diff --git a/ic-os/components/boundary-guestos/etc/systemd/system/node_exporter.service b/ic-os/components/boundary-guestos/etc/systemd/system/node_exporter.service index cb553c170e7..9f7f90a9e67 100644 --- a/ic-os/components/boundary-guestos/etc/systemd/system/node_exporter.service +++ b/ic-os/components/boundary-guestos/etc/systemd/system/node_exporter.service @@ -1,6 +1,6 @@ [Unit] Description=Node Exporter -After=syslog.target network.target +After=network.target [Service] User=node_exporter diff --git a/ic-os/components/boundary-guestos/etc/systemd/system/setup-hostname.service b/ic-os/components/boundary-guestos/etc/systemd/system/setup-hostname.service index a1159d4104e..fb6af317bd6 100644 --- a/ic-os/components/boundary-guestos/etc/systemd/system/setup-hostname.service +++ b/ic-os/components/boundary-guestos/etc/systemd/system/setup-hostname.service @@ -1,6 +1,5 @@ [Unit] Description=Set up hostname -Before=systemd-networkd.target DefaultDependencies=no After=bootstrap-ic-node.service Before=systemd-networkd.service diff --git a/ic-os/components/early-boot/setup-hostname/hostos/setup-hostname.service b/ic-os/components/early-boot/setup-hostname/hostos/setup-hostname.service index ccda874e6c6..c9dcdab46bc 100644 --- a/ic-os/components/early-boot/setup-hostname/hostos/setup-hostname.service +++ b/ic-os/components/early-boot/setup-hostname/hostos/setup-hostname.service @@ -1,6 +1,5 @@ [Unit] Description=Set up hostname -Before=systemd-networkd.target DefaultDependencies=no Before=systemd-networkd.service After=systemd-tmpfiles-setup.service diff --git a/ic-os/components/early-boot/setup-hostname/setup-hostname.service b/ic-os/components/early-boot/setup-hostname/setup-hostname.service index a1159d4104e..ef457327100 100644 --- a/ic-os/components/early-boot/setup-hostname/setup-hostname.service +++ b/ic-os/components/early-boot/setup-hostname/setup-hostname.service @@ -1,9 +1,8 @@ [Unit] Description=Set up hostname -Before=systemd-networkd.target +Before=systemd-networkd.service DefaultDependencies=no After=bootstrap-ic-node.service -Before=systemd-networkd.service [Install] WantedBy=multi-user.target diff --git a/ic-os/components/guestos.bzl b/ic-os/components/guestos.bzl index d1e40f2bc88..5bf638bafc7 100644 --- a/ic-os/components/guestos.bzl +++ b/ic-os/components/guestos.bzl @@ -38,18 +38,18 @@ component_files = { Label("ic/ic.json5.template"): "/opt/ic/share/ic.json5.template", # init - Label("init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh"): "/opt/ic/bin/bootstrap-ic-node.sh", - Label("init/bootstrap-ic-node/guestos/bootstrap-ic-node.service"): "/etc/systemd/system/bootstrap-ic-node.service", - Label("init/setup-encryption/guestos/setup-encryption.sh"): "/opt/ic/bin/setup-encryption.sh", - Label("init/setup-encryption/guestos/setup-encryption.service"): "/etc/systemd/system/setup-encryption.service", - Label("init/setup-encryption/guestos/setup-var-encryption.sh"): "/opt/ic/bin/setup-var-encryption.sh", + Label("init/bootstrap-ic-node/bootstrap-ic-node.sh"): "/opt/ic/bin/bootstrap-ic-node.sh", + Label("init/bootstrap-ic-node/bootstrap-ic-node.service"): "/etc/systemd/system/bootstrap-ic-node.service", + Label("init/setup-encryption/setup-encryption.sh"): "/opt/ic/bin/setup-encryption.sh", + Label("init/setup-encryption/setup-encryption.service"): "/etc/systemd/system/setup-encryption.service", + Label("init/setup-encryption/setup-var-encryption.sh"): "/opt/ic/bin/setup-var-encryption.sh", Label("init/setup-lvs/setup-lvs.service"): "/etc/systemd/system/setup-lvs.service", Label("init/setup-lvs/guestos/setup-lvs.sh"): "/opt/ic/bin/setup-lvs.sh", # misc