[Bug 1673860] Re: systemd-resolved unit should run Before=network-online.target
Ryan Harper
1673860 at bugs.launchpad.net
Fri Mar 31 18:56:20 UTC 2017
I just tested the zesty-proposed version and it works as expected.
% lxc launch ubuntu-daily:zesty z1
Creating z1
Starting z1
# confirm current version of systemd
% lxc exec z1 -- apt-cache policy systemd
systemd:
Installed: 232-19
Candidate: 232-19
Version table:
*** 232-19 500
500 http://archive.ubuntu.com/ubuntu zesty/main amd64 Packages
100 /var/lib/dpkg/status
# confirm that network-online.target is started before systemd-resolved
%3 lxc exec z1 -- journalctl --no-pager -o short-precise --unit systemd-resolved --unit network-online.target
-- Logs begin at Fri 2017-03-31 18:48:46 UTC, end at Fri 2017-03-31 18:48:54 UTC. --
Mar 31 18:48:51.485348 z1 systemd[1]: Reached target Network is Online.
Mar 31 18:48:51.519147 z1 systemd[1]: systemd-resolved.service: Failed to reset devices.list: Operation not permitted
Mar 31 18:48:51.526564 z1 systemd[1]: systemd-resolved.service: Failed to set invocation ID on control group /system.slice/systemd-resolved.service, ignoring: Operation not permitted
Mar 31 18:48:51.533523 z1 systemd[1]: Starting Network Name Resolution...
Mar 31 18:48:51.665835 z1 systemd-resolved[432]: Positive Trust Anchors:
Mar 31 18:48:51.670257 z1 systemd-resolved[432]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Mar 31 18:48:51.671291 z1 systemd-resolved[432]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Mar 31 18:48:51.672004 z1 systemd-resolved[432]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Mar 31 18:48:51.673770 z1 systemd-resolved[432]: Using system hostname 'z1'.
Mar 31 18:48:51.696484 z1 systemd-resolved[432]: Switching to system DNS server 10.245.119.1.
Mar 31 18:48:51.807829 z1 systemd[1]: Started Network Name Resolution.
# enable proposed
% lxc exec z1 -- sh -c 'echo "deb http://us.archive.ubuntu.com/ubuntu/ zesty-proposed main restricted" > /etc/apt/sources.list.d/zesty-proposed.list; apt update'
Hit:1 http://security.ubuntu.com/ubuntu zesty-security InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu zesty-proposed InRelease [240 kB]
Get:3 http://archive.ubuntu.com/ubuntu zesty InRelease [243 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 Packages [53.3 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu zesty-proposed/main Translation-en [26.3 kB]
Hit:6 http://archive.ubuntu.com/ubuntu zesty-updates InRelease
Get:7 http://archive.ubuntu.com/ubuntu zesty-backports InRelease [92.0 kB]
Get:8 http://archive.ubuntu.com/ubuntu zesty/main Sources [911 kB]
Get:9 http://archive.ubuntu.com/ubuntu zesty/multiverse Sources [188 kB]
Get:10 http://archive.ubuntu.com/ubuntu zesty/universe Sources [8481 kB]
Get:11 http://archive.ubuntu.com/ubuntu zesty/restricted Sources [5076 B]
Get:12 http://archive.ubuntu.com/ubuntu zesty/main amd64 Packages [1234 kB]
Get:13 http://archive.ubuntu.com/ubuntu zesty/universe amd64 Packages [8096 kB]
Get:14 http://archive.ubuntu.com/ubuntu zesty/universe Translation-en [4680 kB]
Get:15 http://archive.ubuntu.com/ubuntu zesty/multiverse amd64 Packages [158 kB]
Get:16 http://archive.ubuntu.com/ubuntu zesty/multiverse Translation-en [111 kB]
Fetched 24.5 MB in 19s (1267 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
43 packages can be upgraded. Run 'apt list --upgradable' to see them.
