** Description changed: + [Impact] + + * Service is running uselessly which is consuming a few cycles/memory as + well as rasising general concerns e.g. on minimizing attack surfcae of + a system. + + * Fix by switching to socket activation + + [Test Case] + + * After installing open-iscsi (which is default installed) the service + iscsid is running which is mostly useless + * After the upgrade only the iscsid.socket should run + * Ensure that iscsid.service should come up as needed + + [Regression Potential] + + * I'm not sure we can/shall SRU this, but was asked to express my + thoughts in the regression potential. It is not that it would not + "work", we tested in cosmic and so far all is fine - the tools will + call the abstract socket and it will spawn. + So it is not that I see it totally "failing" + * I'd more be concerned that one would have e.g. scripts and other upper + level code that does like: + if service-is-not-running; then break; else do what you should do + This would give up before socket-triggering it which might be too much + to SRU. On a Upgrade to a newer release such minor adaptions are usual, + but for SRUs? + * But also we don't stop the service on upgrade (for safety of the data), + so you'd have four different Bionics + a) old iscsid.service runnign by default + b) upgraded, but not rebooted iscsid.service still running + c) upgraded, rebooted iscid.service disabled, + iscsid.socket running + d) new deploy after this (e.g. new cloud image) iscid.service disabled, + iscsid.socket running + a+b are similar as well as c+d. + * OTOH there are a few things reducing this impact, first of all this is + a config, so one can "systemctl enable iscsid.service" and will have + the old behavior + * Is this a real blocker, I'm not sure - so I documented as requested and + would want the SRU team to discuss before an upload. + + + [Other Info] + + * n/a + + --- + In bionic, the open-iscsi systemd unit has the following guards to keep it from running on systems with no iscsi targets configured: # Must have some pre-defined targets to login to ConditionDirectoryNotEmpty=|/etc/iscsi/nodes # or have a session to use via iscsid ConditionDirectoryNotEmpty=|/sys/class/iscsi_session However, iscsid starts from a separate unit and does not include this check. Thus, iscsid starts on every Ubuntu Server install, whether or not it has anything to do. We should replicate these unit conditionals to the iscsid unit, to ensure the daemon doesn't run (consuming memory, and slowing boot) when not needed. Related bugs: * bug 1630946: ubuntu-server depends on open-iscsi and runs iscsid
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755858 Title: iscsid autostarts on all servers when it has nothing to do To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/1755858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
