From 54194afb99541cd4fc1bd005f7cd2b8bf1470a1b Mon Sep 17 00:00:00 2001 From: Alan Jenkins Date: Mon, 7 Aug 2017 17:23:41 +0100 Subject: [PATCH 1/5] getty-generator: shift relevant comment to above tty_is_vc() Comments typically go immediately above the code to implement the described behaviour. Putting it below confused me for a moment. --- src/getty-generator/getty-generator.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c index b15c76b5b8..a143b5413b 100644 --- a/src/getty-generator/getty-generator.c +++ b/src/getty-generator/getty-generator.c @@ -201,16 +201,16 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; } + /* We assume that gettys on virtual terminals are + * started via manual configuration and do this magic + * only for non-VC terminals. */ + if (isempty(tty) || tty_is_vc(tty)) continue; if (verify_tty(tty) < 0) continue; - /* We assume that gettys on virtual terminals are - * started via manual configuration and do this magic - * only for non-VC terminals. */ - if (add_serial_getty(tty) < 0) return EXIT_FAILURE; } From 8522ee7975fea189e7cdaec3ace6db6e3559128a Mon Sep 17 00:00:00 2001 From: Alan Jenkins Date: Mon, 7 Aug 2017 18:30:56 +0100 Subject: [PATCH 2/5] man/systemd-getty-generator fix/update * Containers don't use serial-getty@console.service, they use console-getty.service instead, and suppress scanning for kernel or virtualizer consoles. * Nowadays gettys are started on *all* configured kernel consoles. * except for the line printer console, because that's not a tty. (Seriously. Search CONFIG_LP_CONSOLE). --- man/systemd-getty-generator.xml | 14 ++++++++------ units/console-getty.service.m4.in | 2 +- units/container-getty@.service.m4.in | 3 ++- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/man/systemd-getty-generator.xml b/man/systemd-getty-generator.xml index 8bff3bb7f4..3058444467 100644 --- a/man/systemd-getty-generator.xml +++ b/man/systemd-getty-generator.xml @@ -55,12 +55,14 @@ systemd-getty-generator is a generator that automatically instantiates - serial-getty@.service on the kernel console - /dev/console if that is not directed to the - virtual console subsystem. It will also instantiate + serial-getty@.service on the kernel + console(s), if they can function as ttys and are not provided by + the virtual console subsystem. It will also instantiate serial-getty@.service instances for virtualizer consoles, if execution in a virtualized environment is - detected. Finally, it will instantiate + detected. If execution in a container environment is detected, it + will instead enable console-getty.service for + /dev/console, and container-getty@.service instances for additional container pseudo TTYs as requested by the container manager (see systemd-getty-generator implements systemd.generator7. - Further information about configuration of gettys you may - find in + Further information about configuration of gettys can be + found in systemd for Administrators, Part XVI: Gettys on Serial Consoles (and Elsewhere). diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in index d9d0cba4d9..ecf1db1102 100644 --- a/units/console-getty.service.m4.in +++ b/units/console-getty.service.m4.in @@ -7,7 +7,7 @@ [Unit] Description=Console Getty -Documentation=man:agetty(8) +Documentation=man:agetty(8) man:systemd-getty-generator(8) After=systemd-user-sessions.service plymouth-quit-wait.service ConditionPathExists=/dev/console m4_ifdef(`HAVE_SYSV_COMPAT', diff --git a/units/container-getty@.service.m4.in b/units/container-getty@.service.m4.in index fd0be86ba7..c11daab367 100644 --- a/units/container-getty@.service.m4.in +++ b/units/container-getty@.service.m4.in @@ -7,7 +7,8 @@ [Unit] Description=Container Getty on /dev/pts/%I -Documentation=man:agetty(8) man:machinectl(1) +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=man:machinectl(1) After=systemd-user-sessions.service plymouth-quit-wait.service m4_ifdef(`HAVE_SYSV_COMPAT', After=rc-local.service From 858beb391b9af1570f65ebd21b9e41af057550c2 Mon Sep 17 00:00:00 2001 From: Alan Jenkins Date: Wed, 9 Aug 2017 14:43:41 +0100 Subject: [PATCH 3/5] units/console-getty.service: comment reason for ConditionPathExists Currently we have 4 getty services. 