Re: [systemd-devel] Info about JoinsNamespaceOf, PrivateNetwork systemd directives
On 05/30/2016 06:04 PM, Lennart Poettering wrote: On Mon, 30.05.16 16:24, george Karakou (mad-proffes...@hotmail.com) wrote: Hi again, i am a bit curious about these two directives. Can somebody explain in a few words how are these implemented? Using linux network namespaces? Or simply put somehow services using these 2 directives are forbidden to bind to l3, l4 sockets and only allowed to communicate via unix domain sockets? Its an interesting feature, i thought i should give it a try. PrivateNetwork= simply runs a service in a new network namespace, and adds a loopback device to it, but nothing else. JoinsNamespaceOf= then allows you to run multiple services within the same namespace. Note that network namespaces cover AF_INET and AF_INET6 sockets, as well as abstract AF_UNIX socket, but not AF_UNIX sockets that are stored in the file system, those are namespaced via the filesystem namespaces logic. Lennart Thanks a lot, this clarifies it. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Info about JoinsNamespaceOf, PrivateNetwork systemd directives
On 05/30/2016 04:32 PM, Mantas Mikulėnas wrote: On Mon, May 30, 2016 at 4:24 PM, george Karakou mailto:mad-proffes...@hotmail.com>> wrote: Hi again, i am a bit curious about these two directives. Can somebody explain in a few words how are these implemented? Using linux network namespaces? Or simply put somehow services using these 2 directives are forbidden to bind to l3, l4 sockets and only allowed to communicate via unix domain sockets? Its an interesting feature, i thought i should give it a try. Yes, they use network namespaces, the same kind as `ip netns` or `unshare --net`. Compare /proc//ns/net of affected processes. (RestrictAddressFamilies=, however, uses seccomp to forbid using certain types of sockets.) -- Mantas Mikulėnas mailto:graw...@gmail.com>> Well, thanks my use case was dbus and dbus activated services but i couldn't make udisks2 work using PrivateNetwork and dbus'es namespace. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Info about JoinsNamespaceOf, PrivateNetwork systemd directives
Hi again, i am a bit curious about these two directives. Can somebody explain in a few words how are these implemented? Using linux network namespaces? Or simply put somehow services using these 2 directives are forbidden to bind to l3, l4 sockets and only allowed to communicate via unix domain sockets? Its an interesting feature, i thought i should give it a try. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Require a systemd.unit to finish completely before other services(units) are started
Your answer was correct(and of course acceptable) in the way it helped me understand what the solution was. The stanza on Mantas mail: "systemd has no way to know that dispatcher is doing a background job by the time it finishes starting up" was a full explanation of the whole parallel question i had. So if i want to be exact, one answer completed/supplemented the other. Sorry for not making it clear greetings, George On 04/26/2016 06:01 PM, Michael Biebl wrote: 2016-04-26 16:49 GMT+02:00 george Karakou : You were really close, the correct answer is provided by mantas. Anyway driven from your thought i moved the script's execution to NetworkManager and i am now at the point i wanted. Though i have added 2 and something minutes to my startup process time. Thanks. Ordering after the dispatcher won't help. The dispatcher is not part of the initial transaction (e.g. pulled in by multi-user.target.wants). I'm pretty sure my answer was correct, but thanks. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Require a systemd.unit to finish completely before other services(units) are started
You were really close, the correct answer is provided by mantas. Anyway driven from your thought i moved the script's execution to NetworkManager and i am now at the point i wanted. Though i have added 2 and something minutes to my startup process time. Thanks. Ordering after the dispatcher won't help. The dispatcher is not part of the initial transaction (e.g. pulled in by multi-user.target.wants). 2016-04-26 14:14 GMT+02:00 george Karakou: It's actually NetworkManager-dispatcher whose actual job is -if i am not mistaken- to run some scripts after NetworkManager main process. Though i have configured NetworkManager-wait-online too but systemd's parallelizazion is unbeatable: services are started in parallel and i see other services that i have ordered after dispatcher finishing starting and dispatcher is still exec'ing my scripts. On 04/26/2016 01:00 PM, Mantas Mikulėnas wrote: Well, this sounds like your service should have some equivalent to NetworkManager's or systemd-networkd's "wait-until-online" tools. For example, there's NetworkManager-wait-online.service which blocks until NM has configured at least one connection fully, so other services can order against it (usually via network-online.target). (In fact, this sounds like you're talking about NetworkManager...) On Tue, Apr 26, 2016, 12:42 george Karakou wrote: On 04/26/2016 09:35 AM, Andrei Borzenkov wrote: On Tue, Apr 26, 2016 at 9:27 AM, george Karakou wrote: Hi list, how are you all? I hope everyone is doing well. I have a long starting unit that executes some(many actually) scripts and with the parallel nature of systemd init process it doesn't fully start up before some other units i have starting after it. Meaning "After=" directives in [Unit] section don't fully fill my needs here. Is there a workaround? Is Type=oneshot an option? I understand that this demand somewhat violates the parallel principle of the systemd init daemon but can it somehow be serialized? Thanks for any advice. