Currently collectd is shipped with default systemd file provided by collectd. This file does not match to Gentoo and will cause collectd fail to start. Collectd environment file is not located in /etc/default/collectd in Gentoo. I also noted that that /usr/sbin/collectd is the only file with 711 in /usr/sbin while all other files are 755. Why is that? Reproducible: Always Steps to Reproduce: 1. emerge collectd 2. systemctl start collectd 3. Actual Results: Collect is not started and Journalctl shows following message: collectd.service: Failed at step EXEC spawning /usr/sbin/collectd: Operation not permitted Expected Results: collectd should start
Created attachment 449858 [details] working collectd unit file I've fixed the unit file- This should work.
While you are right that we are using the systemd unit from upstream this isn't the problem: It defines EnvironmentFile=-/etc/sysconfig/collectd EnvironmentFile=-/etc/default/collectd I.e. the "-" makes sure that if the file doesn't exist this won't be a problem, see https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile= Also on Gentoo we shouldn't use /etc/conf.d/ in systemd units because 1) /etc/conf.d is owned by OpenRC and the aim is to get a system without OpenRC package installed 2) /etc/conf.d/ files could contain Bash code which isn't support by systemd (systemd only reads EnvironmentFile but doesn't interpret the content). So thank you for the provided unit file but this file can't be used. Also chmod 711 should be enough. I.e. the user must only be able to execute the file. The kernel then will read it (that's different for scripts where you must be able to read the script's content, too). So at the moment I am not sure what's the problem on your system and I don't have a systemd where I can test on my own.
Well, thanks! I am not a heavy user of Systemd either so i didn't know about the things you told me. More so i am surprise you did know them. There is no /etc/default/collect file or else and i tried to fix this unit file with as little tweaking as possible. Everything works well with the conf.d file but i see the problem in using it with Systemd. To me it seems like that settings in this config file are going to make collectd not to read/write in non existing folders or folder wrong permissions that might be set as defaults in collect. With defaults Collectd fails and Systemd is sending this error message. The thing about the 711 permissions is not a problem but more a curious note. Its the only file with that permission in /usr/sbin on my system.
Can you please show me the content of your EnvironmentFile you are sourcing? I am curious because the default one we are installing is basically "empty" (i.e. everything is commented). Also please test again with removed EnvironmentFile option at all. At the moment I suspect /var/run/collectd is the problem. When using OpenRC, the runscript will create the folder. However for systemd a tmpfile instruction is missing. So because you are starting collectd as user you should be unable to create that directory...
Seems like you're only half correct. I have a working /var/run/collectd directory but there is nothing in it. I can see collectd running but there is no pid file for collectd anywhere in /var/run. On the other hand, collectd is not using my provided environment file at all. For now i don't really know why it works but i can see the process running and it does collect data. I've also checked a couple of other systemd unit files and i've got a completely wrong idea about this environment file. You have to reuse those settings within the service file for having them called. Thats ok and it seems like i haven't digged enough into this problem. Since my file is mostly useless i've tried to reuse the default one and even with a correctly existing /var/run/collectd directory, i always end up with this error. As i said, i am not an expert when it comes to Systemd and i've expected this unit file thing a much easier process since Systemd is labeled as a "works out of the box" thing. I am going to rewrite my unit file and call up the OpenRC Environment file and set those settings into the ExecStart like i've seen it in other unit files. Somehow i don't see how to set Collectd options with Systemd on Gentoo differently and think this is not useful for everyone. This makes this bug report most likely obsolete. Thanks allot for your help!
For the records: chmod 711 is set for /usr/sbin/collectd due to filecaps USE flag usage (fcaps.eclass will set chmod 711 per default). And yes, just sourcing an EnvironmentFile does nothing. You would have to use the sourced date somewhere.. > I have a working /var/run/collectd directory but there is nothing in it. Could you please stop collectd. Remove that directory and try to restart collectd? Would be interesting to know if this folder will be re-created or not and if collectd breaks if this folder is missing.
You did read that default unit file is not starting at all? I've deleted the folder and it does not matter. Still the same error. When using my old version it starts but does not care about this folder. It is not creating it nor failing. It just starts.
Seems related: https://github.com/collectd/collectd/issues/1946
I've retried all of the lines in the default unit file and the line causing the trouble is this one: CapabilityBoundingSet= If you remove it, it works. I am sorry for all the trouble, i was on the wrong track but i still don't understand this file. Those two lines with those environment files seem not make much sense. I don't see any usage of the settings from this file at all. Another thing is this broken line. I would not expect the need of editing in a file somewhere in /usr/lib/systemd to get a configuration changed. This is something i would expect in /etc but than again i'm still new to Systemd and the more i am using it the more i understand Gentoo on keeping to OpenRC.
(In reply to zasire from comment #9) > i still don't understand this file. Those two lines with those environment > files seem not make much sense. I don't see any usage of the settings > from this file at all. That's right. They don't hurt however I will remove them with the next bump. > Another thing is this broken line. I would not expect the need of > editing in a file somewhere in /usr/lib/systemd to get a configuration > changed. This is something i would expect in /etc but than again i'm still > new to Systemd and the more i am using it the more i understand Gentoo on > keeping to OpenRC. Well, I am not a systemd user at all but it is common in systemd world to overwrite units because there isn't /etc/default anymore. You are supposed to overwrite the unit (i.e. copy it from /usr/... to /etc) or sometimes create a *.conf file if supported. Anyway, it looks like the problem is that when "filecaps" USE flag is used we set capabilities for /usr/sbin/collectd however due to empty CapabilityBoundingSet in the default unit collectd binary with set capabilities is disallowed and systemd prohibits the start of collectd. But again, I don't run systemd so it would be very helpful for me if you could do a short testing: If you don't have "getcap" command, please emerge sys-libs/libcap. Run # getcap /usr/sbin/collectd On my system the output is > /usr/sbin/collectd = cap_dac_read_search,cap_net_admin,cap_net_raw+ep The output maybe looks different on your system based on the chosen collectd plugins. Now please use the default unit provided by the package (if you don't have it anymore, please grab a copy from https://raw.githubusercontent.com/collectd/collectd/master/contrib/systemd.collectd.service or re-emerge the package) and set CapabilityBoundingSet according to the output above. In my example I would set CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW Does the unit file now work for you?
Yes, cap_net_admin was missing. I've altered the default unit file with the missing capabilities like you've proposed and it works now. Thanks allot!
OK, thank you for testing! I'll provide a revbump shortly which will make sure that we also set CapabilityBoundingSet= when using filecaps USE flag.
OK, all set now: > commit 180eeb25679dbf994da5571521187938e8ec8354 > Author: Thomas Deutschmann > Date: Thu Oct 13 22:48:26 2016 +0200 > > app-admin/collectd: Revision bump to address multiple issues > > - When collectd was emerged with "filecaps" USE flag set and at least one > chosen plugin required special capabilities systemd was unable to start > collectd because CapabilityBoundingSet option in collectd's systemd unit > file did not match with the capabilities actual set for > "/usr/sbin/collectd". (bug #596852) > > - Cherry picked upstream commit 5e4f2ae61d to get rid of > > > capability: warning: `collectd' uses 32-bit capabilities (legacy support in use) > > message. > > Gentoo-Bug: https://bugs.gentoo.org/596852 > > Package-Manager: portage-2.3.2 Thanks for your report! Would be nice if you could confirm that the issue is now fixed for you and that collectd starts out-of-the box on systemd.
This was by far the fastest fix for a bug report the i have created or found here that arrived into portage. Thanks allot!
Thanks for verification. And thank you for testing as well. Without your tests I wouldn't have been able to fix this so fast. So thank you for contributing to Gentoo!
This one is back, the sed line doesn't work since: - https://www.gentoo.org/support/news-items/2017-07-16-systemd-rootprefix.html In the ebuild the line: local systemd_unit="${EROOT}usr/lib/systemd/system/collectd.service" Needs to be changed to: local systemd_unit="${EROOT}lib/systemd/system/collectd.service" Should I open a new issue?
Thanks for the report, in progress...
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a31f6aab2671f7cea5d96ff7ca0410bc82df27f4 commit a31f6aab2671f7cea5d96ff7ca0410bc82df27f4 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-03-30 23:26:49 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-03-30 23:27:22 +0000 app-admin/collectd: Fix pkg_postinst... ...to support systemd's new rootprefix. Closes: https://bugs.gentoo.org/596852 Package-Manager: Portage-2.3.26, Repoman-2.3.7 RepoMan-Options: --force .../{collectd-5.7.2-r1.ebuild => collectd-5.7.2-r2.ebuild} | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
