nixos/modules: fix systemd start rate-limits #97512
Conversation
ofborg
bot
added
6.topic: nixos
lf-
force-pushed
the
StartLimitIntervalSec
branch
from
0783d21 to
cb7b6f4
Compare
|
oopsie, fixed an ofborg eval error. ought to work now |
ofborg
bot
added
10.rebuild-darwin: 0
|
This contributes to #45785, right? Independently, could you confirm whether
is really true? In #45785 (comment) I found that systemd did not remove |
|
I believe that's incorrect: StartLimitInterval is likely still accepted in Service (not 100% sure) but StartLimitIntervalSec is definitely not, at least according to my log lines warning on it (see the commit message and the caddy PR). StartLimitBurst I think is accepted there but I was touching the files anyway and it was also moved by upstream, so I fixed it as well. Regardless, we were relying on undocumented deprecated behaviour and I wanted to fix all of it now that I noticed it. |
@lf- You're right, I had typod it in the linked comment and written |
There was a problem hiding this comment.
I guess so! This fixes #45785, arguably.
Great! +1 for me on the change (but I cannot test the change to each of the services, so just +1'ing the approach).
Optionally: Would you also be up for implementing this note from #45785 that makes any further incorrect use of the deprecated field an evaluation warning?
- We should probably also try and make usage of
StartLimitIntervalin the old section emit a warning when it's used, as having it in the new section has benefits
|
@nh2 unfortunately I'm quite busy this next couple of weeks and probably don't have time to figure out how to do it. I doubt it's complex but I'd have to do a bit of research. |
ryantm
added
the
2.status: merge conflict
lf-
force-pushed
the
StartLimitIntervalSec
branch
from
cb7b6f4 to
7f6fad0
Compare
These were broken since 2016: systemd/systemd@f0367da since StartLimitIntervalSec got moved into [Unit] from [Service]. StartLimitBurst has also been moved accordingly, so let's fix that one too. NixOS systems have been producing logs such as: /nix/store/wf98r55aszi1bkmln1lvdbp7znsfr70i-unit-caddy.service/caddy.service:31: Unknown key name 'StartLimitIntervalSec' in section 'Service', ignoring. I have also removed some unnecessary duplication in units disabling rate limiting since setting either interval or burst to zero disables it (https://github.com/systemd/systemd/blob/ad16158c10dfc3258831a9ff2f1a988214f51653/src/basic/ratelimit.c#L16)
lf-
force-pushed
the
StartLimitIntervalSec
branch
from
a5f4290 to
039200b
Compare
ofborg
bot
removed
the
2.status: merge conflict
|
@nh2 I've implemented the deprecation warning as requested in 039200b. |
| (type == "oneshot" && (restart == "always" || restart == "on-success")) | ||
| "Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'") | ||
| ++ (optional hasDeprecated ''Service '${name}.service' uses the attribute | ||
| StartLimitInterval in the Service section, which is deprecated. See | ||
| https://github.com/NixOS/nixpkgs/issues/45786.'')) |
There was a problem hiding this comment.
I don't know how warnings are rendered, but doesn't using a '' as done here insert spaces in the middle of the message (logic from the manual)?
E.g. should this be:
... hasDeprecated ''
Service '${name}.service' uses the attribute
StartLimitInterval in the Service section, which is deprecated. See
https://github.com/NixOS/nixpkgs/issues/45786.
''
There was a problem hiding this comment.
I tried it, indeed the formatting is odd this way:
trace: warning: Service 'display-manager.service' uses the attribute
StartLimitInterval in the Service section, which is deprecated. See
https://github.com/NixOS/nixpkgs/issues/45786.
There was a problem hiding this comment.
Suggestion for the whole warnings block:
warnings = concatLists (
mapAttrsToList
(name: service:
let
type = service.serviceConfig.Type or "";
restart = service.serviceConfig.Restart or "no";
hasDeprecated = builtins.hasAttr "StartLimitInterval" service.serviceConfig;
in
concatLists [
(optional (type == "oneshot" && (restart == "always" || restart == "on-success"))
"Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'"
)
(optional hasDeprecated
"Service '${name}.service' uses the attribute 'StartLimitInterval' in the Service section, which is deprecated. See https://github.com/NixOS/nixpkgs/issues/45786."
)
]
)
cfg.services
);There was a problem hiding this comment.
I'll force push a refactor that does this in a moment.
There was a problem hiding this comment.
OK done. Now it renders correctly and the diff looks much nicer.
nh2
force-pushed
the
StartLimitIntervalSec
branch
from
039200b to
644079e
Compare
|
I found some challenges documenting the changes in the release notes, written up in #102246. |
ofborg
bot
added
8.has: changelog
8.has: documentation
This is a backport of the new option introduced in
NixOS#97512
except without the changes to existing services and deprecation
warning.
It is not a full backport because
> that [ServiceConfig] setting is deprecated and now undocumented
> for the service section by systemd upstream, but still effective
> and somewhat buggy there
and do not know how many users rely on the old (buggy) behavior.
This commit should not rule out a full backport.
|
Minimal 20.09 backport for compatibility: #112385 |
This fixes a warning / missing field that was showing up, per NixOS/nixpkgs#97512.
Motivation for this change
These have been broken since 2016:
systemd/systemd@f0367da
since StartLimitIntervalSec got moved into [Unit] from [Service].
StartLimitBurst has also been moved accordingly, so let's fix that one
too by adding an option ourselves.
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)