23.03.2017 18:44, John Florian пишет: > On Thu, 2017-03-23 at 06:38 +0300, Andrei Borzenkov wrote: >> 22.03.2017 23:47, John Florian пишет: >>> I build an mostly-stateless appliance OS derived from Fedora (25 >>> ATM) >>> and have several custom units to make it all possible. My units >>> had >>> worked great with F21, but are now giving me problems with >>> F25. One >>> pair of the custom units do some trickery to relocate sshd host >>> keys >>> from /etc/ssh to an alternate location that provides persistence: >>> >>> <snip> >> >> Please make full log available as well as actual unit definitions >> that >> are not started. >> > > Okay, attached are a complete boot.log (journalctl > boot.log) as well > as the most relevant units. Please note that while I need a solution, > it's just as important I understand HOW to resolve this kind of issue. > I've struggled through similar problems in the past and I never feel > adept at the process, like I'm not using a fundamental tool for the job > and instead relying more on trial and error. > > While there's no doubt a lot of change between F21 and F25, the one
I do not use Fedora. You still did not show definitions of units that have problem: sshd.service, sshd-keygen.target, sshd.socket. Providing output of systemctl show sshd.service sshd-keygen.target sshd.socket is probably better as it dumps full information. > thing that forced a change on my part was systemd transitioning from a > single sshd-keygen.service to a templated sshd-keygen@.service. For me > that meant the following change: > > diff --git lib/systemd/sshd-persist-keys.service lib/systemd/sshd- > persist-keys.service > index d3508a8..7500b68 100644 > --- lib/systemd/sshd-persist-keys.service > +++ lib/systemd/sshd-persist-keys.service > @@ -1,8 +1,8 @@ > [Unit] > Description=OpenSSH server - persist volatile keys for the AOS > -After=sshd-keygen.service > +After=sshd-keygen.target > Before=sshd.service > -Wants=sshd-keygen.service > +Wants=sshd-keygen.target > > [Service] > ExecStart=/usr/sbin/sshd-persist-keys > diff --git lib/systemd/sshd-restore-keys.service lib/systemd/sshd- > restore-keys.service > index 475cede..85ac3bc 100644 > --- lib/systemd/sshd-restore-keys.service > +++ lib/systemd/sshd-restore-keys.service > @@ -1,7 +1,7 @@ > [Unit] > Description=OpenSSH server - restore persisted keys for the AOS > After=aos-storage-init.service > -Before=sshd-keygen.service > +Before=sshd-keygen@rsa.service sshd-keygen@ecdsa.service sshd-keygen@e > d25519.service > > [Service] > ExecStart=/usr/sbin/sshd-restore-keys > > > I'd love to know of a better way for my sshd-restore-kes.service to be > coded such that it's unnecessary to list individual key types, but my > experience has led me to believe that targets only define a point in > time when a collection of units have completed and that there's no > equivalent to a point in time prior to any of them having begun. Thus > I found I couldn't use Before=sshd-keygen.target because keys were > being generated and restored concurrently rather than serially > (restored if possible and then the missing generated as needed). > _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel