https://tracker.ceph.com/https://tracker.ceph.com/favicon.ico2016-06-23T08:39:59ZCeph devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=732362016-06-23T08:39:59ZVladislav Odintsovodivlad@gmail.com
<ul></ul><p><a class="external" href="https://github.com/ceph/ceph/pull/9871">https://github.com/ceph/ceph/pull/9871</a></p>
<p>backport tickets and PRs:</p>
<p>jewel:<br /><a class="external" href="http://tracker.ceph.com/issues/16441">http://tracker.ceph.com/issues/16441</a><br /><a class="external" href="https://github.com/ceph/ceph/pull/9872">https://github.com/ceph/ceph/pull/9872</a></p>
<p>hammer:<br /><a class="external" href="http://tracker.ceph.com/issues/16442">http://tracker.ceph.com/issues/16442</a><br /><a class="external" href="https://github.com/ceph/ceph/pull/9873">https://github.com/ceph/ceph/pull/9873</a></p> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=732512016-06-23T13:24:53ZNathan Cutlerncutler@suse.cz
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-9 status-3 priority-4 priority-default closed" href="/issues/16441">Backport #16441</a>: jewel: [initscripts] systemd-run is not needed in initscripts</i> added</li></ul> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=732552016-06-23T13:26:39ZNathan Cutlerncutler@suse.cz
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Fix Under Review</i></li></ul> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=732562016-06-23T13:28:40ZNathan Cutlerncutler@suse.cz
<ul></ul><p>@Vladimir: If any changes are made to <a class="external" href="https://github.com/ceph/ceph/pull/9871">https://github.com/ceph/ceph/pull/9871</a> these will have to be manually reflected in the backport PRs you have open. That's why we usually wait until the master PR has been merged before staging backports.</p> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=732712016-06-23T13:48:04ZVladislav Odintsovodivlad@gmail.com
<ul></ul><p>@Nathan, okay, no problem, I'll wait until merge and update backport PRs.</p> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=741702016-07-11T05:44:17ZKefu Chaitchaikov@gmail.com
<ul><li><strong>Status</strong> changed from <i>Fix Under Review</i> to <i>Resolved</i></li></ul> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=741772016-07-11T09:39:06ZVladislav Odintsovodivlad@gmail.com
<ul></ul><p>Need backports:<br />hammer<br />jewel<br />kraken</p> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=741782016-07-11T10:45:03ZVladislav Odintsovodivlad@gmail.com
<ul></ul><p>Backport to kraken: <a class="external" href="http://tracker.ceph.com/issues/16652">http://tracker.ceph.com/issues/16652</a></p> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=741812016-07-11T11:38:57ZNathan Cutlerncutler@suse.cz
<ul></ul><p>@Vladislav: Kraken backporting has not started yet. The "master" and "kraken" branches are currently in lock-step. See <a class="external" href="http://docs.ceph.com/docs/master/dev/#what-is-merged-where-and-when">http://docs.ceph.com/docs/master/dev/#what-is-merged-where-and-when</a> for general info on this topic.</p> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=747862016-07-14T10:48:40ZNathan Cutlerncutler@suse.cz
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-9 status-3 priority-4 priority-default closed" href="/issues/16442">Backport #16442</a>: hammer: [initscripts]: systemd-run is not needed in initscripts</i> added</li></ul> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=755492016-07-28T19:48:04ZLoïc Dacharyloic@dachary.org
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Pending Backport</i></li></ul> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=755522016-07-28T20:40:07ZVladislav Odintsovodivlad@gmail.com
<ul></ul><p>More issue description.</p>
<p>My initial problem was connected with hammer radosgw on el7. I couldn't run radosgw under non-privileged user without shell (/sbin/nologin), because you can't ask <code>su</code> or <code>sudo</code> or <code>runuser</code> to start process from user without shell - these binaries do need shell. But <code>daemon()</code> from <code>/etc/init.d/functions</code> or <code>start_daemon()</code> from <code>/lib/lsb/init-functions</code> don't need it and are written for this special usage.</p>
<p>I decided to write 2 patches: for init-ceph and for init-radosgw to keep start of these daemons with initscripts in the same style.</p>
<p>The problem:</p>
<pre>
~]# getent passwd radosgw
radosgw:x:1003:1003::/var/lib/ceph/radosgw/:/sbin/nologin
~]# /bin/su radosgw -c '/bin/radosgw -n client.radosgw.i-c5ef3fa1'
This account is currently not available.
