Page MenuHomePhabricator
Create Task
Maniphest T284555

Consider using BindsTo instead of Requires to declare dependencies between systemd unit
Closed, ResolvedPublic
Actions

Description

While working on T283660, @MMandere discovered the systemd setting BindsTo, documented here:

Configures requirement dependencies, very similar in style to Requires=. However, this dependency type is stronger: in addition to the effect of Requires= it declares that if the unit bound to is stopped, this unit will be stopped too.

We currently use Requires for quite a few units, including many services depending on varnish such as varnishfetcherr, varnishmtail, varnishospital, and various others. For all those services, the stricter guarantees of BindsTo seem to be more appropriate than Requires: if varnish is stopped, all those services stop operating correctly.

The list of services currently using Requires is:

  • codesearch-frontend
  • hound
  • fifo-log-demux
  • keyholder-proxy
  • atsmtail
  • docker-service-shim
  • varnishfetcherr
  • varnishmtail
  • varnishospital
  • varnishslowlog
  • varnishtlsinspector
  • varnishkafka

For each service, we need to understand if Requires is the appropriate choice, or if BindsTo would be better instead.

Details

SubjectRepoBranchLines +/-
fifo_log_demux: Fix systemd unit fileoperations/puppetproduction+3 -3
keyholder-proxy: systemd Requires= to BindsTo=operations/puppetproduction+1 -1
codesearch: Change systemd Requires= to BindsTo=operations/puppetproduction+2 -2
fifo-log-demux: systemd Requires= to BindsTo=operations/puppetproduction+1 -1
ats-mtail: Change systemd Requires= to BindsTo=operations/puppetproduction+1 -1
docker-service-shim: change Requires= to BindsTo=operations/puppetproduction+1 -1
varnish: Change systemd units Requires to BindsTooperations/puppetproduction+5 -5
Customize query in gerrit

Related Objects

Event Timeline

ema created this task.Jun 8 2021, 12:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 8 2021, 12:31 PM
ema triaged this task as Low priority.Jun 8 2021, 12:31 PM
Maintenance_bot added a project: SRE.Jun 8 2021, 12:45 PM
BBlack subscribed.Jun 8 2021, 1:35 PM

When we looked into this for the Bird-based anycast stuff, we found that the combination you want for strong service binding is both BindsTo= + After= on the same underlying service (cf https://www.freedesktop.org/software/systemd/man/systemd.unit.html ).

ayounsi removed a project: netops.Jun 8 2021, 1:39 PM
BBlack moved this task from Backlog to Icebox-Temp on the Traffic board.Oct 8 2021, 7:18 PM
BBlack edited projects, added Traffic-Icebox; removed Traffic.Oct 8 2021, 8:05 PM

The swap of Traffic for Traffic-Icebox in this ticket's set of tags was based on a bulk action for all tickets that aren't are neither part of our current planned work nor clearly a recent, higher-priority emergent issue. This is simply one step in a larger task cleanup effort. Further triage of these tickets (and especially, organizing future potential project ideas from them into a new medium) will occur afterwards! For more detail, have a look at the extended explanation on the main page of Traffic-Icebox . Thank you!

BBlack moved this task from Backlog to Complicated on the Traffic-Icebox board.Apr 13 2022, 7:35 PM
jijiki moved this task from Incoming 🐫 to 🙈🙉🙊Backlog on the serviceops board.Sep 28 2022, 2:23 PM
gerritbot added a comment.Mar 8 2023, 11:11 PM

Change 895875 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] varnish: Change systemd units Requires to BindsTo

https://gerrit.wikimedia.org/r/895875

gerritbot added a project: Patch-For-Review.Mar 8 2023, 11:11 PM
BCornwall changed the task status from Open to In Progress.Mar 8 2023, 11:11 PM
BCornwall claimed this task.
gerritbot added a comment.Mar 8 2023, 11:16 PM

Change 895877 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] docker-service-shim: change Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895877

gerritbot added a comment.Mar 8 2023, 11:20 PM

Change 895878 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] ats-mtail: Change systemd Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895878

BCornwall updated the task description. (Show Details)Mar 8 2023, 11:25 PM

Removed ircecho from the list as it had Requires=network.target, which is of Type=oneshot (and thus not really appropriate for such a binding).

