systemd/system/sshkeys: Make execution more robust

The service failed when the unit to start was masked. Since it involves networking, the service can fail and if it does we should restart. It also seems that the service relied on update-ssh-keys-after-ignition.service to run update-ssh-keys once to create the subfolder and could possibly race with it. Prevent execution when it has no chance to succeed because the unit to start is masked but in all other cases try to restart on failure. Also order behind update-ssh-keys-after-ignition.service.
flatcar · Nov 17, 2023 · c986ef6 · c986ef6
1 parent 591e7a6
commit c986ef6
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/systemd/system/sshkeys.service b/systemd/system/sshkeys.service
@@ -1,4 +1,7 @@
 [Unit]
+# Don't race and we also want to rely on the folder to be created
+After=update-ssh-keys-after-ignition.service
+
 ConditionKernelCommandLine=|ignition.platform.id=packet
 ConditionKernelCommandLine=|flatcar.oem.id=packet
 ConditionKernelCommandLine=|coreos.oem.id=packet
@@ -22,6 +25,8 @@ ConditionKernelCommandLine=|coreos.oem.id=openstack
 [Service]
 Type=oneshot
 RemainAfterExit=yes
+Restart=on-failure
+ExecCondition=/usr/bin/bash -c 'if [ $("readlink -f /etc/systemd/system/coreos-metadata-sshkeys@core.service") = "/dev/null" ]; then exit 1; fi'
 ExecStart=/usr/bin/systemctl start coreos-metadata-sshkeys@core.service
 
 [Install]