[gentoo-user] Service not started at specified runlevel

[gentoo-user] Service not started at specified runlevel

[João Miguel]

[-- Attachment #1: Type: text/plain, Size: 1955 bytes --]

Hello,

I am not using Gentoo, but if I ask this on the Arch Linux mailing lists
I may get flamed, get no response, or both. I'm using OpenRC version
0.16.4, along with the audit init script from Gentoo (I'm attaching it
anyway for future reference). Note: I added the depend() function
(trying various dependencies) hoping it would have an effect on the
service being started at the specified runlevel (it didn't).

Here's my problem:
 # ls /etc/runlevels/default/auditd 
/etc/runlevels/default/auditd
 # rc-service auditd start ; echo $?
auditd           | * Starting auditd ...
auditd           | * start-stop-daemon: fopen `/var/run/auditd.pid': No such file or directory
auditd           | * Detaching to start `/sbin/auditd' ...                                                                                                         [ ok ]
auditd           | * Loading audit rules from /etc/audit/audit.rules
0
 # rc-status -s | grep audit ; echo $?
1

I have no idea of why it complains that file does not exist when running
/sbin/auditd manually creates it right away. auditd works normally when
started with the init script, but although I did 'rc-update add auditd
default', it simply does not start when that runlevel is reached. dhcpcd
and a few other services complain of the pid file not existing too and
start at their runlevels. I think the warning is unrelated, openrc is
likely checking for the PID files' existance too soon.

Also, I'm using rc_parallel="YES", but have tried with "NO" and get the
same result (i.e. no evidence of auditd even existing).

I don't get it, I've created my own init script for other services, and
those show up on rc-status, if I add them to some runlevel, no matter
whether they fail, throw warnings, or start normally, they appear both
at boot and I can check later in /var/log/rc.log. The only abnormal
service is auditd. What is going on? Did I do something wrong? 

Thank you in advance,
João Miguel

[-- Attachment #2: auditd --]
[-- Type: text/plain, Size: 2186 bytes --]

#!/sbin/openrc-run
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$

extra_started_commands='reload reload_auditd reload_rules'
description='Linux Auditing System'
description_reload='Reload daemon configuration and rules'
description_reload_rules='Reload daemon rules'
description_reload_auditd='Reload daemon configuration'

name='auditd'
pidfile='/var/run/auditd.pid'
command='/sbin/auditd'

depend()
{
	# expl. dhcpcd:
	#provide net
	#need localmount
	#use logger network
	#after bootmisc modules
	#before dns
	:
}

start_auditd() {
	# Env handling taken from the upstream init script
	if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
		unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
	else
		LANG="$AUDITD_LANG"
		LC_TIME="$AUDITD_LANG"
		LC_ALL="$AUDITD_LANG"
		LC_MESSAGES="$AUDITD_LANG"
		LC_NUMERIC="$AUDITD_LANG"
		LC_MONETARY="$AUDITD_LANG"
		LC_COLLATE="$AUDITD_LANG"
		export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
	fi
	unset HOME MAIL USER USERNAME

	ebegin "Starting ${name}"
	start-stop-daemon \
		--start --quiet --pidfile ${pidfile} \
		--exec ${command} -- ${EXTRAOPTIONS}
	local ret=$?
	eend $ret
	return $ret
}

stop_auditd() {
	ebegin "Stopping ${name}"
	start-stop-daemon --stop --quiet --pidfile ${pidfile}
	local ret=$?
	eend $ret
	return $ret
}

loadfile() {
	local rules="$1"
	if [ -n "${rules}" -a -f "${rules}" ]; then
		einfo "Loading audit rules from ${rules}"
		/sbin/auditctl -R "${rules}" >/dev/null
		return $?
	else
		return 0
	fi
}

start() {
	start_auditd
	local ret=$?
	if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
		loadfile "${RULEFILE_STARTUP}"
	fi
	return $ret
}

reload_rules() {
	loadfile "${RULEFILE_STARTUP}"
}

reload_auditd() {
	ebegin "Reloading ${SVCNAME}"
	start-stop-daemon --signal HUP \
	    --exec "${command}" --pidfile "${pidfile}"
	eend $?
}

reload() {
	reload_auditd
	reload_rules
}

stop() {
	[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
	stop_auditd
	local ret=$?
	[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
	return $ret
}

Re: [gentoo-user] Service not started at specified runlevel

[Alexander Kapshuk]

