Page MenuHomePhabricator
Create Task
Maniphest T191017

Unwanted service startups and their triggers
Closed, ResolvedPublic
Actions

Description

Today, while upgrading mtail across all cache hosts, we were surprised to find that systemd attempted to start mtail.service. On cache hosts, mtail.service cannot start properly as we already run a mtail instance started by varnishmtail.service binding on port 3903 (mtail's default). We do explicitly instruct puppet to ensure that mtail.service is stopped, but that is not enough to prevent package upgrades from taking initiatives and starting services up.

More in general, there are 4 events that I can think of which trigger service startups:

  1. root running systemctl start $service
  2. systemd starting an enabled service at boot time
  3. puppet saying ensure => running
  4. debian package installation / upgrades

There are probably more possible triggers (socket activation and who knows what else), but I do not think they're particularly relevant here.

In the specific case of mtail above, @MoritzMuehlenhoff suggested masking the unit with systemctl mask. That has the effect of stopping all 4 triggers above, and would work fine with mtail. However, I've started wondering about other cases, such as for example pybal.service. In pybal's case, we do want (1) and (2), while we explicitly avoid (3). At the moment, we have taken no measures against (4), although I think it would be desirable to do so (we do not necessarily want to immediately switch traffic back to a primary LVS server upon pybal upgrade).

I'm opening this task to collect thoughts on the subject and as a tracking task for work going in the direction of stopping unwanted service startups initiated (4).

Event Timeline

ema created this task.Mar 29 2018, 12:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 29 2018, 12:33 PM
ema triaged this task as Medium priority.Mar 29 2018, 12:33 PM
Vgutierrez subscribed.Mar 29 2018, 12:33 PM
ema moved this task from Backlog to General on the Traffic board.Mar 29 2018, 12:33 PM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 9:53 PM
BBlack moved this task from General to Epic Ideas on the Traffic board.Sep 29 2020, 8:47 PM
BBlack edited projects, added Traffic-Icebox; removed Traffic.Sep 1 2021, 11:21 PM
BBlack subscribed.

The swap of Traffic for Traffic-Icebox in this ticket's set of tags was based on a bulk action for all such tickets that haven't been updated in 6 months or more. This does not imply any human judgement about the validity or importance of the task, and is simply the first step in a larger task cleanup effort. Further manual triage and/or requests for updates will happen this month for all such tickets. For more detail, have a look at the extended explanation on the main page of Traffic-Icebox . Thank you!

BCornwall closed this task as Resolved.Jan 23 2023, 8:23 PM
BCornwall claimed this task.
BCornwall subscribed.

systemctl mask achieves what is desired here and has been successfully implemented with varnishncsa.service and varnishlog.service (see Change-Id: I3fe2c3a8d960d9f0a23e9a2f0b26ba36e1ae46e4). Any specific service-related problems not addressed with systemctl mask should be brought up in a ticket specific to that problem.

Thanks!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL