Skip to content

Comments

systemd/system/sshkeys: Make execution more robust#112

Merged
pothos merged 1 commit intoflatcar-masterfrom
kai/sshkeys
Nov 17, 2023
Merged

systemd/system/sshkeys: Make execution more robust#112
pothos merged 1 commit intoflatcar-masterfrom
kai/sshkeys

Conversation

@pothos
Copy link
Member

@pothos pothos commented Nov 17, 2023
edited
Loading

The service failed when the unit to start was masked. Since it involves
networking, the service can fail and if it does we should restart. It
also seems that the service relied on
update-ssh-keys-after-ignition.service to run update-ssh-keys once to
create the subfolder and could possibly race with it.

Prevent execution when it has no chance to succeed because the unit to
start is masked but in all other cases try to restart on failure. Also
order behind update-ssh-keys-after-ignition.service.

How to use

Backport

Testing done

with

variant: flatcar
version: 1.0.0
systemd:
  units:
    - name: sshkeys.service
      dropins:
        - name: test.conf
          contents: |
            [Unit]
            After=update-ssh-keys-after-ignition.service
            ConditionPathIsSymbolicLink=!/etc/systemd/system/coreos-metadata-sshkeys@core.service
            [Service]
            Restart=on-failure

and verifying that the service does not run when the unit to start is masked.
@tormath1 also checked that the spurious failure experienced when update-ssh-keys-after-ignition.service is slower than sshkeys.service didn't occur again.

  • Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update)
  • Inspected CI output for image differences: /boot and /usr size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.

tormath1
tormath1 reviewed Nov 17, 2023
View reviewed changes
@pothos
systemd/system/sshkeys: Make execution more robust
ff06501 
The service failed when the unit to start was masked. Since it involves
networking, the service can fail and if it does we should restart. It
also seems that the service relied on
update-ssh-keys-after-ignition.service to run update-ssh-keys once to
create the subfolder and could possibly race with it.

Prevent execution when it has no chance to succeed because the unit to
start is masked but in all other cases try to restart on failure. Also
order behind update-ssh-keys-after-ignition.service.
@pothos pothos merged commit db7a12e into flatcar-master Nov 17, 2023
@pothos pothos deleted the kai/sshkeys branch November 17, 2023 14:41
pothos added a commit to flatcar/scripts that referenced this pull request Nov 17, 2023
@pothos
coreos-base/coreos-init: Make sshkeys.service more robust
16a7e2a 
This pulls in
flatcar/init#112
to only run coreos-metadata-sshkeys@core.service when not masked and
also retry on failure.
@pothos pothos mentioned this pull request Nov 17, 2023
Merged
2 tasks
pothos added a commit to flatcar/scripts that referenced this pull request Nov 17, 2023
@pothos
coreos-base/coreos-init: Make sshkeys.service more robust
12cbc1e 
This pulls in
flatcar/init#112
to only run coreos-metadata-sshkeys@core.service when not masked and
also retry on failure.
pothos added a commit to flatcar/scripts that referenced this pull request Nov 17, 2023
@pothos
coreos-base/coreos-init: Make sshkeys.service more robust
2bab5bb 
This pulls in
flatcar/init#112
to only run coreos-metadata-sshkeys@core.service when not masked and
also retry on failure.
@tormath1 tormath1 mentioned this pull request Nov 20, 2023
Closed
@github-actions github-actions bot mentioned this pull request Nov 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tormath1 tormath1 tormath1 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pothos @tormath1