ferm: suggested systemd unit file

Sam Morris sam at robots.org.uk
Tue Oct 20 17:00:52 BST 2015


On Tue, 2015-10-20 at 12:34 -0300, Felipe Sateler wrote:
> On 20 October 2015 at 10:23, Sam Morris <sam at robots.org.uk> wrote:
> > I just ran into this: Ferm was not started at boot. Running
> > 'journalctl
> > -b' revealed the following:
> > 
> >     Oct 20 13:18:37 traxus systemd[1]: Found ordering cycle on basic.target/start
> >     Oct 20 13:18:37 traxus systemd[1]: Found dependency on sysinit.target/start
> >     Oct 20 13:18:37 traxus systemd[1]: Found dependency on ferm.service/start
> >     Oct 20 13:18:37 traxus systemd[1]: Found dependency on network-online.target/start
> >     Oct 20 13:18:37 traxus systemd[1]: Found dependency on network.target/start
> >     Oct 20 13:18:37 traxus systemd[1]: Found dependency on systemd-networkd.service/start
> >     Oct 20 13:18:37 traxus systemd[1]: Found dependency on dbus.service/start
> >     Oct 20 13:18:37 traxus systemd[1]: Found dependency on basic.target/start
> >     Oct 20 13:18:37 traxus systemd[1]: Breaking ordering cycle by deleting job ferm.service/start
> >     Oct 20 13:18:37 traxus systemd[1]: Job ferm.service/start deleted to break ordering cycle starting with basic.target/start
> > 
> > I am now using the following unit file to start ferm at boot. I use
> > WantedBy=network.target in the [Install] section because it seems like
> > a reasonable thing to do, rather than hook into multi-user.target; I
> > have CCd pkg-systemd-maintainers for a second opinion.
> 
> No, network.target is a synchronization point, not a place to pull
> units from. You should instead use multi-user.target if it is required
> only for normal operation, and sysinit.target if it is required in
> maintainance mode as well. (Is this part unclear in the wiki page? If
> so we should clarify this. Suggestions welcome).

I originally skim-read the wiki page and missed the part where it's
explained that either sysinit.target or multi-user.target should be
used.

> > The unit also uses {Wants,Before}=network-pre.target as advised in the
> > Debian wiki page linked for firewall/network type services in the
> > original bug report.
> 
> Well, this will depend on each service. In this case, the original
> init script has Required-Start: $networking which makes it dubious
> that we want to start ferm before the network is configured. (but I do
> not use ferm so I don't know for sure).

I'd want firewall rules to be in place before any other process is able
to start using the network. I think that is the intent of the original
init script being linked into /etc/rcS.d. Hence network-pre.target
sounds right to me.

> I note that upstream ferm already has a service file[1] that does not
> run at early boot. This suggests that the init script should not run
> in runlevel S either.
> 
> [1] http://sources.debian.net/src/ferm/2.2-3/ferm.service/

Yes, I saw this. I decided to try to stay closer to the intent of the
existing init script. I guess it's up to the (Debian) maintainer which
gets used. Which, I guess, leaves us with the question of 'should ferm
be started in maintenence mode'?

AIUI the existing init script would be run if booting into single-user
mode, so I'd lean towards sysinit.target, not multi-user.target.

Thanks for the input!

-- 
Sam Morris <https://robots.org.uk/>
CAAA AA1A CA69 A83A 892B  1855 D20B 4202 5CDA 27B9

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20151020/52ccd549/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list