Bug 1735787 - Unable to repeatedly reload service that fails
Summary: Unable to repeatedly reload service that fails
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: systemd
Version: 8.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: 8.0
Assignee: David Tardon
QA Contact: Frantisek Sumsal
URL:
Whiteboard:
Depends On:
Blocks: 1739428 1739441
TreeView+ depends on / blocked
 
Reported: 2019-08-01 12:37 UTC by Gunnar Guðvarðarson
Modified: 2020-03-03 13:24 UTC (History)
4 users (show)

Fixed In Version: systemd-239-19.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)
Example service, edit exitN to return test exit codes exit0 should always return 0 (205 bytes, text/plain)
2019-08-01 12:37 UTC, Gunnar Guðvarðarson
no flags Details
minimal example service (93 bytes, text/plain)
2019-08-01 14:35 UTC, David Tardon
no flags Details


Links
System ID Priority Status Summary Last Updated
Github systemd systemd issues 11238 'None' closed Main process exits on reload if `ExecReload` command is failing. 2020-02-28 12:54:33 UTC

Description Gunnar Guðvarðarson 2019-08-01 12:37:11 UTC
Created attachment 1597001 [details]
Example service, edit exitN to return test exit codes exit0 should always return 0

Description of problem:
Unable to repeatedly "reload" a oneshot service.

Red Hat Enterprise Linux 8.0 (Ootpa) -- affected
Fedora 30 (Workstation Edition) -- affected
CentOS Linux 7 (Core) -- not affected


Version-Release number of selected component (if applicable):
systemd 239


How reproducible:
always


Steps to Reproduce:
1. Create a oneshot service
2. Start it
3. Modify ExecReload script to return non 0 exit code
4. Reload it
5. Reload it again


Actual results:
Reload 1 fails due to exit code != 0
> Unit state is now: Active: failed (Result: exit-code)
Reload 2 fails with: `test.service is not active, cannot reload.`


Expected results:
Reload 1 fails due to exit code != 0
> Unit state is now: Active: active (exited) (Result: exit-code)
Reload 2 fails due to exit code != 0
# Modify ExecReload script to return exit code 0
Reload 3 succeeds


Additional info:
This affects units such as nftables.service such that a syntax error during reload causes the unit to enter a failed state, and must either be restarted by hand or the reload command run manually.

Restarting units like nftables.service will flush the firewall and then attempt to start it again, leaving you without a firewall until it gets started again.

By utilizing reload on units such as nftables, I can fix the syntax error and reload it again, using the atomic rule replacement feature of nftables.

https://wiki.nftables.org/wiki-nftables/index.php/Atomic_rule_replacement

It is possible to change the ExecReload command and prefix it with `-` but that causes the reload command to not notify you of syntax errors or similar.

Comment 1 Gabríel Arthúr Pétursson 2019-08-01 13:07:18 UTC
This appears to have been reported and fixed upstream very recently:

https://github.com/systemd/systemd/issues/11238
https://github.com/systemd/systemd/commit/d611cfa748aaf600832160132774074e808c82c7

Comment 2 David Tardon 2019-08-01 14:35:47 UTC
Created attachment 1597592 [details]
minimal example service

Comment 3 David Tardon 2019-08-01 14:37:15 UTC
PR: https://github.com/systemd-rhel/rhel-8/pull/14

Comment 4 Lukáš Nykrýn 2019-08-08 09:15:19 UTC
fix merged to github master branch -> https://github.com/systemd-rhel/rhel-8/pull/14 -> post

Comment 5 Petr Menšík 2019-08-09 10:34:49 UTC
Is there Fedora clone to depend on? Is it fixed on Fedora yet?

Just for the record, this is not issue of oneshot service like description suggests. Affects named.service as well.

Comment 8 Carl George 2020-01-23 22:44:33 UTC
This backport has been released to CentOS 8 Stream.

https://lists.centos.org/pipermail/centos-devel/2020-January/036500.html

Please test this and provide feedback if you're able.


Note You need to log in before you can comment on or make changes to this bug.