New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Container Linux Config - disable #2548

Open
sampcoug opened this Issue Feb 1, 2019 · 6 comments

Comments

Projects
None yet
3 participants
@sampcoug
Copy link

sampcoug commented Feb 1, 2019

Issue Report

Bug

I am using the Container Linux Config to disable Automatic Updates on my CoreOS instance.
I have incorporated this code into my Terraform. The Terraform runs file but result is not as expected. The services are not stopped as expected. Essentially the code below doesn't seem to execute. The account terraform is running under has full permission.

My Container Linux Config code is as follows:

systemd:
units:
- name: update-engine.service #disable autoupdates that result in autoreboot
mask: true
command: stop
- name: locksmithd.service #disable autoupdates that result in autoreboot
mask: true
command: stop

Container Linux Version

NAME="Container Linux by CoreOS"
ID=coreos
VERSION=1911.4.0
VERSION_ID=1911.4.0
BUILD_ID=2018-11-26-1924
PRETTY_NAME="Container Linux by CoreOS 1911.4.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"
...
BUG_REPORT_URL="https://issues.coreos.com"

Environment

What hardware/cloud provider/hypervisor is being used to run Container Linux?

Google Compute Engine(GCP)

Expected Behavior

The update-engine.service and locksmithd.service should stop

Actual Behavior

The update-engine.service and locksmithd.service do not stop or disable.

Reproduction Steps

  1. Use the code above and try to stop the services. This is the link I am following: https://coreos.com/os/docs/latest/update-strategies.html

Other Information

@crawford

This comment has been minimized.

Copy link
Member

crawford commented Feb 1, 2019

That config snippet isn't a Container Linux Config. It looks like it may be a cloud-config.

@sampcoug

This comment has been minimized.

Copy link
Author

sampcoug commented Feb 1, 2019

It says - 'Container Linux Config' in the CoreOs link here: https://coreos.com/os/docs/latest/update-strategies.html

Any thoughts?

@crawford

This comment has been minimized.

Copy link
Member

crawford commented Feb 1, 2019

The configs on that page are Container Linux Configs. In your example though, I see command: stop which is probably from coreos-cloudinit.

First, I have to ask: why are you disabling automatic updates? 😢

Second, the config you are looking for is in https://coreos.com/os/docs/latest/update-strategies.html#disable-automatic-updates-daemon. If you click on the Ignition tab, you can copy and paste that into the instance's userdata.

@sampcoug

This comment has been minimized.

Copy link
Author

sampcoug commented Feb 1, 2019

We are not using ignition so I copied the Container Linux Config code from the same location that you mentioned. I added the command: stop after reading the this link: #1982
where you had mentioned something to the line of "...Your best bet is to both stop and mask it."
Now I am looking at the system and it shows Loaded: loaded (/usr/lib/systemd/system/locksmithd.service; disabled; vendor preset: disabled)
So, the code may have executed but appear to do nothing because the service was already disabled?

@crawford

This comment has been minimized.

Copy link
Member

crawford commented Feb 1, 2019

Can I ask why you aren't using Ignition? If you aren't using Ignition, then you can't using Container Linux Configs either. You'll need to use cloud-configs, which have long been deprecated. As I mentioned in the reference bug, coreos-cloudinit is riddled with race conditions which is why you need to both mask and stop the service.

The systemctl output is a little misleading. It only considers symlinks under /etc when determining whether or not a service is enabled. systemd itself respects both /etc and /usr, the latter of which we use to enable services on Container Linux.

@sampcoug

This comment has been minimized.

Copy link
Author

sampcoug commented Feb 1, 2019

Thank you so much for your help! We are not at a stage to use Ignition at the moment. As the service preset is disabled. I will hold off on the code for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment