Bug 694738 - Providing native systemd file for upcoming F15 Feature Systemd
Summary: Providing native systemd file for upcoming F15 Feature Systemd
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: iptables
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 714435 (view as bug list)
Depends On:
Blocks: SysVtoSystemd
TreeView+ depends on / blocked
 
Reported: 2011-04-08 07:52 UTC by Jóhann B. Guðmundsson
Modified: 2011-07-15 14:36 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-15 14:36:34 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Native systemd service file for iptables ipv4 (500 bytes, text/plain)
2011-04-08 07:52 UTC, Jóhann B. Guðmundsson
no flags Details
Native systemd service file for iptables ipv6 (502 bytes, text/plain)
2011-04-08 07:53 UTC, Jóhann B. Guðmundsson
no flags Details
Native systemd service file for iptables ipv4 v0.2 (616 bytes, text/plain)
2011-04-08 16:56 UTC, Jóhann B. Guðmundsson
no flags Details
Native systemd service file for iptables ipv6 v0.2 (619 bytes, text/plain)
2011-04-08 16:56 UTC, Jóhann B. Guðmundsson
no flags Details
Native systemd service file containing the flush_n_delete() from old SysV script (879 bytes, text/plain)
2011-04-08 16:57 UTC, Jóhann B. Guðmundsson
no flags Details
Native systemd script file containing the rmmod_r() from old SysV script (1.01 KB, text/plain)
2011-04-08 16:59 UTC, Jóhann B. Guðmundsson
no flags Details
Native systemd script file containing the set_policy() from old SysV script (1.82 KB, text/plain)
2011-04-08 17:00 UTC, Jóhann B. Guðmundsson
no flags Details
Native systemd script file containing the ipv6 load check from old SysV script (257 bytes, text/plain)
2011-04-08 17:01 UTC, Jóhann B. Guðmundsson
no flags Details
Native systemd service file for iptables ipv4 v0.3 (618 bytes, text/plain)
2011-04-11 12:00 UTC, Jóhann B. Guðmundsson
no flags Details
Native systemd service file for iptables ipv6 v0.3 (595 bytes, text/plain)
2011-04-11 12:01 UTC, Jóhann B. Guðmundsson
no flags Details
v0.5 of the native systemd service files. (2.18 KB, application/x-gzip)
2011-04-11 15:55 UTC, Jóhann B. Guðmundsson
no flags Details
resubmitting with correct ip4 and ip6 service files (2.13 KB, application/x-gzip)
2011-04-11 16:02 UTC, Jóhann B. Guðmundsson
no flags Details
Spec file patch (3.33 KB, patch)
2011-07-15 13:56 UTC, Jóhann B. Guðmundsson
no flags Details | Diff

Description Jóhann B. Guðmundsson 2011-04-08 07:52:49 UTC
Created attachment 490720 [details]
Native systemd service file for iptables ipv4

Description of problem:

The attached file is a native systemd file for upcoming F15 Feature [1]

Please read [2] on how to packaging and installing systemd Service files.

To learn more about Systemd daemon see [3].

To view old SysV with the new Systemd site by site see for your component see [4]

If you have any question dont hesitate to ask them on this bug report.

1.http://fedoraproject.org/wiki/Features/systemd

2.https://fedoraproject.org/wiki/Systemd_Packaging_Draft

3.http://0pointer.de/public/systemd-man/daemon.html

4.https://fedoraproject.org/wiki/User:Johannbg/QA/Systemd/compatability 
Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Jóhann B. Guðmundsson 2011-04-08 07:53:34 UTC
Created attachment 490722 [details]
Native systemd service file for iptables ipv6

Comment 2 Jóhann B. Guðmundsson 2011-04-08 08:15:49 UTC
I think this Friday is as good as any to get this ball rolling. 

These are very minimal systemd file which we can use to build upon to modernize the old sysv script.

So I'm expecting a bit back and fourth here. 

You can copy the ip4tables.service into /lib/systemd/system then run 

# systemctl daemon-reload
which needs to be run after any changes made in /lib/systemd/system 
# systemctl start ip4tables.service
To start a service

# systemctl status ip4tables.service

To see the status of service

# systemctl stop ip4tables.service

To stop a service.

Now we just break down the old sysv script and see where we want to go from there.

