nixos/openldap: fix systemd rejecting notification#177084
Merged
Conversation
On one of the two machines I have running openldap, openldap failed to start due to a "timeout". Increasing the allowed startup delay didn't help. I noticed the following in logs: ``` openldap.service: Got notification message from PID 5224, but reception only permitted for main PID 5223 ``` It turns out that on this machine at least, openldap apparently sends the notification from a non-main process, which means that we need this NotifyAccess setting for systemd to record that it successfully started. Without it, after 30 seconds systemd kills the process because it didn't receive the sd_notify call. Somehow the other machine I have on nixos running ldap works fine even without this, but I could not figure out what changes the behavior. Given that AFAIU NotifyAccess still restricts to "from the cgroup of the service", I think this change should be safe.
github-actions
bot
added
6.topic: nixos
ofborg
bot
added
10.rebuild-darwin: 0
Ma27
approved these changes
Jun 13, 2022
Member
|
Using this fix for my personal openldap instance since I upgraded it to 22.05 👍 |
bjornfor
approved these changes
Jun 13, 2022
Member
|
Part of #176449 |
klemensn
approved these changes
Jun 13, 2022
13 tasks
1 task
Contributor
|
Successfully created backport PR #177520 for |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
On one of the two machines I have running openldap, openldap failed to start due to a "timeout". Increasing the allowed startup delay didn't help.
I noticed the following in logs:
It turns out that on this machine at least, openldap apparently sends the notification from a non-main process, which means that we need this NotifyAccess setting for systemd to record that it successfully started. Without it, after 30 seconds systemd kills the process because it didn't receive the sd_notify call.
Somehow the other machine I have on nixos running ldap works fine even without this, but I could not figure out what changes the behavior.
Given that AFAIU NotifyAccess still restricts to "from the cgroup of the service", I think this change should be safe.
Things done
systemd.services.openldap.serviceConfig.NotifyAccess = "all";This probably needs a backport to 22.05.
cc @mweinelt for review as you switched to type=notify recently :)