Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1235768

Summary: network initscripts calls apply_sysctl
Product: Red Hat Enterprise Linux 7 Reporter: Jaroslav Škarvada <jskarvad>
Component: initscriptsAssignee: initscripts Maintenance Team <initscripts-maint-list>
Status: CLOSED CANTFIX QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.1CC: jskarvad, lnykryn, msekleta, systemd-maint-list
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-26 14:10:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1189263    
Attachments:
Description Flags
Journal with debug none

Description Jaroslav Škarvada 2015-06-25 16:49:26 UTC 
Description of problem:
# systemctl disable systemd-sysctl.service

It still runs on boot.

# systemctl mask systemd-sysctl.service

It still runs on boot.

Also it seems it is not possible to schedule any service to run after it, e.g. tuned.service

---
[Unit]
Description=Dynamic System Tuning Daemon
After=syslog.target systemd-sysctl.service
Conflicts=cpupower.service

[Service]
Type=dbus
PIDFile=/run/tuned/tuned.pid
BusName=com.redhat.tuned
ExecStart=/usr/sbin/tuned -l -P

[Install]
WantedBy=multi-user.target
---

Tuned service still runs before systemd-sysctl.

Version-Release number of selected component (if applicable):
systemd-208-20.el7

How reproducible:
Always

Steps to Reproduce:
1. Schedule service after systemd-sysctl or disable it

Actual results:
systemd-sysctl still runs after other service

Expected results:
systemd-sysctl service doesn't run and if it runs it runs before the service

Additional info:
Comment 3 Lukáš Nykrýn 2015-06-26 07:21:40 UTC 
This works for me even with 208. Can you please add debug to kernel command-line and attach output of journalctl -b?
Also note that systemd-sysctl actually runs twice during the boot (in dracut and then in normal system). Maybe you were able to mask it and you have just saw the dracut one in logs?
Comment 4 Jaroslav Škarvada 2015-06-26 09:47:56 UTC 
I will provide requested debuginfo in next comment.

I am still able to reproduce on cleanly provisioned RHEL-7.2-20150625.n.0,  x86_64, reproducer:

# yum install "https://fedorapeople.org/~jskarvad/tuned/devel/repo/tuned-2.4.1-1.20150626gitaa0644f0.el7.noarch.rpm"
# tuned-adm profile oracle
# sysctl kernel.shmmax
kernel.shmmax = 4398046511104
# echo 'kernel.shmmax = 1236511104' >> /usr/lib/sysctl.d/00-system.conf
# systemctl stop systemd-sysctl
# systemctl disable systemd-sysctl
# systemctl mask systemd-sysctl
# reboot

# sysctl kernel.shmmax
kernel.shmmax = 1236511104

You can see there is '1236511104', not '4398046511104' as it should be.

# mv /usr/lib/sysctl.d/00-system.conf /var/tmp
# reboot
# sysctl kernel.shmmax
kernel.shmmax = 4398046511104

This is proof that tuned works.

tuned.service seems correct and systemd-sysctl is even disabled
# head /usr/lib/systemd/system/tuned.service 
[Unit]
Description=Dynamic System Tuning Daemon
After=syslog.target systemd-sysctl.service
Conflicts=cpupower.service

[Service]
Type=dbus
PIDFile=/run/tuned/tuned.pid
BusName=com.redhat.tuned
ExecStart=/usr/sbin/tuned -l -P

I verified by systemtap that kernel.shmmax is rewritten by systemd-sysctl process twice after tuned is started.
Comment 5 Jaroslav Škarvada 2015-06-26 09:55:03 UTC 
Created attachment 1043454 [details]
Journal with debug
Comment 6 Lukáš Nykrýn 2015-06-26 10:14:22 UTC 
Well, the problem is this commit https://git.fedorahosted.org/cgit/initscripts.git/commit/?id=3f296db591da779000a301b2b29560ee6df413f3

network initscript is supposed to reload settings from sysctl file on start.
Comment 7 Jaroslav Škarvada 2015-06-26 10:19:33 UTC 
(In reply to Lukáš Nykrýn from comment #6)
> Well, the problem is this commit
> https://git.fedorahosted.org/cgit/initscripts.git/commit/
> ?id=3f296db591da779000a301b2b29560ee6df413f3
> 
> network initscript is supposed to reload settings from sysctl file on start.

