tracker
tracker copied to clipboard
turnkeylinux
container-getty service restarts every minute and spams the syslog in an endless loop
I've found the following issue in Fileserver with Proxmox LXC. The container-getty service restarts every minute and spams the syslog in an endless loop.
To reproduce:
- install
debian-12-turnkey-fileserver_18.0-1_amd64.tar.gzin Proxmox LXC - finish the initial config
- reboot the container
- wait a few minutes and check the syslog with
journalctl -e:
Mar 15 17:13:08 filetest systemd[1]: Started [email protected] - Container Getty on /dev/tty1.
Mar 15 17:13:08 filetest inithooks[4551]: [01empty] skipping
Mar 15 17:13:08 filetest inithooks[4552]: Inithook run completed, exiting.
Mar 15 17:14:08 filetest systemd[1]: [email protected]: Deactivated successfully.
Mar 15 17:14:08 filetest systemd[1]: [email protected]: Scheduled restart job, restart counter is at 102.
Mar 15 17:14:08 filetest systemd[1]: Stopped [email protected] - Container Getty on /dev/tty1.
Mar 15 17:14:08 filetest systemd[1]: Started [email protected] - Container Getty on /dev/tty1.
Mar 15 17:14:08 filetest inithooks[4587]: [01empty] skipping
Mar 15 17:14:08 filetest inithooks[4588]: Inithook run completed, exiting.
Mar 15 17:15:08 filetest systemd[1]: [email protected]: Deactivated successfully.
Mar 15 17:15:08 filetest systemd[1]: [email protected]: Scheduled restart job, restart counter is at 103.
Mar 15 17:15:08 filetest systemd[1]: Stopped [email protected] - Container Getty on /dev/tty1.
Mar 15 17:15:08 filetest systemd[1]: Started [email protected] - Container Getty on /dev/tty1.
Mar 15 17:15:08 filetest inithooks[4623]: [01empty] skipping
Mar 15 17:15:08 filetest inithooks[4624]: Inithook run completed, exiting.
Mar 15 17:16:08 filetest systemd[1]: [email protected]: Deactivated successfully.
Mar 15 17:16:08 filetest systemd[1]: [email protected]: Scheduled restart job, restart counter is at 104.
Mar 15 17:16:08 filetest systemd[1]: Stopped [email protected] - Container Getty on /dev/tty1.
Mar 15 17:16:08 filetest systemd[1]: Started [email protected] - Container Getty on /dev/tty1.
Mar 15 17:16:08 filetest inithooks[4659]: [01empty] skipping
Mar 15 17:16:08 filetest inithooks[4660]: Inithook run completed, exiting.
Mar 15 17:17:08 filetest systemd[1]: [email protected]: Deactivated successfully.
root@filetest ~# turnkey-version
turnkey-fileserver-18.0-bookworm-amd64
The systemd service definition is the following:
root@filetest ~# systemctl cat [email protected]
# /lib/systemd/system/[email protected]
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Container Getty on /dev/tty%I
Documentation=man:agetty(8) man:systemd-getty-generator(8)
Documentation=man:machinectl(1)
After=systemd-user-sessions.service plymouth-quit-wait.service
After=rc-local.service getty-pre.target
Before=getty.target
IgnoreOnIsolate=yes
ConditionPathExists=/dev/tty%I
# IgnoreOnIsolate is an issue: when someone isolates rescue.target,
# tradition expects that we shut down all but the main console.
Conflicts=rescue.service
Before=rescue.service
[Service]
# The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p),
# followed by '--' for safety, and then the entered username.
ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=tty%I
StandardInput=tty
StandardOutput=tty
TTYPath=/dev/tty%I
TTYReset=yes
TTYVHangup=yes
IgnoreSIGPIPE=no
SendSIGHUP=yes
# /etc/systemd/system/[email protected]/10-container-getty-tkl-login.conf
[Service]
EnvironmentFile=
EnvironmentFile=/etc/default/inithooks
ExecStart=
ExecStart=-/sbin/agetty -n -l /bin/bash -o "/usr/lib/inithooks/bin/login_script.sh" --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
The default agetty process is changed by the inithook from
-/sbin/agetty -o '-p -- \\u' --noclear - $TERM
to
-/sbin/agetty -n -l /bin/bash -o "/usr/lib/inithooks/bin/login_script.sh" --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
The service is defined with Restart=always so as soon as the process finishes, systemd restarts the service.
The login_script.sh calls the login program.
root@filetest ~# cat /usr/lib/inithooks/bin/login_script.sh
#!/bin/bash
. /etc/default/inithooks
${INITHOOKS_PATH}/run
clear
echo -en "\nDebian GNU/Linux $(lsb_release -rs) $(hostname) tty1\n\n"
login -p
The login waits for LOGIN_TIMEOUT seconds defined in /etc/login.defs.
#
# Max time in seconds for login
#
LOGIN_TIMEOUT 60
After 60 seconds, the login process exits, and the sytemd restarts the service. And it is happening forever while the container is running.
As a workaround, I've set the LOGIN_TIMEOUT to 0.
This way the login process keeps running indefinitely until someone actually logs in.
I'm not sure if this is the right solution, but it helped for me to keep the syslog clean.
Thanks for reporting csadam, I thought I'd already fixed this issue... apparently not!
Ok, I'm hoping this was actually a duplicate of this issue: https://github.com/turnkeylinux/tracker/issues/2000
That was fixed a while back, but the PR was only just merged and the packages havn't been rebuilt.
I've checked that issue. That fix is necessary, but as you wrote in your comment, it does not solve the root problem that the container-getty service is restaring every minute. That fix wont solve the syslog spamming issue. The deactivated-stopped-started messages for the container-getty will be still there after that fix.
Ah yes you're absolutely right. And this issue is very clearly about getty, not the inithooks. My apologies.
And you're right regardless the actual issue needs to be fixed.
Edit:
What I don't understand is why confconsole isn't stopping login from running, therefor stopping login from getting to timeout and exiting causing getty to restart.
My guess is that something has been changed in the inithooks run file.
Hello!
I have the same issue on my Fileserver container (turnkey-fileserver-18.0-bookworm-amd64) and also on my Nextcloud container (turnkey-nextcloud-18.1-bookworm-amd64)
Is there any update?
Or maybe a temporary fix we can apply to prevent the restarting of container-getty service every minute?
I noticed the workaround from @csadam to set the LOGIN_TIMEOUT to 0, but I am not sure it is a correct fix.
Thank you!
Apologies for the slow response, not sure why I didn't see a notification for this.
Unfortunately no, there is no other mitigation / update yet.
But I've got a bit of time so I'm going to have another look at this.
I installed webmin in Proxmox LXC, and have same issuse. Website respone slowly. So, I must restart apache2 service.
@hattori611 I think your issue is different. This bug is mostly about log spam, shouldn't effect webmin or apache.
For the time being I'm going to officially accept the original workaround posted. I'm not having much luck trying to implement what I would consider the ideal solution: just restore default getty behaviour and only interrupt it for inithooks once per boot.
And I also believe the security considerations of disabling the login timeout on a container is minimal. If anyone disagrees with this, please feel free to share your thoughts.
Workaround:
set LOGIN_TIMEOUT to 0 in /etc/login.defs
Also having this issue on turnkey-torrentserver-18.0-bookworm-amd64. Thanks for posting the workaround.
