contrib/systemd: use multi-user.target instead of default.target #24524
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: hnez The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
LGTM however podman generate systemd still generates files with default.target, that command is deprecated but may still be worth to fix the generator?
For the replacement quadlet, user are responsible to set the WantedBy line so it is not a problem there. However the docs use default.target so they should be updated as well.https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#enabling-unit-files
|
Hi @Luap99, thanks for the quick feedback! I am not too familiar with the podman codebase or even podman from a users point of view, so I am more or less Feel free to point out any mistakes I made along the way or things that are still missing. |
|
Yeah I think some more investigation is needed, looking at the history I found 9a10e21 So it seems simple replace is incorrect and will break all rootless users |
|
Neither So there is a real default.target unit for the user session and not just a symlink to another unit as described in the docs. As such I think the systemd docs are misleading as they only consider the root case. We assume that we can use the same unit files for root and rootless, if have to do different things in both cases that will complicate things massively. We do not have a good way to do that as of today, I hacked up a work around for another similar problem recently 6b8e8cb |
Symlinks in git repositories tend to be confusing - a change in one file results in a change in a seemingly unrelated location without causing a diff. In addition to that the best practices between user service files and system service files differ when in comes to `WantedBy=`. Create copies of the service files to allow them to diverge in the future. Signed-off-by: Leonard Göhrs <[email protected]>
Since the systemd user and system service unit files are now completely separate we can just apply the patch beforehand instead of at install time. Signed-off-by: Leonard Göhrs <[email protected]>
The systemd documentation[1] says the following about using
`default.target` as `WantedBy=` in system service files:
For typical unit files please set "WantedBy=" to a regular target
(like multi-user.target or graphical.target), instead of default.target,
since such a service will also be run on special boots like on system
update, emergency boot ...
The situation for user service files is different.
There default.target is actually the right one to use.
The mentioned "system update" special boots refer to
`systemd.offline-updates`[2] a mechanism that enables doing a special
minimalistic boot to run e.g. migration scripts after installing an
update (using a package manager or an image based updater like e.g. RAUC)
and before the first boot of the updated system.
To prevent conflicts between normal services on the system and migration
scripts, normal services should not be started for these special boots.
For this to work normal services may not use `WantedBy=default.target`,
because according to the documentation[2] the `system-update.target`
_becomes_ the `default.target` for system-update boots:
3) Very early in the new boot systemd-system-update-generator(8) checks
whether /system-update or /etc/system-update exists.
If so, it (temporarily and for this boot only) redirects
(i.e. symlinks) default.target to system-update.target,
a special target that pulls in the base system
(i.e. sysinit.target, so that all file systems are mounted but little
else) and the system update units.
Use `WantedBy=multi-user.target` target instead of `default.target` to
enable the use of `system-update.target`.
[1]: https://www.freedesktop.org/software/systemd/man/latest/systemd.special.html#default.target
[2]: https://www.freedesktop.org/software/systemd/man/latest/systemd.offline-updates.html#
Signed-off-by: Leonard Göhrs <[email protected]>
... instead of default.target for system/rootful containers. According to the systemd manual[1] "typical" system units should not use `WantedBy=default.target`: > For typical unit files please set "WantedBy=" to a regular target > (like multi-user.target or graphical.target), > instead of default.target, since such a service will also be run on > special boots like on system update, emergency boot… Suggest using `multi-user.target` instead. Signed-off-by: Leonard Göhrs <[email protected]>
…target ... instead of default.target. According to the systemd manual[1] "typical" system units should not use `WantedBy=default.target`: > For typical unit files please set "WantedBy=" to a regular target > (like multi-user.target or graphical.target), > instead of default.target, since such a service will also be run on > special boots like on system update, emergency boot… Use `multi-user.target` instead. [1]: https://www.freedesktop.org/software/systemd/man/latest/systemd.special.html#default.target Signed-off-by: Leonard Göhrs <[email protected]>
... instead of default.target. According to the systemd manual[1] "typical" system units should not use `WantedBy=default.target`: > For typical unit files please set "WantedBy=" to a regular target > (like multi-user.target or graphical.target), > instead of default.target, since such a service will also be run on > special boots like on system update, emergency boot… Use `multi-user.target` instead. [1]: https://www.freedesktop.org/software/systemd/man/latest/systemd.special.html#default.target Signed-off-by: Leonard Göhrs <[email protected]>
hnez
force-pushed
the
multi-user-target
branch
from
78396ce to
4edd7e1
Compare
|
Hi, I've had some time again to look into this.
I've changed the generator to always output It would be possible to e.g. add a But I think it is not worth it for a command marked as deprecated. Or is it?
I've now read up on quadlets (using a systemd generator to create ad-hoc service files there is a neat design. I will have to remember that for later) and have updated the docs to distinguish between user/rootless and system/rootful
It took me a bit to figure out that the files in I am not a huge fan of having symlinks in git repositories to be honest because the changes to the pointed to files do not appear as diffs in the location where the symlink lives. A call to I think in this case it is better to just live with the duplication (I've updated the PR to do so) or de-duplicate some other way, e.g. by deriving the user service files from the system service files in the |
|
Duplication is bad, there are far to many things I saw getting patched only in one place and then forgot to update the other places as well. It is extremely hard for maintainers here to catch these things as we have different people reviewing different things and not anyone is aware of all the duplicated places. At this point for the static podman- units it might be much better to use some form of template engine to have proper support to add variable conditions. I think this whole change might need some more design discussion (and/or input from other maintainers cc @containers/podman-maintainers )
Chaining the behaviour like this is a breaking change for anyone calling this from automation for user services so we cannot change that. I am fine with not fixing this command because it is detracted but then it MUST keep the current behavior. |
|
Just skimming the conversation and the git log which revealed commit 220f9a7 that seems to conflict with the intentions of this PR. I may be off since I don't have the time to dive deeper into the issue. |
|
I just found another flaw in my current version of this pull request. Lines 996 to 1003 in 4edd7e1 Instead the ones in In the meantime my colleague @jluebbe has suggested another approach: add a |
That could certainly work but then we need to deal with yet another unit and then need to documented how this works which I guess might be harder for users to understand. I have a similar issue with After= in #24637 |
The systemd documentation says the following about using
default.targetasWantedBy=in service files:The mentioned "system update" special boots refer to
systemd.offline-updatesa mechanism that enables doing a special minimalistic boot to run e.g. migration scripts after installing an update (using a package manager or an image based updater like e.g. RAUC) and before the first boot of the updated system.To prevent conflicts between normal services on the system and migration scripts, normal services should not be started for these special boots.
For this to work normal services may not use
WantedBy=default.target, because according to the documentation thesystem-update.targetbecomes thedefault.targetfor system-update boots:Use
WantedBy=multi-user.targettarget instead ofdefault.targetto enable the use ofsystem-update.target.Does this PR introduce a user-facing change?