Re: [systemd-devel] Service not run, although enabled
> > # systemctl status bestcrypt-fs > ● bestcrypt-fs.service - Mount Bestcrypt containers > Loaded: loaded (/etc/systemd/system/bestcrypt-fs.service; enabled; > vendor preset: disabled) > Active: active (exited) (thawing) since Mon 2023-08-07 11:17:18 EEST; > 20min ago > Process: 2645396 ExecStart=/usr/local/sbin/bcmount (code=exited, > status=0/SUCCESS) >Main PID: 2645396 (code=exited, status=0/SUCCESS) > > How come that the via "ExecStart=" given bash script does not get run? > It clearly *did* run, it says bcmount was successfully executed 20 minutes earlier and the service has been active since then. Were you trying to start your service again with "systemctl start" ? Because that will do nothing when the service is already active. You'd need to stop the service first (which will cause bceject to be invoked), or use "systemctl restart" which will stop the service before starting it. Note btw that because you put "exit 0" at the end of your script it will always claim success even if the actual mount command fails. Simply removing the "exit 0" will fix that since then the script's exit code will be that of the last command executed. Another fix is adding the -e flag to #!/bin/sh which will make your script fail if any command it executes fails instead of just ignoring failures. Do you have a clue? I even changed "oneshot" into "simple", striked > "RemainAfterExit", etc. > Don't do that, Type=oneshot and RemainAfterExit=true are correct for your service. Type=oneshot means systemd will wait for the ExecStart program to exit when starting the service, i.e. your service won't be considered to have started successfully until bcmount has finished successfully. As long as bcmount is still running your service will be considered "starting" and if it takes too long then systemd will kill it with a timeout. In contrast, Type=simple means systemd will start the ExecStart program asynchronously and immediately consider the service to be active, so starting your service will always successfully complete immediately before bcmount has even started executing, and if bcmount fails then the service will just go to "failed" state afterwards. RemainAfterExit=true means that your service will continue to be considered "active" after the ExecStart program exits successfully, which is exactly what you want when this program is responsible for starting your service and then exits. When RemainAfterExit=false the ExecStart program is assumed to *be* the service, hence when it exits the service will stop (hence ExecStop will be invoked). Is there any way I can see the whole process verbosely? > You can enable debug logging in systemd using "systemctl log-level debug" and turn it back off using "systemctl log-level info". Matthijs
Re: [systemd-devel] Service not run, although enabled
On Tue, Aug 8, 2023 at 11:31 AM Martin Stenzel wrote: ... > Your answer: > These Wants and After are redundant, every standard service will be > ordered after local-fs.target unless it also has > DefaultDependencies=no. > > My answer/question: > I want my service to be run DIRECTLY (at first place) AFTER the local > filesystems (in /etc/fstab) were mounted. > You misunderstand what the After directive does. It does not do what you want. ... > > > > This is my service file. > > > > -- > > [Unit] > > Description=Mount Bestcrypt containers > > Wants=local-fs.target > > After=local-fs.target > > > > These Wants and After are redundant, every standard service will be > ordered after local-fs.target unless it also has > DefaultDependencies=no. >
Re: [systemd-devel] Service not run, although enabled
