#StackBounty: #systemd #resolv.conf #systemd-networkd Add DNS options to systemd-resolved /etc/resolv.conf

Bounty: 50

I am using systemd-networkd and systemd-resolved. I have /etc/resolv.conf being a symlink to /run/systemd/resolve/stub-resolv.conf as recommended.

I guess that /run/systemd/resolve/stub-resolv.conf must be auto-generated, so I would like to know if there is a way to add custom DNS options so the generated file includes them. I’m talking about options like this one: options single-request-reopen.


Get this bounty!!!

#StackBounty: #systemd #services #udev #dhcpd Taking an action after connecting a USB-to-Ethernet adapter

Bounty: 50

When I connect a USB-to-Ethernet adapter (that has been previously used), I receive a MAC address, and then if there’s something connected on the other end I receive also an IP address (192.168.1.1 in my case). On the other end there are various instruments that wait for a DHCP server to give them an IP.

The problem is that the DHCP server refuses to start if the subnet is not found, so it cannot be launched before the connection is up. How can I do systemctl restart isc-dhcp-server.service after I receive the IP 192.168.1.1 ?

I thought of using a udev rule with ATTR{address}=="f0:1f:af:3d:6c:e7" RUN+="systemctl restart isc-dhcp-server.service" but it runs before the IP is assigned. Is there a udev option I can use or do I have to use another method via systemd or NetworkManager or other ?


Get this bounty!!!

#StackBounty: #systemd #systemd-journald #yocto #systemctl #journalctl systemd-journald persistent logs do not work with bind mount /va…

Bounty: 200

I am using Yocto to produce a custom image for a small embedded Linux system with SystemD Version 241. The root file system is Read-Only. I am using bind mounts and overlayfs to make the /var/log/journal directory exist on a seperate Read/Write partition. I have a problem where systemd-journald gets “Amnesia” and does not remember previous boot logs, even though they are on the persistent Read/Write filesystem. This means journal cannot access or clean older log files from previous boots, even though the log files are present and valid on the filesystem.

Yocto volatile binds

# Setup overlayfs binds for various RW files
VOLATILE_BINDS_append = " 
    /persistent-storage/var/log /var/logn
"

The path /var/log exists:

root@me:/var/log# cd /var/log/
root@me:/var/log# ls -lrt
total 9
drwxr-xr-x 2 root root            1024 Jun  3 01:50 nginx
-rw-r--r-- 1 root root            5260 Jun  9 17:56 messages
drwxr-sr-x 5 root systemd-journal 1024 Jun  9 18:00 journal
root@me:/var/log# ls -lrt journal/
total 3
drwxr-sr-x 2 root systemd-journal 1024 Jun  9 17:56 5f6085cd81114e8688cf23b3bb91933e
drwxr-sr-x 2 root systemd-journal 1024 Jun  9 17:57 de59603d1ea24e7582ed7d7ed3ac8fb0
drwxr-sr-x 2 root systemd-journal 1024 Jun  9 18:00 0c34cc794e6c4241a75774bbb8324102

I have a journald config file fragment in /lib/systemd/journald.conf.d/10-persistent-journal.conf that looks like this:

# By default the maximum use limit (SystemMaxUse) is 10% of the filesystem, and the minimum
# free space (SystemKeepFree) value is 15% - though they are both capped at 4G.
# The journals should be rotated automatically when they reach the SystemMaxFileSize value,
# and the number of journals is controlled by SystemMaxFiles. If you prefer time based
# rotation you can set a MaxFileSec to set the maximum time entries are stored in a single journal.
[Journal]
Storage=persistent
SystemMaxFileSize=128M
SystemMaxFiles=10
SystemMaxUse=256M
SystemKeepFree=256M
SyncIntervalSec=30

The problem is that even though I reboot several times, and journald successfully finds and writes logs to /var/log/journal, it can never find previous logs and has no knowledge about previous boot logs. This means I cannot vacuum previous logs and my partition runs out of space even though journald should maintain 50% of the partition free.

root@me:/# journalctl --list-boots
0 82fef865e29e481aae27bd247c10e591 Tue 2020-06-09 18:00:12 UTC—Tue 2020-06-09
 18:15:23 UTC

Even though:

root@me:/# ls -lrt /var/log/journal/
total 3
drwxr-sr-x 2 root systemd-journal 1024 Jun  9 17:56 5f6085cd81114e8688cf23b3bb91933e
drwxr-sr-x 2 root systemd-journal 1024 Jun  9 17:57 de59603d1ea24e7582ed7d7ed3ac8fb0
drwxr-sr-x 2 root systemd-journal 1024 Jun  9 18:00 0c34cc794e6c4241a75774bbb8324102

Also, the following commands work:

root@me:/# journalctl -b 0
<information>
root@me:/# journalctl -b 1
<information>

root@me:/# journalctl -b 2
Data from the specified boot (+2) is not available: No such boot ID in journal

I read this post: Can be the journal path on a filesystem other than /?. And I tried the following mount file, however I see exactly the same behavior:

[Unit]
Description=Persistent Journal Storage Bind

[Mount]
What=/anotherfs/journal
Where=/var/log/journal
Type=none
Options=bind

[Install]
WantedBy=local-fs.target

What am I doing wrong and how can I get journald to work with persistent logs on a bind mount system?


Get this bounty!!!

#StackBounty: #bash #systemd #tty Can many script instances write to tty (parallel)?

Bounty: 50

I have recently migrated my upstart scripts to systemd, unlike upstart, I don’t
see any output on the tty for services being started/stopped. To get that visual
feedback, I added something like

      echo "Starting $UNIT_NAME" > $MYTTY

Where the MYTTY is an environment variable I am setting from output of tty command.
I have 20 odd services but somehow not all messages were appearing on my tty. So I changed
the line (just to check) to:

      echo "Starting $UNIT_NAME" | write myuser $MYTTY

And with this, I see all the messages being displayed! (of course, with the additional
Message from <user>@<hostname> on <term> at <time> ... EOF

Just to check if write is doing something special, I checked the code in bsdutils and
I didnt find anything special, its just writing character by character (with some handling
for special chars and CR, LF)

What is wrong with :

      echo "Starting $UNIT_NAME" > $MYTTY

?
I also tried:

      echo -e "Starting $UNIT_NAMErb" > $MYTTY

etc. But still I don’t see messages from all the services on the screen!
Is it because systemd starts up all services in parallel that some
writes to the tty vanish !?



Get this bounty!!!

#StackBounty: #mysql #20.04 #systemd Cannot increase MySQL table_open_cache in Ubuntu 20.04

Bounty: 50

I’ve read both of these related questions and still stuck:

MySQL table_open_cache is set to 8000 in /etc/mysql/mysql.conf.d/mysqld.cnf and this value is not defined in any of the other loaded cnf files:

table_open_cache = 8000

Also, in /lib/systemd/system/mysql.service I have the default entry:

LimitNOFILE=10000

When I query variables from the cli I still get this:

mysql> show variables like 'table_open_cache';
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| table_open_cache | 4745  |
+------------------+-------+

Also there’s this:

$ ulimit -n
1024

Which is confusing because if the open files limit was being restricted by system shouldn’t I be capped at 1024 instead of 4745? I don’t understand where 4745 is even coming from.

Can someone please explain what’s going on here? Is this a MySQL configuration problem or a limit being imposed by the operating system? I just migrated from Ubuntu 16.04 with nearly identical config and this was not a problem before.

OS is Ubuntu 20.04. MySQL version is 8.0.20.


Get this bounty!!!

#StackBounty: #ubuntu #systemd Systemd: How to load LUKS passphrase from USB, falling back to keyboard?

Bounty: 50

I want to set up a headless GNU/Linux (Ubuntu 20.04) PC with full disk encryption, with the ability to unlock the disks either with a USB drive, or by entering a passphrase by keyboard. My starting point is a fresh install using the basic full disk encryption option in the installer, which manages everything besides /boot as a LUKS-encrypted logical volume group and gives me the keyboard option.

It would be ideal to me if I could simply have a small USB stick
containing a passphrase that will unlock the disks. Not only would that
be handy for servers (where you could leave the USB stick in the
server – the goal is to be able to return broken harddisks without
having to worry about confidential data), it would also be great for
my laptop: Insert the USB stick when booting and remove it after
unlocking the cryptodisk. And if the USB-disk breaks, use the keyboard.

How can this be done in a way that will work on a system that runs systemd?

(And if this question seems familiar it is due to: https://stackoverflow.com/a/23451824/363028 – which solved the problem, but is incompatible with systemd.)

Background

On my non-systemd system I use this patch https://gitlab.com/ole.tange/tangetools/tree/master/decrypt-root-with-usb

It searches the root dir of all
devices for the file ‘cryptkey.txt’ and try decrypting with each line
as a key. If that fails: Revert to typing in the pass phrase.

And it works exactly how I want, but systemd breaks this, so I cannot use this (at least not directly).


Get this bounty!!!

#StackBounty: #systemd #services #daemon Debugging systemd service

Bounty: 50

I’m trying to create a daemon to monitor my system’s CPU temps and adjust the clock-rate if it gets too high, but I’ve never written a daemon before and I’m not sure I’ve done any of it right.

I created two files in a folder inside of /usr/local/lib as according to the file-heirarchy, called throttle_daemon inside of which is throttle_daemon and throttle_daemon.service, then I linked throttle_daemon.service to /etc/systemd/system/throttle_daemon.service.

This is the throttle_daemon

# !/bin/bash

export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
export DISPLAY=:1

CPU_TEMP=$(sensors -f | grep -Po "Tdie:s*+d+" | grep -Po "d+")

# su - aaron -c "/usr/bin/notify-send 'CPU Throttle Daemon' 'CPU Temp is $CPU_TEMP'"

if [ $CPU_TEMP -ge 140 ]; then
    su - aaron -c "notify-send 'CPU Throttle Daemon' 'Throttling CPU'"
    touch /var/tmp/throttle.flag
    for cpu in /sys/devices/system/cpu/cpu*/; do
        cpu=${cpu%*/}  # Remove the trailing "/"
        echo "3200000" | sudo tee "$cpu/cpufreq/scaling_max_freq"
    done
elif [ $CPU_TEMP -le 113 ]; then
    if [ -f /var/tmp/throttle.flag ]; then
        su - aaron -c "notify-send 'CPU Throttle Daemon' 'Un-Throttling CPU'"
        for cpu in /sys/devices/system/cpu/cpu*/; do
            cpu=${cpu%*/}  # Remove the trailing "/"
            echo "3600000" | sudo tee "$cpu/cpufreq/scaling_max_freq"
        done
        rm /var/tmp/throttle.flag
    fi
fi

And my throttle_daemon.service

[Unit]
Description="CPU Throttle Service"

[Service]
Type=simple
BusName=unix:path=/run/usr/1000/bus
NotifyAccess=all
Restart=always
RestartSec=1s
Environment=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/run/user/1000/bus
ExecStart=/usr/local/lib/throttle_daemon/throttle_daemon

[Install]
WantedBy=multi-user.target

When I run the script from the command line using watch -n 1 sudo ./throttle_daemon it works as expected, but not when I set up the service. When I call sudo systemctl start throttle_daemon.service nothing errors out, but it also doesn’t do anything.

I expected notify-send to ping me every second with the current temperature that my cpu is at, why isn’t it?


Get this bounty!!!

#StackBounty: #18.04 #systemd #stdout systemd service output to terminal/pty

Bounty: 50

I am not able to figure out what option to pass in StandardOutput= for a
unit file (.service), where I want to show some messages on the connected terminal
from where the service is started! (console/tty doesn’t seem to be what I want)

Maybe /etc/systemd/system.conf‘s global default DefaultStandardOutput=journal can be changed, but I don’t want to do that!
I am only interested in showing some progress/startup messages from my unit file
(like systemd-run -P)

I am on Ubuntu 18.04.2

# systemd --version
systemd 237


Get this bounty!!!

#StackBounty: #systemd #namespace Extra mount points for systemd service

Bounty: 50

I am trying to set up a systemd service which needs to have access to a filesystem I don’t normally want mounted (in case it’s relevant, I want to set up Snapper on btrfs, but want to use a flat subvolume layout as described in various places eg. here, and want .snapshots directories to be unmounted for everything else).

I know it’s possible to give the service its own private mount namespace, but most of the documentation talks about restricting access to data that’s usually available, not granting access to something that usually isn’t. How can I ensure that Snapper will have mounts that the rest of the system will not?

Edit: Of course I can replace the Exec= value with a script that mounts the filesystem and then does runs the main thing, but that’s inelegant in various ways (for one thing, the example above isn’t the only time I want to do this, and the other time I don’t want the main service to run as root and I’d need to manually change that too instead of just using User=). If I do go that route, though, would I need the script to also unmount the filesystem, or would systemd clean that up automatically?


Get this bounty!!!

#StackBounty: #server #systemd #systemd-journald Avoid systemd unit (service) to be logged in journal

Bounty: 50

To produce metrics on some disks I have setup a systemd.timer + systemd.service

That timer spins up every 10 seconds, and I would like to avoid my journal be spammed every time this small script get spawned and then succedes.

Journal writes multiple lines like that

Jan 04 17:21:31 hostname systemd[1]: personal.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit personal.service has successfully entered the 'dead' state.

Moreover there is an audit on every service start

Jan 04 17:22:31 hostname audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=personal comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 04 17:22:31 hostname kernel: audit: type=1131 audit(1578158551.035:11612): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=personal comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'


Get this bounty!!!