gerritbot added a comment.Mar 8 2023, 11:39 PM

Change 895884 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] codesearch: Change systemd Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895884

gerritbot added a comment.Mar 8 2023, 11:39 PM

Change 895885 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] keyholder-proxy: systemd Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895885

gerritbot added a comment.Mar 8 2023, 11:39 PM

Change 895886 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] fifo-log-demux: systemd Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895886

BCornwall edited projects, added Traffic; removed Traffic-Icebox.Mar 16 2023, 6:41 PM
BCornwall moved this task from Icebox-Temp to Traffic team actively servicing on the Traffic board.Mar 24 2023, 10:42 PM
gerritbot added a comment.Mar 29 2023, 4:43 PM

Change 895875 merged by BCornwall:

[operations/puppet@production] varnish: Change systemd units Requires to BindsTo

https://gerrit.wikimedia.org/r/895875

Stashbot added a comment.Mar 29 2023, 4:44 PM

Mentioned in SAL (#wikimedia-operations) [2023-03-29T16:44:08Z] <brett> Disable puppet on A:cp to roll out T284555

Stashbot added a comment.Mar 29 2023, 5:11 PM

Mentioned in SAL (#wikimedia-operations) [2023-03-29T17:11:51Z] <brett> Re-enable puppet on A:cp - T284555

gerritbot added a comment.Mar 29 2023, 5:20 PM

Change 895877 merged by BCornwall:

[operations/puppet@production] docker-service-shim: change Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895877

Stashbot added a comment.Mar 29 2023, 5:28 PM

Mentioned in SAL (#wikimedia-operations) [2023-03-29T17:28:59Z] <brett> Disable puppet on A:cp to roll out another T284555

gerritbot added a comment.Mar 29 2023, 5:29 PM

Change 895878 merged by BCornwall:

[operations/puppet@production] ats-mtail: Change systemd Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895878

gerritbot added a comment.Mar 29 2023, 5:36 PM

Change 895886 merged by BCornwall:

[operations/puppet@production] fifo-log-demux: systemd Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895886

BCornwall updated the task description. (Show Details)Mar 29 2023, 5:40 PM
Stashbot added a comment.Mar 29 2023, 5:43 PM

Mentioned in SAL (#wikimedia-operations) [2023-03-29T17:43:48Z] <brett> Re-enable puppet on A:cp - T284555

BCornwall edited projects, added Keyholder; removed Traffic.Mar 29 2023, 6:12 PM

Removing the Traffic team as our services have been rolled out with the change. Added tags for the relevant projects; Feel free to merge these patches!

BCornwall changed the task status from In Progress to Open.Mar 29 2023, 6:13 PM
BCornwall removed BCornwall as the assignee of this task.
BCornwall subscribed.
gerritbot added a comment.Apr 20 2023, 9:50 PM

Change 895884 merged by Legoktm:

[operations/puppet@production] codesearch: Change systemd Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895884

BCornwall updated the task description. (Show Details)Apr 24 2023, 4:18 PM
Dzahn unsubscribed.Apr 24 2023, 5:27 PM
gerritbot added a comment.Apr 24 2023, 7:56 PM

Change 895885 merged by BCornwall:

[operations/puppet@production] keyholder-proxy: systemd Requires= to BindsTo=

https://gerrit.wikimedia.org/r/895885

BCornwall closed this task as Resolved.Apr 24 2023, 7:57 PM
BCornwall removed a project: SRE.
BCornwall updated the task description. (Show Details)
Maintenance_bot removed a project: Patch-For-Review.Apr 24 2023, 8:12 PM
gerritbot added a comment.Jun 7 2023, 9:16 AM

Change 927989 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] fifo_log_demux: Fix systemd unit file

https://gerrit.wikimedia.org/r/927989

Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptJun 7 2023, 9:16 AM
gerritbot added a project: Patch-For-Review.Jun 7 2023, 9:16 AM
gerritbot added a comment.Jul 10 2023, 8:39 PM

Change 927989 merged by BCornwall:

[operations/puppet@production] fifo_log_demux: Fix systemd unit file

https://gerrit.wikimedia.org/r/927989

Maintenance_bot removed a project: Patch-For-Review.Jul 10 2023, 9:10 PM
BCornwall mentioned this in T355905: Restarting fifo-log-demux should not restart nginx.Jan 29 2024, 11:15 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL