From e8388f8574679ea0dce73934b9b97d2efe76e886 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Wed, 8 Sep 2021 21:02:28 +0200 Subject: [PATCH] nixos/switch-to-configuration: Allow activation scripts to restart units The primary use case is tools like sops-nix and agenix to restart units when secrets change. There's probably other reasons to restart units as well and a nice thing to have in general. --- .../activation/switch-to-configuration.pl | 36 ++++++++- nixos/tests/all-tests.nix | 1 + nixos/tests/restart-by-activation-script.nix | 73 +++++++++++++++++++ 3 files changed, 106 insertions(+), 4 deletions(-) create mode 100644 nixos/tests/restart-by-activation-script.nix diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl index b7a062755296..053496441d81 100644 --- a/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixos/modules/system/activation/switch-to-configuration.pl @@ -2,6 +2,7 @@ use strict; use warnings; +use File::Path qw(make_path); use File::Basename; use File::Slurp; use Net::DBus; @@ -14,9 +15,17 @@ my $out = "@out@"; my $curSystemd = abs_path("/run/current-system/sw/bin"); # To be robust against interruption, record what units need to be started etc. -my $startListFile = "/run/systemd/start-list"; -my $restartListFile = "/run/systemd/restart-list"; -my $reloadListFile = "/run/systemd/reload-list"; +my $startListFile = "/run/nixos/start-list"; +my $restartListFile = "/run/nixos/restart-list"; +my $reloadListFile = "/run/nixos/reload-list"; + +# Parse restart/reload requests by the activation script +my $restartByActivationFile = "/run/nixos/activation-restart-list"; +my $reloadByActivationFile = "/run/nixos/activation-reload-list"; +my $dryRestartByActivationFile = "/run/nixos/dry-activation-restart-list"; +my $dryReloadByActivationFile = "/run/nixos/dry-activation-reload-list"; + +make_path("/run/nixos", { mode => 0755 }); my $action = shift @ARGV; @@ -150,7 +159,7 @@ $unitsToRestart{$_} = 1 foreach split('\n', read_file($restartListFile, err_mode => 'quiet') // ""); $unitsToReload{$_} = 1 foreach - split '\n', read_file($reloadListFile, err_mode => 'quiet') // ""; + split('\n', read_file($reloadListFile, err_mode => 'quiet') // ""); my $activePrev = getActiveUnits; while (my ($unit, $state) = each %{$activePrev}) { @@ -366,6 +375,12 @@ if ($action eq "dry-activate") { print STDERR "would activate the configuration...\n"; system("$out/dry-activate", "$out"); + $unitsToRestart{$_} = 1 foreach + split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // ""); + + $unitsToReload{$_} = 1 foreach + split('\n', read_file($dryReloadByActivationFile, err_mode => 'quiet') // ""); + print STDERR "would restart systemd\n" if $restartSystemd; print STDERR "would restart the following units: ", join(", ", sort(keys %unitsToRestart)), "\n" if scalar(keys %unitsToRestart) > 0; @@ -373,6 +388,8 @@ if ($action eq "dry-activate") { if scalar @unitsToStartFiltered; print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n" if scalar(keys %unitsToReload) > 0; + unlink($dryRestartByActivationFile); + unlink($dryReloadByActivationFile); exit 0; } @@ -395,6 +412,15 @@ my $res = 0; print STDERR "activating the configuration...\n"; system("$out/activate", "$out") == 0 or $res = 2; +# Handle the activation script requesting the restart or reload of a unit. +# We can only restart and reload (not stop/start) because the units to be +# stopped are already stopped before the activation script is run. +$unitsToRestart{$_} = 1 foreach + split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // ""); + +$unitsToReload{$_} = 1 foreach + split('\n', read_file($reloadByActivationFile, err_mode => 'quiet') // ""); + # Restart systemd if necessary. Note that this is done using the # current version of systemd, just in case the new one has trouble # communicating with the running pid 1. @@ -434,6 +460,7 @@ if (scalar(keys %unitsToReload) > 0) { print STDERR "reloading the following units: ", join(", ", sort(keys %unitsToReload)), "\n"; system("@systemd@/bin/systemctl", "reload", "--", sort(keys %unitsToReload)) == 0 or $res = 4; unlink($reloadListFile); + unlink($reloadByActivationFile); } # Restart changed services (those that have to be restarted rather @@ -442,6 +469,7 @@ if (scalar(keys %unitsToRestart) > 0) { print STDERR "restarting the following units: ", join(", ", sort(keys %unitsToRestart)), "\n"; system("@systemd@/bin/systemctl", "restart", "--", sort(keys %unitsToRestart)) == 0 or $res = 4; unlink($restartListFile); + unlink($restartByActivationFile); } # Start all active targets, as well as changed units we stopped above. diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 6baa986b2bda..6ce0bdc05a79 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -379,6 +379,7 @@ in radicale = handleTest ./radicale.nix {}; redis = handleTest ./redis.nix {}; redmine = handleTest ./redmine.nix {}; + restartByActivationScript = handleTest ./restart-by-activation-script.nix {}; restic = handleTest ./restic.nix {}; robustirc-bridge = handleTest ./robustirc-bridge.nix {}; roundcube = handleTest ./roundcube.nix {}; diff --git a/nixos/tests/restart-by-activation-script.nix b/nixos/tests/restart-by-activation-script.nix new file mode 100644 index 000000000000..0eec292ea9e2 --- /dev/null +++ b/nixos/tests/restart-by-activation-script.nix @@ -0,0 +1,73 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "restart-by-activation-script"; + meta = with pkgs.lib.maintainers; { + maintainers = [ das_j ]; + }; + + machine = { pkgs, ... }: { + imports = [ ../modules/profiles/minimal.nix ]; + + systemd.services.restart-me = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + }; + }; + + systemd.services.reload-me = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = rec { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + ExecReload = ExecStart; + }; + }; + + system.activationScripts.test = { + supportsDryActivation = true; + text = '' + if [ -e /test-the-activation-script ]; then + if [ "$NIXOS_ACTION" != dry-activate ]; then + touch /activation-was-run + echo restart-me.service > /run/nixos/activation-restart-list + echo reload-me.service > /run/nixos/activation-reload-list + else + echo restart-me.service > /run/nixos/dry-activation-restart-list + echo reload-me.service > /run/nixos/dry-activation-reload-list + fi + fi + ''; + }; + }; + + testScript = /* python */ '' + machine.wait_for_unit("multi-user.target") + + with subtest("nothing happens when the activation script does nothing"): + out = machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate 2>&1") + assert 'restart' not in out + assert 'reload' not in out + out = machine.succeed("/run/current-system/bin/switch-to-configuration test") + assert 'restart' not in out + assert 'reload' not in out + + machine.succeed("touch /test-the-activation-script") + + with subtest("dry activation"): + out = machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate 2>&1") + assert 'would restart the following units: restart-me.service' in out + assert 'would reload the following units: reload-me.service' in out + machine.fail("test -f /run/nixos/dry-activation-restart-list") + machine.fail("test -f /run/nixos/dry-activation-reload-list") + + with subtest("real activation"): + out = machine.succeed("/run/current-system/bin/switch-to-configuration test 2>&1") + assert 'restarting the following units: restart-me.service' in out + assert 'reloading the following units: reload-me.service' in out + machine.fail("test -f /run/nixos/activation-restart-list") + machine.fail("test -f /run/nixos/activation-reload-list") + ''; +})