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel The service is of type dbus and i don't know if i want to break its functionality(since its a system-service and registers a name on the bus). But thanks. On 04/26/2016 10:01 AM, Mantas Mikulėnas wrote: On Tue, Apr 26, 2016 at 9:27 AM, george Karakou wrote: Hi list, how are you all? I hope everyone is doing well. I have a long starting unit that executes some(many actually) scripts and with the parallel nature of systemd init process it doesn't fully start up before some other units i have starting after it. Meaning "After=" directives in [Unit] section don't fully fill my needs here. No, that's*exactly* the case for After= directives. To disable parallelization for some parts of the boot process, you use Before= and After= – that's it. That said, if After=foo.service doesn't work properly, it usually means foo.service is lying to systemd about when it has "finished starting". If that's the case, you'd have exactly the same problems no matter what kind of serialization you try to enable. If your megascript starts multiple daemons, then maybe it should be split into several independent .service units, one for each daemon? If that's not acceptable, try changing it to Type=notify, and make it use `systemd-notify READY=1` once it's done. -- Mantas Mikulėnas This service is vital for the networking part since it adds interfaces to bridge, adds static arp entries and some other stuff and the point is to have all this networking initialization in a central unit and then start everything else, after the interfaces have been "upped". And since it is a dbus service i don't know if i want to "break" it's functionality. Anyway i don't see anything severely broken, like firewalls complaining of non-existent interfaces after they have initialized, so i am aknowledging this as not so high priority and i therefor thank you both. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? On 04/26/2016 05:37 PM, Mantas Mikulėnas wrote: On Tue, Apr 26, 2016 at 3:14 PM, george Karakou mailto:mad-proffes...@hotmail.com>> wrote: It's actually NetworkManager-dispatcher whose actual job is -if i am not mistaken- to run some scripts after NetworkManager main process. Though i have configured NetworkManager-wait-online too but systemd's parallelizazion is unbeatable: services are started in parallel and i s
Re: [systemd-devel] Require a systemd.unit to finish completely before other services(units) are started
It's actually NetworkManager-dispatcher whose actual job is -if i am not mistaken- to run some scripts after NetworkManager main process. Though i have configured NetworkManager-wait-online too but systemd's parallelizazion is unbeatable: services are started in parallel and i see other services that i have ordered after dispatcher finishing starting and dispatcher is still exec'ing my scripts. On 04/26/2016 01:00 PM, Mantas Mikulėnas wrote: Well, this sounds like your service should have some equivalent to NetworkManager's or systemd-networkd's "wait-until-online" tools. For example, there's NetworkManager-wait-online.service which blocks until NM has configured at least one connection fully, so other services can order against it (usually via network-online.target). (In fact, this sounds like you're talking about NetworkManager...) On Tue, Apr 26, 2016, 12:42 george Karakou <mailto:mad-proffes...@hotmail.com>> wrote: On 04/26/2016 09:35 AM, Andrei Borzenkov wrote: On Tue, Apr 26, 2016 at 9:27 AM, george Karakou <mailto:mad-proffes...@hotmail.com> wrote: Hi list, how are you all? I hope everyone is doing well. I have a long starting unit that executes some(many actually) scripts and with the parallel nature of systemd init process it doesn't fully start up before some other units i have starting after it. Meaning "After=" directives in [Unit] section don't fully fill my needs here. Is there a workaround? Is Type=oneshot an option? I understand that this demand somewhat violates the parallel principle of the systemd init daemon but can it somehow be serialized? Thanks for any advice. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org <mailto:systemd-devel@lists.freedesktop.org> https://lists.freedesktop.org/mailman/listinfo/systemd-devel The service is of type dbus and i don't know if i want to break its functionality(since its a system-service and registers a name on the bus). But thanks. On 04/26/2016 10:01 AM, Mantas Mikulėnas wrote: On Tue, Apr 26, 2016 at 9:27 AM, george Karakou mailto:mad-proffes...