Bug#778913: openssh-server: init (at least systemd) doesn't notice when sshd fails to start and reports success
Russ Allbery
rra at debian.org
Sun Feb 22 18:45:42 GMT 2015
Colin Watson <cjwatson at debian.org> writes:
> On Sun, Feb 22, 2015 at 06:09:28PM +0100, Christoph Anton Mitterer wrote:
>> Well I'm a bit unsure... it practically fixes the problem, but a) It
>> still doesn't catch any cases when sshd crashes for any other reason
>> (and I think it should since systemd is also designed to have watchdog
>> capabilities and that like).
>> b) There's probably a short time between the -t check and running the
>> daemon, in which the config could change again.
> Well, um, in either case, isn't it pretty weird that "systemctl status"
> shows the unit as failed while the boot progress system shows it as OK?
> Feels like a systemd bug to me.
That's the problem with forking services that don't have status
notification. The default is Type=simple, which per systemd.service(5):
If set to simple (the default value if neither Type= nor BusName=
are specified), it is expected that the process configured with
ExecStart= is the main process of the service. In this mode, if the
process offers functionality to other processes on the system, its
communication channels should be installed before the daemon is
started up (e.g. sockets set up by systemd, via socket activation),
as systemd will immediately proceed starting follow-up units.
That last clause is exactly the problem that you're running into. A
Type=simple service says to run the command and immediately assume
success.
Type=forking plus PIDFile should be a minor improvement, assuming sshd
does all of its checking before it forks. The best systemd behavior,
though, would come from adding sd_notify support so that sshd can
affirmatively tell systemd whether it succeeded in startup or not, and
then using Type=notify. Then sshd startup won't be considered complete
until the sshd daemon calls sd_notify, and the correct status will be
reported if it exits for some reason before doing so.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-systemd-maintainers
mailing list