Unexpected behaviour when using service.dead with enable: false #52949
Description
Description of Issue/Question
We want to stop and disable service apache2 at the end of a formula. Because it is a SysV service, disabling it is made by removing links from /etc/rc*.d to work as designed. But this behaviour leads to a problem : when apache2 is upgraded (security upgrade), pakage upgrade see that /etc/rc*.d links are not there anymore and recreates them with links to start the service on next reboot which is not what we want, as we want it to still be disabled. Why not using the "disabling" feature instead of "removing" in the code of systemd.py :
def disable(name, **kwargs): # pylint: disable=unused-argument
'''
.. versionchanged:: 2015.8.12,2016.3.3,2016.11.0
On minions running systemd>=205, `systemd-run(1)`_ is now used to
isolate commands run by this function from the ``salt-minion`` daemon's
control group. This is done to avoid a race condition in cases where
the ``salt-minion`` service is restarted while a service is being
modified. If desired, usage of `systemd-run(1)`_ can be suppressed by
setting a :mod:`config option <salt.modules.config.get>` called
``systemd.scope``, with a value of ``False`` (no quotes).
.. _`systemd-run(1)`: https://www.freedesktop.org/software/systemd/man/systemd-run.html
Disable the named service to not start when the system boots
CLI Example:
.. code-block:: bash
salt '*' service.disable <service name>
'''
_check_for_unit_changes(name)
if name in _get_sysv_services():
cmd = []
if salt.utils.systemd.has_scope(__context__) \
and __salt__['config.get']('systemd.scope', True):
cmd.extend(['systemd-run', '--scope'])
service_exec = _get_service_exec()
if service_exec.endswith('/update-rc.d'):
cmd.extend([service_exec, '-f', name, 'remove']) <- HERE
elif service_exec.endswith('/chkconfig'):
cmd.extend([service_exec, name, 'off'])
return __salt__['cmd.retcode'](cmd,
python_shell=False,
ignore_retcode=True) == 0
return __salt__['cmd.retcode'](
_systemctl_cmd('disable', name, systemd_scope=True),
python_shell=False,
ignore_retcode=True) == 0
https://github.com/saltstack/salt/issues/1103
Setup
(Please provide relevant configs and/or SLS files (Be sure to remove sensitive info).)
Create a SLS file like:
apache2:
service.dead:
- enable: False
Apply SLS and check /etc/rc*.d links
Steps to Reproduce Issue
(Include debug logs if possible and relevant.)
Install and enable apache2 leads to have this links created :
[root@uzhteulr01 ~]# ls -ali /etc/rc*.d/*apache* | grep -v cache
5662 lrwxrwxrwx 1 root root 17 May 7 17:49 /etc/rc0.d/K01apache2 -> ../init.d/apache2
7592 lrwxrwxrwx 1 root root 17 May 7 17:49 /etc/rc1.d/K01apache2 -> ../init.d/apache2
6435 lrwxrwxrwx 1 root root 17 May 9 11:12 /etc/rc2.d/S03apache2 -> ../init.d/apache2
7595 lrwxrwxrwx 1 root root 17 May 9 11:12 /etc/rc3.d/S03apache2 -> ../init.d/apache2
7597 lrwxrwxrwx 1 root root 17 May 9 11:12 /etc/rc4.d/S03apache2 -> ../init.d/apache2
7600 lrwxrwxrwx 1 root root 17 May 9 11:12 /etc/rc5.d/S03apache2 -> ../init.d/apache2
7653 lrwxrwxrwx 1 root root 17 May 7 17:49 /etc/rc6.d/K01apache2 -> ../init.d/apache2
Here is a the SLS file :
[root@uzhteulr01 ~]# salt-call state.show_sls tom saltenv=dev
local:
----------
apache2:
----------
service:
|_
----------
enable:
False
- dead
|_
----------
order:
10000
__sls__:
tom
__env__:
dev
Apply it :
[root@uzhteulr01 ~]# salt-call state.sls tom saltenv=dev
local:
----------
ID: apache2
Function: service.dead
Result: True
Comment: Service apache2 has been disabled, and is in the desired state
Started: 11:13:41.202388
Duration: 320.024 ms
Changes:
----------
apache2:
True
Summary for local
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 320.024 ms
This leads to have links removed :
[root@uzhteulr01 ~]# ls -ali /etc/rc*.d/*apache* | grep -v cache
[root@uzhteulr01 ~]#
Upgrade apache2 package make links recreated to start service :
[root@uzhteulr01 ~]# apt install --only-upgrade apache2 apache2-bin apache2-data apache2-utils
Reading package lists... Done
Building dependency tree
Reading state information... Done
apache2-utils is already the newest version (2.4.18-2ubuntu3.10).
Suggested packages:
www-browser apache2-doc apache2-suexec-pristine | apache2-suexec-custom ufw
The following packages will be upgraded:
apache2 apache2-bin apache2-data
3 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
Need to get 1,174 kB of archives.
After this operation, 21.5 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
... SNIPPED INSTALL LINES ....
Setting up apache2-bin (2.4.18-2ubuntu3.10) ...
Setting up apache2-data (2.4.18-2ubuntu3.10) ...
Setting up apache2 (2.4.18-2ubuntu3.10) ...
[root@uzhteulr01 ~]# ls -ali /etc/rc*.d/*apache* | grep -v cache
15044 lrwxrwxrwx 1 root root 17 May 9 11:23 /etc/rc0.d/K01apache2 -> ../init.d/apache2
15046 lrwxrwxrwx 1 root root 17 May 9 11:23 /etc/rc1.d/K01apache2 -> ../init.d/apache2
15049 lrwxrwxrwx 1 root root 17 May 9 11:23 /etc/rc2.d/S03apache2 -> ../init.d/apache2
15051 lrwxrwxrwx 1 root root 17 May 9 11:23 /etc/rc3.d/S03apache2 -> ../init.d/apache2
15053 lrwxrwxrwx 1 root root 17 May 9 11:23 /etc/rc4.d/S03apache2 -> ../init.d/apache2
15054 lrwxrwxrwx 1 root root 17 May 9 11:23 /etc/rc5.d/S03apache2 -> ../init.d/apache2
15055 lrwxrwxrwx 1 root root 17 May 9 11:23 /etc/rc6.d/K01apache2 -> ../init.d/apache2
Versions Report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)
[root@uzhteulr01 ~]# salt-call --version
salt-call 2018.3.4 (Oxygen)