Thanks a lot, Cheers -- Jacques
Re: [gentoo-user] Systemd query ...
On Wed, May 17, 2023 at 4:43 AM Jacques Montier wrote: > > As I didn't mask anything, I don't understand why this file was not installed > as it was declared in the apache ebuild... You don't have anything set in INSTALL_MASK? Check "emerge --info www-servers/apache" You might want to check the build log for anything. I don't think there is anything conditional about systemd_newunit, and it is supposed to generate a fatal error if it fails. -- Rich
Re: [gentoo-user] Systemd query ...
Hi all, Thanks to Neil and Rich. I Effectively found the file www-servers/apache/files/apache2.4-hardened.service. I renamed it as apache2.service in /lib/systemd/system. Now it works !!! BUT, As I didn't mask anything, I don't understand why this file was not installed as it was declared in the apache ebuild... # Note: wait for mod_systemd to be included in some forthcoming release, # Then apache2.4.service can be used and systemd support controlled # through --enable-systemd systemd_newunit "${FILESDIR}/apache2.4-hardened.service" "apache2.service" dotmpfiles "${FILESDIR}/apache.conf" #insinto /etc/apache2/modules.d #doins "${FILESDIR}/00_systemd.conf" My use flags and modules : Installed versions: 2.4.55-r1(2)(11:11:07 12/05/2023)(gdbm ssl suexec-caps systemd -debug -doc -ldap -selinux -split-usr -static -suexec -suexec-syslog -threads APACHE2_MODULES="actions alias auth_basic authn_anon authn_core authn_dbm authn_file authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers http2 include info log_config logio mime mime_magic negotiation rewrite setenvif socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias -access_compat -asis -auth_digest -auth_form -authn_dbd -authn_socache -authz_dbd -brotli -cache_disk -cache_socache -cern_meta -charset_lite -dbd -dumpio -ident -imagemap -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -log_forensic -lua -macro -md -proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_fcgi -proxy_ftp -proxy_hcheck -proxy_html -proxy_http -proxy_http2 -proxy_scgi -proxy_uwsgi -proxy_wstunnel -ratelimit -remoteip -reqtimeout -session -session_cookie -session_crypto -session_dbd -slotmem_shm -socache_memcache -substitute -version -watchdog -xml2enc" APACHE2_MPMS="-event -prefork -worker" LUA_SINGLE_TARGET="lua5-1 -lua5-3 -lua5-4") However, it works fine and thanks again to all of you ! Cheers, -- Jacques Le mar. 16 mai 2023 à 21:43, Rich Freeman a écrit : > On Tue, May 16, 2023 at 3:32 PM Jacques Montier > wrote: > > > > After install, apache2.service not found... > > Have you done something to mask service file installs/etc? > > The unit file is in the gentoo repo: > www-servers/apache/files/apache2.4-hardened.service > > -- > Rich > >
Re: [gentoo-user] Systemd query ...
>Le lun. 15 mai 2023 à 11:58, Wols Lists a écrit : > >> Nothing to do with but sparked by the Apache problem ... >> >> One of the emails mentioned that the "ExecStop" section didn't appear to >> be working ... That's caused me considerable grief in a systemd config >> file I've written ... >> >> Basically, somebody else added an ExecStop section - and all hell broke >> loose. It seemed to be firing on boot :-( And the service in question - >> ScarletDME - seemed to be killing processes at random, like DoveCot ... >> >> Okay, accidentally killing processes it shouldn't is probably down the >> fork/exec code in ScarletDME, I haven't dug into it to know, but systemd >> should not be triggering the stop in the first place. Has anybody else >> encountered anything like this? >> >> Sorry I'm not likely to respond quickly to say "solved", as I need to >> get "in the mood" to get back to debugging, but if anybody has any hints >> and tips, they'd be appreciated, and it might shed some light on that >> Apache problem :-) >> >> Cheers, >> Wol >> >> >Hi Wol, > >It was very difficult to get Apache working with systemd Gentoo. >No apache2.service found with apache installation. >so i looked at the Linux Mint OS to copy the apache2.service. >These commands > >ExecStart=/usr/sbin/apachectl start >ExecStop=/usr/sbin/apachectl graceful-stop >ExecReload=/usr/sbin/apachectl graceful > >did not work at all... >BUT, >By manually launching /usr/bin/apache2ctl, it worked. > On my gentoo system apache is installed in /usr/sbin as apache2 and apache2ctl ^ It also installs /lib/systemd/system/apache2.service which references the above files in a "gentoo-ish" way. The Linux Mint service file you list above refers to apache without the "2". Perhaps this shedd some light on your problem. DaveF >So i wrote a little simple bash script /usr/bin/op_apache > >#!/bin/bash > >case ${1} in >"start") >apache2ctl >;; >"stop") >killall apache2 >;; >"restart") >killall apache2 >sleep 1 >apache2ctl >;; >esac > >And in apache2.service, i put : > >ExecStart=/usr/bin/op_apache start >ExecStop=/usr/bin/op_apache stop >ExecReload=/usr/sbin/op_apache restart > >Now it works fine, but what a headache ! > >Cheers, > >-- >Jacques >
Re: [gentoo-user] Systemd query ...
On Tue, May 16, 2023 at 3:32 PM Jacques Montier wrote: > > After install, apache2.service not found... Have you done something to mask service file installs/etc? The unit file is in the gentoo repo: www-servers/apache/files/apache2.4-hardened.service -- Rich
Re: [gentoo-user] Systemd query ...
