Hi all, I'm a bit surprised that there's no reply to this fairly explosive idea. Maybe Nikos' text is too long, so let me summarize: tl;dr: the proposal is to start services immediately during installation (in %post), iff they are enabled in presets and the system is live (not a chroot or such). This would mean that e.g. after 'dnf install gpm' gpm would be running when dnf exits. Zbyszek On Mon, Apr 16, 2018 at 04:13:51PM +0200, Nikos Mavrogiannopoulos wrote: > In [0] it was reported that after installation of pcsc-lite in Fedora, > no smart cards were functioning at the system. After rebooting Fedora > everything was functioning as expected. > > The issue is that the pcsc daemon uses a socket-activated unit > which is installed by dnf, but not started (and hence the windows- > reminding behavior). > > The text on our default services [1] mentions that a service is > "enabled by default on package installation" though there is a > distinction between 'enable' and 'start'. > > The reason behind that is probably summarized in [2]: > > Why don't we start the service after installation? > > Installations can be in changeroots, in an installer context, or > > in other situations where you don't want the services started. > > which is understandable, but does not necessarily lead to good user > experience in Fedora. Zbigniew made a good summary of what needs to be > done for that to work [3]. > > What do you think overall, is that something that makes sense to > address in general, or in socket activated services only, or not at > all? > > regards, > Nikos > > [0]. https://bugzilla.redhat.com/show_bug.cgi?id=1545027 > > [1]. > https://fedoraproject.org/wiki/Packaging:DefaultServices > > [2]. https://fedoraproject.org/wiki/EPEL:SysVInitScripts?rd=Packaging:S > ysVInitScript#Why_don.27t_we > > [3]. https://bugzilla.redhat.com/show_bug.cgi?id=1545027#c29 > >

Dne 17.4.2018 v 07:46 Petr Pisar napsal(a): +1 Miroslav

On 2018-04-17, Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl&gt; wrote: You mean systemctl can talk to a systemd via /var/run/dbus/system_bus_socket. Ok. Does systemctl really check it is an indirect child of dnf and where that dnf installs to? You cannot get meaningful chroot path by calls from a chrooted process. Also you can execute "rpm --root /foo -i foo.rpm" without DNF. I cannot see how this second condition is meaningfully implemented. -- Petr

Dne 17.4.2018 v 09:23 Zbigniew Jędrzejewski-Szmek napsal(a): Hmm, this will work for Mock. Thou I am not sure about others environments. Miroslav

On Tue, Apr 17, 2018 at 09:23:24AM +0200, Jakub Jelen wrote: Yep, usability and all that. One step less is always good. My idea was to actually make this opt-out: if a service is enabled in presets, make the default scriptlet start it too, and then provide a new scriptlet that would give *current* behaviour and to opt-out of autostarting. Starting immediately should be OK for those services which satisfy the criteria for being enabled by default, and making this automatic and uniform would simplify things for users. Zbyszek

On Tue, Apr 17, 2018 at 09:44:45AM +0200, Lennart Poettering wrote: Pfff. Yes they are. See https://fedoraproject.org/wiki/Packaging:DefaultServices. Zbyszek

On Tue, Apr 17, 2018 at 12:41:15PM -0400, R P Herrold wrote: That's something that I haven't considered… Indeed, it is possible to imagine a scenario where package A has Requires: B, and B could be installed later in the transaction, hence it's not possible to start A.service in A's %post. To make this work, we could either require that maintainers of A add Requires(post): B, or delay the starting of services until the end of the transaction, using a transfiletrigger. This second approach is much more attractive. Actually we already od a delayed 'systemctl daemon-reload' after the transaction, and we could start the services after that. Thanks for pointing this out! Zbyszek

On Tue, Apr 17, 2018 at 04:01:04PM -0400, R P Herrold wrote: Yep, I did. Yes, I don't think we could deal with arbitrary complexity here. But all that stuff is not something that would be subject to being enabled by default anyway. And... ... the guidelines say that "if a service does not require manual configuration to be functional and does not listen on a network socket for connections originating on a separate physical or virtual machine [...] may be enabled by default" or "Some services which are permitted to be enabled by default as specific exceptions." So the default presets are mostly for services which are understood to be "safe" (for some definition of safe, it's always a judgement call, e.g. sshd is enabled by default). Another thing to consider is that after a service has been enabled, it is in principle always possible for the service to be started: - first, a machine might be restarted because of a power failure, kernel panic, or a user tripping over a cable, in which case the service will be started on reboot - second, a transaction might be started which pulls in the target which pulls in the service in question, and the service might be started as a side effect. So if a service is enabled by default and needs tuning before being started, this tuning better happen *before* the service is enabled, i.e. before the package is installed, if it will be enabled in %post. I see two scenarios: - one, you install from an image, w/o pulling updates from the network, restart the machine, and pull in updates. - two, you install w/ network access, pulling updates for any packages for the initial installation. In the second case, updated packages are installed, and in the first case, a reboot happens before the update, so any enabled services will be started. In both scenarios starting them immediately after installation doesn't change things. The use case is that for simple packages, it's simpler for the user if the service is available immediately. My initial example with gpm is actually good here: do "sudo dnf install -y gpm", move mouse, voilà. Also the case from https://bugzilla.redhat.com/show_bug.cgi?id=1545027: a user installs some daemon for smartcards, and expects it to be functional without rebooting. Zbyszek

On Tue, Apr 17, 2018 at 04:47:14PM -0400, R P Herrold wrote: That issue is orthogonal to the issue at hand. If it logs a spurious warning at every boot if installed, one extra warning after installation doesn't really matter. Zbyszek

On 04/17/2018 12:41 AM, Zbigniew Jędrzejewski-Szmek wrote: What if gpm is pulled in as a dependency? (gpm may not be the best example here, but Avahi definitely is pulled in as a dependency sometimes.) -- ======================================================================== Ian Pilcher arequipeno(a)gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ========================================================================

On Tue, Apr 17, 2018 at 2:53 PM, Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl&gt; wrote: It's very application and local configuration specific. The "nginx" software, for example, may expect some very real configuration dependencies before startup to avoid conflicting with an active webserver on the same port. When configuration tools like chef or ansible install new configurations, the default configuration may not even be compatible with what they have previously set up, and the service restart would thus fail.until the rest of the deployment is completed. But if the rpm installation reports failure because of the failed service start, the configuration software may never be able to get past that reported failure.

On 04/16/2018 10:41 PM, Zbigniew Jędrzejewski-Szmek wrote: Well, I marked it to reply to, but just hadn't gotten to it yet. ;) Not everyone can immediately answer list posts. :) So, as it is mentioned downthread the problems I see with this is: a) making sure we reliably detect if we are in a live system or not and b) services that have assumed our current behavior and are not useful, or are even insecure when started by default. I think a is solveable if it already hasn't been... For b, we will want to have a long ramp (so perhaps make this a 29 or even a f30 change) and just fix up these things that have problems starting / being usable / being secure when started right after install. I can see this being helpfull in some cases for sure. kevin

On Tue, 17 Apr 2018, Samuel Sieb wrote: I thing this is a mistaken assumption, and that we are moving into matters of sysadmin taste The SSHD is enabled by default, and likely to remain so We pre-inject a management key for root in a %post stanza of an install, but we still need to go in and add restrictions to keyed access only, down in /etc/sshd/ and IP range lockdowns The Rsyslogd is enabled by default, but has essentally useless default settings -- no Mark service, no UDP listener, local host loggin only -- Russ herrold