Discussion:
StartTransientService problems
(too old to reply)
Barry Scott
2014-01-31 16:42:04 UTC
Permalink
I have finally managed to get StartTransientService to run a process for me
but I'm encountering issues:

we start a daemon that calls StartTransientService as required. The daemon
does not run as root, it runs as "onelan". We configure dbus to allow
"onelan" to call all systemd Manager APIs.

I want to set the User, Nice and Type of the service. I get the errors:

DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property User, or unknown property.

DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Type, or unknown property.

DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Nice, or unknown property.

What do I need to do to allow these properties to be set?

I also need to set the Environment. I can pass the environment in as a
property but it does not show up the the process created or in
systemctl status for the transient service. I do not see any messages in
the systemd logging.

And lastly what do I have to do to remove the transient service from systemd
after the last process in the service exits? RemainAfterExit=no

Barry
b***@onelan.com
2014-02-03 10:57:44 UTC
Permalink
Post by Barry Scott
I have finally managed to get StartTransientService to run a process for me
we start a daemon that calls StartTransientService as required. The daemon
does not run as root, it runs as "onelan". We configure dbus to allow
"onelan" to call all systemd Manager APIs.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property User, or unknown property.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Type, or unknown property.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Nice, or unknown property.
What do I need to do to allow these properties to be set?
I also need to set the Environment. I can pass the environment in as a
property but it does not show up the the process created or in
systemctl status for the transient service. I do not see any messages in
the systemd logging.
Correction I get an error for Environment as well.

DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Environment, or unknown property.
Post by Barry Scott
And lastly what do I have to do to remove the transient service from systemd
after the last process in the service exits? RemainAfterExit=no
Barry
_______________________________________________
systemd-devel mailing list
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
Barry Scott
Head of Player Development
ONELAN Limited
Lennart Poettering
2014-02-05 01:07:33 UTC
Permalink
Post by Barry Scott
I have finally managed to get StartTransientService to run a process for me
we start a daemon that calls StartTransientService as required. The daemon
does not run as root, it runs as "onelan". We configure dbus to allow
"onelan" to call all systemd Manager APIs.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property User, or unknown property.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Type, or unknown property.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Nice, or unknown property.
What do I need to do to allow these properties to be set?
I also need to set the Environment. I can pass the environment in as a
property but it does not show up the the process created or in
systemctl status for the transient service. I do not see any messages in
the systemd logging.
These options weren't settable so far for transient units, because I was
too lazy to make them settable. ;-)

I have added this in now:

http://cgit.freedesktop.org/systemd/systemd/commit/?id=c7040b5d1c2c148f12b6a5eef3dfce1661805131

Which should make them available via the bus for transient units. If you
need other props like this, just let me know and I'll add them too...
Post by Barry Scott
And lastly what do I have to do to remove the transient service from systemd
after the last process in the service exits? RemainAfterExit=no
RemainAfterExit=no is already available?

Lennart
--
Lennart Poettering, Red Hat
Barry Scott
2014-02-05 18:27:15 UTC
Permalink
Post by Lennart Poettering
Post by Barry Scott
I have finally managed to get StartTransientService to run a process for me
we start a daemon that calls StartTransientService as required. The daemon
does not run as root, it runs as "onelan". We configure dbus to allow
"onelan" to call all systemd Manager APIs.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property User, or unknown property.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Type, or unknown property.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Nice, or unknown property.
What do I need to do to allow these properties to be set?
I also need to set the Environment. I can pass the environment in as a
property but it does not show up the the process created or in
systemctl status for the transient service. I do not see any messages in
the systemd logging.
These options weren't settable so far for transient units, because I was
too lazy to make them settable. ;-)
http://cgit.freedesktop.org/systemd/systemd/commit/?id=c7040b5d1c2c148f12b6a
5eef3dfce1661805131
Thanks you for adding this. I'm attempting to test the patch.
I have built from git the latest code on a F20 system.
I then created a tar ball of the make install DESTDIR=tmp
and explored that tar ball over a F20 working system.

