amazon-ec2-net-utils: init at 2.5.2 #355111
Conversation
github-actions
bot
added
6.topic: nixos
commiterate
force-pushed
the
init/amazon-ec2-net-utils
branch
3 times, most recently
from
35b20bc to
92d48af
Compare
ofborg
bot
added
8.has: package (new)
commiterate
force-pushed
the
init/amazon-ec2-net-utils
branch
from
92d48af to
d5907ec
Compare
commiterate
force-pushed
the
init/amazon-ec2-net-utils
branch
3 times, most recently
from
e7ce8c4 to
9a1df5d
Compare
| startLimitIntervalSec = 10; | ||
| startLimitBurst = 5; | ||
| wants = [ "refresh-policy-routes@%i.timer" ]; | ||
| # TODO: Need [Install] for Also = "refresh-policy-routes@%i.timer". systemd.services.<name> has no installConfig attribute. |
There was a problem hiding this comment.
Need to update nixos/lib/systemd*.nix to add an installConfig attribute to systemd.services.<name>.
There was a problem hiding this comment.
@dasJ @ElvishJerricco Do either of you happen to know if just making the NixOS systemd libs add in a user-specified [Install] section is good enough, or is there something specific about how NixOS handles systemd units that may create complications?
For context, amazon-ec2-net-utils relies on systemd template units. When a network interface is hot-attached/detached, the udev rules will create/delete per-interface systemd service + timer units which update systemd-networkd policies and reload systemd-networkd.
https://github.com/amazonlinux/amazon-ec2-net-utils/blob/v2.5.1/udev/99-vpc-policy-routes.rules
There was a problem hiding this comment.
@commiterate [Install] does absolutely nothing on NixOS. That's why you'll see wantedBy defined in most services in nixos modules. We populate [Install] with the contents of the wantedBy option and its friends, but that's largely for illustrative purposes; we don't actually use the [Install] section. We've thought about changing that, but it hasn't been done yet.
There was a problem hiding this comment.
Good to know. Would packaging up the patched systemd units into $out and using systemd.packages = [ pkgs.amazon-ec2-net-utils ]; as suggested work around that?
There was a problem hiding this comment.
Even the [Install] sections of units from systemd.packages are ignored in NixOS. But, AFAICT, the [Install] sections of those upstream units are doing absolutely nothing anyway. The only thing that [Install] does is create Wants= dependencies and its friends by creating /etc/systemd/system/*.wants/* symlinks when systemctl enable is run. e.g. Having WantedBy=foo.service in the [Install] section of bar.service means that running systemctl enable bar.service will create /etc/systemd/system/foo.service.wants/bar.service -> ../bar.service.
Of course this isn't a thing on NixOS; we create those statically during system build via the systemd.$unittype.$name.wantedBy options and its friends. The Also= directive just means that when you run systemctl enable bar.service, it also does the enable operation for anything in Also=. Given that none of the units in the upstream amazon-ec2-net-utils source tree do anything like WantedBy= in their [Install] sections, that means it all does effectively nothing.
Now, I've just realized that what that udev rule does is marvelously stupid. It runs systemctl enable/disable --now on those units. This is really poorly done. First of all, as I've just discussed, the enable operation will have no effect for these units normally. But if it did, it wouldn't work on NixOS thanks to the immutable store and /etc/systemd/system/. But the --now flag causes the units to be started/stopped too. So really that udev rule should be using start and stop, not enable and disable.
Wow. Really badly done by the amazon folks. enable/disable is supposed to be an administrator's decision, not the vendor's.
You'll want to fix the rule to not be stupid, and then merely adding the upstream units to systemd.packages (with patched paths) will work.
There was a problem hiding this comment.
Yup, will need to get that fixed upstream.
Will swap this PR back to draft in the meanwhile as I figure out what to do. Doesn't make sense to merge this package until the systemd stuff it provides is usable.
There was a problem hiding this comment.
Instead of systemctl start/enable, they could use https://www.freedesktop.org/software/systemd/man/latest/systemd.device.html#SYSTEMD_WANTS= in the udev rule.
But i think this has the downside it will never stop the unit. Only start .
So they probably still want systemctl start
There was a problem hiding this comment.
I think removal works as long as you tag the remove udev rule as well.
There was a problem hiding this comment.
Actually I think systemctl enable --now might work fine if the service has no WantedBy in the install section (which is the case). It will just silently degrade to systemctl start and systemctl stop
I think we can use these udev rules as is without problems
There was a problem hiding this comment.
Opened an issue upstream requesting a swap to systemd device units.
commiterate
force-pushed
the
init/amazon-ec2-net-utils
branch
4 times, most recently
from
7d08481 to
e221f80
Compare
commiterate
force-pushed
the
init/amazon-ec2-net-utils
branch
from
e221f80 to
d838d9d
Compare
commiterate
force-pushed
the
init/amazon-ec2-net-utils
branch
3 times, most recently
from
de158a4 to
0f3be63
Compare
commiterate
force-pushed
the
init/amazon-ec2-net-utils
branch
from
0f3be63 to
8ed8c0f
Compare
github-actions
bot
removed
the
6.topic: nixos
github-actions
bot
removed
8.has: documentation
|
Might want to add NixOS tests that check if the template units are available when this package is added to the |
@commiterate That would be overkill. That's covered by the existing systemd test suite. |
commiterate
force-pushed
the
init/amazon-ec2-net-utils
branch
from
8ed8c0f to
d754971
Compare
commiterate
force-pushed
the
init/amazon-ec2-net-utils
branch
from
d754971 to
5b1abd0
Compare
commiterate
changed the title
Initialize amazon-ec2-net-utils at 2.5.2.
This includes udev rules which create systemd units and timers for refreshing systemd-networkd policies for Elastic Network Interfaces (ENIs) which can be hot-attached/detached.
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.