Re: Bug#904558: What should happen when maintscripts fail to restart a service

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Bug#904558: What should happen when maintscripts fail to restart a service

Margarita Manterola-4
Apologies for the long delay.

We discussed this issue in several TC meetings without being able to
make
real progress.

After several rounds of discussions we came to the conclusion that the
reason why we can't make progress is that we always end up hitting the
wall
of "The Technical Committee does not engage in design of new proposals
and
policies". While we recognize that this is a problem worth fixing, this
is
not something that we can fix as a body and need the help of the
Developers
to do it.

On the one hand, maintainers want to be able to notify sysadmins when
things don't go as expected. On the other hand, sysadmins don't want
their
systems to be left in weird/broken states because one single thing
didn't
go as expected.

A failing maintscript is a horrible way of notifying sysadmins, but it's
the only one available up to now and so package maintainers use it when
they think the failure is critical enough.

So, the TC declines to rule on what should maintscripts do when failing
to
(re)start a service (or otherwise encountering a similarly serious
problem).

Instead, we recommend that a work group of developers is formed, to
create
a better mechanism of notification that can be used to let sysadmins
know
when things don't go as expected on their systems, without leaving the
machines in weird/broken states. Given that this is a problem faced by
many
Linux distributions, it would be nice if this mechanism was developed
and
published in a non Debian specific way that made it also available for
other
distributions to use.

Once that mechanism exists, we would strongly recommend that almost all
failures use this mechanism, instead of failing maintscripts.

--
Marga, on behalf of the Technical Committee

Reply | Threaded
Open this post in threaded view
|

Bug#904558: marked as done (What should happen when maintscripts fail to restart a service)

Debian Bug Tracking System
Your message dated Wed, 17 Apr 2019 21:41:45 +0200
with message-id <[hidden email]>
and subject line Re: Bug#904558: What should happen when maintscripts fail to restart  a service
has caused the Debian Bug report #904558,
regarding What should happen when maintscripts fail to restart a service
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
904558: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904558
Debian Bug Tracking System
Contact [hidden email] with problems

Package: tech-ctte
X-debbugs-cc: [hidden email]
Control: block 780403 by -1

I hereby request advice from the Technical Committee on a decision that
I must take in my role as a Debian Policy delegate.  To be completely
clear, I am not seeking a decision.  I refer to the third power of the
T.C. listed under section 6.1 of the Debian Constitution: "Any person or
body may ... seek advice from [the Technical Committee]."

In bugs #780403 and #802501 the following question has been asked (I
quote Daniel Pocock):

    If postinst or one of the other scripts does a service restart and
    the restart operation fails, should the postinst abort or should it
    mask the error, continue and return success?

At present the Policy Manual does not answer this question, and thus it
is left up to maintainer discretion: whatever the maintainer thinks
makes sense for the service in question.

Others have pointed out, however, that this means that users will see
inconsistent behaviour.  There is no practical way for a user to
determine what will happen when installing a given package that starts
or restarts a service, if that start or restart attempt fails.  So if it
were possible to come up with consistent answer to the question posed,
it would be useful to our users.

As a Policy delegate I want to move this issue along, and I can see
three ways of doing that:

1. write a patch to explicitly state in Policy that what happens when a
   service (re)start fails in a maintscript is left up to package
   maintainer discretion, and close the bugs

2. make a further attempt to establish consensus on a requirement that
   maintscripts are consistent in the case of a (re)start failure (this
   is the default option, so to speak, and I cannot see it succeeding)

3. ask the T.C. to decide what maintscripts should do in these cases.

The general question about which I am seeking advice: does the
T.C. think that Debian can be consistent on service (re)starts in
maintscripts, or is the best we can do to leave it up to package
maintainer discretion?

Thanks.

--
Sean Whitton

Apologies for the long delay.

We discussed this issue in several TC meetings without being able to
make
real progress.

After several rounds of discussions we came to the conclusion that the
reason why we can't make progress is that we always end up hitting the
wall
of "The Technical Committee does not engage in design of new proposals
and
policies". While we recognize that this is a problem worth fixing, this
is
not something that we can fix as a body and need the help of the
Developers
to do it.

On the one hand, maintainers want to be able to notify sysadmins when
things don't go as expected. On the other hand, sysadmins don't want
their
systems to be left in weird/broken states because one single thing
didn't
go as expected.

A failing maintscript is a horrible way of notifying sysadmins, but it's
the only one available up to now and so package maintainers use it when
they think the failure is critical enough.

So, the TC declines to rule on what should maintscripts do when failing
to
(re)start a service (or otherwise encountering a similarly serious
problem).

Instead, we recommend that a work group of developers is formed, to
create
a better mechanism of notification that can be used to let sysadmins
know
when things don't go as expected on their systems, without leaving the
machines in weird/broken states. Given that this is a problem faced by
many
Linux distributions, it would be nice if this mechanism was developed
and
published in a non Debian specific way that made it also available for
other
distributions to use.

Once that mechanism exists, we would strongly recommend that almost all
failures use this mechanism, instead of failing maintscripts.

--
Marga, on behalf of the Technical Committee

signature.asc (847 bytes) Download Attachment