From ff065012e229f436fb39918c4c8a8f798d71490b Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Fri, 17 Nov 2023 14:51:54 +0100 Subject: [PATCH] systemd/system/sshkeys: Make execution more robust The service failed when the unit to start was masked. Since it involves networking, the service can fail and if it does we should restart. It also seems that the service relied on update-ssh-keys-after-ignition.service to run update-ssh-keys once to create the subfolder and could possibly race with it. Prevent execution when it has no chance to succeed because the unit to start is masked but in all other cases try to restart on failure. Also order behind update-ssh-keys-after-ignition.service. --- systemd/system/sshkeys.service | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systemd/system/sshkeys.service b/systemd/system/sshkeys.service index c05871c..f23e93e 100644 --- a/systemd/system/sshkeys.service +++ b/systemd/system/sshkeys.service @@ -1,4 +1,9 @@ [Unit] +# Don't race and we also want to rely on the folder to be created +After=update-ssh-keys-after-ignition.service + +ConditionPathIsSymbolicLink=!/etc/systemd/system/coreos-metadata-sshkeys@core.service + ConditionKernelCommandLine=|ignition.platform.id=packet ConditionKernelCommandLine=|flatcar.oem.id=packet ConditionKernelCommandLine=|coreos.oem.id=packet @@ -22,6 +27,7 @@ ConditionKernelCommandLine=|coreos.oem.id=openstack [Service] Type=oneshot RemainAfterExit=yes +Restart=on-failure ExecStart=/usr/bin/systemctl start coreos-metadata-sshkeys@core.service [Install]