Systemd: how to start a service after another, started by timer, finishes

debian-stretchsystemd

The goal

On Debian Stretch, we want to download any updates and install them immediately because we monitor the number of pending upgrades and currently get notifications for routine conditions.

Standard stretch

Standard stretch downloads updates and installs them using:

apt-daily.service
apt-daily.timer
apt-daily-upgrade.service
apt-daily-upgrade.timer

The timers run independently at random daily times so there can be almost 24 hours between download and installation.

Research and attempts

apt-daily-upgrade.service modification

Based on https://superuser.com/questions/1250874/trigger-another-systemd-unit-to-start-before-timer-unit-starts, I disabled apt-daily-upgrade.timer and modified apt-daily-upgrade.service, adding "Wants=apt-daily.service"

Did run systemctl daemon-reload after the change.

24+ hours later /var/log/unattended-upgrades/unattended-upgrades.log did not show unattended-upgrades had been run.

apt-daily.service modification

Based on Chaining custom systemd services, I understood apt-daily.service needs to be configured to start apt-daily-upgrade.service rather than apt-daily-upgrade.service being configured to start after apt-daily.service.

Backed out the apt-daily-upgrade.service modification and created /etc/systemd/system/apt-daily.service with addition "Before=apt-daily-upgrade.service":

[Unit]
Description=Daily apt download activities
Documentation=man:apt(8)
ConditionACPower=true
After=network-online.target
Wants=network-online.target
Before=apt-daily-upgrade.service

[Service]
Type=oneshot
ExecStart=/usr/lib/apt/apt.systemd.daily update

Did run systemctl daemon-reload after the change.

24+ hours later /var/log/unattended-upgrades/unattended-upgrades.log did not show unattended-upgrades had been run.

The systemd journal showed "Daily apt download activities" messages, believed to show that apt-daily.service had been run:

# journalctl | grep 'apt download activities'
Apr 08 16:10:05 web2.iciti.av systemd[1]: Starting Daily apt download activities...
Apr 08 16:10:08 web2.iciti.av systemd[1]: Started Daily apt download activities.
...

Conclusion

How can we effect our goal, ideally within the systemd framework?

Best Answer

Thanks user228505, that worked.

/etc/systemd/system/apt-daily.service was changed to

[Unit]
Description=Daily apt download activities
Documentation=man:apt(8)
ConditionACPower=true
After=network-online.target
Wants=network-online.target
Before=apt-daily-upgrade.service
Wants=apt-daily-upgrade.service

[Service]
Type=oneshot
ExecStart=/usr/lib/apt/apt.systemd.daily update

We needed that to run apt-daily-upgrade.service after apt-daily.service had finished (to download all packages before running unattended upgrades).

Adding APT::Periodic::Verbose "3" to /etc/apt/apt.conf.d/02periodic showed it was doing what we wanted.

Apparently the systemd message "Started Daily apt download activities" means "Finished Daily apt download activities" because /usr/lib/apt/apt.systemd.daily does not return until it has finished (unlike most service commands which return when they daemonize).

Related Solutions

Systemd – How to Set Environment Variable in Service

Times change and so do best practices.

The current best way to do this is to run systemctl edit myservice, which will create an override file for you or let you edit an existing one.

In normal installations this will create a directory /etc/systemd/system/myservice.service.d, and inside that directory create a file whose name ends in .conf (typically, override.conf), and in this file you can add to or override any part of the unit shipped by the distribution.

For instance, in a file /etc/systemd/system/myservice.service.d/myenv.conf:

[Service]
Environment="SECRET=pGNqduRFkB4K9C2vijOmUDa2kPtUhArN"
Environment="ANOTHER_SECRET=JP8YLOc2bsNlrGuD6LVTq7L36obpjzxd"

Also note that if the directory exists and is empty, your service will be disabled! If you don't intend to put something in the directory, ensure that it does not exist.

For reference, the old way was:

The recommended way to do this is to create a file /etc/sysconfig/myservice which contains your variables, and then load them with EnvironmentFile.

For complete details, see Fedora's documentation on how to write a systemd script.

Find the location of a systemd unit file service

For units that are defined in actual, static files, this can be seen in systemctl status:

$ systemctl status halt-local.service
● halt-local.service - /usr/sbin/halt.local Compatibility
   Loaded: loaded (/lib/systemd/system/halt-local.service; static)
   Active: inactive (dead)

But there are units that are not defined by files, e.g. with systemd-cron installed. These have no useful location listed with status:

$ systemctl status cron-jojo-0.timer
● cron-jojo-0.timer - [Cron] "*/10 * * * * ..."
   Loaded: loaded (/var/spool/cron/crontabs/jojo)
   Active: active (waiting) since Mon 2015-05-18 14:53:01 UTC; 9min ago

In either case, though, the FragmentPath field is educating:

$ systemctl show -p FragmentPath cron-daily.service
FragmentPath=/lib/systemd/system/cron-daily.service
$ systemctl show -p FragmentPath cron-jojo-0.service
FragmentPath=/run/systemd/generator/cron-jojo-0.service
$ systemctl show -p FragmentPath halt-local.service
FragmentPath=/lib/systemd/system/halt-local.service