@hotmail.com>> wrote: Hi list, how are you all? I hope everyone is doing well. I have a long starting unit that executes some(many actually) scripts and with the parallel nature of systemd init process it doesn't fully start up before some other units i have starting after it. Meaning "After=" directives in [Unit] section don't fully fill my needs here. No, that's *exactly* the case for After= directives. To disable parallelization for some parts of the boot process, you use Before= and After= – that's it. That said, if After=foo.service doesn't work properly, it usually means foo.service is lying to systemd about when it has "finished starting". If that's the case, you'd have exactly the same problems no matter what kind of serialization you try to enable. If your megascript starts multiple daemons, then maybe it should be split into several independent .service units, one for each daemon? If that's not acceptable, try changing it to Type=notify, and make it use `systemd-notify READY=1` once it's done. -- Mantas Mikulėnas mailto:graw...@gmail.com>> This service is vital for the networking part since it adds interfaces to bridge, adds static arp entries and some other stuff and the point is to have all this networking initialization in a central unit and then start everything else, after the interfaces have been "upped". And since it is a dbus service i don't know if i want to "break" it's functionality. Anyway i don't see anything severely broken, like firewalls complaining of non-existent interfaces after they have initialized, so i am aknowledging this as not so high priority and i therefor thank you both. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Require a systemd.unit to finish completely before other services(units) are started
On 04/26/2016 09:35 AM, Andrei Borzenkov wrote: On Tue, Apr 26, 2016 at 9:27 AM, george Karakou wrote: Hi list, how are you all? I hope everyone is doing well. I have a long starting unit that executes some(many actually) scripts and with the parallel nature of systemd init process it doesn't fully start up before some other units i have starting after it. Meaning "After=" directives in [Unit] section don't fully fill my needs here. Is there a workaround? Is Type=oneshot an option? I understand that this demand somewhat violates the parallel principle of the systemd init daemon but can it somehow be serialized? Thanks for any advice. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel The service is of type dbus and i don't know if i want to break its functionality(since its a system-service and registers a name on the bus). But thanks. On 04/26/2016 10:01 AM, Mantas Mikulėnas wrote: On Tue, Apr 26, 2016 at 9:27 AM, george Karakou mailto:mad-proffes...@hotmail.com>> wrote: Hi list, how are you all? I hope everyone is doing well. I have a long starting unit that executes some(many actually) scripts and with the parallel nature of systemd init process it doesn't fully start up before some other units i have starting after it. Meaning "After=" directives in [Unit] section don't fully fill my needs here. No, that's *exactly* the case for After= directives. To disable parallelization for some parts of the boot process, you use Before= and After= – that's it. That said, if After=foo.service doesn't work properly, it usually means foo.service is lying to systemd about when it has "finished starting". If that's the case, you'd have exactly the same problems no matter what kind of serialization you try to enable. If your megascript starts multiple daemons, then maybe it should be split into several independent .service units, one for each daemon? If that's not acceptable, try changing it to Type=notify, and make it use `systemd-notify READY=1` once it's done. -- Mantas Mikulėnas mailto:graw...@gmail.com>> This service is vital for the networking part since it adds interfaces to bridge, adds static arp entries and some other stuff and the point is to have all this networking initialization in a central unit and then start everything else, after the interfaces have been "upped". And since it is a dbus service i don't know if i want to "break" it's functionality. Anyway i don't see anything severely broken, like firewalls complaining of non-existent interfaces after they have initialized, so i am aknowledging this as not so high priority and i therefor thank you both. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Require a systemd.unit to finish completely before other services(units) are started
Hi list, how are you all? I hope everyone is doing well. I have a long starting unit that executes some(many actually) scripts and with the parallel nature of systemd init process it doesn't fully start up before some other units i have starting after it. Meaning "After=" directives in [Unit] section don't fully fill my needs here. Is there a workaround? I understand that this demand somewhat violates the parallel principle of the systemd init daemon but can it somehow be serialized? Thanks for any advice. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
