Your message dated Fri, 29 Jul 2016 04:19:35 +0000 with message-id <E1bSzGp-0002zr-Pp@franck.debian.org> and subject line Bug#832557: fixed in openssh 1:7.2p2-8 has caused the Debian Bug report #832557, regarding systemctl restart networking hangs reloading ssh.service to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 832557: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832557 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian BTS Submit <submit@bugs.debian.org>
- Subject: systemctl restart networking hangs reloading ssh.service
- From: Martin Pitt <martin.pitt@ubuntu.com>
- Date: Tue, 26 Jul 2016 22:18:41 +0200
- Message-id: <[🔎] 20160726201841.GD4458@piware.de>
Package: openssh-server Version: 1:7.2p2-7 Tags: patch User: ubuntu-devel@lists.ubuntu.com Usertags: origin-ubuntu ubuntu-patch yakkety Hello, In https://launchpad.net/bugs/1584393 it was reported that "systemctl restart networking" sometimes gets into a deadlock: CGroup: /system.slice/networking.service ├─1383 /sbin/ifup -a --read-environment ├─1479 /sbin/dhclient -1 -v -pf /run/dhclient.enp0s3.pid -lf /var/lib/dhcp/dhclient.enp0s3.leases -I -df /var/lib/dhcp/dhclient6 ├─1480 /bin/sh -c /bin/run-parts --exit-on-error /etc/network/if-up.d ├─1481 /bin/run-parts --exit-on-error /etc/network/if-up.d ├─1504 /bin/sh /etc/network/if-up.d/openssh-server ├─1507 /bin/sh /usr/sbin/invoke-rc.d ssh reload └─1527 systemctl reload ssh.service This then waits for each other and only times out after 90s. I cannot reproduce the hang myself, so I'm not sure why sshd takes so long to respond. But it was reported that not blocking on reload to finish fixes this, i. e. ifup -a then finishes quickly, consequently the "restart networking" does as well, and sshd can then go on. This is done in the attached patch. Even though I cannot fully explain what's going on, it cannot hurt to be asynchronous in the if-up.d hook. Thanks for considering, Martin P.S. Any chance that sshd could start using IP_FREEBIND and avoid the if-up.d hack altogether? -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)From 14d29a2a7f499245a9e14b217140328c90e07558 Mon Sep 17 00:00:00 2001 From: Martin Pitt <martin.pitt@ubuntu.com> Date: Tue, 26 Jul 2016 22:11:09 +0200 Subject: [PATCH] debian/openssh-server.if-up: Don't block on a finished reload of openssh.service This avoids deadlocking with restarting networking. LP: #1584393 --- debian/changelog | 3 +++ debian/openssh-server.if-up | 5 ++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index dd6f7dc..a84a581 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,9 @@ openssh (1:7.2p2-8) UNRELEASED; urgency=medium agent in the user session. Use it in ssh-agent.user-session.upstart. * Add systemd user unit for graphical sessions that use systemd. Override the corresponding upstart job in that case. + * debian/openssh-server.if-up: Don't block on a finished reload of + openssh.service, to avoid deadlocking with restarting networking. + (LP: #1584393) -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 25 Jul 2016 17:01:56 +0200 diff --git a/debian/openssh-server.if-up b/debian/openssh-server.if-up index dd05ea5..915284c 100644 --- a/debian/openssh-server.if-up +++ b/debian/openssh-server.if-up @@ -34,10 +34,9 @@ fi # the other hand, repeated restarts of ssh make systemd unhappy # (#756547/#757822), so use reload in that case. if [ -d /run/systemd/system ]; then - action=reload + systemctl reload --no-block ssh.service >/dev/null 2>&1 || true else - action=restart + invoke-rc.d ssh restart >/dev/null 2>&1 || true fi -invoke-rc.d ssh $action >/dev/null 2>&1 || true exit 0 -- 2.8.1Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 832557-close@bugs.debian.org
