-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to disable zincati.service using Ignition #392
Unable to disable zincati.service using Ignition #392
Comments
Looks like this and #229 may be the same problem |
ok here may be a clue:
so when systemd first starts |
well I guess it depends on what is really meant by |
Re. presets, a lot of discussions here: coreos/fedora-coreos-config#77. That said, the |
if I use
and running
|
wow, thanks @jlebon - that was certainly not what I expected to be the problem. |
A workaround until the systemd PR lands is probably something like adding a fragment with Edit: Yep, I can confirm that works. |
This comment has been minimized.
This comment has been minimized.
A lot of backstory on this, but essentially right now, we always bake a run of `systemctl preset-all` into the OSTree because upgrading hosts rely on these links for service enablement. In hindsight, we should've just stuck with pure systemd preset only as canonicaly from the get go, though it's a bit difficult now to transition from one to the other without breaking things. (Though I'll note not impossible, since we do have update barriers which could allow us to e.g. run a script to restore lost symlinks). For now though, let's at least fix the ability to disable services, which is a pretty big gap in our Ignition configuration story right now. Related: systemd/systemd#15205 Related: coreos#77 Closes: coreos/fedora-coreos-tracker#392
how would a butane config unit look like with this approach?
and it will not recover for a long time, showing:
But I want to have an updated system quite after provisioning. I think your approach would fit my need to enable zincati only after my provision script is done |
@sgohl Something like this: variant: fcos
version: 1.0.0
systemd:
units:
- name: zincati.service
dropins:
- name: disable-zincati.conf
contents: |
[Unit]
ConditionPathExists=/enoent |
Assuming your provisioning script reboots, another approach is to run it with |
A compile time option is added to select behaviour: by default UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to opt-in can use the config option to change the behaviour. (The option is just a boolean: it would be possible to make it multi-valued, and allow full, enable-only, disable-only, none. But so far nobody has asked for this, and it's better not to complicate things needlessly.) With the configuration option flipped, instead of only doing enablements, perform a full preset on first boot. The reason is that although `/etc/machine-id` might be missing, there may be other files provisioned in `/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of those possible files include enablement symlinks even if presets dictate it should be disabled. Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS, where we ship `/etc` as if `preset-all` were called. However, we want to allow users to disable default-enabled services via Ignition, which does this by creating preset dropins before switchroot. (For why we do `preset-all` at compose time, see: coreos/fedora-coreos-config#77). For example, the composed FCOS image has a `enable zincati.service` preset and an enablement for that in `/etc`, while at boot time when we switch root, there may be a `disable zincati.service` preset with higher precedence. In that case, we want systemd to disable the service. This is essentially a revert of 304b307. It seems like systemd *used* to do this, but it was changed to try to make the container workflow a bit faster. Resolves: coreos/fedora-coreos-tracker#392 Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
We need to delete any enablement symlinks for a unit before sending it to a preset directive. This will help to disable that unit completely. This is a short-term solution until the upstream systemd PR (systemd/systemd#15205) gets accepted. Fixes coreos/fedora-coreos-tracker#392
We need to delete any enablement symlinks for a unit before sending it to a preset directive. This will help to disable that unit completely. This is a short-term solution until the upstream systemd PR (systemd/systemd#15205) gets accepted. Fixes coreos/fedora-coreos-tracker#392
FCOS ships some pre-created enablement symlinks, and the systemd does nothing even after recording in the preset that they should be removed. In order to fix this behavior, we're not only deleting enablement symlinks for a given unit but also recording in the preset directive to disable that unit completely. This is a short-term solution until the upstream systemd PR (systemd/systemd#15205) gets accepted. Fixes coreos/fedora-coreos-tracker#392
For services where FCOS ships a symlink in /etc, if the user tries to disable the service via Ignition, systemd ignores the disablement directive in the preset. This behavior can be fixed by deleting enablement symlinks for a given unit before recording in the preset directive. This is a short-term solution until the upstream systemd PR (systemd/systemd#15205) gets accepted. Fixes coreos/fedora-coreos-tracker#392
For services where FCOS ships a symlink in /etc, if the user tries to disable the service via Ignition, systemd ignores the disablement directive in the preset. This behavior can be fixed by deleting enablement symlinks for a given unit before recording in the preset directive. This is a short-term solution until the upstream systemd PR (systemd/systemd#15205) gets accepted. Fixes coreos/fedora-coreos-tracker#392
For services where FCOS ships a symlink in /etc, if the user tries to disable the service via Ignition, systemd ignores the disablement directive in the preset. This behavior can be fixed by deleting enablement symlinks for a given unit before recording in the preset directive. This is a short-term solution until the upstream systemd PR (systemd/systemd#15205) gets accepted. Fixes coreos/fedora-coreos-tracker#392
For services where FCOS ships a symlink in /etc, if the user tries to disable the service via Ignition, systemd ignores the disablement directive in the preset. Avoid this behavior by deleting the enablement symlinks when disabling a unit, but continue to record the disablement in the preset file. This is a short-term solution until the upstream systemd PR (systemd/systemd#15205) is merged and widely deployed. Fixes coreos/fedora-coreos-tracker#392
Might be good to have a f-c-c external kola test for this too. |
This landed in ignition v2.14.0. |
The fix for this went into |
The fix for this went into |
