Project

General

Profile

Actions

Bug #7807

closed

Restarting services via systemctl fails

Added by Jonathan CLARKE over 6 years ago. Updated 4 months ago.

Status:
Released
Priority:
2
Category:
Generic methods
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Regression:

Description

See this output for example:

rudder     info: Executing 'no timeout' ... '/bin/systemctl restart rudder-slapd.service'
  notice: Q: ".../systemctl rest": Failed to open /dev/tty: No such device or address
Q: ".../systemctl rest": Failed to open /dev/tty: No such device or address
rudder     info: Last 2 quoted lines were generated by promiser '/bin/systemctl restart rudder-slapd.service'
rudder     info: Completed execution of '/bin/systemctl restart rudder-slapd.service'

The worst part is that systemctl happily returns "0" as a successful return code, even though it doesn't actually restart the service.

This is exactly the same as bug https://dev.cfengine.com/issues/5840 at CFEngine. The reason is that CFEngine commands are run in a new SID, which doesn't have access to /dev/tty, and systemctl requires it. A workaround, from that CFEngine bug, is to run the command with a body containing "no_output => true". This obviously has the side effect of suppressing any output.

I don't 100% understand why this workaround works, so I think we should study the CFEngine source code around it to understand what this is triggering, before blindly using it.

Actions #1

Updated by Jonathan CLARKE over 6 years ago

Jonathan CLARKE wrote:

A workaround, from that CFEngine bug, is to run the command with a body containing "no_output => true". This obviously has the side effect of suppressing any output.

I don't 100% understand why this workaround works, so I think we should study the CFEngine source code around it to understand what this is triggering, before blindly using it.

I checked how this option works, and all it does is prevent cf-agent from printing the output from a command to cf-agent's stdout (prefixed with "Q:"). It does not seem risky to use it.

However, using it by default, when not needed, would make debugging a lot harder - because programs often explain why they are not working on their std{err,out} - so we should not do that.

I will patch the service_action bundle to run a specific commands: promise, using the no_output option.

Actions #2

Updated by Jonathan CLARKE over 6 years ago

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE
Actions #3

Updated by Jonathan CLARKE over 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/ncf/pull/309
Actions #4

Updated by Jonathan CLARKE over 6 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100

Applied in changeset commit:ee05a48da4d43f237a09281c2cba1733869a6806.

Actions #5

Updated by Vincent MEMBRÉ about 6 years ago

  • Status changed from Pending release to Released
Actions #6

Updated by Alexis Mousset 4 months ago

  • Target version changed from 0.x to ncf-0.x
  • Priority set to 0
Actions #7

Updated by Alexis Mousset 4 months ago

  • Project changed from 41 to Rudder
  • Category set to Generic methods
Actions

Also available in: Atom PDF