~]# ps aux | grep rados
root 11402 0.0 0.0 112648 968 pts/0 S+ 11:32 0:00 grep --color=auto rados
</pre>
<p>Right way (if we don't use systemd-units on el7 hammer):<br /><pre>
~]# . /etc/init.d/functions
~]# daemon --user="radosgw" "/bin/radosgw -n client.radosgw.i-c5ef3fa1"
~]# [ OK ]
~]# ps aux | grep rados
radosgw 11757 1.0 0.2 2151224 9468 ? Ssl 11:34 0:00 /bin/radosgw -n client.radosgw.i-c5ef3fa1
root 11893 0.0 0.0 112648 968 pts/0 S+ 11:34 0:00 grep --color=auto rados
</pre></p>
<p>Anyway, even if you don't use systemd-run, you can work through systemctl:</p>
<pre>
~]# systemctl status ceph-radosgw
● ceph-radosgw.service - LSB: radosgw RESTful rados gateway
Loaded: loaded (/etc/rc.d/init.d/ceph-radosgw)
Active: active (running) since Fri 2016-06-24 11:44:04 MSK; 3s ago
Docs: man:systemd-sysv-generator(8)
Process: 8023 ExecStop=/etc/rc.d/init.d/ceph-radosgw stop (code=exited, status=0/SUCCESS)
Process: 20117 ExecReload=/etc/rc.d/init.d/ceph-radosgw reload (code=exited, status=0/SUCCESS)
Process: 13781 ExecStart=/etc/rc.d/init.d/ceph-radosgw start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/ceph-radosgw.service
└─13805 /bin/radosgw -n client.radosgw.i-c5ef3fa1
Jun 24 11:44:04 i-c5ef3fa1 systemd[1]: Starting LSB: radosgw RESTful rados gateway...
Jun 24 11:44:04 i-c5ef3fa1 ceph-radosgw[13781]: Starting client.radosgw.i-c5ef3fa1...
Jun 24 11:44:04 i-c5ef3fa1 runuser[13801]: pam_unix(runuser:session): session opened for user radosgw by (uid=0)
Jun 24 11:44:04 i-c5ef3fa1 systemd[1]: Started LSB: radosgw RESTful rados gateway.
Jun 24 11:44:04 i-c5ef3fa1 ceph-radosgw[13781]: [ OK ]
</pre>
<p>About backports:<br />It's very needed in EL7 hammer. There is no ability to start daemon under non-privileged user. Since el7 hammer doesn't provide packaged systemd units, and changing packaging is not a good idea in minor release, because it can break the automation and other aspects for users.<br />I think these changes should be in all supported branches (hammer, jewel) to keep these scripts in unified style - but this is already not a technical issue.</p> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=773062016-08-25T11:40:42ZLoïc Dacharyloic@dachary.org
<ul><li><strong>Copied to</strong> deleted (<i><a class="issue tracker-9 status-3 priority-4 priority-default closed" href="/issues/16441">Backport #16441</a>: jewel: [initscripts] systemd-run is not needed in initscripts</i>)</li></ul> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=773092016-08-25T11:42:06ZLoïc Dacharyloic@dachary.org
<ul><li><strong>Backport</strong> changed from <i>hammer,jewel</i> to <i>hammer</i></li></ul><p>See <a class="external" href="http://tracker.ceph.com/issues/16441#note-9">http://tracker.ceph.com/issues/16441#note-9</a></p> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=819622016-11-23T21:57:01ZNathan Cutlerncutler@suse.cz
<ul><li><strong>Project</strong> changed from <i>Ceph</i> to <i>devops</i></li><li><strong>Status</strong> changed from <i>Pending Backport</i> to <i>Resolved</i></li><li><strong>Backport</strong> changed from <i>hammer</i> to <i>jewel,hammer</i></li></ul> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=819632016-11-23T21:57:18ZNathan Cutlerncutler@suse.cz
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-9 status-3 priority-4 priority-default closed" href="/issues/16441">Backport #16441</a>: jewel: [initscripts] systemd-run is not needed in initscripts</i> added</li></ul> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=819652016-11-23T21:57:27ZNathan Cutlerncutler@suse.cz
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-9 status-3 priority-4 priority-default closed" href="/issues/16442">Backport #16442</a>: hammer: [initscripts]: systemd-run is not needed in initscripts</i> added</li></ul> devops - Fix #16440: [initscripts]: systemd-run is not needed in initscriptshttps://tracker.ceph.com/issues/16440?journal_id=819672016-11-23T21:57:41ZNathan Cutlerncutler@suse.cz
<ul><li><strong>% Done</strong> changed from <i>90</i> to <i>100</i></li></ul>