# show new systemd package from proposed
% lxc exec z1 -- apt-cache policy systemd
systemd:
Installed: 232-19
Candidate: 232-21ubuntu2
Version table:
232-21ubuntu2 500
500 http://us.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 Packages
*** 232-19 500
500 http://archive.ubuntu.com/ubuntu zesty/main amd64 Packages
100 /var/lib/dpkg/status
# upgrade systemd and reboot container
% lxc exec z1 -- sh -c 'apt -y install systemd && reboot'
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libnss-resolve libpam-systemd libsystemd0
Suggested packages:
systemd-ui systemd-container
The following packages will be upgraded:
libnss-resolve libpam-systemd libsystemd0 systemd
4 upgraded, 0 newly installed, 0 to remove and 39 not upgraded.
Need to get 2801 kB of archives.
After this operation, 6144 B disk space will be freed.
Get:1 http://us.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 libnss-resolve amd64 232-21ubuntu2 [114 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 libpam-systemd amd64 232-21ubuntu2 [115 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 systemd amd64 232-21ubuntu2 [2362 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 libsystemd0 amd64 232-21ubuntu2 [210 kB]
Fetched 2801 kB in 1s (1415 kB/s)
(Reading database ... 26516 files and directories currently installed.)
Preparing to unpack .../libnss-resolve_232-21ubuntu2_amd64.deb ...
Unpacking libnss-resolve:amd64 (232-21ubuntu2) over (232-19) ...
Preparing to unpack .../libpam-systemd_232-21ubuntu2_amd64.deb ...
Unpacking libpam-systemd:amd64 (232-21ubuntu2) over (232-19) ...
Preparing to unpack .../systemd_232-21ubuntu2_amd64.deb ...
Unpacking systemd (232-21ubuntu2) over (232-19) ...
Preparing to unpack .../libsystemd0_232-21ubuntu2_amd64.deb ...
Unpacking libsystemd0:amd64 (232-21ubuntu2) over (232-19) ...
Setting up libsystemd0:amd64 (232-21ubuntu2) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for libc-bin (2.24-7ubuntu2) ...
Setting up systemd (232-21ubuntu2) ...
addgroup: The group `systemd-journal' already exists as a system group. Exiting.
Setting up libnss-resolve:amd64 (232-21ubuntu2) ...
Processing triggers for man-db (2.7.6.1-2) ...
Processing triggers for dbus (1.10.10-1ubuntu2) ...
Setting up libpam-systemd:amd64 (232-21ubuntu2) ...
Processing triggers for libc-bin (2.24-7ubuntu2) ...
# check installed version after reboot
% lxc exec z1 -- apt-cache policy systemd
systemd:
Installed: 232-21ubuntu2
Candidate: 232-21ubuntu2
Version table:
*** 232-21ubuntu2 500
500 http://us.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
232-19 500
500 http://archive.ubuntu.com/ubuntu zesty/main amd64 Packages
# check unit ordering
% lxc exec z1 -- journalctl --no-pager -o short-precise --unit systemd-resolved --unit network-online.target
-- Logs begin at Fri 2017-03-31 18:54:56 UTC, end at Fri 2017-03-31 18:54:59 UTC. --
Mar 31 18:54:57.949660 z1 systemd[1]: systemd-resolved.service: Failed to reset devices.list: Operation not permitted
Mar 31 18:54:57.951958 z1 systemd[1]: systemd-resolved.service: Failed to set invocation ID on control group /system.slice/systemd-resolved.service, ignoring: Operation not permitted
Mar 31 18:54:57.952719 z1 systemd[1]: Starting Network Name Resolution...
Mar 31 18:54:58.047708 z1 systemd-resolved[433]: Positive Trust Anchors:
Mar 31 18:54:58.047730 z1 systemd-resolved[433]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Mar 31 18:54:58.047738 z1 systemd-resolved[433]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Mar 31 18:54:58.047780 z1 systemd-resolved[433]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Mar 31 18:54:58.048109 z1 systemd-resolved[433]: Using system hostname 'z1'.
Mar 31 18:54:58.049619 z1 systemd-resolved[433]: Switching to system DNS server 10.245.119.1.
Mar 31 18:54:58.168190 z1 systemd[1]: Started Network Name Resolution.
Mar 31 18:54:58.168593 z1 systemd[1]: Reached target Network is Online.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1673860
Title:
systemd-resolved unit should run Before=network-online.target
Status in systemd package in Ubuntu:
Fix Committed
Status in systemd source package in Xenial:
New
Status in systemd source package in Yakkety:
New
Bug description:
=== Begin SRU Template ===
[Impact]
For releases using systemd-resolved (yakkety and zesty); the unit
configuration does not require that the service be active before
allowing systemd to reach 'network-online.target' which is a special
target used to allow other units which require networking access to
run.
