[PKG-Openstack-devel] Bug#770706: Bug#770706: Bug#770706: Bug#770706: keystone.service does not start, /var/run/keystone not created

Mikaël Cluseau mcluseau at isi.nc
Tue Dec 2 20:32:08 UTC 2014 

Hi Gaudenz,

I will focus on the so called "minimal set" for now. If you don't mind, 
we will open another bug to improve systemd's integration after this one 
is fixed.

On 12/03/2014 04:58 AM, Gaudenz Steinlin wrote:
> Did you test the patches with the "minimal set of changes". I think we 
> need strong arguments that they are working if we want to propose them 
> to the Release Team for jessie. I currently don't have a good setup to 
> test such patches. 

I did with keystone but developper tests are never to be trusted ;-) Its 
quite easy to test BTW, as root:

apt-get build-dep openstack-pkg-tools
git clone -b debian/unstable 
https://github.com/MikaelCluseau/debian-openstack-pkg-tools.git
cd debian-openstack-pkg-tools
debuild -us -uc -b
dpkg -i ../openstack-pkg-tools_19_all.deb

Then you can build any other OpenStack package from source. For 
instance, keystone:

apt-get source keystone
cd keystone-*/
debuild -us -uc -b
dpkg -i ../keystone_*.deb

There's a long test phase during the build, maybe Thomas can suggest a 
trick to avoid it :-)

> What do you mean by dangerous choices?

Thomas considered the choice of not creating /var/lock/* dangerous.

> If we really need them they have
> to be created by systemd and sysv init scripts as /var/lock is a symlink
> into /run which is typically a tmpfs.

This is included in my last patch proposal.

> Do you have a complete patch (including the recent discussion) which 
> can be applied to openstack-pkg-tools and used to rebuild test 
> packages? I think this needs thorough testing if it's to be proposed 
> for jessie.

As I said at the beginning, yes. Here the complete patch for the 
immediate review:

± git log -1 --stat -p
commit 8b3217905de88f2037f0bbc6eac46dca776c8f48
Author: Mikaël Cluseau <mcluseau at isi.nc>
Date:   Sun Nov 30 18:45:25 2014 +1100

     Fix for bug #770706
---
  init-template/init-script-template   | 23 +++++++++++++----------
  init-template/pkgos-gen-systemd-unit | 10 +++++-----
  2 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/init-template/init-script-template 
b/init-template/init-script-template
index 0326b5d..fd20957 100644
--- a/init-template/init-script-template
+++ b/init-template/init-script-template
@@ -36,11 +36,13 @@ fi
  # Exit if the package is not installed
  [ -x $DAEMON ] || exit 0

-# Create /var/lock/X, /var/run/X, /var/lib/X and /var/log/X
-for i in lock run log lib ; do
-    mkdir -p /var/$i/${PROJECT_NAME}
-    chown ${SYSTEM_USER} /var/$i/${PROJECT_NAME}
-done
+# If ran as root, create /var/lock/X, /var/run/X, /var/lib/X and 
/var/log/X as needed
+if [ "x$USER" = "xroot" ] ; then
+    for i in lock run log lib ; do
+        mkdir -p /var/$i/${PROJECT_NAME}
+        chown ${SYSTEM_USER} /var/$i/${PROJECT_NAME}
+    done
+fi

  # This defines init_is_upstart which we use later on (+ more...)
  . /lib/lsb/init-functions
@@ -65,6 +67,10 @@ do_stop() {
      return "$RETVAL"
  }

+do_systemd_start() {
+    exec $DAEMON $DAEMON_ARGS
+}
+
  case "$1" in
  start)
      init_is_upstart > /dev/null 2>&1 && exit 1
@@ -88,11 +94,8 @@ status)
      status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
  ;;
  systemd-start)
-    do_start
+    do_systemd_start
  ;;
-systemd-stop)
-    do_stop
-;;
  restart|force-reload)
      init_is_upstart > /dev/null 2>&1 && exit 1
      log_daemon_msg "Restarting $DESC" "$NAME"
@@ -110,7 +113,7 @@ restart|force-reload)
      esac
  ;;
  *)
-    echo "Usage: $SCRIPTNAME 
{start|stop|status|restart|force-reload|systemd-start|systemd-stop}" >&2
+    echo "Usage: $SCRIPTNAME 
{start|stop|status|restart|force-reload|systemd-start}" >&2
      exit 3
  ;;
  esac
diff --git a/init-template/pkgos-gen-systemd-unit 
b/init-template/pkgos-gen-systemd-unit
index b97e2a9..4c41ef0 100755
--- a/init-template/pkgos-gen-systemd-unit
+++ b/init-template/pkgos-gen-systemd-unit
@@ -12,7 +12,7 @@ fi
  if [ -z "${SYSTEM_USER}" ] ; then
      SYSTEM_USER=${PROJECT_NAME}
  fi
-if [ -z "${SYSTEM_USER}" ] ; then
+if [ -z "${SYSTEM_GROUP}" ] ; then
      SYSTEM_GROUP=${PROJECT_NAME}
  fi

@@ -33,12 +33,12 @@ $AFTER
  [Service]
  User=${SYSTEM_USER}
  Group=${SYSTEM_GROUP}
+WorkingDirectory=/var/lib/${PROJECT_NAME}
+PermissionsStartOnly=true
+ExecStartPre=/bin/mkdir -p /var/lock/${PROJECT_NAME} 
/var/log/${PROJECT_NAME} /var/lib/${PROJECT_NAME}
+ExecStartPre=/bin/chown ${SYSTEM_USER}:${SYSTEM_GROUP} 
/var/lock/${PROJECT_NAME} /var/log/${PROJECT_NAME} /var/lib/${PROJECT_NAME}
  ExecStart=${SCRIPTNAME} systemd-start
-ExecStop=${SCRIPTNAME} systemd-stop
-RuntimeDirectory=${PROJECT_NAME}
-PIDFile=/var/run/${PROJECT_NAME}/${NAME}.pid
  Restart=on-failure
-Type=forking

  [Install]
  WantedBy=multi-user.target

More information about the Openstack-devel mailing list