[lxc-devel] [PATCH] fix systemd lxc-net vs lxc ordering

Martin Pitt martin.pitt at ubuntu.com
Tue Jun 30 05:04:04 UTC 2015 

Hey Serge,

Serge Hallyn [2015-06-29 16:40 +0000]:
> The lxc init job must not start until lxc networking has been
> setup.  This requires lxc-net to have complete, not just
> started.  To that end,
> 
> 1. lxc-net now does its work in ExecPreStart rather than
> ExecStart

lxc-net starts a long-running process "dnsmasq", so this is wrong.
ExecStartPre= must not start long-running processes, only ExecStart=
can. Also, this unit is "Type=oneshot", so this change does not even
make a difference -- *All* ExecStart*= commands have to finish before
the unit is considered "started".

> 2. lxc now specifies lxc-net in After, not Wants.  So if lxc-net
> fails, lxc won't start and try to autostart containers.  (If you
> want lxc-net to do nothing, setting USE_LXC_BRIDGE="false" in
> /etc/default/lxc is the way to do that, but lxc-net should still
> run successfully.)

The missing "After=" was indeed a bug, and adding it will make lxc
wait for lxc-net to finish first, which is what you want. Wrt. the
Wants=, we should decide how we want lxc-net.service to get started.
Right now it has an

  [Install]
  WantedBy=multi-user.target

I. e. it always gets started on boot independently of lxc.service. I.
e. even if you disable the latter. But if you disable lxc-net, so that
/etc/systemd/system/multi-user.target.wants/lxc-net.service goes away,
it will still get started if you start "lxc-net". That sounds like a
reasonable behaviour, thus I suggest keeping the Wants= too.

So as a result..

> --- a/config/init/systemd/lxc-net.service.in
> +++ b/config/init/systemd/lxc-net.service.in
> @@ -6,7 +6,7 @@ Before=lxc.service
>  [Service]
>  Type=oneshot
>  RemainAfterExit=yes
> -ExecStart=@LIBEXECDIR@/lxc/lxc-net start
> +ExecStartPre=@LIBEXECDIR@/lxc/lxc-net start
>  ExecStop=@LIBEXECDIR@/lxc/lxc-net stop

Drop this hunk, it's wrong.

>  [Install]

Drop the [Install] section if you only want to start lxc-net when lxc
is started. (I don't have a recommendation whether that's conceptually
cleaner or whether lxc-net is beneficial even without lxc).

> diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in
> index a256141..7d191dc 100644
> --- a/config/init/systemd/lxc.service.in
> +++ b/config/init/systemd/lxc.service.in
> @@ -1,7 +1,6 @@
>  [Unit]
>  Description=LXC Container Initialization and Autoboot Code
> -After=syslog.target network.target
> -Wants=lxc-net.service
> +After=syslog.target network.target lxc-net.service

The After= is right. Dropping the Wants= is wrong IMHO.

Thanks,

Martin
-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150630/917e8524/attachment.sig>

More information about the lxc-devel mailing list