Le mar. 16 mai 2023, 20:58, Neil Bothwick a écrit : > On Tue, 16 May 2023 20:03:36 +0200, Jacques Montier wrote: > > > It was very difficult to get Apache working with systemd Gentoo. > > No apache2.service found with apache installation. > > Really? > > % qfile apache2.service > www-servers/apache: /lib/systemd/system/apache2.service > > Yes. > After install, apache2.service not found... > > > > so i looked at the Linux Mint OS to copy the apache2.service. > > These commands > > > > ExecStart=/usr/sbin/apachectl start > > ExecStop=/usr/sbin/apachectl graceful-stop > > ExecReload=/usr/sbin/apachectl graceful > > > > did not work at all... > > % systemctl cat apache2.service > # /lib/systemd/system/apache2.service > [Unit] > Description=The Apache HTTP Server > After=network.target remote-fs.target nss-lookup.target > > [Service] > EnvironmentFile=/etc/conf.d/apache2 > ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND > ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful > ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop > # We want systemd to give httpd some time to finish gracefully, but still > want # it to kill httpd after TimeoutStopSec if something went wrong > during the # graceful stop. Normally, Systemd sends SIGTERM signal right > after the # ExecStop, which would kill httpd. We are sending useless > SIGCONT here to give # httpd time to finish. > KillSignal=SIGCONT > PrivateTmp=true > #Hardening > CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE > CAP_KILL CAP_NET_BIND_SERVICE CAP_IPC_LOCK > SecureBits=noroot-locked > ProtectSystem=full > PrivateDevices=true > MemoryDenyWriteExecute=true > > [Install] > WantedBy=multi-user.target > > > -- > Neil Bothwick > > K: (n., adj.) a binary thousand, which isn't a decimal thousand or even > really a binary thousand (which is eight), but is the binary number > closest to a decimal thousand. This has proven so completely confusing > that it has become a standard. > Thanks Neil, i'll have a try. -- Jacques >
Re: [gentoo-user] Systemd query ...
On Tue, 16 May 2023 20:03:36 +0200, Jacques Montier wrote: > It was very difficult to get Apache working with systemd Gentoo. > No apache2.service found with apache installation. Really? % qfile apache2.service www-servers/apache: /lib/systemd/system/apache2.service > so i looked at the Linux Mint OS to copy the apache2.service. > These commands > > ExecStart=/usr/sbin/apachectl start > ExecStop=/usr/sbin/apachectl graceful-stop > ExecReload=/usr/sbin/apachectl graceful > > did not work at all... % systemctl cat apache2.service # /lib/systemd/system/apache2.service [Unit] Description=The Apache HTTP Server After=network.target remote-fs.target nss-lookup.target [Service] EnvironmentFile=/etc/conf.d/apache2 ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop # We want systemd to give httpd some time to finish gracefully, but still want # it to kill httpd after TimeoutStopSec if something went wrong during the # graceful stop. Normally, Systemd sends SIGTERM signal right after the # ExecStop, which would kill httpd. We are sending useless SIGCONT here to give # httpd time to finish. KillSignal=SIGCONT PrivateTmp=true #Hardening CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_KILL CAP_NET_BIND_SERVICE CAP_IPC_LOCK SecureBits=noroot-locked ProtectSystem=full PrivateDevices=true MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target -- Neil Bothwick K: (n., adj.) a binary thousand, which isn't a decimal thousand or even really a binary thousand (which is eight), but is the binary number closest to a decimal thousand. This has proven so completely confusing that it has become a standard. pgpuqHNUVm4hR.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Systemd query ...
Le lun. 15 mai 2023 à 11:58, Wols Lists a écrit : > Nothing to do with but sparked by the Apache problem ... > > One of the emails mentioned that the "ExecStop" section didn't appear to > be working ... That's caused me considerable grief in a systemd config > file I've written ... > > Basically, somebody else added an ExecStop section - and all hell broke > loose. It seemed to be firing on boot :-( And the service in question - > ScarletDME - seemed to be killing processes at random, like DoveCot ... > > Okay, accidentally killing processes it shouldn't is probably down the > fork/exec code in ScarletDME, I haven't dug into it to know, but systemd > should not be triggering the stop in the first place. Has anybody else > encountered anything like this? > > Sorry I'm not likely to respond quickly to say "solved", as I need to > get "in the mood" to get back to debugging, but if anybody has any hints > and tips, they'd be appreciated, and it might shed some light on that > Apache problem :-) > > Cheers, > Wol > > Hi Wol, It was very difficult to get Apache working with systemd Gentoo. No apache2.service found with apache installation. so i looked at the Linux Mint OS to copy the apache2.service. These commands ExecStart=/usr/sbin/apachectl start ExecStop=/usr/sbin/apachectl graceful-stop ExecReload=/usr/sbin/apachectl graceful did not work at all... BUT, By manually launching /usr/bin/apache2ctl, it worked. So i wrote a little simple bash script /usr/bin/op_apache #!/bin/bash case ${1} in "start") apache2ctl ;; "stop") killall apache2 ;; "restart") killall apache2 sleep 1 apache2ctl ;; esac And in apache2.service, i put : ExecStart=/usr/bin/op_apache start ExecStop=/usr/bin/op_apache stop ExecReload=/usr/sbin/op_apache restart Now it works fine, but what a headache ! Cheers, -- Jacques