Dear Andrei, thank you very much, especially for the fast reply. The links gave very good information, unfortunately my version of systemd (< 250) does not support the command "systemd-creds" yet. But I found another solution... I pipe the password to the program with the "echo" command. Not a good idea? YES, not a good idea!!! But to solve the issue of plain text passwords in a script I compile the script with shc Shc (shell script compiler) - Wikipedia I need to do that anyway, since bestcrypt expects keyfiles, and I need to hide the name/location of these files. After compiling the script neither password nor keyfile information are visible any longer (in the binary). Your answer: What makes you think so? As is clearly visible in the service status, the ExecStart command *did* run. Whether it also did what you expected is another question. My answer/question: Weird thing, after I made changes as above the script runs - successfully. Before I had the situation that it was NOT run. Now I wonder, do services that do not run successfully become blacklisted (functionless) in any way? Difficult to explain here... Your answer: These Wants and After are redundant, every standard service will be ordered after local-fs.target unless it also has DefaultDependencies=no. My answer/question: I want my service to be run DIRECTLY (at first place) AFTER the local filesystems (in /etc/fstab) were mounted. Martin. -- Martin Stenzel (马丁-斯坦泽尔) An der Drehscheibe 9 50733 Köln Deutschland -BEGIN PGP PUBLIC KEY BLOCK- mDMEZHjlmRYJKwYBBAHaRw8BAQdAEr/C08aStyKx+vztCxz4Nn8BHO2Lx0OXllsz BP+ZEZm0Pk1hcnRpbiBTdGVuemVsIChDb2xvZ25lLCBHZXJtYW55KSA8bS5zdGVu emVsQG1haWwueHktc3BhY2UuZGU+iJYEExYIAD4WIQQrzOhRsO0/8FaU5ykQoKMS ax9FuAUCZHjlmQIbAwUJC0c1AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAQ oKMSax9FuNswAPsEsMp2JdzzDkAw6VzByp2XUY921lFt9rVoaVcZmjV5awD/W57o a6c2qbD2p+AYkgKuffa2uZkX3mayvIxsfFnsWAW4OARkeOWZEgorBgEEAZdVAQUB AQdAFlq+E22Hk7Gj44CCN4LDr97Y41lUGzvqmpCDpSq0CEwDAQgHiH4EGBYIACYW IQQrzOhRsO0/8FaU5ykQoKMSax9FuAUCZHjlmQIbDAUJC0c1AAAKCRAQoKMSax9F uGHVAQDjAisQxn5ADKIRPsMfFpE847jFJGA2lRafU7C30gLzhwD8DcegQwz7/RLc yozIfQ6yIkz2cR3+NClIepnWV/ATQQw= =qQIl -END PGP PUBLIC KEY BLOCK- Fingerprint: 2BCC E851 B0ED 3FF0 5694 E729 10A0 A312 6B1F 45B8 This message was checked by ESET Endpoint Antivirus for Linux. https://www.eset.com On Monday, 07 August, 2023 11:04 CEST, Andrei Borzenkov wrote: On Mon, Aug 7, 2023 at 11:49 AM Martin Stenzel wrote: > > > Hi list, > I searched the _whole_ www but did not find the answer. > > > > I use bestcrypt > to mount the home directory. > > > This is my service file. > > -- > [Unit] > Description=Mount Bestcrypt containers > Wants=local-fs.target > After=local-fs.target > These Wants and After are redundant, every standard service will be ordered after local-fs.target unless it also has DefaultDependencies=no. > [Service] > Type=oneshot > RemainAfterExit=true > ExecStart=/usr/local/sbin/bcmount > ExecStop=/usr/local/sbin/bceject > > [Install] > WantedBy=multi-user.target > -- > > This is the file to be run > > -- > #!/bin/sh > /usr/bin/bctool mount /mnt/sdr2/2.jbc -t ext4 /mnt/el1-2_ > > exit 0 > -- > > If I run "bcmount" by hand (without systemd) it asks for a password, and this > is very correct. > > If I want to start with "systemctl start bcmount" nothing happens, no error, > no execution of the program "bcmount", but as you can see: > > > # systemctl status bestcrypt-fs > ● bestcrypt-fs.service - Mount Bestcrypt containers > Loaded: loaded (/etc/systemd/system/bestcrypt-fs.service; enabled; vendor > preset: disabled) > Active: active (exited) (thawing) since Mon 2023-08-07 11:17:18 EEST; 20min > ago > Process: 2645396 ExecStart=/usr/local/sbin/bcmount (code=exited, > status=0/SUCCESS) > Main PID: 2645396 (code=exited, status=0/SUCCESS) > > > How come that the via "ExecStart=" given bash script does not get run? What makes you think so? As is clearly visible in the service status, the ExecStart command *did* run. Whether it also did what you expected is another question. > This script does not contain any errors. > The service file does not have any syntax errors either. Permissions to > read/execute are verified! > > Do you have a clue? If your program needs a password entered interactively, it cannot request such a password using the "normal" way of reading from the terminal. It would need to implement support for requesting the password via password agents: https://systemd.io/PASSWORD_AGENTS/ Why your program returns success status when it could not obtain the necessary password is the question to your program. Internet most certainly has a lot of information about it. Like https://unix.stackexchange.com/questions/391040/is-there-a-typical-way-to-pass-a-password-to-a-systemd-unit-file > I even changed "oneshot" into "simple", striked "RemainAfterExit", etc. > > Is there any way I can see the whole process verbosely? > > > Martin. > > > --
