This shouldn't happen (and doesn't, on my Raw Hide (F17) box).

Based on the PIDs and "active since" timestamps changing, it looks like the service was actually restarted.  Is there anything that would have caused the service to start up again?

We install a certmonger.path file to have systemd start the service if there are requests being tracked, and it appears that manually stopping the .service without also stopping the .path would cause this to happen if the .path was previously started.  If you manually run "systemctl stop certmonger.path", does it shut down?

(In reply to comment #1)

> Based on the PIDs and "active since" timestamps changing, it looks like the
> service was actually restarted.  Is there anything that would have caused the
> service to start up again?

Possibly but to be honest I couldn't say exactly what. I was stopping and starting various services trying to figure out what the culprit might be.

> We install a certmonger.path file to have systemd start the service if there
> are requests being tracked, and it appears that manually stopping the .service
> without also stopping the .path would cause this to happen if the .path was
> previously started.  If you manually run "systemctl stop certmonger.path", does
> it shut down?

Here's some output directly after a clean boot up of the test machine with both certmonger.serice and .path enabled on boot. I also try to shut down the service


[root@fedora16-64 ~]# systemctl status certmonger.service
certmonger.service - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.service; enabled)
	  Active: active (running) since Wed, 04 Jan 2012 20:06:19 +0800; 4min 9s ago
	Main PID: 943 (certmonger)
	  CGroup: name=systemd:/system/certmonger.service
		  └ 943 /usr/sbin/certmonger -S -p /var/run/certmonger.pid -n
[root@fedora16-64 ~]# systemctl status certmonger.path
certmonger.path - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.path; enabled)
	  Active: active (running) since Wed, 04 Jan 2012 20:06:18 +0800; 4min 14s ago
[root@fedora16-64 ~]# systemctl stop certmonger.service
[root@fedora16-64 ~]# systemctl status certmonger.path
certmonger.path - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.path; enabled)
	  Active: active (running) since Wed, 04 Jan 2012 20:06:18 +0800; 4min 26s ago
[root@fedora16-64 ~]# systemctl status certmonger.service
certmonger.service - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.service; enabled)
	  Active: active (running) since Wed, 04 Jan 2012 20:10:43 +0800; 7s ago
	Main PID: 1899 (certmonger)
	  CGroup: name=systemd:/system/certmonger.service
		  └ 1899 /usr/sbin/certmonger -S -p /var/run/certmonger.pid -n


Continuing on, If I manually stop certmonger.path then try and stop the service:


[root@fedora16-64 ~]# systemctl stop certmonger.path
[root@fedora16-64 ~]# systemctl status certmonger.path
certmonger.path - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.path; enabled)
	  Active: inactive (dead) since Wed, 04 Jan 2012 20:12:05 +0800; 4s ago
[root@fedora16-64 ~]# systemctl stop certmonger.service
[root@fedora16-64 ~]# systemctl status certmonger.service
certmonger.service - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.service; enabled)
	  Active: inactive (dead) since Wed, 04 Jan 2012 20:12:20 +0800; 4s ago
	 Process: 1899 ExecStart=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS (code=exited, status=0/SUCCESS)
	  CGroup: name=systemd:/system/certmonger.service
[root@fedora16-64 ~]#


As you can see the certmonger.service does actually stop as you suggest.


This was done after another clean boot. I manually shutdown the .path (but not the service) and reboot the server. 

[root@fedora16-64 ~]# systemctl status certmonger.service
certmonger.service - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.service; enabled)
	  Active: active (running) since Wed, 04 Jan 2012 20:15:46 +0800; 2min 54s ago
	Main PID: 1032 (certmonger)
	  CGroup: name=systemd:/system/certmonger.service
		  └ 1032 /usr/sbin/certmonger -S -p /var/run/certmonger.pid -n
[root@fedora16-64 ~]# systemctl status certmonger.path
certmonger.path - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.path; enabled)
	  Active: active (running) since Wed, 04 Jan 2012 20:15:46 +0800; 2min 58s ago
[root@fedora16-64 ~]# systemctl stop certmonger.path
[root@fedora16-64 ~]# systemctl status certmonger.path
certmonger.path - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.path; enabled)
	  Active: inactive (dead) since Wed, 04 Jan 2012 20:18:53 +0800; 1s ago
[root@fedora16-64 ~]# reboot

The server now correctly reboots.


Does this seem to be systemd trying to shutdown certmonger.service BEFORE shutting down certmonger.path?

Hope that helps. Thanks for the response :-)

Any updates on this?

I've also noticed the following:

root@rex ~$ systemctl status certmonger.service
certmonger.service - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.service; enabled)
	  Active: active (running) since Sun, 22 Jan 2012 16:24:02 +0800; 1min 37s ago
	Main PID: 5009 (certmonger)
	  CGroup: name=systemd:/system/certmonger.service
		  └ 5009 /usr/sbin/certmonger -S -p /var/run/certmonger.pid -n
root@rex ~$ systemctl stop certmonger.service
root@rex ~$ systemctl status certmonger.service
certmonger.service - Certificate monitoring and PKI enrollment
	  Loaded: loaded (/lib/systemd/system/certmonger.service; enabled)
	  Active: active (running) since Sun, 22 Jan 2012 16:25:46 +0800; 1s ago
	Main PID: 5037 (certmonger)
	  CGroup: name=systemd:/system/certmonger.service
		  └ 5037 /usr/sbin/certmonger -S -p /var/run/certmonger.pid -n


It seems that issuing a stop causes the daemon to respawn. Is that normal?

I think 'systemctl disable certmonger.path; systemctl stop certmonger.path' is the right thing to do here.  It looks like it's an error to have the .path listed as an "Also" in the .service file, as the various tools dutifully enable both when they're told to enable the .service file, and that appears to not be producing the desired effect.

Disabling certmonger.path also disables the service which of course means the service doesn't start on boot.

# systemctl disable certmonger.path
 rm '/etc/systemd/system/multi-user.target.wants/certmonger.path'
 rm '/etc/systemd/system/multi-user.target.wants/certmonger.service'


If I do the following:

# systemctl stop certmonger.path
# systemctl disable certmonger.path
# systemctl stop certmonger.service
# systemctl disable certmonger.service
# cp /lib/systemd/system/certmonger.service /etc/systemd/system

edit /etc/systemd/system and remove the Also line.

# systemctl daemon-reload
# systemctl enable certmonger.service
# systemctl start certmonger.service

Then the system does shutdown and certmonger.service starts on boot. How critical certmonger.path is I'm not sure.

According to the systemd.path man page, the option DirectoryNotEmpty= will active the service unit whenever the specified directory (/var/lib/certmonger/requests) is not empty. On this box /var/lib/certmonger/requests always seems to contain files, so I guess when you stop the certmonger.service it's automatically respawned by certmonger.path because there's files in /var/lib/certmonger/requests. Could this cause certmonger to be continually stopped and respawned on shutdown if both certmonger.service and certmonger.path are enabled?

It might be.  The recently-pushed 0.56 update does away with the .path unit, so I think this should stop happening.  Can you confirm that this is the case?

I can confirm that this is the case. 0.56 no longer hangs the system on shutdown.

Awesome, I'll mark this as resolved by that update, then.  Thanks!