[Pkg-systemd-maintainers] Bug#734951: Bug#734951: systemd: somehow starts LSB stuff in the wrong order
Michael Stapelberg
stapelberg at debian.org
Sat Jan 11 09:44:57 GMT 2014
control: severity -1 normal
Hi Christoph,
Christoph Anton Mitterer <calestyo at scientia.net> writes:
> It seems something get's wrong with determining the right order of starting LSB init scripts:
> What I have is a system with iptables-persistent and fail2ban packages installed.
>
> In my case, fail2ban is set up a bit more complex than the default, i.e. it does not simply
> append it's rules to the INPUT table, but rather replaces a dummy rule in the previously
> loaded iptables rules (at a well defined place in the table).
>
> Now since I switched to systemd, it tries to start fail2ban before iptables-persistent,
> thus the rules are missing and thus starting fail2ban fails.
I don’t see any evidence for that in the data you provided. See below:
> But in systemd it looks like this:
> ...
> Jan 10 19:20:12 heisenberg systemd[1]: Stopped LSB: Start/stop
> fail2ban.
This says _stopped_, not started. Not sure why it stops that, but the
logfile is incomplete, so I don’t know what is happening anyways. Can
you please attach the output of “journalctl -xb” to this bug?
> -> Unit fail2ban.service:
> Description: LSB: Start/stop fail2ban
> Instance: n/a
> Unit Load State: loaded
> Unit Active State: inactive
> Inactive Exit Timestamp: n/a
> Active Enter Timestamp: n/a
> Active Exit Timestamp: n/a
> Inactive Enter Timestamp: n/a
> GC Check Good: yes
> Need Daemon Reload: no
> Name: fail2ban.service
> Source Path: /etc/init.d/fail2ban
> Requires: basic.target
> WantedBy: multi-user.target
> WantedBy: graphical.target
> Conflicts: shutdown.target
> Before: shutdown.target
> Before: multi-user.target
> Before: graphical.target
> After: local-fs.target
> After: remote-fs.target
> After: time-sync.target
> After: network.target
> After: syslog.target
> After: iptables.service
> After: firehol.service
> After: shorewall.service
> After: ipmasq.service
> After: arno-iptables-firewall.service
> After: iptables-persistent.service
This looks correct to me.
> After: ferm.service
> After: systemd-journald.socket
> After: basic.target
> References: local-fs.target
> References: remote-fs.target
> References: time-sync.target
> References: network.target
> References: syslog.target
> References: iptables.service
> References: firehol.service
> References: shorewall.service
> References: ipmasq.service
> References: arno-iptables-firewall.service
> References: iptables-persistent.service
> References: ferm.service
> References: systemd-journald.socket
> References: basic.target
> References: shutdown.target
> ReferencedBy: multi-user.target
> ReferencedBy: graphical.target
> StopWhenUnneeded: no
> RefuseManualStart: no
> RefuseManualStop: no
> DefaultDependencies: yes
> OnFailureIsolate: no
> IgnoreOnIsolate: no
> IgnoreOnSnapshot: no
> ControlGroup: cpu:/system/fail2ban.service
> ControlGroup: name=systemd:/system/fail2ban.service
> Service State: dead
> Result: success
> Reload Result: success
> PermissionsStartOnly: no
> RootDirectoryStartOnly: no
> RemainAfterExit: yes
> GuessMainPID: no
> Type: forking
> Restart: no
> NotifyAccess: none
> KillMode: process
> KillSignal: SIGTERM
> SendSIGKILL: yes
> UMask: 0022
> WorkingDirectory: /
> RootDirectory: /
> NonBlocking: no
> PrivateTmp: no
> ControlGroupModify: no
> ControlGroupPersistent: yes
> PrivateNetwork: no
> IgnoreSIGPIPE: no
> LimitNOFILE: 4096
> StandardInput: null
> StandardOutput: journal
> StandardError: inherit
> SyslogFacility: daemon
> SyslogLevel: info
> -> ExecStart:
> Command Line: /etc/init.d/fail2ban start
> -> ExecStop:
> Command Line: /etc/init.d/fail2ban stop
> SysV Init Script has LSB Header: yes
> SysVEnabled: yes
> SysVStartPriority: 22
> SysVRunLevels: 2345
> -> Unit iptables-persistent.service:
> Description: LSB: Set up iptables rules
> Instance: n/a
> Unit Load State: loaded
> Unit Active State: active
> Inactive Exit Timestamp: Fri 2014-01-10 19:20:11 CET
> Active Enter Timestamp: Fri 2014-01-10 19:20:12 CET
> Active Exit Timestamp: n/a
> Inactive Enter Timestamp: n/a
> GC Check Good: yes
> Need Daemon Reload: no
> Name: iptables-persistent.service
> Source Path: /etc/init.d/iptables-persistent
> Condition Timestamp: Fri 2014-01-10 19:20:11 CET
> Condition Result: yes
> WantedBy: sysinit.target
> Before: network.target
> Before: fail2ban.service
> Before: sysinit.target
> After: mountkernfs.service
> After: local-fs.target
> After: systemd-journald.socket
> References: mountkernfs.service
> References: local-fs.target
> References: network.target
> References: systemd-journald.socket
> ReferencedBy: fail2ban.service
> ReferencedBy: sysinit.target
> StopWhenUnneeded: no
> RefuseManualStart: no
> RefuseManualStop: no
> DefaultDependencies: no
> OnFailureIsolate: no
> IgnoreOnIsolate: no
> IgnoreOnSnapshot: no
> ControlGroup: cpu:/system/iptables-persistent.service
> ControlGroup: name=systemd:/system/iptables-persistent.service
> Service State: exited
> Result: success
> Reload Result: success
> PermissionsStartOnly: no
> RootDirectoryStartOnly: no
> RemainAfterExit: yes
> GuessMainPID: no
> Type: forking
> Restart: no
> NotifyAccess: none
> KillMode: process
> KillSignal: SIGTERM
> SendSIGKILL: yes
> UMask: 0022
> WorkingDirectory: /
> RootDirectory: /
> NonBlocking: no
> PrivateTmp: no
> ControlGroupModify: no
> ControlGroupPersistent: yes
> PrivateNetwork: no
> IgnoreSIGPIPE: no
> LimitNOFILE: 4096
> StandardInput: null
> StandardOutput: journal
> StandardError: inherit
> SyslogFacility: daemon
> SyslogLevel: info
> -> ExecStart:
> Command Line: /etc/init.d/iptables-persistent start
> -> ExecReload:
> Command Line: /etc/init.d/iptables-persistent reload
> -> ExecStop:
> Command Line: /etc/init.d/iptables-persistent stop
> SysV Init Script has LSB Header: yes
> SysVEnabled: yes
> SysVStartPriority: 16
> SysVRunLevels: S
--
Best regards,
Michael
More information about the Pkg-systemd-maintainers
mailing list