Linux Systemd – How to Fix StartLimitIntervalSec and StartLimitBurst Issues

linuxsystemd

I tried to restrict the number of a service (in a container) restart. The OS version is centos-release-7-5, the service file is pretty much as below (removed some parameters for reading convenience). It should be pretty straight forward as some other posts pointed out (Post of Server Fault restart limit 1 , Post of Stack Overflow restart limit 2 ). Yet StartLimitBurst and StartLimitIntervalSec never works for me.

I tested with several ways: (1) I check the service PID, kill the service with "kill -9 ****" several times. The service always gets restarted after 20s! (2) I also tried to mess up the service file, make the container never runs. Still, it doesn't work, the service file just keep restarting.

Any idea?

[Unit]
Description=Hello Fluentd
After=docker.service
Requires=docker.service
StartLimitBurst=2
StartLimitIntervalSec=150s

[Service]
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker stop "fluentd"
ExecStartPre=-/usr/bin/docker rm -f "fluentd"
ExecStart=/usr/bin/docker run fluentd
ExecStop=/usr/bin/docker stop "fluentd"
Restart=always
RestartSec=20s
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

Best Answer

StartLimitIntervalSec= was added as part of systemd v230. In systemd v229 and below, you can only use StartLimitInterval=. You will also need to put StartLimitInterval= and StartLimitBurst= in the [Service] section - not the [Unit] section.

To check your systemd version on CentOS, run rpm -q systemd.

If you ever upgrade to systemd v230 or above, the old names in the [Service] section will continue to work.

Source: https://lists.freedesktop.org/archives/systemd-devel/2017-July/039255.html

You can have this problem without seeing any error at all, because systemd ignores unknown directives. systemd assumes that many newer directives can be ignored and still allow the service to run.

It is possible to manually check a unit file for unknown directives. At least it seems to work on recent systemd:

$ systemd-analyze verify foo.service
/etc/systemd/system/foo.service:9: Unknown lvalue 'FancyNewOption' in section 'Service'

Service units:

A unit configuration file whose name ends in .service encodes
information about a process controlled and supervised by systemd.

— systemd.service(5)

Systemd service units are the units that actually execute and keep track of programs and daemons, and dependencies are used to make sure that services are started in the right order. They are the most commonly used type of units.

Socket units:

A unit configuration file whose name ends in ".socket" encodes
information about an IPC or network socket or a file system FIFO
controlled and supervised by systemd, for socket-based activation.

— systemd.socket(5)

Socket units on the other hand don't actually start daemons on their own. Instead, they just sit there and listen on an IP address and a port, or a UNIX domain socket, and when something connects to it, the daemon that the socket is for is started and the connection is handed to it.

This is useful for making sure that big daemons that take up a lot of resources but are rarely used aren't running and taking up resources all the time, but instead they are only started when needed.

Target units:

A unit configuration file whose name ends in ".target" encodes
information about a target unit of systemd, which is used for grouping
units and as well-known synchronization points during start-up.

— systemd.target(5)

Targets are used for grouping and ordering units. They are somewhat of a rough equivalent to runlevels in that at different targets, different services, sockets, and other units are started. Unlike runlevels, they are much more free-form and you can easily make your own targets for ordering units, and targets have dependencies among themselves.

For instance, multi-user.target is what most daemons are grouped under, and it requires basic.target to be activated, which means that all services grouped under basic.target will be started before the ones in multi-user.target.

Linux – Running a program as a service or directly, what’s the difference

You cannot use systemctl If your PID 1 is not systemd. You can find your PID 1 with ps -q 1.

Being able to start and stop services the normal way is one advantage mentioned in this article about Running systemd in a non-privileged container. Others are logging or tracking of child processes as described in Andrei's answer.

Best Answer

Related Solutions

Systemd Guide – Understanding Targets, Services, and Sockets

Service units:

Socket units:

Target units:

Linux – Running a program as a service or directly, what’s the difference

Related Question