Created attachment 490720 [details] Native systemd service file for iptables ipv4 Description of problem: The attached file is a native systemd file for upcoming F15 Feature [1] Please read [2] on how to packaging and installing systemd Service files. To learn more about Systemd daemon see [3]. To view old SysV with the new Systemd site by site see for your component see [4] If you have any question dont hesitate to ask them on this bug report. 1.http://fedoraproject.org/wiki/Features/systemd 2.https://fedoraproject.org/wiki/Systemd_Packaging_Draft 3.http://0pointer.de/public/systemd-man/daemon.html 4.https://fedoraproject.org/wiki/User:Johannbg/QA/Systemd/compatability Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 490722 [details] Native systemd service file for iptables ipv6
I think this Friday is as good as any to get this ball rolling. These are very minimal systemd file which we can use to build upon to modernize the old sysv script. So I'm expecting a bit back and fourth here. You can copy the ip4tables.service into /lib/systemd/system then run # systemctl daemon-reload which needs to be run after any changes made in /lib/systemd/system # systemctl start ip4tables.service To start a service # systemctl status ip4tables.service To see the status of service # systemctl stop ip4tables.service To stop a service. Now we just break down the old sysv script and see where we want to go from there.
Created attachment 490839 [details] Native systemd service file for iptables ipv4 v0.2
Created attachment 490840 [details] Native systemd service file for iptables ipv6 v0.2
Created attachment 490841 [details] Native systemd service file containing the flush_n_delete() from old SysV script
Created attachment 490842 [details] Native systemd script file containing the rmmod_r() from old SysV script
Created attachment 490843 [details] Native systemd script file containing the set_policy() from old SysV script
Created attachment 490844 [details] Native systemd script file containing the ipv6 load check from old SysV script
To test.. put fedora-iptables-flush-del fedora-iptables-ipv-check fedora-iptables-rmmod fedora-iptables-set-policy into /lib/systemd/ directory put ip4tables.service and ip6tables.service into /lib/systemd/system/ directory run systemctl daemon-reload and systemctl start or status or stop ip6tables.service what's in v0.2 Script split into seperate files as discussed on irc Let's walk through the ip4tables.service file. Starting with startup() # Do not start if there is no config Is now ConditionPathExists=/etc/sysconfig/iptables-config # check if ipv6 module load is deactivated Is now ExecStartPre=-/lib/systemd/fedora-iptables-ipv-check # Starting the service Is now ExecStart=/sbin/iptables-restore -c $IPTABLES_DATA # it's missing OPT= check # Load additional modules (helpers) Is now ExecStartPost=-/sbin/modprobe -qab $IPTABLES_MODULES # Stop section stop() # Do not stop if iptables module is not loaded. Is missing # Flush and delete ExecStop=-/lib/systemd/fedora-iptables-flush-del # Remove modules ExecStop=-/lib/systemd/fedora-iptables-rmmod # Save section save() Need to check and convince Lennart for the need for systemctl save $foo.service with relevant ExecSave= section then we could just create fedora-iptable-save and call it ( ExecSave=-/lib/systemd/fedora-iptables-save ) when systemctl save ip4tables.service is run. # Status section status() Check with Lennart if there can be made a custom status # Restart section restart() missing "[ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save" and the way to handle that and some other section from case
Created attachment 491219 [details] Native systemd service file for iptables ipv4 v0.3 Switching to type oneshot instead to guarantee that iptables-restore has exited before follow-up units will be started. Using the same Reload options as Startup since it makes to avoid calling shell and it it makes a difference if the rules file doesn't exist.
Created attachment 491220 [details] Native systemd service file for iptables ipv6 v0.3 Switching to type oneshot instead to guarantee that iptables-restore has exited before follow-up units will be started. Using the same Reload options as Startup since it makes to avoid calling shell and it it makes a difference if the rules file doesn't exist.
Created attachment 491268 [details] v0.5 of the native systemd service files. various bugfixes and enhancments
Created attachment 491270 [details] resubmitting with correct ip4 and ip6 service files
Moving systemd service RFEs to rawhide. At this point, it is not appropriate in the Fedora 15 cycle to add these. Furthermore, at this point, we are still finalizing the packaging guidelines to handle SysV -> systemd upgrades. We therefore request: - wait until there are packaging guidelines (this will be announced on the devel list). This ensures that upgrades will work smoothly and we/you won't have to do multiple sets of changes. - work on these sorts of changes for Fedora 16 where necessary, not Fedora 15, as we're trying to fix things for release. - do *not* change a service from SysV to systemd in an existing release (such as Fedora 15), as this is the sort of behavior change that goes against our update policy, documented as https://fedoraproject.org/wiki/Updates_Policy
*** Bug 714435 has been marked as a duplicate of this bug. ***
Created attachment 513386 [details] Spec file patch
Fixed in rawhide in package iptables-1.4.11.1-3.fc16 or newer: - added support for native systemd file (rhbz#694738) - new iptables.service and ip6tables.service files - additional requires - moved sysv init scripts to /usr/libexec - added new post, preun and postun scripts and triggers systemd support is enabled by default.