[-- Attachment #1: Type: text/plain, Size: 2165 bytes --]

On Sun, Dec 6, 2015 at 2:48 PM, João Miguel <jmcf125@openmailbox.org> wrote:

> Hello,
>
> I am not using Gentoo, but if I ask this on the Arch Linux mailing lists
> I may get flamed, get no response, or both. I'm using OpenRC version
> 0.16.4, along with the audit init script from Gentoo (I'm attaching it
> anyway for future reference). Note: I added the depend() function
> (trying various dependencies) hoping it would have an effect on the
> service being started at the specified runlevel (it didn't).
>
> Here's my problem:
>  # ls /etc/runlevels/default/auditd
> /etc/runlevels/default/auditd
>  # rc-service auditd start ; echo $?
> auditd           | * Starting auditd ...
> auditd           | * start-stop-daemon: fopen `/var/run/auditd.pid': No
> such file or directory
> auditd           | * Detaching to start `/sbin/auditd' ...
>
>              [ ok ]
> auditd           | * Loading audit rules from /etc/audit/audit.rules
> 0
>  # rc-status -s | grep audit ; echo $?
> 1
>
> I have no idea of why it complains that file does not exist when running
> /sbin/auditd manually creates it right away. auditd works normally when
> started with the init script, but although I did 'rc-update add auditd
> default', it simply does not start when that runlevel is reached. dhcpcd
> and a few other services complain of the pid file not existing too and
> start at their runlevels. I think the warning is unrelated, openrc is
> likely checking for the PID files' existance too soon.
>
> Also, I'm using rc_parallel="YES", but have tried with "NO" and get the
> same result (i.e. no evidence of auditd even existing).
>
> I don't get it, I've created my own init script for other services, and
> those show up on rc-status, if I add them to some runlevel, no matter
> whether they fail, throw warnings, or start normally, they appear both
> at boot and I can check later in /var/log/rc.log. The only abnormal
> service is auditd. What is going on? Did I do something wrong?
>
> Thank you in advance,
> João Miguel
>

Try running 'strace' on ' rc-service auditd start'. See if that helps pin
down the problem.

[-- Attachment #2: Type: text/html, Size: 2841 bytes --]

Re: [gentoo-user] Service not started at specified runlevel

[João Miguel]

I found the solution while writing this message. Still, I don't know why
it works. Here goes the steps I followed (so that anyone searching for a
solution in those terms can find it):

> Try running 'strace' on ' rc-service auditd start'. See if that helps pin
> down the problem.
I did that, but couldn't detect anything wrong in the trace log (though
I must say, it's the 1st time I used strace...), comparing to dbus, they
do mostly the same system calls, obviously the messages written and
memory addresses are different, both warn about the PID file not
existing yet, and both work. But auditd is not started at boot despite
having been set to start at the default runlevel, and rc-status does not
detect it.

I think the warning messages don't really matter (for this question, the
fact is that OpenRC should be more patient), they're the same and appear
for many working services.

Now, rc-status is a link to openrc. Consulting the documentation and
thinking of links, wondering what was being done differently for these
services, I noticed I hadn't patched /etc/init.d/auditd with the usual
shebang line '#!/usr/bin/openrc-run' instead of the /sbin one. I didn't
patch long ago because I didn't see the purpose of changing it when
/sbin is a link to /usr/bin in Arch Linux.

Solution:
 $ rc-status -s |grep audit >/dev/null ; echo $?   # not working
1
 # sed -e 's|\#\!/sbin/openrc-run|/usr/bin/openrc-run|' \
                  -i /etc/init.d/auditd
 $ rc-status -s |grep audit >/dev/null ; echo $?   # ok now!
0

Still, with this patch, the link works for /sbin/auditd (I didn't
replace it on purpose). Why doesn't the link work in the shebang line?
And why does it only not work for rc-status and at boot, but starting
the service manually works normally?

Thanks for the advice, it guided me to the solution eventually, but I'm
still curious and OpenRC is still buggy. Why?

João Miguel

Re: [gentoo-user] Service not started at specified runlevel

[Stroller]

> On Mon, 7 December 2015, at 9:26 p.m., João Miguel <jmcf125@openmailbox.org> wrote:
> 
> … (for this question, the fact is that OpenRC should be more patient), 

If you were to ask Roy Marples about this, I wouldn't be surprised if he explained long and complicated reasons for it, and that it's exactly what projects like systemd are trying to address.

Stroller.