Open Bravo555 opened 1 year ago
Yes the current implementation of editing the /lib/systemd/system/SERVICE_NAME.service
is very problematic as this file will be overwritten when thin-edge.io is updated, thus silently disabling the watchdog functionality (exactly what you don't want in a watchdog!).
Below might be a way forward which supports reading the current WatchdogUSec
via the systemd interface (rather than parsing files manually):
Edit the systemd definition of a service that should have a watchdog enable on it
For example, edit the tedge-agent
service
sudo systemctl edit tedge-agent.service
Add the following contents (on newer systemd installations you can use a value of 30s
)
[Service]
WatchdogSec=30
Edit the tedge-watchdog service definition
sudo systemctl edit tedge-watchdog.service
Add the service dependencies to ensure the watchdog service starts before the other services.
[Unit]
Before=tedge-agent.service tedge-mapper-c8y.service
Note
Using the Before
property on the tedge-watchdog
service is easier/cleaner to managed as you only have to edit the service dependencies in one place.
Reload the systemd daemon
sudo systemctl daemon-reload
Now the watchdog service can check which services have the Watchdog enabled by running (though using the DBUS interface might be better?):
systemctl show tedge-agent -p WatchdogUSec
Output
WatchdogUSec=30
Describe the bug
In systemd, instead of editing service files located in
/lib/systemd/system/
, it is advisable to usesystemctl edit --full SERCVICE_NAME.service
which creates a new unit file in/etc/systemd/system/SERVICE_NAME.service
which includes modifications the user performed, orsystemctl edit SERVICE_NAME.service
which creates a directory/etc/systemd/system/SERVICE_NAME.service.d
in which a fileoverride.conf
containing user's modifications, will be saved.For that reason, it isn't enough to parse
/lib/systemd/system/SERVICE_NAME.service
file forWatchdogSec
attribute, because if the user usedsystemctl edit
command, it won't affect the original file, but it will be picked up by systemd, resulting in an undesirable behaviour where the service will be repeatedly killed by systemd, while the watchdog is not able to detect that the service has theWatchdogSec
attribute.To Reproduce
tedge-mapper-c8y
andtedge-watchdog
servicessystemctl edit --full tedge-mapper-c8y
and addWatchdogSec=30
in[Service]
section, as described in the documentationtedge-mapper-c8y
andtedge-watchdog
servicessystemctl status tedge-watchdog
should contain log line:WARN tedge_watchdog::systemd_watchdog: Watchdog is not enabled for device/main/service/tedge-mapper-c8y
journalctl -u tedge-mapper-c8y -f
should show the service being killed with signalSIGABRT
due to not notifying systemd in time.Expected behavior
tedge-watchdog
should pick upWatchdogSec
attribute as present, even if it was added usingsystemctl edit
command.Additional context
Instead of parsing a service file from a hardcoded location, it would be better to use systemd's D-Bus interface or a crate if such exists.
Lastly, this is not a bug insofar as our code doesn't work despite the user precisely following the instructions found in the documentation - the user has to do things differently from how they're described in the documentation, but seeing how "using
systemctl edit
command to edit systemd unit files" is a recommended good practice, and how following this practice leads to the unit being inoperable due to constant timeouts, I've decided to classify it as such.