But I am hitting 2 issues:
1) We cannot call sched_setscheduler() in spite of the cpu cgroup being setup
correctly (e.g. works with systemd-208):
# grep . /sys/fs/cgroup/cpu/onelan.slice/onelan-screen.slice/cpu.rt*
/sys/fs/cgroup/cpu/onelan.slice/onelan-
screen.slice/cpu.rt_period_us:1000000000
/sys/fs/cgroup/cpu/onelan.slice/onelan-
screen.slice/cpu.rt_runtime_us:900000000

2) When I call StartTransientUnit I get a permission error:
DBusException: org.freedesktop.DBus.Error.AccessDenied: Access to
org.freedesktop.systemd1.Manager.StartTransientUnit() not permitted.

I have the following setup
(copied from /etc/dbus-1/system.d/org.freedesktop.systemd1.conf):

# cat /etc/dbus-1/system.d/ONELAN-systemd.conf
<?xml version="1.0"?>
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration
1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">

<busconfig>
<policy user="onelan">
<allow own="org.freedesktop.systemd1"/>

<!-- Onelan clients can do everything -->
<allow send_destination="org.freedesktop.systemd1"/>
<allow receive_sender="org.freedesktop.systemd1"/>

<!-- systemd may receive activator requests -->
<allow receive_interface="org.freedesktop.systemd1.Activator"
receive_member="ActivationRequest"/>
</policy>

</busconfig>

Which should have allowed the process running as "onelan" user to call
StartTransientUnit.
Post by Lennart Poettering
Which should make them available via the bus for transient units. If you
need other props like this, just let me know and I'll add them too...
Post by Barry Scott
And lastly what do I have to do to remove the transient service from
systemd after the last process in the service exits? RemainAfterExit=no
RemainAfterExit=no is already available?
Transient services that fail persist until you reboot the system.
This can be shown by using systemd-run to run /bin/true and /bin/false
all the /bin/true are removed but the /bin/false cannot be removed.

# systemd-run --desc false /bin/false
Running as unit run-1073.service.

# systemctl status run-1073.service
run-1073.service - false
Loaded: loaded (/run/systemd/system/run-1073.service; static)
Drop-In: /run/systemd/system/run-1073.service.d
└─90-Description.conf, 90-ExecStart.conf, 90-RemainAfterExit.conf,
90-SendSIGHUP.conf
Active: failed (Result: exit-code) since Wed 2014-02-05 18:21:51 GMT; 12s
ago
Process: 1074 ExecStart=/bin/false (code=exited, status=1/FAILURE)
Main PID: 1074 (code=exited, status=1/FAILURE)

Feb 05 18:21:51 localhost.localdomain systemd[1]: Starting false...
Feb 05 18:21:51 localhost.localdomain systemd[1]: Started false.
Feb 05 18:21:51 localhost.localdomain systemd[1]: run-1073.service: main
process exited, code=exited, status=1/FAILURE
Feb 05 18:21:51 localhost.localdomain systemd[1]: Unit run-1073.service
entered failed state.

# systemctl --full |grep ^run
run-1073.service
loaded failed failed false

# systemctl stop run-1073.service

# systemctl --full |grep ^run
run-1073.service
loaded failed failed false


Barry
Lennart Poettering
2014-02-13 23:42:37 UTC
Permalink
Post by Barry Scott
1) We cannot call sched_setscheduler() in spite of the cpu cgroup being setup
# grep . /sys/fs/cgroup/cpu/onelan.slice/onelan-screen.slice/cpu.rt*
/sys/fs/cgroup/cpu/onelan.slice/onelan-
screen.slice/cpu.rt_period_us:1000000000
/sys/fs/cgroup/cpu/onelan.slice/onelan-
screen.slice/cpu.rt_runtime_us:900000000
You need to set RT quota all the way to the top, and of course you still
need privs to get them...
Post by Barry Scott
DBusException: org.freedesktop.DBus.Error.AccessDenied: Access to
org.freedesktop.systemd1.Manager.StartTransientUnit() not permitted.
I have the following setup
# cat /etc/dbus-1/system.d/ONELAN-systemd.conf
<?xml version="1.0"?>
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration
1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="onelan">
<allow own="org.freedesktop.systemd1"/>
Nope, you user shouldn't get the right to own systemd's name, only
systemd should be able to do that...
Post by Barry Scott
<!-- Onelan clients can do everything -->
<allow send_destination="org.freedesktop.systemd1"/>
<allow receive_sender="org.freedesktop.systemd1"/>
<!-- systemd may receive activator requests -->
<allow receive_interface="org.freedesktop.systemd1.Activator"
receive_member="ActivationRequest"/>
The activator stuff is between systemd and dbus-daemon, nothing else
should have that.

