Discussion:
systemd offline-update functionality
(too old to reply)
Zhivich, Michael
2018-10-15 19:07:26 UTC
Permalink
Hello,

I would like to use systemd’s “offline-update” functionality for a firmware-updating service. After playing with it a bit, I have a couple questions that I was hoping someone could help me with:


1. Per documentation at https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html, “If the system-update.target is successfully reached, i.e. all update services have run, and the /system-update symlink still exists, it will be removed and the machine rebooted as a safety measure.”

I have not observed this behavior in testing; in fact, I cannot find any code in systemd that removes the “/system-update” symlink if the update script fails. Is this still the expected behavior or is the update script responsible for deleting the symlink?


1. The same documentation page recommends setting “FailureAction = reboot” in case the update script fails to complete. However, this does not seem to reboot the machine properly (e.g. I don’t see a POST screen + grub as expected). Using “reboot-force” does seem to have the expected behavior. What is the difference between these two methods?

Any help would be much appreciated.

Thanks,
~ Michael
--
Michael Zhivich
Linux Kernel Team
***@akamai.com<mailto:***@akamai.com>
--
Uoti Urpala
2018-10-15 20:18:01 UTC
Permalink
Post by Zhivich, Michael
I have not observed this behavior in testing; in fact, I cannot find
any code in systemd that removes the “/system-update” symlink if the
update script fails. Is this still the expected behavior or is the
update script responsible for deleting the symlink?
"git grep /system-update" in the sources shows:
units/system-update-cleanup.service:ExecStart=/bin/rm -fv /system-update

The "Recommendations" section on the page you linked to has "Make sure
to remove the /system-update symlink as early as possible in the update
script to avoid reboot loops in case the update fails." as the second
item anyway.
Post by Zhivich, Michael
The same documentation page recommends setting “FailureAction =
reboot” in case the update script fails to complete. However, this
does not seem to reboot the machine properly (e.g. I don’t see a POST
screen + grub as expected). Using “reboot-force” does seem to have
the expected behavior. What is the difference between these two
methods?
They're documented on the systemd.unit manpage for example. IIRC the
"force" variant just kills processes without "properly" shutting down
services through ExecStop actions.
Lennart Poettering
2018-10-16 15:27:33 UTC
Permalink
Post by Uoti Urpala
Post by Zhivich, Michael
The same documentation page recommends setting “FailureAction =
reboot” in case the update script fails to complete. However, this
does not seem to reboot the machine properly (e.g. I don’t see a POST
screen + grub as expected). Using “reboot-force” does seem to have
the expected behavior. What is the difference between these two
methods?
They're documented on the systemd.unit manpage for example. IIRC the
"force" variant just kills processes without "properly" shutting down
services through ExecStop actions.
Correct.

System shutdown is split into two phases. In phase #1 we'll stop
units cleanly, following the shutdown ordering defined between
them, and running all ExecStop= lines as configured. In phase #2 we'll
brutally kill/unmount/detach everything that remains in a tight
loop. Normally, phase #2 is just a safety net, that cleans up whatever
was missed in phase #1.

With FailureAction=reboot is used we enter phase #1, i.e. the clean
shutdown logic. If FailureAction=reboot-force then we skip phase #1,
entering directly phase #2.

If "FailureAction=reboot" doesn't work for you, then this suggests
some unit is stalling shutdown for some reason. You should debug what
that is and why it is doing that.

Lennart
--
Lennart Poettering, Red Hat
Continue reading on narkive:
Loading...