Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignition silently fails to enable a nonexistent unit #587

Open
coreosbot opened this issue Nov 10, 2017 · 2 comments
Open

Ignition silently fails to enable a nonexistent unit #587

coreosbot opened this issue Nov 10, 2017 · 2 comments
Labels
area/usability kind/bug

Comments

@coreosbot
Copy link
Contributor

Issue by @bgilbert

Issue Report

Bug

Container Linux Version

$ cat /etc/os-release
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=1590.0.0
VERSION_ID=1590.0.0
BUILD_ID=2017-11-08-0831
PRETTY_NAME="Container Linux by CoreOS 1590.0.0 (Ladybug)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"

Environment

Any

Expected Behavior

If Ignition is asked to enable a nonexistent unit, it fails the boot.

Actual Behavior

Ignition claims to have enabled the unit, but nothing happens.

Reproduction Steps

  1. Boot the following CLC:
systemd:
  units:
    - name: blargh.service
      enabled: true
  1. Check journalctl -t ignition and systemctl status.

Other Information

This happens because Ignition configures systemd units via presets, and presets are allowed to reference nonexistent units.

journalctl says:

Nov 10 01:19:32 localhost ignition[439]: files: op(8): [started]  processing unit "blargh.service"
Nov 10 01:19:32 localhost ignition[439]: files: op(8): [finished] processing unit "blargh.service"
Nov 10 01:19:32 localhost ignition[439]: files: op(9): [started]  enabling unit "blargh.service"
Nov 10 01:19:32 localhost ignition[439]: files: op(9): [finished] enabling unit "blargh.service"
@coreosbot coreosbot mentioned this issue Jul 10, 2018
Closed
@coreosbot coreosbot mentioned this issue Jul 10, 2018
Open
@ajeddeloh
Copy link
Contributor

ajeddeloh commented Apr 12, 2019
edited
Loading

Wild idea: The root of the problem here (as described in #588) is that we can't know what units are generated by systemd generators and thus can't know what units exist in the real root. One thought is to run the generators in the initramfs, chrooted into the real root, but with a throwaway overlayfs to "absorb" any writes to the filesystem, then inspect the real root with overlay and see if we'd fail to enable anything. It's still not perfect since it's not checking that enabling actually succeeded, just that it should succeed. Also seems somewhat brittle.

If generators are well behaved (see https://www.freedesktop.org/software/systemd/man/systemd.generator.html#Notes%20about%20writing%20generators) then we might even get away with running them with root RO and with the early/normal/late dirs bind-mounted in. But users can add their own generators which may not be well behaved.

@krestivo-kdinfotech krestivo-kdinfotech mentioned this issue May 15, 2019
Closed
@jamescassell
Copy link

seems like a failure of the "first boot fails if the ignition couldn't be applied" principle

@bgilbert bgilbert mentioned this issue Apr 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/usability kind/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bgilbert @ajeddeloh @jamescassell @coreosbot