Label("misc/logging.sh"): "/opt/ic/bin/logging.sh", Label("misc/metrics.sh"): "/opt/ic/bin/metrics.sh", - Label("misc/serial-getty@/guestos/serial-getty@.service"): "/etc/systemd/system/serial-getty@.service", + Label("misc/serial-getty@/guestos/override.conf"): "/etc/systemd/system/serial-getty@.service.d/override.conf", Label("misc/chrony/chrony.conf"): "/etc/chrony/chrony.conf", Label("misc/chrony/chrony-var.service"): "/etc/systemd/system/chrony-var.service", Label("misc/vsock/10-vhost-vsock.rules"): "/etc/udev/rules.d/10-vhost-vsock.rules", @@ -88,7 +88,7 @@ component_files = { # networking Label("networking/generate-network-config/guestos/generate-network-config.service"): "/etc/systemd/system/generate-network-config.service", - Label("networking/retry-ipv6-config/guestos/retry-ipv6-config.sh"): "/opt/ic/bin/retry-ipv6-config.sh", + Label("networking/retry-ipv6-config/retry-ipv6-config.sh"): "/opt/ic/bin/retry-ipv6-config.sh", Label("networking/retry-ipv6-config/retry-ipv6-config.service"): "/etc/systemd/system/retry-ipv6-config.service", Label("networking/nftables/reload_nftables.path"): "/etc/systemd/system/reload_nftables.path", Label("networking/nftables/reload_nftables.service"): "/etc/systemd/system/reload_nftables.service", diff --git a/ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.service b/ic-os/components/init/bootstrap-ic-node/bootstrap-ic-node.service similarity index 100% rename from ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.service rename to ic-os/components/init/bootstrap-ic-node/bootstrap-ic-node.service diff --git a/ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh b/ic-os/components/init/bootstrap-ic-node/bootstrap-ic-node.sh similarity index 100% rename from ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh rename to ic-os/components/init/bootstrap-ic-node/bootstrap-ic-node.sh diff --git a/ic-os/components/init/setup-encryption/guestos/setup-encryption.service b/ic-os/components/init/setup-encryption/setup-encryption.service similarity index 100% rename from ic-os/components/init/setup-encryption/guestos/setup-encryption.service rename to ic-os/components/init/setup-encryption/setup-encryption.service diff --git a/ic-os/components/init/setup-encryption/guestos/setup-encryption.sh b/ic-os/components/init/setup-encryption/setup-encryption.sh similarity index 100% rename from ic-os/components/init/setup-encryption/guestos/setup-encryption.sh rename to ic-os/components/init/setup-encryption/setup-encryption.sh diff --git a/ic-os/components/init/setup-encryption/guestos/setup-var-encryption.sh b/ic-os/components/init/setup-encryption/setup-var-encryption.sh similarity index 100% rename from ic-os/components/init/setup-encryption/guestos/setup-var-encryption.sh rename to ic-os/components/init/setup-encryption/setup-var-encryption.sh diff --git a/ic-os/components/misc/serial-getty@/guestos/override.conf b/ic-os/components/misc/serial-getty@/guestos/override.conf new file mode 100644 index 00000000000..04352d65837 --- /dev/null +++ b/ic-os/components/misc/serial-getty@/guestos/override.