Re: Bug#904558: What should happen when maintscripts fail to restart a service

To: debian-ctte@lists.debian.org, 904558@bugs.debian.org
Subject: Re: Bug#904558: What should happen when maintscripts fail to restart a service
From: Anthony DeRobertis <anthony@derobert.net>
Date: Sat, 22 Sep 2018 15:29:02 -0400
Message-id: <[🔎] 2ebdc7e2-9de9-9cd5-7949-09b361fa5a2e@derobert.net>
In-reply-to: <[🔎] 20180922075011.GB3836@grep.be>
References: <877elkdkkg.fsf@silentflame.com> <[🔎] 3cc0506dbe96f9a7a1c6f417843d5ef2@debian.org> <[🔎] 23457.10256.62309.426146@chiark.greenend.org.uk> <[🔎] 87in32o9md.fsf@err.no> <877elkdkkg.fsf@silentflame.com> <[🔎] 23458.17411.987611.424855@chiark.greenend.org.uk> <877elkdkkg.fsf@silentflame.com> <[🔎] 87tvmimx6k.fsf@err.no> <877elkdkkg.fsf@silentflame.com> <[🔎] 20180922075011.GB3836@grep.be>

Someone asked for an example, here is one I've often seen when doing arelease upgrade on many webservers I administer: Apache will fail tostart. I don't recall if that currently causes Apache postinst to fail,but if not, it really ought to continue.

Apache has a complicated config, and upstream makesbackwards-incompatible changes often enough that every Debian releaseseems to have some. It's often not possible to automatically update theconfig (and even if it were, the variety of configuration managementsystems in use mean you wouldn't want that to happen automatically).It's much easier to fix after the upgrade. And to the extent anythingdepends on Apache, Apache being completely broken doesn't generallybreak them (unless they try to restart apache themselves, e.g., apachemodules).

Now, if my local DNS cache failed to start, that needs to be fixedbefore continuing (since, e.g., even apt-get won't work). Same with anLDAP (etc.) server, you may no longer have user accounts. Some thingsdefinitely lead to a cascade of failures.

I think in an ideal world, there would be two separate failure statesfor postinst: one for failed but probably safe to continue the upgrade,one for failed and probably going to cause a cascade of failures (orworse). dpkg (and the various frontends) would let you know aboutfail-but-continue errors after finishing, and maybe before starting, butstill continue to work.

At least for daemon failed to start and with systemd, we already canhave pretty close: have the postinst ignore the failed to start error(when it's of the safe to continue the upgrade variety), then use`systemctl --failed` to get the list of daemons that failed to start.

Reply to:

References:
- Bug#904558: What should happen when maintscripts fail to restart a service
  - From: Margarita Manterola <marga@debian.org>
- Bug#904558: What should happen when maintscripts fail to restart a service
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Bug#904558: What should happen when maintscripts fail to restart a service
  - From: Tollef Fog Heen <tfheen@err.no>
- Bug#904558: What should happen when maintscripts fail to restart a service
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Bug#904558: What should happen when maintscripts fail to restart a service
  - From: Tollef Fog Heen <tfheen@err.no>
- Bug#904558: What should happen when maintscripts fail to restart a service
  - From: Wouter Verhelst <wouter@debian.org>

Prev by Date: Bug#904558: What should happen when maintscripts fail to restart a service
Next by Date: Bug#904302: That's a free software issue!
Previous by thread: Bug#904558: What should happen when maintscripts fail to restart a service
Next by thread: Bug#904558: What should happen when maintscripts fail to restart a service
Index(es):
- Date
- Thread