Hello there
TL;DR: I have encountered a weird behaviour of services promises on Debian Linux 10, and was wondering if that's a general problem on all systemd-based Linux distribution or it's rather peculiar to Debian 10 or my setup. What I see is that services promises with policy start, stop, enable or disable are not idempotent and the corresponding systemctl commands are issued over and over at each agent run.
Those who are interested in the details of my findings and investigations can continue reading.
Ciao
bronto
I have been playing with services promises lately on Debian 10 systems (systemd), focusing on which services should absolutely be running or not running (systemctl start/stop), and which should/shouldn't be activated at boot (enable/disable). All these states have in common is that you expect them to be idempotent: if a service is enabled, you don't want CFEngine to issue commands to enable it at every agent run; if a service is running, you don't want CFEngine to issue a command to start it. You got the idea.
Initially, I was just using the standard services promises/bundles as provided by CFEngine. To my surprise, they were not idempotent: e.g. the ssh service was enabled and running, but the services promise would still hammer the system at every run with systemctl start ssh and systemctl enable ssh.
Initially, I didn't investigate this behaviour in depth,
believing that CFEngine was issuing the commands at every run to
avoid an easy race condition(*), so I started implementing my own
checks using systemctl is-active/is-enabled and applying the
services promise only if that was actually the case. It started
becoming sort of a rabbit hole, and I realised that I was better
off creating a custom service_method for systemd services. To do
that, I decided to build upon the code I had already written, and
the code of bundle agent standard_services.
I started looking into bundle agent standard_services, and noticed some interesting facts:
So I am running a custom built bundle agent systemd_services now,
but I'm really interested in understanding if the behaviour I am
seeing in standard_services is due to a bug and, in that case, if
the bug is debian specific, or if something else is wrong. I can't
see that the systemd part of the code of standard_services has
changed a lot compared to CFEngine 3.7, so could it be that the
output of the systemctl show command has changed significantly
enough that the bundle doesn't work correctly any more and needs
an update?
(*) if you check if an action should be performed before actually
performing it, there is an interval of time where the state of the
service could change; in these cases, you're better off skipping
the check and performing the action regardless, if it's safe to do
so.
I believe this is run and there is no problem, but since the service
was started/enabled over and over, then maybe the right classes are
not set? E.g.: the output of systemctl has changed since the policy
was written?
Can you please define non-native? Just to be sure we have a common
understanding.
I could do that. Just need one quiet day, which hasn\t materialised
since I came back from vacation :(
I was working with ssh: I wanted to ensure it was both enabled and
running, and systemctl enable/start was triggered at every agent run.
--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/help-cfengine/072040fb-321c-4b3e-a7ed-3ff17247a6c4n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/help-cfengine/e8bea248-e8b7-4306-bf7a-b12f34b77045n%40googlegroups.com.