We call this in pve-cluster.service as ExecStartPost. We prefix it
with '-' to tell systemd that it should ignore non-zero exit codes,
but if the command hangs (e.g., on IO) systemd kills it after a
timeout (90 seconds default) which then doesn't get ignored and the
unit will also be put in failure state and stopped.
We specifically do not want this to happen, so wrap the updatecerts
call in run_with_timeout and give it a maximum of 30 seconds to
finish.
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
code => sub {
my ($param) = @_;
- PVE::Cluster::updatecerts_and_ssh($param->@{qw(force silent)});
+ PVE::Tools::run_with_timeout(30, sub {
+ PVE::Cluster::updatecerts_and_ssh($param->@{qw(force silent)});
+ });
return undef;
}});