1 has a BindsTo dependency on a device unit. 3 have ConditionPathExists, but the reason is different in every single one. * Add comment to console-getty@.service (see commit 1b41981d) * getty@.service is already commented * container-getty.service is not strictly correct, as I realized while trying to compose a comment. Reported as #6584. --- units/console-getty.service.m4.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in index ecf1db1102..8b6a4aba24 100644 --- a/units/console-getty.service.m4.in +++ b/units/console-getty.service.m4.in @@ -9,12 +9,14 @@ Description=Console Getty Documentation=man:agetty(8) man:systemd-getty-generator(8) After=systemd-user-sessions.service plymouth-quit-wait.service -ConditionPathExists=/dev/console m4_ifdef(`HAVE_SYSV_COMPAT', After=rc-local.service )m4_dnl Before=getty.target +# OCI containers may be run without a console +ConditionPathExists=/dev/console + [Service] # The '-o' option value tells agetty to replace 'login' arguments with an # option to preserve environment (-p), followed by '--' for safety, and then From d32465fb416f117021151e62977865b4bab1d05a Mon Sep 17 00:00:00 2001 From: Alan Jenkins Date: Mon, 7 Aug 2017 19:24:32 +0100 Subject: [PATCH 4/5] units: add Conflicts=rescue.service to container-getty@.service The traditional runlevel 1 is "single user mode", and shuts down all but the main console. In systemd, rescue.target provides runlevel1.target. But it did not shut down logins on secondary consoles... if systemd was running in a container. I don't think we strictly need to change this. But when you look at both container-getty@.service and getty@.service, you see that both have IgnoreOnIsolate, but only the latter has Conflicts=rescue.service. This also makes rescue.target in a container consistent with emergency.target. In the latter case, the gettys were already stopped, because they have a Requires dependency on sysinit.target. --- units/container-getty@.service.m4.in | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/units/container-getty@.service.m4.in b/units/container-getty@.service.m4.in index c11daab367..005d9e5c24 100644 --- a/units/container-getty@.service.m4.in +++ b/units/container-getty@.service.m4.in @@ -17,6 +17,11 @@ Before=getty.target IgnoreOnIsolate=yes ConditionPathExists=/dev/pts/%I +# IgnoreOnIsolate is an issue: when someone isolates rescue.target, +# tradition expects that we shut down all but the main console. +Conflicts=rescue.service +Before=rescue.service + [Service] # The '-o' option value tells agetty to replace 'login' arguments with an # option to preserve environment (-p), followed by '--' for safety, and then From ae805c89efc3100151a8ff6d5695204c0a9dd76d Mon Sep 17 00:00:00 2001 From: Alan Jenkins Date: Wed, 9 Aug 2017 18:56:26 +0100 Subject: [PATCH 5/5] units: console-getty.service: use the default RestartSec > Note that console-getty.service as more uses than just containers. The > idea is that it may be used as alternative to the whole VC/logind stuff, > if all you need is a console on /dev/console, even on physical devices. This means we want to remove RestartSec=0, for serial systems. See 4bf0432 "units/serial-getty@.service: use the default RestartSec". --- units/console-getty.service.m4.in | 1 - 1 file changed, 1 deletion(-) diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in index 8b6a4aba24..4b9165b70d 100644 --- a/units/console-getty.service.m4.in +++ b/units/console-getty.service.m4.in @@ -24,7 +24,6 @@ ConditionPathExists=/dev/console ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM Type=idle Restart=always -RestartSec=0 UtmpIdentifier=cons TTYPath=/dev/console TTYReset=yes