service: explicitly remove control/ subcgroup after each control command
The kernel will only notify us of cgroups running empty if no subcgroups
exist anymore. Hence make sure we don't leave our own control/ subcgroup
around longer than necessary.
Lucas De Marchi [Thu, 26 Apr 2012 16:36:01 +0000 (13:36 -0300)]
util: introduce container_of() macro
This macro comes from kernel and it's useful for unwrapping structs
inside another one. The generated code is actually the same to the one
where this logic is used in udev, but using this macro is much cleaner
and less error prone.
Michal Schmidt [Wed, 25 Apr 2012 09:58:27 +0000 (11:58 +0200)]
core: add NOP jobs, job type collapsing
Two of our current job types are special:
JOB_TRY_RESTART, JOB_RELOAD_OR_START.
They differ from other job types by being sensitive to the unit active state.
They perform some action when the unit is active and some other action
otherwise. This raises a question: when exactly should the unit state be
checked to make the decision?
Currently the unit state is checked when the job becomes runnable. It's more
sensible to check the state immediately when the job is added by the user.
When the user types "systemctl try-restart foo.service", he really intends
to restart the service if it's running right now. If it isn't running right
now, the restart is pointless.
Consider the example (from Bugzilla[1]):
sleep.service takes some time to start.
hello.service has After=sleep.service.
Both services get started. Two jobs will appear:
hello.service/start waiting
sleep.service/start running
Then someone runs "systemctl try-restart hello.service".
Currently the try-restart operation will block and wait for
sleep.service/start to complete.
The correct result is to complete the try-restart operation immediately
with success, because hello.service is not running. The two original
jobs must not be disturbed by this.
To fix this we introduce two new concepts:
- a new job type: JOB_NOP
A JOB_NOP job does not do anything to the unit. It does not pull in any
dependencies. It is always immediately runnable. When installed to a unit,
it sits in a special slot (u->nop_job) where it never conflicts with
the installed job (u->job) of a different type. It never merges with jobs
of other types, but it can merge into an already installed JOB_NOP job.
- "collapsing" of job types
When a job of one of the two special types is added, the state of the unit
is checked immediately and the job type changes:
JOB_TRY_RESTART -> JOB_RESTART or JOB_NOP
JOB_RELOAD_OR_START -> JOB_RELOAD or JOB_START
Should a job type JOB_RELOAD_OR_START appear later during job merging, it
collapses immediately afterwards.
Collapsing actually makes some things simpler, because there are now fewer
job types that are allowed in the transaction.
timedated: introduce systemd-timedated-ntp.target which is controlled by timedated's NTP setting
We shouldn't hardcode the name of the NTP implementation in the
timedated mechanism, especially since Fedora currently switched from NTP
to chrony.
This patch introduces a new target that is enabled/disabled instead of
the actual NTP implementation. The various NTP implementations should
then add .wants/ symlinks to their services and BindTo back to the
target, so that their implementations are started/stopped jointly with
the target.
service: introduce Type=idle and use it for gettys
Type=idle is much like Type=simple, however between the fork() and the
exec() in the child we wait until PID 1 informs us that no jobs are
left.
This is mostly a cosmetic fix to make gettys appear only after all boot
output is finished and complete.
Note that this does not impact the normal job logic as we do not delay
the completion of any jobs. We just delay the invocation of the actual
binary, and only for services that otherwise would be of Type=simple.
The ability to set MountAuto=no and SwapAuto=no was useful during the
adoption phase of systemd, so that distributions could stick to their
classic mount scripts a bit longer. It is about time to get rid of it
now.
Michal Schmidt [Sun, 22 Apr 2012 23:24:04 +0000 (01:24 +0200)]
job: serialize jobs properly
Jobs were not preserved correctly over a daemon-reload operation.
A systemctl process waiting for a job completion received a job removal
signal. The job itself changed its id. The job timeout started ticking all
over again.
Michal Schmidt [Sun, 22 Apr 2012 08:54:58 +0000 (10:54 +0200)]
transaction: abort does not need to use recursive deletion
Recursion is unnecessary, because we're deleting all transaction jobs
anyway. And the recursive deletion produces debug messages that are
pointless in transaction abort.
Michal Schmidt [Sun, 22 Apr 2012 00:09:04 +0000 (02:09 +0200)]
transaction: fix detection of cycles involving installed jobs
A transaction can be acyclic, but when it's added to installed jobs,
a cycle may result.
transaction_verify_order_one() attempts to detect these cases, but it
fails because the installed jobs often have the exact generation number
that makes them look as if they were walked already.
Fix it by resetting the generation numbers of all installed jobs before
detecting cycles.
An alternative fix could be to add the generation counter to the
Manager and use it instead of starting always from 1 in
transaction_activate(). But I prefer not having to worry about it
wrapping around.
Michal Schmidt [Sat, 21 Apr 2012 19:40:40 +0000 (21:40 +0200)]
transaction: improve readability
The functions looked complicated with the nested loops with breaks,
continues, and "while (again)".
Here using goto actually makes them easier to understand.
Michal Schmidt [Fri, 20 Apr 2012 12:44:00 +0000 (14:44 +0200)]
transaction: add starting requirements for JOB_RESTART
While having a Requires= dependency between units, the dependency is started
automatically on "systemctl start", but it's not started on "systemctl
restart".
JOB_RESTART jobs did not pull the dependencies for starting into the
transaction.
Michal Schmidt [Fri, 20 Apr 2012 07:38:43 +0000 (09:38 +0200)]
transaction: rework merging with installed jobs
Previously transactions could reference installed jobs. It made some issues
difficult to fix.
This sets new rules for jobs:
A job cannot be both a member of a transaction and installed. When jobs are
created, they are linked to a transaction. The whole transaction is constructed
(with merging of jobs within, etc.). When it's complete, all the jobs are
unlinked from it one by one and let to install themselves. It is during the
installation when merging with previously installed jobs (from older
transactions) is contemplated.
Merging with installed jobs has different rules than merging within a
transaction:
- An installed conflicting job gets cancelled. It cannot be simply deleted,
because someone might be waiting for its completion on DBus.
- An installed, but still waiting, job can be safely merged into.
- An installed and running job can be tricky. For some job types it is safe to
just merge. For the other types we merge anyway, but put the job back into
JOB_WAITING to allow it to run again. This may be suboptimal, but it is not
currently possible to have more than one installed job for a unit.
Note this also fixes a bug where the anchor job could be deleted during merging
within the transaction.
Michal Schmidt [Wed, 18 Apr 2012 16:15:49 +0000 (18:15 +0200)]
transaction: do not add installed jobs to the transaction
Do not attempt to optimize away the job creation by refering to installed jobs.
We do not want to disturb installed jobs until commiting the transaction.
(A later patch to job merging will make the separation of transaction jobs and
installed jobs complete.)
Michal Schmidt [Fri, 20 Apr 2012 08:22:07 +0000 (10:22 +0200)]
manager: Transaction as an object
This makes it obvious that transactions are short-lived. They are created in
manager_add_job() and destroyed after the application of jobs.
It also prepares for a split of the transaction code to a new source.
Michal Schmidt [Thu, 19 Apr 2012 21:20:34 +0000 (23:20 +0200)]
job: allow job_free() only on already unlinked jobs
job_free() is IMO too helpful when it unlinks the job from the transaction.
The callers should ensure the job is already unlinked before freeing.
The added assertions check if anyone gets it wrong.