Bug 1735787

Summary: Unable to repeatedly reload service that fails
Product: Red Hat Enterprise Linux 8 Reporter: Gunnar Guðvarðarson <gunnar>
Component: systemdAssignee: David Tardon <dtardon>
Status: CLOSED ERRATA QA Contact: Frantisek Sumsal <fsumsal>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.0CC: carl, dtardon, gabriel.arthur.petursson, systemd-maint-list
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: systemd-239-19.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:45:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1739428, 1739441    
Attachments:
Description Flags
Example service, edit exitN to return test exit codes exit0 should always return 0
none
minimal example service none

Description Gunnar Guðvarðarson 2019-08-01 12:37:11 UTC 
Created attachment 1597001 [details]
Example service, edit exitN to return test exit codes exit0 should always return 0

Description of problem:
Unable to repeatedly "reload" a oneshot service.

Red Hat Enterprise Linux 8.0 (Ootpa) -- affected
Fedora 30 (Workstation Edition) -- affected
CentOS Linux 7 (Core) -- not affected


Version-Release number of selected component (if applicable):
systemd 239


How reproducible:
always


Steps to Reproduce:
1. Create a oneshot service
2. Start it
3. Modify ExecReload script to return non 0 exit code
4. Reload it
5. Reload it again


Actual results:
Reload 1 fails due to exit code != 0
> Unit state is now: Active: failed (Result: exit-code)
Reload 2 fails with: `test.service is not active, cannot reload.`


Expected results:
Reload 1 fails due to exit code != 0
> Unit state is now: Active: active (exited) (Result: exit-code)
Reload 2 fails due to exit code != 0
# Modify ExecReload script to return exit code 0
Reload 3 succeeds


Additional info:
This affects units such as nftables.service such that a syntax error during reload causes the unit to enter a failed state, and must either be restarted by hand or the reload command run manually.

Restarting units like nftables.service will flush the firewall and then attempt to start it again, leaving you without a firewall until it gets started again.

By utilizing reload on units such as nftables, I can fix the syntax error and reload it again, using the atomic rule replacement feature of nftables.

https://wiki.nftables.org/wiki-nftables/index.php/Atomic_rule_replacement

It is possible to change the ExecReload command and prefix it with `-` but that causes the reload command to not notify you of syntax errors or similar.
Comment 1 Gabríel Arthúr Pétursson 2019-08-01 13:07:18 UTC 
This appears to have been reported and fixed upstream very recently:

https://github.com/systemd/systemd/issues/11238
https://github.com/systemd/systemd/commit/d611cfa748aaf600832160132774074e808c82c7
Comment 2 David Tardon 2019-08-01 14:35:47 UTC 
Created attachment 1597592 [details]
minimal example service
Comment 3 David Tardon 2019-08-01 14:37:15 UTC 
PR: https://github.com/systemd-rhel/rhel-8/pull/14
Comment 4 Lukáš Nykrýn 2019-08-08 09:15:19 UTC 
fix merged to github master branch -> https://github.com/systemd-rhel/rhel-8/pull/14 -> post
Comment 5 Petr Menšík 2019-08-09 10:34:49 UTC 
Is there Fedora clone to depend on? Is it fixed on Fedora yet?

Just for the record, this is not issue of oneshot service like description suggests. Affects named.service as well.
Comment 8 Carl George 🤠 2020-01-23 22:44:33 UTC 
This backport has been released to CentOS 8 Stream.

https://lists.centos.org/pipermail/centos-devel/2020-January/036500.html

Please test this and provide feedback if you're able.
Comment 11 errata-xmlrpc 2020-04-28 16:45:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1794