[opensuse] systemd service unit with instance not working ? (leap 42.3)
I'm sure this is a case of needing another pair of eyes. Mine are getting tired. I have the following service unit: ------------------------ systemctl cat firewall@ipv4 # /etc/systemd/system/firewall@.service [Unit] Description=firewall %i After=network.target [Service] Type=oneshot ExecStart=/usr/local/bin/firewall-%i ExecStop=/usr/local/bin/firewall-%i stop RemainAfterExit=yes [Install] WantedBy=multi-user.target ---------------------------- When I try to start it, it fails: systemd[1]: Starting firewall ipv4... systemd[1094]: firewall@ipv4.service: Failed at step EXEC spawning /usr/local/bin/firewall-%i: No such file or directory systemd[1]: firewall@ipv4.service: Main process exited, code=exited, status=203/EXEC systemd[1]: Failed to start firewall ipv4. Despite the '/usr/local/bin/firewall-%i: No such file or directory', that script _does_ exist: # ls -lF /usr/local/bin/firewal* -rwxr-xr-x 1 root root 5651 Oct 22 15:08 /usr/local/bin/firewall-ipv4* -rwxr-xr-x 1 root root 2522 May 20 17:41 /usr/local/bin/firewall-ipv6* Remarkably, the exact same works just fine on Leap 15.0. Can anyone help me spot my mistake? Thanks. -- Per Jessen, Zürich (11.8°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
23.10.2019 9:41, Per Jessen пишет:
I'm sure this is a case of needing another pair of eyes. Mine are getting tired.
I have the following service unit:
------------------------ systemctl cat firewall@ipv4 # /etc/systemd/system/firewall@.service [Unit] Description=firewall %i After=network.target
Not exactly related but this is generally considered too late. You have small window between network up and firewall effective.
[Service] Type=oneshot ExecStart=/usr/local/bin/firewall-%i ExecStop=/usr/local/bin/firewall-%i stop
I think specifiers in Exec* directives are supported starting with v229 and Leap 42.3 has v228 (although of course it could have been backported). I could not find anything in NEWS unfortunately and commit message is not entirely helpful, but this is the only commit that added resolving of specifiers there.
RemainAfterExit=yes
[Install] WantedBy=multi-user.target ----------------------------
When I try to start it, it fails:
systemd[1]: Starting firewall ipv4... systemd[1094]: firewall@ipv4.service: Failed at step EXEC spawning /usr/local/bin/firewall-%i: No such file or directory systemd[1]: firewall@ipv4.service: Main process exited, code=exited, status=203/EXEC systemd[1]: Failed to start firewall ipv4.
Despite the '/usr/local/bin/firewall-%i: No such file or directory', that script _does_ exist:
# ls -lF /usr/local/bin/firewal* -rwxr-xr-x 1 root root 5651 Oct 22 15:08 /usr/local/bin/firewall-ipv4* -rwxr-xr-x 1 root root 2522 May 20 17:41 /usr/local/bin/firewall-ipv6*
Remarkably, the exact same works just fine on Leap 15.0. Can anyone help me spot my mistake? Thanks.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Andrei Borzenkov wrote:
23.10.2019 9:41, Per Jessen пишет:
I'm sure this is a case of needing another pair of eyes. Mine are getting tired.
I have the following service unit:
------------------------ systemctl cat firewall@ipv4 # /etc/systemd/system/firewall@.service [Unit] Description=firewall %i After=network.target
Not exactly related but this is generally considered too late. You have small window between network up and firewall effective.
Thanks, I'll have to look into that. Do you happen to know what might give a better timing - generally only two interfaces on these boxes, I could perhaps depend directly on them?
[Service] Type=oneshot ExecStart=/usr/local/bin/firewall-%i ExecStop=/usr/local/bin/firewall-%i stop
I think specifiers in Exec* directives are supported starting with v229 and Leap 42.3 has v228 (although of course it could have been backported). I could not find anything in NEWS unfortunately and commit message is not entirely helpful, but this is the only commit that added resolving of specifiers there.
Aha .... firewall-ipv4 is just a script, I guess I can just use: ExecStart=/bin/bash /usr/local/bin/firewall-%i Thanks for taking a look! -- Per Jessen, Zürich (12.2°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
23.10.2019 11:54, Per Jessen пишет:
Andrei Borzenkov wrote:
23.10.2019 9:41, Per Jessen пишет:
I'm sure this is a case of needing another pair of eyes. Mine are getting tired.
I have the following service unit:
------------------------ systemctl cat firewall@ipv4 # /etc/systemd/system/firewall@.service [Unit] Description=firewall %i After=network.target
Not exactly related but this is generally considered too late. You have small window between network up and firewall effective.
Thanks, I'll have to look into that. Do you happen to know what might give a better timing - generally only two interfaces on these boxes, I could perhaps depend directly on them?
Author: Lennart Poettering <lennart@poettering.net> Date: Wed Jun 11 11:33:02 2014 +0200 units: introduce network-pre.target as place to hook in firewalls network-pre.target is a passive target that should be pulled in by services that want to be executed before any network is configured (for example: firewall scrips). network-pre.target should be ordered before all network managemet services (but not be pulled in by them). network-pre.target should be order after all services that want to be executed before any network is configured (and be pulled in by them).
[Service] Type=oneshot ExecStart=/usr/local/bin/firewall-%i ExecStop=/usr/local/bin/firewall-%i stop
I think specifiers in Exec* directives are supported starting with v229 and Leap 42.3 has v228 (although of course it could have been backported). I could not find anything in NEWS unfortunately and commit message is not entirely helpful, but this is the only commit that added resolving of specifiers there.
Aha .... firewall-ipv4 is just a script, I guess I can just use:
ExecStart=/bin/bash /usr/local/bin/firewall-%i
I do not think it will work but of course you may try. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Andrei Borzenkov wrote:
23.10.2019 11:54, Per Jessen пишет:
Thanks, I'll have to look into that. Do you happen to know what might give a better timing - generally only two interfaces on these boxes, I could perhaps depend directly on them?
Author: Lennart Poettering <lennart@poettering.net> Date: Wed Jun 11 11:33:02 2014 +0200
units: introduce network-pre.target as place to hook in firewalls
Many thanks, that's perfect.
Aha .... firewall-ipv4 is just a script, I guess I can just use:
ExecStart=/bin/bash /usr/local/bin/firewall-%i
I do not think it will work but of course you may try.
Remarkably, it does work. -- Per Jessen, Zürich (12.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
23.10.2019 13:06, Per Jessen пишет:
Aha .... firewall-ipv4 is just a script, I guess I can just use:
ExecStart=/bin/bash /usr/local/bin/firewall-%i
I do not think it will work but of course you may try.
Remarkably, it does work.
Right, systemd expanded specifiers in command arguments from the very beginning, but it happened later, when command was going to be executed. Later specifiers handling was moved to configuration parsing stage at which point it also started to work for command name. Not sure whether it really was intentional though, as usually such changes are listed in NEWS. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Andrei Borzenkov -
Per Jessen