systemctl versus service
Robert Moskowitz
rgm at htt-consult.com
Thu Apr 17 18:07:33 UTC 2014
So for a number of versions, 'service' has been a front end to
'systemctl'. I have a service I am testing the Host Identity Protocol,
and the HIPL implementation: http://infrahip.hiit.fi/ that is still
built around 'service'. And they maintain binaries for a number of
distros, including Centos that do not yet (if ever?) use 'systemctl'.
Now I amy not have all the terms right, but that is pretty close to the
challenge.
On my Fedora 20 system, the services come up real slow. In fact I get
errors that they failed, even though they are working! Or at least they
are testing out properly. For example, when I start the HIP firewall I get:
# service hipfw start
Starting hipfw (via systemctl): Job for hipfw.service failed. See
'systemctl status hipfw.service' and 'journalctl -xn' for details.
[FAILED]
This takes a LONG time until the failed message appears. 'ps axu|grep
hip' shows the service is running. but status shows:
hipfw.service - SYSV: HIPL firewall daemon
Loaded: loaded (/etc/rc.d/init.d/hipfw)
Active: failed (Result: timeout) since Thu 2014-04-17 12:51:05 EDT; 1h
0min ago
Process: 2029 ExecStart=/etc/rc.d/init.d/hipfw start (code=exited,
status=0/SUCCESS)
CGroup: /system.slice/hipfw.service
└─2031 /usr/sbin/hipfw -bklpF
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(hipfw/helpers.c:97 at system_print) $ ip6tables -I HIPFW-FORWARD -p
139 -j DROP -> 0
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(hipfw/helpers.c:97 at system_print) $ iptables -I INPUT -j
HIPFW-INPUT -> 0
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(hipfw/helpers.c:97 at system_print) $ iptables -I OUTPUT -j
HIPFW-OUTPUT -> 0
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(hipfw/helpers.c:97 at system_print) $ iptables -I FORWARD -j
HIPFW-FORWARD -> 0
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(hipfw/helpers.c:97 at system_print) $ ip6tables -I INPUT -j
HIPFW-INPUT -> 0
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(hipfw/helpers.c:97 at system_print) $ ip6tables -I OUTPUT -j
HIPFW-OUTPUT -> 0
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(hipfw/helpers.c:97 at system_print) $ ip6tables -I FORWARD -j
HIPFW-FORWARD -> 0
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(libcore/message.c:319 at sendto_hipd) Sending user message 16 to HIPD
on socket 4
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(libcore/message.c:323 at sendto_hipd) Sent 40 bytes
Apr 17 12:46:05 ee900.htt-consult.com hipfw[2031]:
debug(libcore/message.c:400 at send_recv_info_internal) Waiting to receive
daemon info.
Apr 17 12:51:05 ee900.htt-consult.com systemd[1]: hipfw.service
operation timed out. Terminating.
Apr 17 12:51:05 ee900.htt-consult.com systemd[1]: Failed to start SYSV:
HIPL firewall daemon.
Apr 17 12:51:05 ee900.htt-consult.com systemd[1]: Unit hipfw.service
entered failed state.
Well the HIPL developers are looking into supporting systemctl method,
but for the present, I need the start not to take so long (and I am
talking minutes here, not a few extra seconds until the failed message).
So is there some option I could use in 'systemctl start hipfw.service'
that will cut down the start time, even if there are some warnings?
thanks
More information about the users
mailing list