New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature-req] systemd based for hostname, datetime,... broken #5
Comments
Can this be characterized as an lx-brand issue? You mention:
Is there an issue open for the missing cgroup etc support? I'd like to better understand what that is and if it's an known platform issue. Also, it's not clear what's exactly is failing based on your description. The hostnamectl and datetimectl commands are failing and they are used by puppet and saltstack? |
OK, confirmed that timedatectl and hostnamectl fail (at least on joyent_20160420T005724Z) |
Found this: https://smartos.org/bugview/OS-5304 |
Those commands are the cli tooling on systemd based systems for basic config like TZ, hostname,... Probably why cfgmgmt tools call them. Having these working out of the box would be great. They depend on a lot of things it seems. Not sure all those bits will get added to the brand code anytime soon. The workaround is pretty generic though and pkgmgr friendly |
OK. I'd like to better understand the settings we're disabling though. I'm assuming they are all cgroup related and probably relate to security/permissions. What's the downside for setting the following as opposed to their default settings?
|
Some light reading for myself: https://www.freedesktop.org/software/systemd/man/systemd.exec.html |
From memory: # private fs namespace, /tmp and /var/tmp are only for the processes forked not for outsiders
PrivateTmp=no
# private fs namespace for /dev (I think)
PrivateDevices=no
# restrict processes' network access to loopback only
PrivateNetwork=no
# not sure, but it also needed to be no else it still failed
ProtectSystem=no
# restricts access /home and /root, they appear empty
ProtectHome=no Meh close, your links are better. |
Right. So the question I have is: Is overriding the defaults for those services worse than the services not working? Probably not? It's not great that the services won't have the typical default restrictions, but given that timedatectl and hostnamectl fail without the overrides in pace it's probably a good compromise until this can be fixed in the platform. |
Exactly, It's not great that we have to disable it. But it's better than cfgmgmt tools not working, other stuff that depends on it failing. If I'm not mistaken some DE's (gnome) depend on this because the BSD's are implementing parts like hostnamed, logind,... to get newer gnome. Not that this is the primary use-case fpr systemd distro under lx. But it should work when the user installs it. |
Yeah, that's fair. I'll work on getting these overrides in place for all the relevant lx-brand images (debian-8, ubuntu-16.04, basically all the ones with systemd) |
On a test ubuntu16.04 image I added the overrides but something isn't right:
|
|
@chorrell looks like the 'dbus' package is not installed, I just checked the ubuntu 16.04 dataset. So it is failing on the dependant unit dbus.socket (which auto start dbus.service on first connect) CentOS has the package intalled by default it seems, not sure about the debian dataset as I don't use that one. |
Yep, that seems to be it. |
Probably some odd upstream dependency issue, as the binaries for hostnamed seem to be provided as is. Unless dbus gets explicitly stripped by |
It's a pretty minimal install, so it might just not be included by default (I'm not omitting it). |
Ack, odd choice not to include dbus but to ship the systemd-xxxd services that depend on it... especially if it's something like the one dealing with hostname. Perhaps that should be a upstream bug. |
Maybe. fwiw, the install is via |
I just did a minimal install 16.04 via PXE on a vm at work... dbus is missing too. (And our puppet boostapping failing). But $work is mostly a debian and RHEL shop, both have no issues with hostnamectl in a minimal install. shurgs |
Ha! I've seen a lot of things like that with the various distros and what they consider "minimal" to be. |
I guess technically on a update config = destroy, create work flow. Setting the hostname once on install is all you need so a heavy dbus/systemd management system just for the hostname is overkill. (simple text files anyone? :p) Anyway, thanks for looking into this so far. It's one ugly sticky mess. |
The nice thing is, if you place those files and install dbus afterwards it still works ! |
Yeah, that was kind of a relief that it was that simple. |
Also fixes the version check logic for setting the locale which worked by accident... Fixes #5
See TritonDataCenter/centos-lx-brand-image-builder#5 Also installs dbus packaged, required by hostnamectl and timedatectl
See TritonDataCenter/centos-lx-brand-image-builder#5 Also installs dbus packaged, required by hostnamectl and timedatectl
Also fixes the version check logic for setting the locale which worked by accident... Fixes #5
The fix is in. New images should be available in a week or so. |
This should probably also go into debian-lx-brand-image-builder (for the debian-8 images) |
Yep, will be working on that too. |
Excellent! |
See TritonDataCenter/centos-lx-brand-image-builder#5 Also install dbus package which is required by timedatectl and hostnamectl
See TritonDataCenter/centos-lx-brand-image-builder#5 Also install dbus package which is required by timedatectl and hostnamectl
See TritonDataCenter/centos-lx-brand-image-builder#5 Also install dbus package which is required by timedatectl and hostnamectl
The following images were just released and they include the required systemd service overrides: Ubuntu 16.04 CentOS 7 Debian 8 |
Excellent, updated my base sets. Won't have time to re-provision today though. |
For example stuff like puppet, saltstack,... will trip over this. The tools in question are hostnamectl, datetimectl,...
There is an easy fix, they currently fail due to the lack of some cgroup and other stuff not being supported. But there is an easy workaround that survives upgrades and other changes.
This creates override files for systemd units that get applied over the one provided by the package. This disables all isolation mechanism.
After this the daemons start up and all is well.
It would be great to have this happen in the building process. (This is also needed for systemd based debian and ubuntu images)
The text was updated successfully, but these errors were encountered: