PKI's systemd service files are brittle. #3213

pki-bot · 2020-10-03T02:38:08Z

This issue was migrated from Pagure Issue #3096. Originally filed by cipherboy (@cipherboy) on 2019-03-27 17:54:05:

Assigned to nobody

Sometimes I don't want PKI to start on boot, so I do what I'm most familiar with:

systemctl disable pki-tomcatd@pki-tomcat

However, this is a very bad idea: it leaves the system in an unworkable state. Attempting to start the service manually gives:

-- Unit pki-tomcatd@pki-tomcat.service has begun starting up.
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pki-server[1489]: ----------------------------
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pki-server[1489]: pki-tomcat instance migrated
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pki-server[1489]: ----------------------------
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: WARNING:  Symbolic link '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service' does NOT exist!
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: INFO:  Attempting to create '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service' -> '/lib/systemd/system/pki-tomcatd@.service' . . .
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: ln: failed to create symbolic link '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service': No such file or directory
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: ERROR:  Failed to create '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service' -> '/lib/systemd/system/pki-tomcatd@.service'!
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com systemd[1]: pki-tomcatd@pki-tomcat.service: Control process exited, code=exited status=1
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'.
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com systemd[1]: Failed to start PKI Tomcat Server pki-tomcat.
-- Subject: Unit pki-tomcatd@pki-tomcat.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit pki-tomcatd@pki-tomcat.service has failed.
-- 
-- The result is failed.

And enabling the service again fails. If you try a pkidestroy and a new spawn, you get:

[root@vm-171-084 ~]# pkispawn -f CA-ecc.cfg            
Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]: CA                           
                                                                           
Begin installation (Yes/No/Quit)? Yes                                                       
                                                                                                    
Log file: /var/log/pki/pki-ca-spawn.20190327224642.log
Loading deployment configuration from CA-ecc.cfg.                                            
Installing CA into /var/lib/pki/pki-tomcat.                                                                     
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
pkihelper     : ERROR    OSError:  [Errno 2] No such file or directory: '/lib/systemd/system/pki-tomcatd@.service' -> '/etc/systemd/system/pki-tomcatd.target
.wants/pki-tomcatd@pki-tomcat.service'!                                                                           
pkispawn      : ERROR    FileNotFoundError: [Errno 2] No such file or directory: '/lib/systemd/system/pki-tomcatd@.service' -> '/etc/systemd/system/pki-tomca
td.target.wants/pki-tomcatd@pki-tomcat.service'                                                       
  File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 547, in main
    scriptlet.spawn(deployer)                                                                                            
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/instance_layout.py", line 231, in spawn
    deployer.mdict['pki_systemd_service_link'])
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 1711, in create
    os.symlink(name, link)                                                                 

                                                                
Installation failed: [Errno 2] No such file or directory: '/lib/systemd/system/pki-tomcatd@.service' -> '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service'

So I think we need to figure out what exactly gets removed during disable, and how to allow enable / start to function properly again.

The text was updated successfully, but these errors were encountered:

pki-bot · 2020-10-03T02:38:09Z

Comment from cipherboy (@cipherboy) at 2019-03-27 17:54:45

(I think part of it is that /etc/systemd/system/pki-tomcatd.target.wants gets removed, and so that directory needs to be created) again.

pki-bot · 2020-10-03T02:38:10Z

Comment from cipherboy (@cipherboy) at 2019-03-27 17:54:45

Metadata Update from @cipherboy:

Custom field component adjusted to None
Custom field feature adjusted to None
Custom field origin adjusted to None
Custom field proposedmilestone adjusted to None
Custom field proposedpriority adjusted to None
Custom field reviewer adjusted to None
Custom field type adjusted to None
Custom field version adjusted to None

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PKI's systemd service files are brittle. #3213

PKI's systemd service files are brittle. #3213

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020

PKI's systemd service files are brittle. #3213

PKI's systemd service files are brittle. #3213

Comments

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020