libnss-ldap needs systemd service file.

Xen list at xenhideout.nl
Thu Oct 6 14:00:35 UTC 2016 

Colin Watson schreef op 06-10-2016 13:36:

> And yet you then go on to describe more or less how to do exactly that
> using ExecStop.  (Yes, this is technically "stop" rather than "start"
> and requires having a pseudo-service "started" before then, but I think
> that's an uninteresting matter of semantics; init scripts that are
> called on shutdown are called using the "stop" argument too.)

Always this criticism. This requires the services to be started first 
which then would be an extra requirement after installation, but I guess 
that is normal and it does raise the question: how to start it?

Lennart Poettering from SystemD (yes that's how I write it, before you 
comment) mentions that sysinit.target should not be used with 
defaultdependencies=yes but it's the only target that covers both 
basic.target and rescue.target, and *probably* multi-user.target also 
covers all instances of basic.target, but I can't be sure myself. It is 
irrelevant when you start it, in this case, as long as it is getting 
started...


> https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/tree/debian/systemd/ssh-session-cleanup.service
> is an example of a service that is started (or "stopped", whatever) on
> shutdown.  We don't actually use that service because it's superseded 
> by
> fixes in recent versions of libpam-systemd, but it does otherwise work.
> It has RemainAfterExit=yes and Type=oneshot refinements not found in
> your example.

I use Type=oneshot and RemainAfterExit=yes myself. I just cleaned it up 
not really knowing if it would still work ;-) because previously 
something using Simple didn't work. But I believed, maybe mistaken, ..oh 
right, well simple assumes the service is started once executed and 
oneshot will wait for it before continuing with other targets that 
depend on it. I guess simple assumes that the program will actually keep 
running. I wondered yesterday if there is ever a reason to use simple 
and if not everything should simply use oneshot and remainafterexit.

This is what SystemD does itself:

[Unit]
Documentation=man:systemd-sysv-generator(8)
SourcePath=/etc/init.d/libnss-ldap
Description=LSB: Updates /etc/ldap.conf
Before=shutdown.target
Conflicts=shutdown.target

[Service]
Type=forking
Restart=no
TimeoutSec=5min
IgnoreSIGPIPE=no
KillMode=process
GuessMainPID=no
RemainAfterExit=yes
ExecStart=/etc/init.d/libnss-ldap start
ExecStop=/etc/init.d/libnss-ldap stop

So forking. I guess our previous solutions is better. To 'prove' my 
case, here was my test service: :P

[Unit]
Description=Run script at shutdown and reboot
Before=umount.target

[Service]
Type=oneshot
ExecStart=/bin/true
ExecStop=/usr/bin/touch /usr/local/somefile.txt
RemainAfterExit=yes

[Install]
WantedBy=sysinit.target

Or something of the kind anyway ;-).

>   https://bugs.debian.org/808887

Thanks. That clarifies things. It seems the update-rc.d script was also 
designed the same way SystemD currently is: services must be started at 
start and finished at shutdown, and there are no services that 'start' 
at shutdown.

Simply because it uses the "K" state to signal "disabled" while it also 
means "kill" there is no solution.

I guess the most common way to do this that would also agree with 
SystemD would be:


[Unit]
Description=Ensure LDAP does not prevent the system from booting

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecStop=/usr/sbin/nssldap-update-ignoreusers

[Install]
WantedBy=multi-user.target rescue.target


However as said we could also add runlevel 1 and 2 as start levels (they 
alias to rescue.target and multi-user.target) and remove 1 as stop level 
(that wouldn't quite work for SystemD, but I'm not quite sure systemd 
ignores those levels):

--- libnss-ldap.orig    2016-10-06 15:42:27.991990056 +0200
+++ libnss-ldap 2016-10-06 15:45:48.921305843 +0200
@@ -4,8 +4,8 @@
  # Provides:          libnss-ldap
  # Required-Start:
  # Required-Stop:     mountall.sh
-# Default-Start:
-# Default-Stop:      0 1 6
+# Default-Start:     1 2
+# Default-Stop:      0 6
  # Short-Description: Updates /etc/ldap.conf
  # Description:       Updates nss_initgroups_ignoreusers based on
  #                    nss_initgroups_minimum_uid

The original script executes "stop" if runlevel 1 is activated. This one 
would only do so on reboot or shutdown. I guess the systemd solution is 
neater.

What description it should have, I don't know. However 
/lib/systemd/system/libnss-ldap.service is getting masked by 
/etc/init.d/libnss-ldap and I don't know why.

--- /dev/null   2016-10-05 16:00:45.941453351 +0200
+++ /lib/systemd/system/libnss-ldap-for-systemd.service 2016-10-06 
15:55:25.529763417 +0200
@@ -0,0 +1,11 @@
+[Unit]
+Description=Ensure LDAP does not prevent the system from booting
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecStop=/usr/sbin/nssldap-update-ignoreusers
+
+[Install]
+WantedBy=multi-user.target rescue.target

Just an idea you know.

I just thought it would be worth mentioning.

But I guess this services would also need to be started right after 
installation, or better yet, immediately run. If you were to reboot 
without shutting down you would end up with an unbootable system still.

In any case, thank you for your comments.

More information about the Ubuntu-devel-discuss mailing list