View Issue Details

IDProjectCategoryView StatusLast Update
0016935CentOS-8systemdpublic2020-01-16 15:19
Reportermabarkdoll 
PrioritynormalSeverityminorReproducibilitysometimes
Status newResolutionopen 
Product Version8.1.1911 
Target VersionFixed in Version 
Summary0016935: tangd.socket fails to properly start on reboot
DescriptionAfter install tang and starting the service on the default port 80 or a custom port e.g., 7500 everything works. However, upon reboot even with `systemctl enable tangd.socket` the service fails to start on just about every reboot unless I manually start the service with something like `systemctl start tangd.socket`
Steps To Reproduceyum -y install tang
systemctl enable tangd.socket --now
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
systemctl enable tangd.socket

Reboot and sometimes (rarely) tangd.socket will be available on port 80 or even a custom port if I go with that configuration. Most the time I have to manually start it `systemctl start tangd.socket`.

`systemctl list-sockets --all` doesn't show a service that tangd.socket activates?


I've also tried the steps outline at:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#deploying-a-tang-server-with-selinux-in-enforcing-mode_configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption

For deploying tang server and I have the same behavior on CentOS 8.1 or RHEL 8.1. The service doesn't start at boot.
Additional Information$ systemctl status tangd.socket
● tangd.socket - Tang Server socket
   Loaded: loaded (/usr/lib/systemd/system/tangd.socket; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/tangd.socket.d
           └─override.conf
   Active: inactive (dead)
   Listen: [::]:7500 (Stream)
 Accepted: 0; Connected: 0;

$ # systemctl list-sockets --all
LISTEN UNIT ACTIVATES
/run/dbus/system_bus_socket dbus.socket dbus.service
/run/dmeventd-client dm-event.socket dm-event.service
/run/dmeventd-server dm-event.socket dm-event.service
/run/initctl systemd-initctl.socket systemd-initctl.service
/run/lvm/lvmpolld.socket lvm2-lvmpolld.socket lvm2-lvmpolld.service
/run/systemd/coredump systemd-coredump.socket systemd-coredump@0.service
/run/systemd/journal/dev-log systemd-journald-dev-log.socket systemd-journald.service
/run/systemd/journal/socket systemd-journald.socket systemd-journald.service
/run/systemd/journal/stdout systemd-journald.socket systemd-journald.service
/run/systemd/journal/syslog syslog.socket rsyslog.service
/run/udev/control systemd-udevd-control.socket systemd-udevd.service
/var/run/.heim_org.h5l.kcm-socket sssd-kcm.socket sssd-kcm.service
@/org/kernel/linux/storage/multipathd multipathd.socket multipathd.service
@ISCSIADM_ABSTRACT_NAMESPACE iscsid.socket iscsid.service
@ISCSID_UIP_ABSTRACT_NAMESPACE iscsiuio.socket iscsiuio.service
[::]:7500 tangd.socket
audit 1 systemd-journald-audit.socket systemd-journald.service
kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service

18 sockets listed.

$ cat /usr/lib/systemd/system/tangd.socket
[Unit]
Description=Tang Server socket
Requires=tangd-keygen.service
Requires=tangd-update.service
Requires=tangd-update.path
After=tangd-keygen.service
After=tangd-update.service
After=network-online.target

[Socket]
ListenStream=80
Accept=true

[Install]
WantedBy=multi-user.target

$ cat /usr/lib/systemd/system/tangd@.service

[Unit]
Description=Tang Server


[Service]
StandardInput=socket
StandardOutput=socket
StandardError=journal
ExecStart=/usr/libexec/tangd /var/cache/tang
User=tang
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-01-16 15:19 mabarkdoll New Issue