Comment 3 Jóhann B. Guðmundsson 2011-04-08 16:56:01 UTC
Created attachment 490839 [details]
Native systemd service file for iptables ipv4 v0.2

Comment 4 Jóhann B. Guðmundsson 2011-04-08 16:56:42 UTC
Created attachment 490840 [details]
Native systemd service file for iptables ipv6 v0.2

Comment 5 Jóhann B. Guðmundsson 2011-04-08 16:57:46 UTC
Created attachment 490841 [details]
Native systemd service file containing the flush_n_delete() from old SysV script

Comment 6 Jóhann B. Guðmundsson 2011-04-08 16:59:15 UTC
Created attachment 490842 [details]
Native systemd script file containing the rmmod_r()  from old SysV script

Comment 7 Jóhann B. Guðmundsson 2011-04-08 17:00:40 UTC
Created attachment 490843 [details]
Native systemd script file containing the set_policy()  from old SysV script

Comment 8 Jóhann B. Guðmundsson 2011-04-08 17:01:52 UTC
Created attachment 490844 [details]
Native systemd script file containing the ipv6 load check  from old SysV script

Comment 9 Jóhann B. Guðmundsson 2011-04-08 17:25:08 UTC
To test.. 

put fedora-iptables-flush-del  fedora-iptables-ipv-check 
fedora-iptables-rmmod  fedora-iptables-set-policy into /lib/systemd/ directory

put 

ip4tables.service and ip6tables.service into /lib/systemd/system/ directory

run systemctl daemon-reload and systemctl start or status or stop ip6tables.service

what's in v0.2

Script split into seperate files as discussed on irc 

Let's walk through the ip4tables.service file. 

Starting with startup() 

# Do not start if there is no config

Is now 

ConditionPathExists=/etc/sysconfig/iptables-config

# check if ipv6 module load is deactivated

Is now

ExecStartPre=-/lib/systemd/fedora-iptables-ipv-check

# Starting the service 

Is now 

ExecStart=/sbin/iptables-restore -c $IPTABLES_DATA # it's missing OPT= check

# Load additional modules (helpers)

Is now

ExecStartPost=-/sbin/modprobe -qab $IPTABLES_MODULES

# Stop section

stop()

# Do not stop if iptables module is not loaded.

Is missing

# Flush and delete 

ExecStop=-/lib/systemd/fedora-iptables-flush-del

# Remove modules

ExecStop=-/lib/systemd/fedora-iptables-rmmod

# Save section

save()

Need to check and convince Lennart for the need for systemctl save $foo.service with relevant ExecSave= section then we could just create fedora-iptable-save and call it ( ExecSave=-/lib/systemd/fedora-iptables-save ) when systemctl save ip4tables.service is run.  

# Status section

status()

Check with Lennart if there can be made a custom status

# Restart section

restart()

missing "[ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save" and the way to handle that 

and some other section from case

Comment 10 Jóhann B. Guðmundsson 2011-04-11 12:00:31 UTC
Created attachment 491219 [details]
Native systemd service file for iptables ipv4 v0.3

Switching to type oneshot instead to guarantee that iptables-restore has exited before follow-up units will be started.

Using the same Reload options as Startup since it makes to avoid calling shell and it it makes a difference if the rules file doesn't exist.

Comment 11 Jóhann B. Guðmundsson 2011-04-11 12:01:47 UTC
Created attachment 491220 [details]
Native systemd service file for iptables ipv6 v0.3

Switching to type oneshot instead to guarantee that iptables-restore has exited before follow-up units will be started.

Using the same Reload options as Startup since it makes to avoid calling shell and it it makes a difference if the rules file doesn't exist.

Comment 12 Jóhann B. Guðmundsson 2011-04-11 15:55:48 UTC
Created attachment 491268 [details]
v0.5 of the native systemd service files.

various bugfixes and enhancments

Comment 13 Jóhann B. Guðmundsson 2011-04-11 16:02:18 UTC
Created attachment 491270 [details]
resubmitting with correct ip4 and ip6 service files

Comment 14 Bill Nottingham 2011-04-26 17:35:30 UTC
Moving systemd service RFEs to rawhide.

At this point, it is not appropriate in the Fedora 15 cycle to add these. Furthermore, at this point, we are still finalizing the packaging guidelines to handle SysV -> systemd upgrades.

We therefore request:
- wait until there are packaging guidelines (this will be announced on the devel list). This ensures that upgrades will work smoothly and we/you won't have to do multiple sets of changes.
- work on these sorts of changes for Fedora 16 where necessary, not Fedora 15, as we're trying to fix things for release.
- do *not* change a service from SysV to systemd in an existing release (such as Fedora 15), as this is the sort of behavior change that goes against our update policy, documented as https://fedoraproject.org/wiki/Updates_Policy

Comment 15 Thomas Woerner 2011-06-20 12:48:56 UTC
*** Bug 714435 has been marked as a duplicate of this bug. ***

Comment 16 Jóhann B. Guðmundsson 2011-07-15 13:56:59 UTC
Created attachment 513386 [details]
Spec file patch

Comment 17 Thomas Woerner 2011-07-15 14:36:34 UTC
Fixed in rawhide in package iptables-1.4.11.1-3.fc16 or newer:

- added support for native systemd file (rhbz#694738)
  - new iptables.service and ip6tables.service files
  - additional requires
  - moved sysv init scripts to /usr/libexec
  - added new post, preun and postun scripts and triggers

systemd support is enabled by default.


Note You need to log in before you can comment on or make changes to this bug.