Please check the man page regarding the dbus policy language.

Lennart
--
Lennart Poettering, Red Hat
Barry Scott
2014-02-25 17:59:27 UTC
Permalink
Post by Lennart Poettering
Post by Barry Scott
I have finally managed to get StartTransientService to run a process for me
we start a daemon that calls StartTransientService as required. The daemon
does not run as root, it runs as "onelan". We configure dbus to allow
"onelan" to call all systemd Manager APIs.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property User, or unknown property.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Type, or unknown property.
DBusException: org.freedesktop.DBus.Error.PropertyReadOnly: Cannot set
property Nice, or unknown property.
What do I need to do to allow these properties to be set?
I also need to set the Environment. I can pass the environment in as a
property but it does not show up the the process created or in
systemctl status for the transient service. I do not see any messages in
the systemd logging.
These options weren't settable so far for transient units, because I was
too lazy to make them settable. ;-)
http://cgit.freedesktop.org/systemd/systemd/commit/?id=c7040b5d1c2c148f12b6a
5eef3dfce1661805131
Which should make them available via the bus for transient units. If you
need other props like this, just let me know and I'll add them too...
I just tried to set LimitCORE and that was rejected. Can you add this and the
other related LimitXXX items please?

Barry
Post by Lennart Poettering
Lennart
Lennart Poettering
2014-03-05 03:47:13 UTC
Permalink
Post by Barry Scott
Post by Lennart Poettering
Which should make them available via the bus for transient units. If you
need other props like this, just let me know and I'll add them too...
I just tried to set LimitCORE and that was rejected. Can you add this and the
other related LimitXXX items please?
Done, in git.

I also updated "systemd-run" to take arbitrary settable properties with
a new "-p" switch to set on the unit that is created. I used that as a
testcase for LimitCORE and friends. But this enables a lot of other cool things:

# systemd-run -p BlockIOWeight=10 updatedb

Is an awesome way to run updatedb in the background without taking much
resources, totally cgroup-enabled...

Lennart
--
Lennart Poettering, Red Hat
Barry Scott
2014-03-05 09:55:22 UTC
Permalink
Post by Lennart Poettering
Post by Barry Scott
Post by Lennart Poettering
Which should make them available via the bus for transient units. If you
need other props like this, just let me know and I'll add them too...
I just tried to set LimitCORE and that was rejected. Can you add this and
the other related LimitXXX items please?
Done, in git.
Thanks.

I did not find detailed docs on how to call StartTransientUnit()
I have been reading the systemd sources to figure out the signatures of the
call and its parameters. Did I miss API documentation?

I would like to test these changes but I have failed to update a F20
system to newer code drops. Do you plan to have a F20 build of the
newer systemd at least for testing?
Post by Lennart Poettering
I also updated "systemd-run" to take arbitrary settable properties with
a new "-p" switch to set on the unit that is created. I used that as a
# systemd-run -p BlockIOWeight=10 updatedb
Is an awesome way to run updatedb in the background without taking much
resources, totally cgroup-enabled...
Lennart
Barry
Lennart Poettering
2014-03-11 18:16:17 UTC
Permalink
Post by Barry Scott
Post by Lennart Poettering
Post by Barry Scott
Post by Lennart Poettering
Which should make them available via the bus for transient units. If you
need other props like this, just let me know and I'll add them too...
I just tried to set LimitCORE and that was rejected. Can you add this and
the other related LimitXXX items please?
Done, in git.
Thanks.
I did not find detailed docs on how to call StartTransientUnit()
I have been reading the systemd sources to figure out the signatures of the
call and its parameters. Did I miss API documentation?
There's terse documentation on

http://www.freedesktop.org/wiki/Software/systemd/dbus/
http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/

While this describes the method call parameters roughly it doesn't
describe the precise encoding within the properties array. We should add
that of course. For now: it's mostly identical to how these things are
exposed as bus properties on the objects, however there are
exceptions...
Post by Barry Scott
I would like to test these changes but I have failed to update a F20
system to newer code drops. Do you plan to have a F20 build of the
newer systemd at least for testing?
No. This will be available in Rawhide shortly however.

Lennart
--
Lennart Poettering, Red Hat
Loading...