A compile time option is added to select behaviour: by default UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to opt-in can use the config option to change the behaviour. (The option is just a boolean: it would be possible to make it multi-valued, and allow full, enable-only, disable-only, none. But so far nobody has asked for this, and it's better not to complicate things needlessly.) With the configuration option flipped, instead of only doing enablements, perform a full preset on first boot. The reason is that although `/etc/machine-id` might be missing, there may be other files provisioned in `/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of those possible files include enablement symlinks even if presets dictate it should be disabled. Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS, where we ship `/etc` as if `preset-all` were called. However, we want to allow users to disable default-enabled services via Ignition, which does this by creating preset dropins before switchroot. (For why we do `preset-all` at compose time, see: coreos/fedora-coreos-config#77). For example, the composed FCOS image has a `enable zincati.service` preset and an enablement for that in `/etc`, while at boot time when we switch root, there may be a `disable zincati.service` preset with higher precedence. In that case, we want systemd to disable the service. This is essentially a revert of 304b307. It seems like systemd *used* to do this, but it was changed to try to make the container workflow a bit faster. Resolves: coreos/fedora-coreos-tracker#392 Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
A compile time option is added to select behaviour: by default UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to opt-in can use the config option to change the behaviour. (The option is just a boolean: it would be possible to make it multi-valued, and allow full, enable-only, disable-only, none. But so far nobody has asked for this, and it's better not to complicate things needlessly.) With the configuration option flipped, instead of only doing enablements, perform a full preset on first boot. The reason is that although `/etc/machine-id` might be missing, there may be other files provisioned in `/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of those possible files include enablement symlinks even if presets dictate it should be disabled. Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS, where we ship `/etc` as if `preset-all` were called. However, we want to allow users to disable default-enabled services via Ignition, which does this by creating preset dropins before switchroot. (For why we do `preset-all` at compose time, see: coreos/fedora-coreos-config#77). For example, the composed FCOS image has a `enable zincati.service` preset and an enablement for that in `/etc`, while at boot time when we switch root, there may be a `disable zincati.service` preset with higher precedence. In that case, we want systemd to disable the service. This is essentially a revert of 304b307. It seems like systemd *used* to do this, but it was changed to try to make the container workflow a bit faster. Resolves: coreos/fedora-coreos-tracker#392 Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> (cherry picked from commit 9365158)
A compile time option is added to select behaviour: by default UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to opt-in can use the config option to change the behaviour. (The option is just a boolean: it would be possible to make it multi-valued, and allow full, enable-only, disable-only, none. But so far nobody has asked for this, and it's better not to complicate things needlessly.) With the configuration option flipped, instead of only doing enablements, perform a full preset on first boot. The reason is that although `/etc/machine-id` might be missing, there may be other files provisioned in `/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of those possible files include enablement symlinks even if presets dictate it should be disabled. Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS, where we ship `/etc` as if `preset-all` were called. However, we want to allow users to disable default-enabled services via Ignition, which does this by creating preset dropins before switchroot. (For why we do `preset-all` at compose time, see: coreos/fedora-coreos-config#77). For example, the composed FCOS image has a `enable zincati.service` preset and an enablement for that in `/etc`, while at boot time when we switch root, there may be a `disable zincati.service` preset with higher precedence. In that case, we want systemd to disable the service. This is essentially a revert of 304b307. It seems like systemd *used* to do this, but it was changed to try to make the container workflow a bit faster. Resolves: coreos/fedora-coreos-tracker#392 Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
A compile time option is added to select behaviour: by default UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to opt-in can use the config option to change the behaviour. (The option is just a boolean: it would be possible to make it multi-valued, and allow full, enable-only, disable-only, none. But so far nobody has asked for this, and it's better not to complicate things needlessly.) With the configuration option flipped, instead of only doing enablements, perform a full preset on first boot. The reason is that although `/etc/machine-id` might be missing, there may be other files provisioned in `/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of those possible files include enablement symlinks even if presets dictate it should be disabled. Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS, where we ship `/etc` as if `preset-all` were called. However, we want to allow users to disable default-enabled services via Ignition, which does this by creating preset dropins before switchroot. (For why we do `preset-all` at compose time, see: coreos/fedora-coreos-config#77). For example, the composed FCOS image has a `enable zincati.service` preset and an enablement for that in `/etc`, while at boot time when we switch root, there may be a `disable zincati.service` preset with higher precedence. In that case, we want systemd to disable the service. This is essentially a revert of 304b307. It seems like systemd *used* to do this, but it was changed to try to make the container workflow a bit faster. Resolves: coreos/fedora-coreos-tracker#392 Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
As reported by a user in a discussion forum thread for some reason disabling
zincati.service
via Ignition doesn't seem to be working right. There is probably a corner case in here that isn't being accounted for somehow.Here is my fcc:
Here is what I see on the booted system:
So the
disable
preset did get put in/etc/
appropriately but for some reason it wasn't applied properly. If I ask systemd to re-evaluate it seems to do the right thing:Version Info:
The text was updated successfully, but these errors were encountered: