[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #33015 [Internal Services/Tor Sysadmin Team]: turn rc.local into a systemd service

To: undisclosed-recipients: ;
Subject: [tor-bugs] #33015 [Internal Services/Tor Sysadmin Team]: turn rc.local into a systemd service
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 21 Jan 2020 15:28:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 21 Jan 2020 10:29:05 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#33015: turn rc.local into a systemd service
-----------------------------------------------------+-----------------
     Reporter:  anarcat                              |      Owner:  tpa
         Type:  task                                 |     Status:  new
     Priority:  Low                                  |  Milestone:
    Component:  Internal Services/Tor Sysadmin Team  |    Version:
     Severity:  Major                                |   Keywords:
Actual Points:                                       |  Parent ID:
       Points:                                       |   Reviewer:
      Sponsor:                                       |
-----------------------------------------------------+-----------------
 We have a somewhat strange `rc.local` configuration file which does this:

 {{{
 #!/bin/bash

 ##
 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
 ## USE: git clone
 git+ssh://$USER@xxxxxxxxxxxxxxxxx/srv/puppet.debian.org/git/dsa-puppet.git
 ##

 if [ -e /proc/sys/kernel/modules_disabled ]; then
         ( sleep 60;
           echo 1 > /proc/sys/kernel/modules_disabled || true
         ) & disown
 fi

 touch /var/run/reboot-lock
 }}}

 Here's what it does, from what I can gather.

  1. If the kernel is so configured (if `/proc/sys/kernel/modules_disabled`
 is present) it will disable module loading, after a 60 seconds delay
  2. it creates the /var/run/reboot-lock file, which is used by other
 components to forbid reboots through a molly-guard hook

 Those are two independent purposes, of course.

 This, or at least the first part, should be replaced by a systemd service.
 This will make it easier to disable, which is necessary when we want to
 actually load modules. This is done in the buster upgrade process, for
 example, which says:

  5. Enable module loading (for ferm)

 {{{
 sed -i -e 's/.*modules_disabled/#&/' /etc/rc.local

 reboot

 export LC_ALL=C.UTF-8 &&
 sudo ttyrec -e screen /var/log/upgrade-buster.ttyrec.2
 }}}

 That `sed` line has a serious bug which will make `rc.local` crash during
 the reboot. Instead of just "disabling the disabling", it actually mangles
 the shell script and turns the `if` block into this:

 {{{
 #if [ -e /proc/sys/kernel/modules_disabled ]; then
         ( sleep 60;
 #         echo 1 > /proc/sys/kernel/modules_disabled || true
         ) & disown
 fi
 }}}

 And while that hack could be fixed, it would be much easier, logical and
 understandable if it was written as (say) `systemctl disable module-
 disable`. There might even be existing service files that do this which we
 could use.

 The reboot lock, on its part, could be created by the systemd.tmpfiles
 mechanism.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33015>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #33015 [Internal Services/Tor Sysadmin Team]: turn rc.local into a systemd service
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #33015 [Internal Services/Tor Sysadmin Team]: turn rc.local into a systemd service
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #33015 [Internal Services/Tor Sysadmin Team]: turn rc.local into a systemd service
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #32705 [Core Tor/Tor]: test_practracker.sh python issues
Next by Author: Re: [tor-bugs] #32711 [Applications/GetTor]: Gitlab repository is full and can't be updated
Previous by thread: Re: [tor-bugs] #33014 [Core Tor/Tor]: Refactor hs configuration parsing
Next by thread: Re: [tor-bugs] #33015 [Internal Services/Tor Sysadmin Team]: turn rc.local into a systemd service
Index(es):
- Author
- Thread