Note that the reproducer for bionic and cosmic requires manually editing
the /lib/systemd/system/knock.service file to add:
[Install]
WantedBy=multi-user.target
which is part of the fix included in the update being tested, and comes
from bug 1799697, as without that the knockd.service cannot be enabled
at all. This bug is only testing that changing 'After=network.target'
to 'After=network-online.target' fixes this bug.
Also note that for this verification, a 2-interface system was used, and
systemd-networkd configured to create a bridge interface 'br0' with both
nics attached, although only 1 nic is physically connected. DHCP (4 and
6) is configured on the bridge. The netplan.io package has been
uninstalled.
Specifically:
# grep . /etc/systemd/network/*
/etc/systemd/network/10-br0.netdev:[NetDev]
/etc/systemd/network/10-br0.netdev:Name=br0
/etc/systemd/network/10-br0.netdev:Kind=bridge
/etc/systemd/network/20-nics.network:[Match]
/etc/systemd/network/20-nics.network:MACAddress=00:25:90:48:c5:ca
/etc/systemd/network/20-nics.network:MACAddress=00:25:90:48:c5:cb
/etc/systemd/network/20-nics.network:[Network]
/etc/systemd/network/20-nics.network:LinkLocalAddressing=no
/etc/systemd/network/20-nics.network:Bridge=br0
/etc/systemd/network/60-br0.network:[Match]
/etc/systemd/network/60-br0.network:Name=br0
/etc/systemd/network/60-br0.network:[Network]
/etc/systemd/network/60-br0.network:DHCP=yes
/etc/systemd/network/60-br0.network:LinkLocalAddressing=ipv6
/etc/systemd/network/60-br0.network:ConfigureWithoutCarrier=yes
# cat /etc/default/knockd
# control if we start knockd at init or not
# 1 = start
# anything else = don't start
# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
START_KNOCKD=1
# command line options
KNOCKD_OPTS="-i br0"
bionic:
with systemd nw and knockd configured as above, after reboot:
# dpkg -l |grep knockd
ii knockd 0.7-1ubuntu1
amd64 small port-knock daemon
# systemctl status knockd
● knockd.service - Port-Knock Daemon
Loaded: loaded (/lib/systemd/system/knockd.service; enabled; vendor preset: e
Active: failed (Result: exit-code) since Mon 2019-03-18 13:48:47 UTC; 11min a
Docs: man:knockd(1)
Process: 1068 ExecStart=/usr/sbin/knockd $KNOCKD_OPTS (code=exited, status=1/F
Main PID: 1068 (code=exited, status=1/FAILURE)
Mar 18 13:48:47 fili systemd[1]: Started Port-Knock Daemon.
Mar 18 13:48:47 fili knockd[1068]: could not get IP address for br0
Mar 18 13:48:47 fili knockd[1068]: waiting for child processes...
Mar 18 13:48:47 fili knockd[1068]: shutting down
Mar 18 13:48:47 fili systemd[1]: knockd.service: Main process exited, code=exite
Mar 18 13:48:47 fili systemd[1]: knockd.service: Failed with result 'exit-code'.
# dpkg -l |grep knockd
ii knockd 0.7-1ubuntu1.18.04.1
amd64 small port-knock daemon
# systemctl status knockd
● knockd.service - Port-Knock Daemon
Loaded: loaded (/lib/systemd/system/knockd.service; enabled; vendor preset: e
Active: active (running) since Mon 2019-03-18 14:04:17 UTC; 27s ago
Docs: man:knockd(1)
Main PID: 1222 (knockd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/knockd.service
└─1222 /usr/sbin/knockd -i br0
Mar 18 14:04:17 fili systemd[1]: Started Port-Knock Daemon.
Mar 18 14:04:17 fili knockd[1222]: starting up, listening on br0
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1819345
Title:
knockd systemd service uses After=network.target instead of network-
online.target
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/knockd/+bug/1819345/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
