** Description changed: [Impact] * Service is running uselessly which is consuming a few cycles/memory as - well as rasising general concerns e.g. on minimizing attack surfcae of + well as raising general concerns e.g. on minimizing attack surface of a system. * This is also the only service in a default server install which pulls in the network-online.target, which has implications for boot ordering and speed in various configurations. * Fix by switching to socket activation [Test Case] * After installing open-iscsi (which is default installed) the service iscsid is running which is mostly useless - - this is a bit critical, as we don't want to stop a running service. - - so you have two cases - 1. uninstall the package before upgrade; then install the new version. - should be service off, socket on - 2. upgrade install, should have service (still) on, socket enabled. - 3. after 2. reboot should be service off, socket on + - this is a bit critical, as we don't want to stop a running service. + - so you have two cases + 1. uninstall the package before upgrade; then install the new version. + should be service off, socket on + 2. upgrade install, should have service (still) on, socket enabled. + 3. after 2. reboot should be service off, socket on * Also ensure that iscsid.service should come up as needed - # should be off - $ systemctl status iscsid.service iscsid.socket - $ iscsiadm -m discovery -t sendtargets -p 127.0.0.1 - # should be enabled now - $ systemctl status iscsid.service iscsid.socket - + # should be off + $ systemctl status iscsid.service iscsid.socket + $ iscsiadm -m discovery -t sendtargets -p 127.0.0.1 + # should be enabled now + $ systemctl status iscsid.service iscsid.socket [Regression Potential] - * We were discussing if we shall SRU this. First of all the change should - work as in the new version, abstract sockets are not super new. + * We were discussing if we shall SRU this. First of all the change should + work as in the new version, abstract sockets are not super new. * We were concerned that one would have e.g. scripts and other upper level code that does like: if service-is-not-running; then break; else do what you should do This would give up before socket-triggering it which might be too much to SRU. On a Upgrade to a newer release such minor adaptions are usual, but for SRUs? - But in any config using it it will run, and as slangasek outlined " I - think anyone checking for the running status of an open-iscsi service, - on a system that does not have any iscsi targets configured, is writing - buggy code and that should not be catered to in the face of the - significant impact this bug has on all other users of Ubuntu Server." + But in any config using it it will run, and as slangasek outlined " I + think anyone checking for the running status of an open-iscsi service, + on a system that does not have any iscsi targets configured, is writing + buggy code and that should not be catered to in the face of the + significant impact this bug has on all other users of Ubuntu Server." * But also we don't stop the service on upgrade (for safety of the data), so you'd have four different Bionics a) old iscsid.service runnign by default b) upgraded, but not rebooted iscsid.service still running c) upgraded, rebooted iscid.service disabled, iscsid.socket running d) new deploy after this (e.g. new cloud image) iscid.service disabled, iscsid.socket running a+b are similar as well as c+d. - * If anyone strictly needs the old behavior it is a config, so one can - "systemctl enable iscsid.service" and is done. - * OTOH in our discussion it was agreed that the upgrade regression we fix - outweighs the potential regression. + * If anyone strictly needs the old behavior it is a config, so one can + "systemctl enable iscsid.service" and is done. + * OTOH in our discussion it was agreed that the upgrade regression we fix + outweighs the potential regression. [Other Info] * n/a --- In bionic, the open-iscsi systemd unit has the following guards to keep it from running on systems with no iscsi targets configured: # Must have some pre-defined targets to login to ConditionDirectoryNotEmpty=|/etc/iscsi/nodes # or have a session to use via iscsid ConditionDirectoryNotEmpty=|/sys/class/iscsi_session However, iscsid starts from a separate unit and does not include this check. Thus, iscsid starts on every Ubuntu Server install, whether or not it has anything to do. We should replicate these unit conditionals to the iscsid unit, to ensure the daemon doesn't run (consuming memory, and slowing boot) when not needed. Related bugs: * bug 1630946: ubuntu-server depends on open-iscsi and runs iscsid
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755858 Title: iscsid autostarts on all servers when it has nothing to do To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/1755858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