- Subject: Bug#832557: fixed in openssh 1:7.2p2-8
- From: Colin Watson <cjwatson@debian.org>
- Date: Fri, 29 Jul 2016 04:19:35 +0000
- Message-id: <E1bSzGp-0002zr-Pp@franck.debian.org>
Source: openssh Source-Version: 1:7.2p2-8 We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 832557@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwatson@debian.org> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 29 Jul 2016 02:51:32 +0100 Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source Version: 1:7.2p2-8 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 832155 832445 832557 Changes: openssh (1:7.2p2-8) unstable; urgency=medium . [ Colin Watson ] * Stop enabling ssh-session-cleanup.service by default; instead, ship it as an example and add a section to README.Debian. libpam-systemd >= 230 and "UsePAM yes" should take care of the original problem for most systemd users (thanks, Michael Biebl; closes: #832155). . [ Martin Pitt ] * Add debian/agent-launch: Helper script for conditionally starting the SSH agent in the user session. Use it in ssh-agent.user-session.upstart. * Add systemd user unit for graphical sessions that use systemd. Override the corresponding upstart job in that case (closes: #832445). * debian/openssh-server.if-up: Don't block on a finished reload of openssh.service, to avoid deadlocking with restarting networking. (closes: #832557, LP: #1584393) Checksums-Sha1: 20205f98e98ebf139f83cb2ea54d99879511387e 2884 openssh_7.2p2-8.dsc ed0db2274a92c43e7838792a78c9410e1830412e 155012 openssh_7.2p2-8.debian.tar.xz Checksums-Sha256: e778efe40936b501934e610e111366778127fc1517abf50533a0c16618a6c700 2884 openssh_7.2p2-8.dsc 12a769972a4dfb379203c966d8bc2b848246ee69c83abffa2875b91adafb1525 155012 openssh_7.2p2-8.debian.tar.xz Files: 7e3e0ca8818b3f61b5775b903fab9530 2884 net standard openssh_7.2p2-8.dsc 74cef7c835704e93c61eb234c59cc7d2 155012 net standard openssh_7.2p2-8.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iQIVAwUBV5q2vDk1h9l9hlALAQgs1w/+KvS29GvNVMJ/iH2/e6E9olGuNhXKA73x d9V98h4H5bowIhYOtD6mJFItqqXkVxB6ZoaoC00BQ8MiMHepabM0y3RfrtOZsp/b bDFqEHY5nJd6c/lvrCIFRuZ4pTrRKwNkv4fe4GZQLbcbdeMD86aGeq5qLPjEfXiy vobl2fwVdxIiW/IrldILc5Bv3qOZhLiSLO2C95wq+MI72ZCdXh5vs68Fxz23a4Qc 7Ay5lFPvMLvVK7Uq9uaewmImaKk6azFaFoCXWLAU+4g9nacf3wUYGXsjLRxBCVvY Oc2ZTKNJk9hRVoY3vzQz51Q2QX5Ayi6m2e36KqopQ4BoVY0vUKRY3DhHCt8rNnw7 szz2dCxWe3nFyM0HQRS931e2C/kl+a2auEViPmTUda0eOVSlFtWN5j70G8LN9V8D iHNHMXd9rgWV9zEpCT+iEBU4bAbgrpG1ap8L5tGCGLZD8LCjKqjWRNjJLA8opeJ3 EX3wk99AjvEmbnimv0l6HRvDREfi/VEJ6x2AciLen0S4tdzb5ktCriH2bJsp0PEA b+a6/AM+jPh6WxHERbUBrqiQdbac+NPYE8DrSoQYkGUqaop1fz5i/AFBwK/iryM7 85WNVOYgNkuKJb1fqdG0d1L/0sFS15e1mfGHX9S5JsJttUiMmpxJ5oCegwuZJALK wreR8Ji4eJw= =Jwxv -----END PGP SIGNATURE-----
--- End Message ---