Fix #16440
closed[initscripts]: systemd-run is not needed in initscripts
100%
Description
systemd-run logic in initscripts was introduced because of ticket http://tracker.ceph.com/issues/7627. If we have systemd-based distro, we should use systemd unit files from systemd directory to start/stop ceph daemons. Otherwise, daemon() from /etc/init.d/functions on systemd distro starts service in system.slice and everything works well for case, for example, when we use hammer on RH7. With this code it will start daemon with daemon() function from init.d/functions. systemd-run can not be run on non-systemd distros, so it's not needed on SysV systems. I've performed successful testing with hammer on RH6, RH7 systems with ceph-osd, ceph-mon, ceph-radosgw services.
Updated by Vladislav Odintsov almost 8 years ago
Updated by Nathan Cutler almost 8 years ago
- Copied to Backport #16441: jewel: [initscripts] systemd-run is not needed in initscripts added
Updated by Nathan Cutler almost 8 years ago
- Status changed from New to Fix Under Review
Updated by Nathan Cutler almost 8 years ago
@Vladimir: If any changes are made to https://github.com/ceph/ceph/pull/9871 these will have to be manually reflected in the backport PRs you have open. That's why we usually wait until the master PR has been merged before staging backports.
Updated by Vladislav Odintsov almost 8 years ago
@Nathan Weinberg, okay, no problem, I'll wait until merge and update backport PRs.
Updated by Kefu Chai almost 8 years ago
- Status changed from Fix Under Review to Resolved
Updated by Vladislav Odintsov almost 8 years ago
Need backports:
hammer
jewel
kraken
Updated by Vladislav Odintsov almost 8 years ago
Backport to kraken: http://tracker.ceph.com/issues/16652
Updated by Nathan Cutler almost 8 years ago
@Vladislav: Kraken backporting has not started yet. The "master" and "kraken" branches are currently in lock-step. See http://docs.ceph.com/docs/master/dev/#what-is-merged-where-and-when for general info on this topic.
Updated by Nathan Cutler almost 8 years ago
- Copied to Backport #16442: hammer: [initscripts]: systemd-run is not needed in initscripts added
Updated by Loïc Dachary over 7 years ago
- Status changed from Resolved to Pending Backport
Updated by Vladislav Odintsov over 7 years ago
More issue description.
My initial problem was connected with hammer radosgw on el7. I couldn't run radosgw under non-privileged user without shell (/sbin/nologin), because you can't ask su or sudo or runuser to start process from user without shell - these binaries do need shell. But daemon() from /etc/init.d/functions or start_daemon() from /lib/lsb/init-functions don't need it and are written for this special usage.
I decided to write 2 patches: for init-ceph and for init-radosgw to keep start of these daemons with initscripts in the same style.
The problem:
~]# getent passwd radosgw radosgw:x:1003:1003::/var/lib/ceph/radosgw/:/sbin/nologin ~]# /bin/su radosgw -c '/bin/radosgw -n client.radosgw.i-c5ef3fa1' This account is currently not available. ~]# ps aux | grep rados root 11402 0.0 0.0 112648 968 pts/0 S+ 11:32 0:00 grep --color=auto rados
Right way (if we don't use systemd-units on el7 hammer):
~]# . /etc/init.d/functions ~]# daemon --user="radosgw" "/bin/radosgw -n client.radosgw.i-c5ef3fa1" ~]# [ OK ] ~]# ps aux | grep rados radosgw 11757 1.0 0.2 2151224 9468 ? Ssl 11:34 0:00 /bin/radosgw -n client.radosgw.i-c5ef3fa1 root 11893 0.0 0.0 112648 968 pts/0 S+ 11:34 0:00 grep --color=auto rados
Anyway, even if you don't use systemd-run, you can work through systemctl:
~]# systemctl status ceph-radosgw
● ceph-radosgw.service - LSB: radosgw RESTful rados gateway
Loaded: loaded (/etc/rc.d/init.d/ceph-radosgw)
Active: active (running) since Fri 2016-06-24 11:44:04 MSK; 3s ago
Docs: man:systemd-sysv-generator(8)
Process: 8023 ExecStop=/etc/rc.d/init.d/ceph-radosgw stop (code=exited, status=0/SUCCESS)
Process: 20117 ExecReload=/etc/rc.d/init.d/ceph-radosgw reload (code=exited, status=0/SUCCESS)
Process: 13781 ExecStart=/etc/rc.d/init.d/ceph-radosgw start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/ceph-radosgw.service
└─13805 /bin/radosgw -n client.radosgw.i-c5ef3fa1
Jun 24 11:44:04 i-c5ef3fa1 systemd[1]: Starting LSB: radosgw RESTful rados gateway...
Jun 24 11:44:04 i-c5ef3fa1 ceph-radosgw[13781]: Starting client.radosgw.i-c5ef3fa1...
Jun 24 11:44:04 i-c5ef3fa1 runuser[13801]: pam_unix(runuser:session): session opened for user radosgw by (uid=0)
Jun 24 11:44:04 i-c5ef3fa1 systemd[1]: Started LSB: radosgw RESTful rados gateway.
Jun 24 11:44:04 i-c5ef3fa1 ceph-radosgw[13781]: [ OK ]
About backports:
It's very needed in EL7 hammer. There is no ability to start daemon under non-privileged user. Since el7 hammer doesn't provide packaged systemd units, and changing packaging is not a good idea in minor release, because it can break the automation and other aspects for users.
I think these changes should be in all supported branches (hammer, jewel) to keep these scripts in unified style - but this is already not a technical issue.
Updated by Loïc Dachary over 7 years ago
- Copied to deleted (Backport #16441: jewel: [initscripts] systemd-run is not needed in initscripts)
Updated by Loïc Dachary over 7 years ago
- Backport changed from hammer,jewel to hammer
Updated by Nathan Cutler over 7 years ago
- Project changed from Ceph to devops
- Status changed from Pending Backport to Resolved
- Backport changed from hammer to jewel,hammer
Updated by Nathan Cutler over 7 years ago
- Copied to Backport #16441: jewel: [initscripts] systemd-run is not needed in initscripts added
Updated by Nathan Cutler over 7 years ago
- Copied to Backport #16442: hammer: [initscripts]: systemd-run is not needed in initscripts added