1. When attaching a service with an extension, the portablectl list
shows the base image as 'attached' but the extension as 'detached'. Is
the 'detached' state expected or an indication that something is
wrong?
shows the base image as 'attached' but the extension as 'detached'. Is
the 'detached' state expected or an indication that something is
wrong?
You can expect a detached state because the extension is not actually running in the same process as the base image. The extension is has a different PID, but they share the same memory region.
> 3. What are some approaches to debugging problems with the service's
> environment? Two examples of problems I encountered were 1) the base
> image was missing a library the extension depended upon
> environment? Two examples of problems I encountered were 1) the base
> image was missing a library the extension depended upon
That's a weird problem. Don't laugh, but I ran into a situation where the libraries were installed, but the systemd source code was missing. I'm not sure what a good version of the source code should be. I think I might be referring to an earlier comment. My only suggestion would be to use portablectl debug but you are probably already doing that.
If you use systemd-run, Here is a template for a systemd service file that might help you.
[Unit] Description=My service
[Service] Type=oneshot ExecStart=/usr/bin/systemd-run --scope --rootimage=/path/to/root/image --extensionimages=/path/to/extension/image /usr/bin/my-command
[Install] WantedBy=multi-user.target
Benjamin Godfrey
On Fri, May 5, 2023 at 5:00 AM <systemd-devel-request@xxxxxxxxxxxxxxxxxxxxx> wrote:
Send systemd-devel mailing list submissions to
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
or, via email, send a message with subject or body 'help' to
systemd-devel-request@xxxxxxxxxxxxxxxxxxxxx
You can reach the person managing the list at
systemd-devel-owner@xxxxxxxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of systemd-devel digest..."
Today's Topics:
1. portable service questions (Chuck Tuffli)
2. Re: portable service questions (Luca Boccassi)
----------------------------------------------------------------------
Message: 1
Date: Thu, 4 May 2023 12:52:16 -0700
From: Chuck Tuffli <ctuffli@xxxxxxxxx>
To: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: portable service questions
Message-ID:
<CAKAYmMK0g_EcgkaHe7k2bzdEf4ON1COo+z3K5x9TuKcoDKOEOQ@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="UTF-8"
I basically have portable service extensions working, but in the
process, there are a few questions that came up.
1. When attaching a service with an extension, the portablectl list
shows the base image as 'attached' but the extension as 'detached'. Is
the 'detached' state expected or an indication that something is
wrong?
2. When using the default profile, systemd attaches a writable /tmp
and /var/tmp. But the trusted profile doesn't attach either. From
looking at the code, this appears to be expected. For read-only
service images running with the trusted profile, is there a way to get
a writable tmp directories or is the expectation that the base image
is writable?
3. What are some approaches to debugging problems with the service's
environment? Two examples of problems I encountered were 1) the base
image was missing a library the extension depended upon and 2) the
service couldn't create configuration files because of a missing
directory. In both cases, I replaced the ExecStart with 'sleep 1d' and
used 'nsenter --target $(pidof sleep)' to investigate the environment
and figure out where I goofed. Is there a better way to do this?
Thanks!
--chuck
------------------------------
Message: 2
Date: Thu, 4 May 2023 22:27:26 +0100
From: Luca Boccassi <luca.boccassi@xxxxxxxxx>
To: Chuck Tuffli <ctuffli@xxxxxxxxx>
Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: portable service questions
Message-ID:
<CAMw=ZnTjRYQ1rP3jh0utiwAfP9Jm_PmKvSLe4FF+ry8-ZuJDYQ@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="UTF-8"
On Thu, 4 May 2023 at 22:00, Chuck Tuffli <ctuffli@xxxxxxxxx> wrote:
>
> I basically have portable service extensions working, but in the
> process, there are a few questions that came up.
>
> 1. When attaching a service with an extension, the portablectl list
> shows the base image as 'attached' but the extension as 'detached'. Is
> the 'detached' state expected or an indication that something is
> wrong?
That's a known issue, it's just cosmetic
> 2. When using the default profile, systemd attaches a writable /tmp
> and /var/tmp. But the trusted profile doesn't attach either. From
> looking at the code, this appears to be expected. For read-only
> service images running with the trusted profile, is there a way to get
> a writable tmp directories or is the expectation that the base image
> is writable?
This was changed recently and now every profile has a private /tmp
> 3. What are some approaches to debugging problems with the service's
> environment? Two examples of problems I encountered were 1) the base
> image was missing a library the extension depended upon and 2) the
> service couldn't create configuration files because of a missing
> directory. In both cases, I replaced the ExecStart with 'sleep 1d' and
> used 'nsenter --target $(pidof sleep)' to investigate the environment
> and figure out where I goofed. Is there a better way to do this?
Use systemd-run and pass it RootImage and ExtensionImages and you can
do whatever you want, even getting a shell, in an identical
environment
------------------------------
Subject: Digest Footer
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
------------------------------
End of systemd-devel Digest, Vol 157, Issue 4
*********************************************
