verify property not respected under Chef 12

[chewi]

The verify property is passed through to the underlying systemd_unit resource but this is not respected under Chef 12. You fixed this for Chef 13 in chef/chef@b7240ac35dfce9cea8a298ee633ccd356c7dbeca but this was never backported. This cookbook is supposed to work with 12 so can this be resolved somehow? I have a socket/service pair and one won't verify without the other.

I did try to edit the file resource using the rewind technique but this didn't work as Chef creates that resource on the fly at converge time.

[nathwill]

@chewi thanks for the report. can you provide some sample code that replicates the issue and i'll take a look?

[chewi]

This will fail under Chef 12.21 but work under 13.

systemd_socket 'foo' do
  socket_listen_stream '127.0.0.1:8080'
  verify false
end

systemd_service 'foo' do
  unit_requires 'foo.socket'
  service_exec_start '/bin/true'
end

[nathwill]

@chewi ok, great, thanks, I can replicate, i'll poke around a bit.

in the meantime, can i ask more about what you're trying to accomplish?

in my experience, it's unusual to see a service unit require a socket, since the socket is just a kind of light-weight proxy for the on-demand activation of the service... without the Requires= defined on the service unit, this works on Chef 12 after reversing the unit order to create the service before the socket.

[chewi]

I must admit that this is code I wrote a year ago and I didn't stop to reconsider whether adding Requires= is the right thing to do. I don't recall whether I did it for a specific reason or whether it just seemed like a good idea. If this isn't best practise then I'll stop.

[nathwill]

OK, if there's no particular reason to have it, removing Requires= is definitely a solution. My approach is usually to create the service unit first, but neither enable or start it, and then create/enable/start the socket unit. That ordering lets one avoid dependency-based verification failures for socket units.