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=-/opt/ic/bin/infogetty -r /etc/allow_console_root /dev/%I diff --git a/ic-os/components/misc/serial-getty@/guestos/serial-getty@.service b/ic-os/components/misc/serial-getty@/guestos/serial-getty@.service deleted file mode 100644 index 4164192eacb..00000000000 --- a/ic-os/components/misc/serial-getty@/guestos/serial-getty@.service +++ /dev/null @@ -1,35 +0,0 @@ -# Overwrite the default systemd serial getty service to -# run our own console getty. - -[Unit] -Description=Serial Getty on %I -BindsTo=dev-%i.device -After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target -After=rc-local.service - -# If additional gettys are spawned during boot then we should make -# sure that this is synchronized before getty.target, even though -# getty.target didn't actually pull it in. -Before=getty.target -IgnoreOnIsolate=yes - -# IgnoreOnIsolate causes issues with sulogin, if someone isolates -# rescue.target or starts rescue.service from multi-user.target or -# graphical.target. -Conflicts=rescue.service -Before=rescue.service - -[Service] -ExecStart=-/opt/ic/bin/infogetty -r /etc/allow_console_root /dev/%I -Type=idle -Restart=always -UtmpIdentifier=%I -TTYPath=/dev/%I -TTYReset=yes -TTYVHangup=yes -KillMode=process -IgnoreSIGPIPE=no -SendSIGHUP=yes - -[Install] -WantedBy=getty.target diff --git a/ic-os/components/misc/serial-getty@/setupos/override.conf b/ic-os/components/misc/serial-getty@/setupos/override.conf new file mode 100644 index 00000000000..ac7619d4688 --- /dev/null +++ b/ic-os/components/misc/serial-getty@/setupos/override.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=-/sbin/agetty -p -a root -o '-p -- \\u' --keep-baud 115200,38400,9600 %I $TERM diff --git a/ic-os/components/misc/serial-getty@/setupos/serial-getty@.service b/ic-os/components/misc/serial-getty@/setupos/serial-getty@.service deleted file mode 100644 index a57ac3eadc3..00000000000 --- a/ic-os/components/misc/serial-getty@/setupos/serial-getty@.service +++ /dev/null @@ -1,40 +0,0 @@ -# Overwrite the default systemd serial getty service to -# run our own console getty. - -[Unit] -Description=Serial Getty on %I -Documentation=man:agetty(8) man:systemd-getty-generator(8) -Documentation=http://0pointer.de/blog/projects/serial-console.html -BindsTo=dev-%i.device -After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target -After=rc-local.service - -# If additional gettys are spawned during boot then we should make -# sure that this is synchronized before getty.target, even though -# getty.target didn't actually pull it in. -Before=getty.target -IgnoreOnIsolate=yes - -# IgnoreOnIsolate causes issues with sulogin, if someone isolates -# rescue.target or starts rescue.service from multi-user.target or -# graphical.target. -Conflicts=rescue.service -Before=rescue.service - -[Service] -# The '-o' option value tells agetty to replace 'login' arguments with an -# option to preserve environment (-p), followed by '--' for safety, and then -# the entered username. -ExecStart=-/sbin/agetty -p -a root -o '-p -- \\u' --keep-baud 115200,38400,9600 %I $TERM -Type=idle -Restart=always -UtmpIdentifier=%I -TTYPath=/dev/%I -TTYReset=yes -TTYVHangup=yes -KillMode=process -IgnoreSIGPIPE=no -SendSIGHUP=yes - -[Install] -WantedBy=getty.target diff --git a/ic-os/components/misc/vsock/vsock-agent.service b/ic-os/components/misc/vsock/vsock-agent.service index 4107647aeef..ee0d2f93911 100644 --- a/ic-os/components/misc/vsock/vsock-agent.service +++ b/ic-os/components/misc/vsock/vsock-agent.service @@ -1,6 +1,5 @@ [Unit] Description=VSOCK agent daemon -After=syslog.target [Service] User=root diff --git a/ic-os/components/monitoring/node_exporter/node_exporter.service b/ic-os/components/monitoring/node_exporter/node_exporter.service index 3f7549b7180..f011883d9b5 100644 --- a/ic-os/components/monitoring/node_exporter/node_exporter.service +++ b/ic-os/components/monitoring/node_exporter/node_exporter.service @@ -1,6 +1,6 @@ [Unit] Description=Node Exporter -After=syslog.target network.target +After=network.target [Service] User=node_exporter diff --git a/ic-os/components/networking/retry-ipv6-config/guestos/retry-ipv6-config.sh b/ic-os/components/networking/retry-ipv6-config/retry-ipv6-config.sh similarity index 100% rename from ic-os/components/networking/retry-ipv6-config/guestos/retry-ipv6-config.sh rename to ic-os/components/networking/retry-ipv6-config/retry-ipv6-config.sh diff --git a/ic-os/components/setupos.bzl b/ic-os/components/setupos.bzl index 7d2e4742e6c..3c5695e0f1b 100644 --- a/ic-os/components/setupos.bzl +++ b/ic-os/components/setupos.bzl @@ -34,7 +34,7 @@ component_files = { Label("misc/chrony/chrony.conf"): "/etc/chrony/chrony.conf", Label("misc/chrony/chrony-var.service"): "/etc/systemd/system/chrony-var.service", Label("misc/fetch-property.sh"): "/opt/ic/bin/fetch-property.sh", - Label("misc/serial-getty@/setupos/serial-getty@.service"): "/etc/systemd/system/serial-getty@.service", + Label("misc/serial-getty@/setupos/override.conf"): "/etc/systemd/system/serial-getty@.service.d/override.conf", Label("monitoring/journald.conf"): "/etc/systemd/journald.conf", # networking diff --git a/ic-os/components/upgrade/shared-resources/setup-shared-resources/setup-shared-data.service b/ic-os/components/upgrade/shared-resources/setup-shared-resources/setup-shared-data.service index c76515a9ec7..65c95ec49e8 100644 --- a/ic-os/components/upgrade/shared-resources/setup-shared-resources/setup-shared-data.service +++ b/ic-os/components/upgrade/shared-resources/setup-shared-resources/setup-shared-data.service @@ -4,7 +4,6 @@ DefaultDependencies=no Requires=dev-mapper-store\x2dshared\x2d\x2ddata.device After=dev-mapper-store\x2dshared\x2d\x2ddata.device Before=systemd-fsck@dev-mapper-store\x2dshared\x2d\x2ddata.service -Before=var-lib-ic-data\x2dnode.mount # Add an explicit sequencing to LVM setup. The observed problem is that the # LV apparently becomes notified as "ready" through udev before the actual # lvcreate command has finished. This results in filesystem setup racing with @@ -15,7 +14,6 @@ Requires=setup-lvs.service [Install] RequiredBy=systemd-fsck@dev-mapper-store\x2dshared\x2d\x2ddata.service -RequiredBy=var-lib-ic-data\x2dnode.mount WantedBy=local-fs.target [Service] diff --git a/ic-os/components/upgrade/systemd-generators/guestos/mount-generator b/ic-os/components/upgrade/systemd-generators/guestos/mount-generator index 2c313180614..4617de6d563 100755 --- a/ic-os/components/upgrade/systemd-generators/guestos/mount-generator +++ b/ic-os/components/upgrade/systemd-generators/guestos/mount-generator @@ -71,7 +71,6 @@ function make_var_cryptsetup() { echo "Description=Cryptography Setup for var_crypt" echo "DefaultDependencies=no" echo "IgnoreOnIsolate=true" - echo "After=setup-encryption.service" echo "After=cryptsetup-pre.target" echo "Before=blockdev@dev-mapper-var_crypt.target" echo "Wants=blockdev@dev-mapper-var_crypt.target" @@ -99,5 +98,5 @@ make_requires localfs.target boot.mount make_requires boot-efi.mount boot.mount make_requires boot-grub.mount boot.mount -make_var_cryptsetup "$CURRENT_SYSTEM" >"$UNIT_DIR"/cryptsetup@var_crypt.service -make_requires dev-mapper-var_crypt.device cryptsetup@var_crypt.service +make_var_cryptsetup "$CURRENT_SYSTEM" >"$UNIT_DIR"/systemd-cryptsetup@var_crypt.service +make_requires dev-mapper-var_crypt.device systemd-cryptsetup@var_crypt.service