In some cases, units which run After=network-online.target may
encounter DNS failures if systemd-resolved is not yet completely
active.
The fix is to add Before=network-online.target to the Unit directives
for systemd-resolved.service.
[Test Case]
1. lxc launch ubuntu-daily:yakkety y1
2. lxc exec y1 -- journalctl -o short-precise \
--unit systemd-resolved --unit network-online.target
3. Check order of units; If 'Reached target Network is Online' is
listed before 'Started Network Name Resolution', then DNS may not
be up.
Example FAIL output:
# apt-cache policy systemd
systemd:
Installed: 231-9ubuntu3
Candidate: 231-9ubuntu3
Version table:
*** 231-9ubuntu3 500
500 http://archive.ubuntu.com/ubuntu yakkety-updates/main amd64 Packages
100 /var/lib/dpkg/status
231-9git1 500
500 http://archive.ubuntu.com/ubuntu yakkety/main amd64 Packages
# journalctl -o short-precise -u systemd-resolved -u network-online.target
-- Logs begin at Thu 2017-03-23 21:22:42 UTC, end at Thu 2017-03-23 21:22:49 UTC. --
Mar 23 21:22:47.173454 y1 systemd[1]: Reached target Network is Online.
Mar 23 21:22:47.197566 y1 systemd[1]: systemd-resolved.service: Failed to reset devices.list: Operation not permitted
Mar 23 21:22:47.198023 y1 systemd[1]: Starting Network Name Resolution...
Mar 23 21:22:47.207216 y1 systemd-resolved[438]: Positive Trust Anchors:
Mar 23 21:22:47.207265 y1 systemd-resolved[438]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde3
Mar 23 21:22:47.207319 y1 systemd-resolved[438]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-add
Mar 23 21:22:47.216370 y1 systemd-resolved[438]: Using system hostname 'y1'.
Mar 23 21:22:47.237441 y1 systemd-resolved[438]: Switching to system DNS server 10.245.119.1.
Mar 23 21:22:47.399614 y1 systemd[1]: Started Network Name Resolution.
Example PASS output:
# journalctl -o short-precise -u systemd-resolved -u network-online.target
-- Logs begin at Thu 2017-03-23 21:25:08 UTC, end at Thu 2017-03-23 21:25:11 UTC. --
Mar 23 21:25:10.206276 y1 systemd[1]: systemd-resolved.service: Failed to reset devices.list: Operation not permitted
Mar 23 21:25:10.206685 y1 systemd[1]: Starting Network Name Resolution...
Mar 23 21:25:10.229430 y1 systemd-resolved[445]: Positive Trust Anchors:
Mar 23 21:25:10.229449 y1 systemd-resolved[445]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde3
Mar 23 21:25:10.229491 y1 systemd-resolved[445]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-add
Mar 23 21:25:10.229759 y1 systemd-resolved[445]: Using system hostname 'y1'.
Mar 23 21:25:10.231969 y1 systemd-resolved[445]: Switching to system DNS server 10.245.119.1.
Mar 23 21:25:10.291591 y1 systemd[1]: Started Network Name Resolution.
Mar 23 21:25:10.291944 y1 systemd[1]: Reached target Network is Online.
[Regression Potential]
Changing order in boot can be dangerous. This is a possiblity of
units using the defaults in /etc/resolv.conf (which doesn't point to
systemd-resolved until later during boot) would now run when
/etc/resolv.conf points to systemd-resolved service (127.0.0.53).
[Original Description]
1) Xenial, Yakkety and Zesty; (Xenial is affected if you're using networkd and resolved, but it's not the default)
2) 229-4ubuntu16, 231-9ubuntu3, 232-18ubuntu1 respectively to (1)
3) DNS resolution should be available once systemd has reached 'network-online.target' state
4) Sometimes systemd-resolved has not become active prior to network-online.target and DNS service is not available.
The remaining issue for the systemd-resolved.service unit is that it
needs to include a Before=network-online.target to ensure it's ordered
to run before systemd reaches 'network-online.target'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1673860/+subscriptions
More information about the foundations-bugs
mailing list