自宅環境でDNSキャッシュサーバとしてUnboundを動作させているのですが、InterfaceでIPアドレスを指定していると、[Unit]句においてAfterでnetwork.targetを指定していても、ネットワークインターフェースがLinkup仕切る前に、サービスが起動しようとするため、
# systemctl status unbound.service -l
unbound.service - Unbound is a validating, recursive, and caching DNS(SEC) resolver.
Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled)
Active: failed (Result: start-limit) since Sat 2014-07-26 04:45:28 JST; 37s ago
Process: 629 ExecStart=/usr/local/sbin/unbound (code=exited, status=1/FAILURE)
Jul 26 04:45:28 dns1.kometch.local unbound[629]: Jul 26 04:45:28 unbound[629:0] fatal error: could not open portsというエラーが出る始末でした。AfterやBefore、Wants、Requiresなどの依存関係の問題かと思っていたのですが、解決の糸口が見つからず頭を抱えていました。
が、さらに調べてみるとどうやらデフォルトで機能していないものがあることが分かりました。
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
そのものズバリの情報は以下に有りました。
Concepts in systemd
In systemd, three target units take the role of $network:
network.target has very little meaning during start-up. It only indicates that the network management stack is up after it has been reached. Whether any network interfaces are already configured when it is reached is undefined. It’s primary purpose is for ordering things properly at shutdown: since the shutdown ordering of units in systemd is the reverse of the startup ordering, any unit that is order After=network.target can be sure that it is stopped before the network is shut down if the system is powered off. This allows services to cleanly terminate connections before going down, instead of abruptly losing connectivity for ongoing connections, leaving them in an undefined state. Note that network.target is a passive unit: you cannot start it directly and it is not pulled in by any services that want to make use of the network. Instead, it is pulled in by the network management service itself. Services using the network should hence simply place an After=network.target dependency in their unit files, and avoid any Wants=network.target or even Requires=network.target.
network-online.target is a target that actively waits until the nework is “up”, where the definition of “up” is defined by the network management software. Usually it indicates a configured, routable IP address of some kind. It’s primary purpose is to actively delay activation of services until the network is set up. It is an active target, meaning that is may be pulled in by the services requiring the network to be up, but is not pulled in by the network management service itself. By default all remote mounts defined in /etc/fstab pull this service in, in order to make sure the network is up before it is attempted to connect to a network share. Note that normally, if no service requires it, and if not remote mount point is configured this target is not pulled into the boot, thus avoiding any delays during boot should the network not be available. It is strongly recommended not to pull in this target too liberally: for example network server software should generally not pull this in (since server software generally is happy to accept local connections even before any routable network interface is up), it’s primary purpose is network client software that cannot operate without network.
network-pre.target is a target that may be used to order services before any network interface is configured. It’s primary purpose is for usage with firewall services that want to establish a firewall before any network interface is up. It’s a passive unit: you cannot start it directly and it is not pulled in by the the network management service, but by the service that wants to run before it. Network management services hence should set After=network-pre.target, but avoid any Wants=network-pre.target or even Requires=network-pre.target. Services that want to be run before the network is configured should place Before=network-pre.target and also set Wants=network-pre.target to pull it in. This way, unless there’s actually a service that needs to be ordered before the network is up the target is not pulled in, hence avoiding any unnecessary synchronization point.
Well, that depends on your setup and the services you plan to run after it (see above). Many network management solutions provide a way to unconditionally pull in network-online.target, and thus upgrading the effect of network.target to the effect of network-online.target.
If you use NetworkManager you can do this by enabling
NetworkManager-wait-online.service:systemctl enable NetworkManager-wait-online.serviceIf you use systemd-networkd you can do this by enabling
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/systemd-networkd-wait-online.service:systemctl enable systemd-networkd-wait-online.service
私の環境の場合は、Network-Managerを使用している環境だったので上記の、
systemctl enable NetworkManager-wait-online.serviceを実行してみることにしました。
これで再起動を実施してみたところ、今度はLinkupを待ってサービスが起動してくるようになりました。
# systemctl status unbound.service -l
unbound.service - Unbound is a validating, recursive, and caching DNS(SEC) resolver.
Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled)
Active: active (running) since Sat 2014-07-26 04:53:01 JST; 2min 44s ago
Process: 861 ExecStart=/usr/local/sbin/unbound (code=exited, status=0/SUCCESS)
Main PID: 870 (unbound)
CGroup: /system.slice/unbound.service
mq870 /usr/local/sbin/unbound
Jul 26 04:53:01 dns1.kometch.local systemd[1]: Started Unbound is a validating, recursive, and caching DNS(SEC) resolver..またNSD4においても、同様の効果が見られたので、ネットワークのLinkupに依存したサービスを自動起動する場合は、「NetworkManager-wait-online.service」または「systemd-networkd-wait-online.service」を有効にしておきましょう。
NSD4の場合:
# systemctl status nsd4.service
nsd4.service - NSD is a complete implementation of an authoritative DNS name server
Loaded: loaded (/usr/lib/systemd/system/nsd4.service; enabled)
Active: active (running) since Sat 2014-07-26 04:53:01 JST; 36min ago
Process: 862 ExecStart=/usr/local/sbin/nsd (code=exited, status=0/SUCCESS)
Main PID: 878 (nsd)
CGroup: /system.slice/nsd4.service
tq 878 /usr/local/sbin/nsd
tq2481 /usr/local/sbin/nsd
mq2482 /usr/local/sbin/nsd
Jul 26 04:53:01 dns1.kometch.local systemd[1]: Starting NSD is a complete implementati.....
Jul 26 04:53:01 dns1.kometch.local systemd[1]: Started NSD is a complete implementatio...r.
Hint: Some lines were ellipsized, use -l to show in full.これでInterfaceの指定を0.0.0.0または::0にしなくても良くなりました。
この件については自信がないので、間違っているところがあればご指摘いただけると助かります。
以下のWebサイトも参考にさせていただきました。
 | Fedora Linux Servers with Systemd Richard Leland PetersenSurfing Turtle Press 売り上げランキング : 2473431Amazonで詳しく見る by AZlink |
 | Linux Administration: A Beginners Guide, Sixth Edition (Network Pro Library) Wale SoyinkaMcGraw-Hill Osborne Media 売り上げランキング : 93711Amazonで詳しく見る by AZlink |
