While debugging pluto, running in gdb, I noticed on F22 systemd could send sigabort. To disable it I set WatchdogSec=0 d 0 in Makefile.inc.local I set SD_WATCHDOGSEC_DEFAULT=0 While working at it I also exposed a couple of more variables in Makefile.inc.local . These are useful to developing/debugging. I would like to see this patch, or a revised one, applied. Any ideas/objections?
Another recent systemd effect I notice is "intermittently", after a make install or install-base, I get this message " Run 'systemctl daemon-reload' to reload units." and ./eastinit.sh fail. [root@east basic-pluto-01]# ./eastinit.sh Warning: ipsec.service changed on disk. Run 'systemctl daemon-reload' to reload units. Redirecting to: systemctl start ipsec.service Failed to start ipsec.service: Unit ipsec.service is masked. PS: this is how SIGABRT looks like in gdb which looks like https://github.com/systemd/systemd/issues/917 Program received signal SIGABRT, Aborted. 0x00007f99af0c2b93 in epoll_wait () at ../sysdeps/unix/syscall-template.S:84 84 T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) (gdb) bt #0 0x00007f99af0c2b93 in epoll_wait () at ../sysdeps/unix/syscall-template.S:84 #1 0x00007f99afe7f4b8 in epoll_dispatch (base=0x555850e1e1b0, tv=<optimized out>) at epoll.c:407 #2 0x00007f99afe69add in event_base_loop (base=0x555850e1e1b0, flags=0) at event.c:1607 #3 0x000055584ea49294 in main_loop () at /home/build/libreswan/programs/pluto/server.c:628 #4 0x000055584ea49643 in call_server () at /home/build/libreswan/programs/pluto/server.c:742 -antony
commit e927f35a93c2a55f3d37ac8681230d91f5593e0a Author: Antony Antony <[email protected]> Date: Tue Jul 12 16:19:20 2016 +0200 install: expose systemd variables in Makefile.inc.local SD_RESTART_TYPE_DEFAULT SD_PLUTO_OPTIONS_DEFAULT SD_WATCHDOGSEC_DEFAULT=0 disables systemd watchdog; useful with gdb. diff --git a/initsystems/systemd/ipsec.service.in b/initsystems/systemd/ipsec.service.in index 5265fac..b4a7916 100644 --- a/initsystems/systemd/ipsec.service.in +++ b/initsystems/systemd/ipsec.service.in @@ -5,7 +5,7 @@ After=network-online.target [Service] Type=@SD_TYPE@ -Restart=always +Restart=@SD_RESTART_TYPE@ # backwards compatible with plutorestartoncrash=no #RestartPreventExitStatus=137 143 SIGTERM SIGKILL @@ -14,7 +14,7 @@ Restart=always # EVENT_SD_WATCHDOG updates the heartbeat every 15 seconds, recommended values # are 60, 90, 120. WatchdogSec=0 disables the action NotifyAccess=all -WatchdogSec=60 +WatchdogSec=@SD_WATCHDOGSEC@ # Check configuration file ExecStartPre=@FINALLIBEXECDIR@/addconn --config @FINALCONFFILE@ --checkconfig @@ -25,7 +25,7 @@ ExecStartPre=@FINALSBINDIR@/ipsec --checknss # Check for nflog setup ExecStartPre=@FINALSBINDIR@/ipsec --checknflog # Start the actual IKE daemon -ExecStart=@FINALLIBEXECDIR@/pluto --config @FINALCONFFILE@ --nofork +ExecStart=@FINALLIBEXECDIR@/pluto @SD_PLUTO_OPTIONS@ --config @FINALCONFFILE@ --nofork ExecStop=@FINALLIBEXECDIR@/whack --shutdown ExecStopPost=/sbin/ip xfrm policy flush ExecStopPost=/sbin/ip xfrm state flush diff --git a/mk/config.mk b/mk/config.mk index 073acfd..d1df924 100644 --- a/mk/config.mk +++ b/mk/config.mk @@ -502,6 +502,9 @@ TRANSFORM_VARIABLES = sed -e "s:@IPSECVERSION@:$(IPSECVERSION):g" \ -e "s:@MODPROBEARGS@:$(MODPROBEARGS):g" \ -e "s:@USE_DEFAULT_CONNS@:$(USE_DEFAULT_CONNS):g" \ -e "s:@SD_TYPE@:$(SD_TYPE):g" \ + -e "s:@SD_RESTART_TYPE@:$(SD_RESTART_TYPE):g" \ + -e "s:@SD_PLUTO_OPTIONS@:$(SD_PLUTO_OPTIONS):g" \ + -e "s:@SD_WATCHDOGSEC@:$(SD_WATCHDOGSEC):g" \ # For KVM testing setup #POOL?=${LIBRESWANSRCDIR}/pool diff --git a/mk/userland-cflags.mk b/mk/userland-cflags.mk index 5b6a41c..bcc61f0 100644 --- a/mk/userland-cflags.mk +++ b/mk/userland-cflags.mk @@ -109,6 +109,24 @@ USERLAND_CFLAGS+=-DIPSEC_VARDIR=\"$(FINALVARDIR)\" USERLAND_CFLAGS+=-DPOLICYGROUPSDIR=\"${FINALCONFDDIR}/policies\" USERLAND_CFLAGS+=-DIPSEC_SECRETS_FILE=\"$(IPSEC_SECRETS_FILE)\" +ifeq ($(origin SD_RESTART_TYPE_DEFAULT),undefined) +SD_RESTART_TYPE="always" +else +SD_RESTART_TYPE="$(SD_RESTART_TYPE_DEFAULT)" +endif + +ifeq ($(origin SD_PLUTO_OPTIONS_DEFAULT),undefined) +SD_PLUTO_OPTIONS="--leak-detective" +else +SD_PLUTO_OPTIONS="$(SD_PLUTO_OPTIONS_DEFAULT)" +endif + +ifeq ($(origin SD_WATCHDOGSEC_DEFAULT),undefined) +SD_WATCHDOGSEC=60 +else +SD_WATCHDOGSEC="$(SD_WATCHDOGSEC_DEFAULT)" +endif + ifeq ($(origin RETRANSMIT_INTERVAL_DEFAULT),undefined) USERLAND_CFLAGS+=-DRETRANSMIT_INTERVAL_DEFAULT="500" else
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