Re: [systemd-devel] Service not run, although enabled
On Mon, Aug 7, 2023 at 11:49 AM Martin Stenzel wrote: > > > Hi list, > I searched the _whole_ www but did not find the answer. > > > > I use bestcrypt > to mount the home directory. > > > This is my service file. > > -- > [Unit] > Description=Mount Bestcrypt containers > Wants=local-fs.target > After=local-fs.target > These Wants and After are redundant, every standard service will be ordered after local-fs.target unless it also has DefaultDependencies=no. > [Service] > Type=oneshot > RemainAfterExit=true > ExecStart=/usr/local/sbin/bcmount > ExecStop=/usr/local/sbin/bceject > > [Install] > WantedBy=multi-user.target > -- > > This is the file to be run > > -- > #!/bin/sh > /usr/bin/bctool mount /mnt/sdr2/2.jbc -t ext4 /mnt/el1-2_ > > exit 0 > -- > > If I run "bcmount" by hand (without systemd) it asks for a password, and this > is very correct. > > If I want to start with "systemctl start bcmount" nothing happens, no error, > no execution of the program "bcmount", but as you can see: > > > # systemctl status bestcrypt-fs > ● bestcrypt-fs.service - Mount Bestcrypt containers > Loaded: loaded (/etc/systemd/system/bestcrypt-fs.service; enabled; > vendor preset: disabled) > Active: active (exited) (thawing) since Mon 2023-08-07 11:17:18 EEST; > 20min ago > Process: 2645396 ExecStart=/usr/local/sbin/bcmount (code=exited, > status=0/SUCCESS) >Main PID: 2645396 (code=exited, status=0/SUCCESS) > > > How come that the via "ExecStart=" given bash script does not get run? What makes you think so? As is clearly visible in the service status, the ExecStart command *did* run. Whether it also did what you expected is another question. > This script does not contain any errors. > The service file does not have any syntax errors either. Permissions to > read/execute are verified! > > Do you have a clue? If your program needs a password entered interactively, it cannot request such a password using the "normal" way of reading from the terminal. It would need to implement support for requesting the password via password agents: https://systemd.io/PASSWORD_AGENTS/ Why your program returns success status when it could not obtain the necessary password is the question to your program. Internet most certainly has a lot of information about it. Like https://unix.stackexchange.com/questions/391040/is-there-a-typical-way-to-pass-a-password-to-a-systemd-unit-file > I even changed "oneshot" into "simple", striked "RemainAfterExit", etc. > > Is there any way I can see the whole process verbosely? > > > Martin. > > > -- > Martin Stenzel (马丁-斯坦泽尔) > An der Drehscheibe 9 > 50733 Köln > Deutschland > > > -BEGIN PGP PUBLIC KEY BLOCK- > > mDMEZHjlmRYJKwYBBAHaRw8BAQdAEr/C08aStyKx+vztCxz4Nn8BHO2Lx0OXllsz > BP+ZEZm0Pk1hcnRpbiBTdGVuemVsIChDb2xvZ25lLCBHZXJtYW55KSA8bS5zdGVu > emVsQG1haWwueHktc3BhY2UuZGU+iJYEExYIAD4WIQQrzOhRsO0/8FaU5ykQoKMS > ax9FuAUCZHjlmQIbAwUJC0c1AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAQ > oKMSax9FuNswAPsEsMp2JdzzDkAw6VzByp2XUY921lFt9rVoaVcZmjV5awD/W57o > a6c2qbD2p+AYkgKuffa2uZkX3mayvIxsfFnsWAW4OARkeOWZEgorBgEEAZdVAQUB > AQdAFlq+E22Hk7Gj44CCN4LDr97Y41lUGzvqmpCDpSq0CEwDAQgHiH4EGBYIACYW > IQQrzOhRsO0/8FaU5ykQoKMSax9FuAUCZHjlmQIbDAUJC0c1AAAKCRAQoKMSax9F > uGHVAQDjAisQxn5ADKIRPsMfFpE847jFJGA2lRafU7C30gLzhwD8DcegQwz7/RLc > yozIfQ6yIkz2cR3+NClIepnWV/ATQQw= > =qQIl > -END PGP PUBLIC KEY BLOCK- > > Fingerprint: 2BCC E851 B0ED 3FF0 5694 E729 10A0 A312 6B1F 45B8 > > > This message was checked by ESET Endpoint Antivirus for Linux. > > https://www.eset.com