I cannot see how this commit can cause the problem, as the settings is in /usr/lib/sysctl.d and not /etc/sysctl.d. I also clearly saw in systemtap that it's rewritten by systemd-sysctl process.
Comment 8 Lukáš Nykrýn 2015-06-26 10:21:19 UTC 
Yep because https://git.fedorahosted.org/cgit/initscripts.git/tree/rc.d/init.d/functions#n561
Comment 9 Michal Sekletar 2015-06-26 13:10:13 UTC 
This is clearly a bug in the initscripts. Reassigning.
Comment 10 Lukáš Nykrýn 2015-06-26 13:28:17 UTC 
This is not a bug. It is "It has always worked like this" thing and I don't think we should changes this in rhel. In fedora this is not an issue because network is disabled by default and hopefully will be gone soon.

Btw why tuned simply does not drop files to /run/sysctl.d?
Comment 11 Jaroslav Škarvada 2015-06-26 13:54:29 UTC 
(In reply to Lukáš Nykrýn from comment #10)
> This is not a bug. It is "It has always worked like this" thing 

This doesn't mean that it is not bug.

> and I don't think we should changes this in rhel.

Why not? Why it needs to work this non-logical way? Why it needs to be run multiple times? Why single run in right time is not enough? This means that some runs are useless and uselessly loads CPU. Why it cannot be disabled?

Also in comment 6 you showed comment causing this problem. Does it mean it is regression?

> Btw why tuned simply does not drop files to /run/sysctl.d?

Unfortunately it is not possible, it tracks what is changed and why to be able to roll-back things. It can retune many settings on the fly without reboot.
Comment 12 Lukáš Nykrýn 2015-06-26 14:10:24 UTC 
> Why not? Why it needs to work this non-logical way? Why it needs to be run
> multiple times? Why single run in right time is not enough? 

Because before network setup you want to have sysctl.conf apply, but network can mount kernel modules, create new devices,... so you need to apply those setting also after it was run. 

> Also in comment 6 you showed comment causing this problem. Does it mean it
> is regression?

Nope, it have used regular sysctl before https://git.fedorahosted.org/cgit/initscripts.git/tree/rc.d/init.d/network?h=rhel5-branch


> Unfortunately it is not possible, it tracks what is changed and why to be
> able to roll-back things. It can retune many settings on the fly without
> reboot.

And why is that a problem? You can dump those settings to to /run/sysctl.d/10-tuned.conf and call /usr/lib/systemd/systemd-sysctl /run/sysctl.d/10-tuned.conf multiple times.
Comment 13 Jaroslav Škarvada 2015-06-26 14:28:50 UTC 
(In reply to Lukáš Nykrýn from comment #12)
> > Why not? Why it needs to work this non-logical way? Why it needs to be run
> > multiple times? Why single run in right time is not enough? 
> 
> Because before network setup you want to have sysctl.conf apply, but network
> can mount kernel modules, create new devices,... so you need to apply those
> setting also after it was run. 
> 
Is it possible to schedule the service to run after the second run of systemd-sysctl?
Comment 14 Jaroslav Škarvada 2015-06-26 15:33:11 UTC 
(In reply to Jaroslav Škarvada from comment #13)
> (In reply to Lukáš Nykrýn from comment #12)
> > > Why not? Why it needs to work this non-logical way? Why it needs to be run
> > > multiple times? Why single run in right time is not enough? 
> > 
> > Because before network setup you want to have sysctl.conf apply, but network
> > can mount kernel modules, create new devices,... so you need to apply those
> > setting also after it was run. 
> > 
> Is it possible to schedule the service to run after the second run of
> systemd-sysctl?

The following seems to workaround the problem:
After=syslog.target systemd-sysctl.service network.target

But I still think the current state is broken and the implementation is poor.
Comment 15 Michal Sekletar 2015-06-27 10:24:00 UTC 
(In reply to Jaroslav Škarvada from comment #14)

> But I still think the current state is broken and the implementation is poor.

I think everyone agrees with that. In initscripts there is a lot of hacks piled on top of each other to patch a poor design. However there is no point in investing time to rework things now when it is very clear we will ditch the entire thing eventually. Especially, in cases where relatively simple workaround exists.