When a systemd service fails to start, no error is shown

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.

https://packetfence.org

GNU General Public License v2.0

1.35k stars 284 forks source link

When a systemd service fails to start, no error is shown #2118

Open julsemaan opened 7 years ago

julsemaan commented 7 years ago

When a systemd service fails to start (socket bind fail, compile error, etc) no error is shown and you actually have to look at the status to know whether it is alive or dead.

This is an uncommon behavior for systemd services, we should signal systemd a service is started only when it has actually started successfully.

louismunro commented 7 years ago

Not sure that's something we can fix. I think systemd is to blame for that. Not that it ever makes any mistake, but still.

Unless I misunderstand the issue?

julsemaan commented 7 years ago

Our processes are the only ones that present that behavior.

Usually, I've seen systemd say that the process couldn't start when it fails. Maybe we need to implement a signal that says 'hey we've started properly' and prevent systemd from declaring the process is alive without that during startup

I'll try to dig into it a bit but feel free to check it out as well

dwlfrth commented 7 years ago

@julsemaan will check if easy fix, it not, considered as low-priority and push to 7.1

julsemaan commented 7 years ago

@louismunro is right. No easy way I can see of checking that.

Moving to 7.1 for further investigation

dwlfrth commented 7 years ago

sdnotify for apache (RHEL vs Debian)

dwlfrth commented 7 years ago

Apache services are done using SDNotify
FreeRADIUS services are done using SDnotify
Need to address "pf" services

dwlfrth commented 7 years ago

@louismunro what's missing ?

julsemaan commented 7 years ago

I think haproxy is still missing, @louismunro can confirm

louismunro commented 7 years ago

The following services don't support sd_notify yet:

packetfence-carbon-cache.service packetfence-carbon-relay.service packetfence-collectd.service packetfence-haproxy.service packetfence-keepalived.service packetfence-p0f.service packetfence-radsniff.service packetfence-redis-cache.service packetfence-redis_ntlm_cache.service packetfence-redis_queue.service packetfence-routes.service packetfence-statsd.service

louismunro commented 7 years ago

We probably don't care much about most of the services above, but haproxy and keepalived would be nice. Unfortunately I think that would require patching them...

dwlfrth commented 7 years ago

Can we remove the 7.2 milestone from this one ?

louismunro commented 7 years ago

Make it PF 8.0 ?

dwlfrth commented 7 years ago

I like your style !

mcaulifn commented 3 years ago

Is there an update on this? Seeing it on Debian 9, Packetfence 10.2.0+20201007132.