Re: [systemd-devel] How to prevent an initramfs service from being stopped at switch-root ?
On 11/01/16 13:09, Tomasz Torcz wrote: > On Mon, Jan 11, 2016 at 12:39:10PM +, John Lane wrote: >> I have some services in my initramfs that unlock some crypto volumes to >> make the root and some other filesystems available. > This seems relevant: > https://wiki.freedesktop.org/www/Software/systemd/RootStorageDaemons/ > Yeah, I read that. But it doesn't explain how to configure a unit. I read the bit about processes where the first character of the zeroth command line argument is '@' are excluded from the killing spree, but not sure how to do that from a unit specification file. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] How to prevent an initramfs service from being stopped at switch-root ?
On Mon, Jan 11, 2016 at 12:39:10PM +, John Lane wrote: > I have some services in my initramfs that unlock some crypto volumes to > make the root and some other filesystems available. This seems relevant: https://wiki.freedesktop.org/www/Software/systemd/RootStorageDaemons/ -- Tomasz TorczOnly gods can safely risk perfection, xmpp: zdzich...@chrome.pl it's a dangerous thing for a man. -- Alia ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] How to prevent an initramfs service from being stopped at switch-root ?
On Mon, Jan 11, 2016 at 3:38 PM, John Lanewrote: > On 11/01/16 13:09, Tomasz Torcz wrote: > > On Mon, Jan 11, 2016 at 12:39:10PM +, John Lane wrote: > >> I have some services in my initramfs that unlock some crypto volumes to > >> make the root and some other filesystems available. > > This seems relevant: > > https://wiki.freedesktop.org/www/Software/systemd/RootStorageDaemons/ > > > Yeah, I read that. But it doesn't explain how to configure a unit. I > read the bit about processes where the first character of the zeroth > command line argument is '@' are excluded from the killing spree, but > not sure how to do that from a unit specification file. This is primarily meant to be done by daemons themselves, and I'm really not sure if it works when done "externally" from a .service – but worth a try: ExecStart=@/usr/bin/myservice @myservice --option --option KillMode=none (The two "@"s have different meanings – the first one is documented in systemd.service, the second in RootStorageDaemons.) -- Mantas Mikulėnas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] How to prevent an initramfs service from being stopped at switch-root ?
On Mon, 11.01.16 13:38, John Lane (syst...@jelmail.com) wrote: > On 11/01/16 13:09, Tomasz Torcz wrote: > > On Mon, Jan 11, 2016 at 12:39:10PM +, John Lane wrote: > >> I have some services in my initramfs that unlock some crypto volumes to > >> make the root and some other filesystems available. > > This seems relevant: > > https://wiki.freedesktop.org/www/Software/systemd/RootStorageDaemons/ > > > Yeah, I read that. But it doesn't explain how to configure a unit. I > read the bit about processes where the first character of the zeroth > command line argument is '@' are excluded from the killing spree, but > not sure how to do that from a unit specification file. This should be done by the daemons themselves. It's really nothing you can do properly from the outside. If daemons shall run from the initrd, they must be prepared for that, for example never access /var and not assume tmpfiles was run or suchlike. They must be able to deal with the root file directory being pivoted away and suchlike. hence: it's really not as easy as just taking a daemon and calling it slightly differently -- instead the daemon must be designed for this mode of operation, in which case it should implement the @ logic natively. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] How to prevent an initramfs service from being stopped at switch-root ?
On 11/01/16 16:44, Lennart Poettering wrote: > On Mon, 11.01.16 13:38, John Lane (syst...@jelmail.com) wrote: > >> On 11/01/16 13:09, Tomasz Torcz wrote: >>> On Mon, Jan 11, 2016 at 12:39:10PM +, John Lane wrote: I have some services in my initramfs that unlock some crypto volumes to make the root and some other filesystems available. >>> This seems relevant: >>> https://wiki.freedesktop.org/www/Software/systemd/RootStorageDaemons/ >>> >> Yeah, I read that. But it doesn't explain how to configure a unit. I >> read the bit about processes where the first character of the zeroth >> command line argument is '@' are excluded from the killing spree, but >> not sure how to do that from a unit specification file. > This should be done by the daemons themselves. It's really nothing you > can do properly from the outside. > > If daemons shall run from the initrd, they must be prepared for that, > for example never access /var and not assume tmpfiles was run or > suchlike. They must be able to deal with the root file directory being > pivoted away and suchlike. hence: it's really not as easy as just > taking a daemon and calling it slightly differently -- instead the > daemon must be designed for this mode of operation, in which case it > should implement the @ logic natively. > > Lennart > Let me explain my scenario to you, perhaps I am doing something wrong... I have a "cryptsetup@.service" that is symlinked as cryptsetup@some_disk.service that unlocks a crypto-disk containing the root filesystem. Mounts then happen as they should, and everything works. Then, when the switch root happens, systemd tries to kill the above service. This fails because it is busy due to the underlying filesystem being mounted. This leaves the unit in a failed state. After the switch root, systemd tries to start the unit but this fails because the device mapper is already assigned. The net result is the system's always "degraded" with "cryptsetup@some_disk.service" in a failed state (despite everything being fine). I'm using a cryptsetup@.service unit instead of /etc/crypttab because I needed to use cryptsetup options that the latter didn't support when I implemented it. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel