Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 520294 - app-admin/ulogd init script should drop need net
Summary: app-admin/ulogd init script should drop need net
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Coacher
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: need-net
  Show dependency tree
 
Reported: 2014-08-20 06:07 UTC by Michael Rowell
Modified: 2014-08-26 16:08 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
ulogd-2-ng.init (ulogd-2-ng.init,903 bytes, text/plain)
2014-08-21 22:22 UTC, Coacher
Details
ulogd-2.init (ulogd-2.init,904 bytes, text/plain)
2014-08-21 22:39 UTC, Coacher
Details
ulogd-2.init (ulogd-2.init,907 bytes, text/plain)
2014-08-22 08:56 UTC, Coacher
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Rowell 2014-08-20 06:07:12 UTC
The ulogd initscript needs "net" before starting. Shorewall-init needs to run before "net" but *after* ulogd. This results in a circular wait loop during boot that, by default, takes 50 seconds to resolve, before timing out and waiting 50 seconds again before timing out a second time and allowing login.

I don't know which package is at fault, only that taking 2 minutes for OpenRC to finish its work before letting me log in is... counter-productive, to say the least.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2014-08-20 10:47:30 UTC
shorewall-init should run in "boot" runlevel and will set each configured firewall (shorewall, shorewall6, shorewall-lite, shorewall6-lite) into the stop state, which should secure your machine before the real firewall (which often needs the physical network device) is able to start.

Because you maybe have configured your firewall to log traffic and set ulog as log target, shorewall-init has "rc_after ulogd" to tell OpenRC: "When ulogd is scheduled to start in the same runlevel, start ulogd before" -- Otherwise you could lose some logs.

So this shouldn't be a shorewall-init problem. As shown, "rc_after ulogd" in shorewall-init is correct (if anybody thinks I am wrong, please correct me!).


Now the question is, if ulogd really needs net. I think that's the bug (see bug 439092). But because I am not really familiar with ulogd I am assigning this bug to "Coacher" (app-admin/ulogd maintainer).
Comment 2 Michael Rowell 2014-08-20 18:11:05 UTC
(In reply to Thomas D. from comment #1)
> shorewall-init should run in "boot" runlevel and will set each configured
> firewall (shorewall, shorewall6, shorewall-lite, shorewall6-lite) into the
> stop state, which should secure your machine before the real firewall (which
> often needs the physical network device) is able to start. 

[snipped]

> Now the question is, if ulogd really needs net. I think that's the bug (see
> bug 439092). But because I am not really familiar with ulogd I am assigning
> this bug to "Coacher" (app-admin/ulogd maintainer).

Shorewall-init is in "boot" runlevel on my system, and ulogd in "default". Commenting out the "need net" line in ulogd's initscript has resulted in no issues as far as I can see, and also apparently fixed the issue, but my system isn't fully set up yet so I haven't been able to properly test firewall logging.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2014-08-20 18:29:31 UTC
(In reply to Michael Rowell from comment #2)
> Shorewall-init is in "boot" runlevel on my system, and ulogd in "default".

Then I cannot reproduce your problem.

I ask this (and verified) today in #openrc. When serviceA has 'rc_after="serviceB"' but serviceB isn't scheduled to run in the same runlevel like serviceA, serviceA won't trigger serviceB nor wait for serviceB.

In other words: You shouldn't experience the problem you are reporting.

0) Undo your manual runscript modification.

1) Activate OpenRC logging, set 'rc_logger="YES"' in "/etc/rc.conf".

2) Please run "rc-update --update" to make sure OpenRC's dependency tree is up to date. Now please reboot, to test again.

If you are able to reproduce the problem again:

1) Which OpenRC version do you use?

2) Please show us the output of "rc-update"

3) Please show us your "/var/log/rc.log"



> Commenting out the "need net" line in ulogd's initscript has resulted in no
> issues as far as I can see, and also apparently fixed the issue, but my
> system isn't fully set up yet so I haven't been able to properly test
> firewall logging.

You don't need to modify the runscript. In "/etc/conf.d/ulogd" add 'rc_need="!net"' to remove the "net" dependency.
Comment 4 Coacher 2014-08-21 21:59:52 UTC
(In reply to Thomas D. from comment #1)
> Now the question is, if ulogd really needs net. I think that's the bug (see
> bug 439092). But because I am not really familiar with ulogd I am assigning
> this bug to "Coacher" (app-admin/ulogd maintainer).

No, ulogd really does not need net. Thanks for pointing this out.
Comment 5 Coacher 2014-08-21 22:22:24 UTC
Created attachment 383298 [details]
ulogd-2-ng.init

@proxy-maint, here is a fixed initscript. Also added some initscript love besides depend() adjustment. Please push this to the tree.

Here is a diff for convenience:

diff --git a/var/portage/app-admin/ulogd/files/ulogd-2-ng.init b/app-admin/ulogd/files/ulogd-2-ng.init
index a818ce2..ea590ca 100644
--- a/var/portage/app-admin/ulogd/files/ulogd-2-ng.init
+++ b/app-admin/ulogd/files/ulogd-2-ng.init
@@ -1,22 +1,23 @@
 #!/sbin/runscript
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/ulogd/files/ulogd-2-ng.init,v 1.1 2013/12/17 21:38:07 hwoarang Exp $
+# $Header: $

 ULOGD_PIDFILE="/run/ulogd.pid"
-ULOGD_EXEC="/usr/sbin/ulogd"
+ULOGD_BINARY="/usr/sbin/ulogd"
 ULOGD_OPTS="--daemon --uid ulogd --pidfile ${ULOGD_PIDFILE}"

 extra_started_commands="reload reopen_logs"

 depend() {
-       need net
+       before iptables ip6tables ebtables firewall
+       after mysql postgresql
 }

 start() {
        ebegin "Starting ${SVCNAME}"
-       start-stop-daemon --start --quiet \
-               --exec ${ULOGD_EXEC} \
+       start-stop-daemon --start \
+               --exec ${ULOGD_BINARY} --pidfile ${ULOGD_PIDFILE} \
                -- ${ULOGD_OPTS}
        eend $?
 }
Comment 6 Coacher 2014-08-21 22:39:07 UTC
Created attachment 383300 [details]
ulogd-2.init

ulogd-2.init with fixes as in the previous one.

@proxy-maint, please push this one as well.

Diff:

diff --git a/var/portage/app-admin/ulogd/files/ulogd-2.init b/app-admin/ulogd/files/ulogd-2.init
index 68718f3..958c92e 100644
--- a/var/portage/app-admin/ulogd/files/ulogd-2.init
+++ b/app-admin/ulogd/files/ulogd-2.init
@@ -1,25 +1,26 @@
 #!/sbin/runscript
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/ulogd/files/ulogd-2.init,v 1.3 2014/04/27 09:57:27 hwoarang Exp $
+# $Header: $

 ULOGD_PIDFILE="/run/ulogd.pid"
-ULOGD_EXEC="/usr/sbin/ulogd"
+ULOGD_BINARY="/usr/sbin/ulogd"
 ULOGD_OPTS="-u ulogd"

 extra_started_commands="reload reopen_logs"

 depend() {
-       need net
+       before iptables ip6tables ebtables firewall
+       after mysql postgresql
 }

 start() {
        ebegin "Starting ${SVCNAME}"
-       start-stop-daemon --start --quiet \
+       start-stop-daemon --start \
                --make-pidfile \
                --pidfile ${ULOGD_PIDFILE} \
                --background \
-               --exec ${ULOGD_EXEC} \
+               --exec ${ULOGD_BINARY} \
                -- ${ULOGD_OPTS}
        eend $?
 }
Comment 7 Coacher 2014-08-22 08:56:13 UTC
Created attachment 383336 [details]
ulogd-2.init

A bit more love for ulogd-2.init. This is final version.

Diff:

diff --git a/var/portage/app-admin/ulogd/files/ulogd-2.init b/app-admin/ulogd/files/ulogd-2.init
index 68718f3..dee3543 100644
--- a/var/portage/app-admin/ulogd/files/ulogd-2.init
+++ b/app-admin/ulogd/files/ulogd-2.init
@@ -1,25 +1,26 @@
 #!/sbin/runscript
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/ulogd/files/ulogd-2.init,v 1.3 2014/04/27 09:57:27 hwoarang Exp $
+# $Header: $

 ULOGD_PIDFILE="/run/ulogd.pid"
-ULOGD_EXEC="/usr/sbin/ulogd"
-ULOGD_OPTS="-u ulogd"
+ULOGD_BINARY="/usr/sbin/ulogd"
+ULOGD_OPTS="--uid ulogd"

 extra_started_commands="reload reopen_logs"

 depend() {
-       need net
+       before iptables ip6tables ebtables firewall
+       after mysql postgresql
 }

 start() {
        ebegin "Starting ${SVCNAME}"
-       start-stop-daemon --start --quiet \
+       start-stop-daemon --start \
                --make-pidfile \
                --pidfile ${ULOGD_PIDFILE} \
                --background \
-               --exec ${ULOGD_EXEC} \
+               --exec ${ULOGD_BINARY} \
                -- ${ULOGD_OPTS}
        eend $?
 }
Comment 8 Yixun Lan archtester gentoo-dev 2014-08-22 10:32:22 UTC
+  22 Aug 2014; Yixun Lan <dlan@gentoo.org> files/ulogd-2-ng.init,
+  files/ulogd-2.init:
+  bug 520294, fix init script issue. proxy for itumaykin at gmail.com

hello @itumaykin, mind you provide your full name? I could add it to metadata.xml
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2014-08-22 10:41:30 UTC
Looks like I am too late, but for any runscript update in future I recommend that you will look at "man openrc-run":

You don't need

- ULOGD_PIDFILE
- ULOGD_BINARY

Just define "command", "pidfile" variable, remove your custom start/stop function end enjoy OpenRC's default start/stop function *including* a working status function.

See http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1?view=markup to get an idea.


@ Michael Rowell:
My question from https://bugs.gentoo.org/show_bug.cgi?id=520294#c3 is still open. If you are able to reproduce the problem please open a new bug against OpenRC.
Comment 10 Coacher 2014-08-22 11:06:18 UTC
(In reply to Thomas D. from comment #9)
> Looks like I am too late, but for any runscript update in future I recommend
> that you will look at "man openrc-run":

Where is it?

$ man openrc-run
No manual entry for openrc-run
$ equery l -p openrc
 * Searching for openrc ...
[IP-] [  ] sys-apps/openrc-0.12.4:0
[-P-] [ ~] sys-apps/openrc-0.13:0
[-P-] [ -] sys-apps/openrc-9999:0

> You don't need
> 
> - ULOGD_PIDFILE
> - ULOGD_BINARY
> 
> Just define "command", "pidfile" variable, remove your custom start/stop
> function end enjoy OpenRC's default start/stop function *including* a
> working status function.
> 
> See
> http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-admin/rsyslog/
> files/7-stable/rsyslog.initd-r1?view=markup to get an idea.

These are nice features I was not aware of, thanks. No mention of them in initscript section of handbook or start-stop-daemon man. Where can I get more info?

Also 'pidfile' variable is not so useful, as it cannot be adjusted through conf.d. rsyslog init actually has to create RSYSLOG_PIDFILE for this purpose. 'command' variable is useful though.

My initscript was inspired by net-misc/openssh one, which I used for reference at the time.
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2014-08-22 11:10:58 UTC
OpenRC 0.13 is current :)

Before openrc-0.13 it is "man runscript".
Comment 12 Coacher 2014-08-23 21:13:06 UTC
(In reply to Yixun Lan from comment #8)
> +  22 Aug 2014; Yixun Lan <dlan@gentoo.org> files/ulogd-2-ng.init,
> +  files/ulogd-2.init:
> +  bug 520294, fix init script issue. proxy for itumaykin at gmail.com

Thank you.

> hello @itumaykin, mind you provide your full name? I could add it to
> metadata.xml

I'd prefer to keep it just itumaykin@gmail.com. My bugzilla nickname (Coacher) is a suitable replacement for full name, I think.

I have one more thing to ask from @proxy-maint.
Please remove ulogd-2.0.2 from tree, i.e. remove ulogd-2.0.2.ebuild, files/ulogd-2.init, files/ulogd-2.0.2-automagic.patch.

ulogd-2.0.2 has problems with automagic and pidfile handling and I've wanted for it to be removed for a long time. Now, ulogd-2.0.3 has gone stable, so ulogd-2.0.2 can safely be removed.
Comment 13 Coacher 2014-08-23 21:14:27 UTC
(In reply to Thomas D. from comment #11)
> OpenRC 0.13 is current :)

Not on amd64;)

> Before openrc-0.13 it is "man runscript".

Thanks!
Comment 14 Michael Rowell 2014-08-24 00:40:26 UTC
(In reply to Thomas D. from comment #9)
> @ Michael Rowell:
> My question from https://bugs.gentoo.org/show_bug.cgi?id=520294#c3 is still
> open. If you are able to reproduce the problem please open a new bug against
> OpenRC.

Unfortunately my primary development machine is dead. I have a new one with a Gentoo virtual machine, but I have not found the time to mess with it. I will get back to you when I can.
Comment 15 Sergey Popov (RETIRED) gentoo-dev 2014-08-26 08:46:30 UTC
+  26 Aug 2014; Sergey Popov <pinkbyte@gentoo.org> -ulogd-2.0.2.ebuild,
+  -files/ulogd-2.0.2-automagic.patch, -files/ulogd-2.init:
+  Drop old version as requested by proxied maintainer
Comment 16 Coacher 2014-08-26 16:08:27 UTC
(In reply to Sergey Popov from comment #15)
> +  26 Aug 2014; Sergey Popov <pinkbyte@gentoo.org> -ulogd-2.0.2.ebuild,
> +  -files/ulogd-2.0.2-automagic.patch, -files/ulogd-2.init:
> +  Drop old version as requested by proxied maintainer

Thanks.