Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ID declaration in service.sls failing to work upon first run. #79

Open
korgull opened this issue Jan 30, 2018 · 1 comment
Open

ID declaration in service.sls failing to work upon first run. #79

korgull opened this issue Jan 30, 2018 · 1 comment
Assignees
@alxwr
Labels
help wanted

Comments

@korgull
Copy link

korgull commented Jan 30, 2018
edited
Loading

I'm having a problem getting this formula to work properly the first time out. I have a restart of openvpn at the very end of it (in the config.sls file) all to make sure the changes made to the certificate are reloaded. Here is the error I get when ID openvpn_{{ name }}_service tries to run the first time out.

openvpn_service_restart:
  cmd.run:
    - name: service {{ map.service }} restart
    - order: last

I even tried to put this ID in the services.sls file before the ID openvpn_{{ name }}_service, but no dice. I look in the log of what salt did, and the openvpn_pkgs are installed first. Regardless, it was my thought that this wouldn't run unless the items in the Require: block was met.

However, the first time I run it, I get the following error:

          ID: openvpn_myserver_service
    Function: service.running
        Name: openvpn@myserver
      Result: False
     Comment: Running scope as unit run-r70bab1a6cfcd4241a068d9ca2a5cb485.scope.
              Job for openvpn@myserver.service failed because the control process exited with error code. See "systemctl status openvpn@myserver.service" and "journalctl -xe" for details.
     Started: 20:12:07.482321
    Duration: 83.163 ms
     Changes:

If I run it a second time, it works. The errors I get in syslog are useless as what appeared to be produced in the systemctl output. Do you have any ideas as to what needs to be satisfied before this works properly? I am using salt-ssh to apply the state rather than plain salt.

from /var/log/syslog:

Jan 30 20:12:06 openvpn systemd[1]: Starting OpenVPN service...
Jan 30 20:12:06 openvpn systemd[1]: Started OpenVPN service.
Jan 30 20:12:07 openvpn systemd[1]: Started /bin/systemctl start openvpn@myserver.service.
Jan 30 20:12:07 openvpn systemd[1]: Created slice system-openvpn.slice.
Jan 30 20:12:07 openvpn systemd[1]: Starting OpenVPN connection to myserver..
Jan 30 20:12:07 openvpn systemd[1]: openvpn@myserver.service: Control process exited, code=exited status=1
Jan 30 20:12:07 openvpn systemd[1]: Failed to start OpenVPN connection to myserver.
Jan 30 20:12:07 openvpn systemd[1]: openvpn@myserver.service: Unit entered failed state.
Jan 30 20:12:07 openvpn systemd[1]: openvpn@myserver.service: Failed with result 'exit-code'.
Jan 30 20:12:07 openvpn systemd[1]: Started /bin/systemctl stop openvpn@myserver.service.
Jan 30 20:12:07 openvpn systemd[1]: Stopped OpenVPN connection to myserver
Jan 30 20:12:07 openvpn systemd[1]: Started /bin/systemctl start openvpn@myserver.service.
Jan 30 20:12:07 openvpn systemd[1]: Starting OpenVPN connection to myserver...
Jan 30 20:12:07 openvpn systemd[1]: openvpn@myserver.service: Control process exited, code=exited status=1
Jan 30 20:12:07 openvpn systemd[1]: Failed to start OpenVPN connection to myserver.
Jan 30 20:12:07 openvpn systemd[1]: openvpn@myserver.service: Unit entered failed state.
Jan 30 20:12:07 openvpn systemd[1]: openvpn@myserver.service: Failed with result 'exit-code'.

EDIT: well, it looks like it needs to deploy the config files first. I replaced the ID with:

openvpn_{{ name }}_service:
  cmd.run:
    - name: systemctl start {{ service_name }}.service
    - require:
      - pkg: openvpn_pkgs
      - sls: openvpn

Which then results in the following errors in /var/log/syslog:

Jan 30 21:47:59 openvpn systemd[1]: Started ACPI event daemon.
Jan 30 21:48:03 openvpn systemd[1]: Created slice system-openvpn.slice.
Jan 30 21:48:03 openvpn systemd[1]: Starting OpenVPN connection to redteam1...
Jan 30 21:48:03 openvpn ovpn-myserver[3735]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/myserver.conf
Jan 30 21:48:03 openvpn ovpn-myserver[3735]: Use --help for more information.
Jan 30 21:48:03 openvpn systemd[1]: openvpn@myserver.service: Control process exited, code=exited status=1
Jan 30 21:48:03 openvpn systemd[1]: Failed to start OpenVPN connection to myserver.
Jan 30 21:48:03 openvpn systemd[1]: openvpn@myserver.service: Unit entered failed state.
Jan 30 21:48:03 openvpn systemd[1]: openvpn@myserver.service: Failed with result 'exit-code'.

Thanks
@alxwr alxwr self-assigned this Mar 26, 2018
@thomergil
Copy link

It appears that systemd makes up its own mind about what ExecStart needs to look like (in /lib/systemd/system/openvpn@.service) and it doesn't play nice with the salt formula. After removing systemd and falling back to systemv, it works. I acknowledge that it's not a good solution, but maybe it helps to understand what's going on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alxwr alxwr

Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thomergil @alxwr @korgull