From f5c2b7f826d36d49a9f1e0f24f3daba4c6afcbf7 Mon Sep 17 00:00:00 2001 From: Pierrick Couderc Date: Wed, 3 Sep 2025 17:53:41 +0200 Subject: [PATCH 1/5] Package/Baker: enforce stopping every baker service --- .../packaging/octez/scripts/systemd-octez-bakers.sh | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/scripts/packaging/octez/scripts/systemd-octez-bakers.sh b/scripts/packaging/octez/scripts/systemd-octez-bakers.sh index b0fafcb8076d..a99f79e88360 100755 --- a/scripts/packaging/octez/scripts/systemd-octez-bakers.sh +++ b/scripts/packaging/octez/scripts/systemd-octez-bakers.sh @@ -32,13 +32,10 @@ for file in /usr/bin/octez-baker-P*; do fi elif [ "$1" = "stop" ]; then - if [ "$AGNOSTIC_BAKER" = "true" ]; then - systemctl stop "octez-agnostic-baker" - systemctl stop "octez-agnostic-accuser" - else - systemctl stop "octez-baker@$proto" - systemctl stop "octez-accuser@$proto" - fi + systemctl stop "octez-baker@$proto" || true + systemctl stop "octez-accuser@$proto" || true + systemctl stop "octez-agnostic-baker" || true + systemctl stop "octez-agnostic-accuser" || true if grep -q "\-\-dal-node" /etc/default/octez-baker; then systemctl stop octez-dal-node fi -- GitLab From 4fe36734880add4a07ca40d4e787d9d9de3e90f5 Mon Sep 17 00:00:00 2001 From: Mathias Bourgoin Date: Thu, 4 Sep 2025 15:19:17 +0200 Subject: [PATCH 2/5] Packages/Octez: update systemd service files for improved management This commit updates several Octez systemd service files to enhance service management and reliability. Changes include: - Setting `WorkingDirectory` to `%h` for user-specific home directories. - Adding `KillMode=control-group` for better process termination handling. - Introducing `RestartSec=10s` to define a restart delay. - Adding `Slice=octez.slice` for resource control grouping. - Adding `PartOf=octez-baker.service` and `RefuseManualStart=yes` to relevant services for better dependency management. - Adjusting `TimeoutStartSec` and `TimeoutStopSec` values for specific services. - Updating descriptions and dependencies for clarity and consistency. These changes aim to improve the robustness and maintainability of Octez services. --- .../octez/debian/octez-baker.octez-accuser@.service | 10 +++++++++- .../debian/octez-baker.octez-agnostic-accuser.service | 7 ++++++- .../debian/octez-baker.octez-agnostic-baker.service | 8 ++++++-- scripts/packaging/octez/debian/octez-baker.service | 8 +++----- scripts/packaging/octez/debian/octez-baker@.service | 8 +++++++- scripts/packaging/octez/debian/octez-dal-node.service | 5 ++++- scripts/packaging/octez/debian/octez-node.service | 9 ++++++--- .../octez/debian/octez-smart-rollup-node.service | 4 +++- 8 files changed, 44 insertions(+), 15 deletions(-) diff --git a/scripts/packaging/octez/debian/octez-baker.octez-accuser@.service b/scripts/packaging/octez/debian/octez-baker.octez-accuser@.service index 53bde9abe77a..42bea8b7385f 100644 --- a/scripts/packaging/octez/debian/octez-baker.octez-accuser@.service +++ b/scripts/packaging/octez/debian/octez-baker.octez-accuser@.service @@ -2,13 +2,21 @@ Description=Octez accuser for protocol %i Documentation=https://octez.tezos.com/docs/ After=network.target +PartOf=octez-baker.service +Conflicts=octez-agnostic-accuser.service + [Service] EnvironmentFile=-/etc/default/octez-baker EnvironmentFile=-/etc/default/octez-accuser +User=tezos WorkingDirectory=~ + +KillMode=control-group Restart=on-failure -User=tezos +RestartSec=10s +Slice=octez.slice + ExecStart=/bin/sh -c "/usr/bin/octez-accuser-%i run $RUNTIME_OPTS" ExecStartPre=+touch /var/log/tezos/accuser-%i.log diff --git a/scripts/packaging/octez/debian/octez-baker.octez-agnostic-accuser.service b/scripts/packaging/octez/debian/octez-baker.octez-agnostic-accuser.service index 488353f93ccc..8f8cd0cbed6d 100644 --- a/scripts/packaging/octez/debian/octez-baker.octez-agnostic-accuser.service +++ b/scripts/packaging/octez/debian/octez-baker.octez-agnostic-accuser.service @@ -2,13 +2,18 @@ Description=Octez accuser service Documentation=https://octez.tezos.com/docs/ After=network.target +PartOf=octez-baker.service [Service] EnvironmentFile=-/etc/default/octez-baker EnvironmentFile=-/etc/default/octez-accuser +User=tezos WorkingDirectory=~ +KillMode=control-group Restart=on-failure -User=tezos +RestartSec=10s +Slice=octez.slice + ExecStart=/bin/sh -c "/usr/bin/octez-accuser run $RUNTIME_OPTS" ExecStartPre=+touch /var/log/tezos/accuser.log diff --git a/scripts/packaging/octez/debian/octez-baker.octez-agnostic-baker.service b/scripts/packaging/octez/debian/octez-baker.octez-agnostic-baker.service index 6e5ed6c91ee9..fddb4388522e 100644 --- a/scripts/packaging/octez/debian/octez-baker.octez-agnostic-baker.service +++ b/scripts/packaging/octez/debian/octez-baker.octez-agnostic-baker.service @@ -2,17 +2,21 @@ Description=Octez agnostic baker service Documentation=https://octez.tezos.com/docs/ After=network.target +PartOf=octez-baker.service [Service] Type=simple +KillMode=control-group Restart=on-failure +RestartSec=10s TimeoutStartSec=infinity TimeoutStopSec=300 +User=tezos +WorkingDirectory=~ +Slice=octez.slice EnvironmentFile=-/etc/default/octez-node EnvironmentFile=-/etc/default/octez-baker -WorkingDirectory=~ -User=tezos ExecStartPre=+touch /var/log/tezos/baker.log ExecStartPre=+chown tezos:tezos /var/log/tezos/baker.log diff --git a/scripts/packaging/octez/debian/octez-baker.service b/scripts/packaging/octez/debian/octez-baker.service index 6562dd0263d6..9fd57154c7a0 100644 --- a/scripts/packaging/octez/debian/octez-baker.service +++ b/scripts/packaging/octez/debian/octez-baker.service @@ -1,13 +1,11 @@ [Unit] -Description=Octez baker service -After=network.target +Description=Octez baker umbrella service +After=network.target octez-node.service [Service] Type=oneshot RemainAfterExit=yes -Restart=on-failure -TimeoutStartSec=300 -TimeoutStopSec=300 + EnvironmentFile=-/etc/default/octez-node EnvironmentFile=-/etc/default/octez-baker diff --git a/scripts/packaging/octez/debian/octez-baker@.service b/scripts/packaging/octez/debian/octez-baker@.service index d21b1937f574..da7aaba7030c 100644 --- a/scripts/packaging/octez/debian/octez-baker@.service +++ b/scripts/packaging/octez/debian/octez-baker@.service @@ -2,14 +2,20 @@ Description=Octez baker for protocol %i Documentation=https://octez.tezos.com/docs/ After=network.target +PartOf=octez-baker.service +Conflicts=octez-agnostic-baker.service + [Service] # We use the octez-node default to determine the node's DATADIR EnvironmentFile=-/etc/default/octez-node EnvironmentFile=-/etc/default/octez-baker +User=tezos WorkingDirectory=~ +KillMode=control-group Restart=on-failure -User=tezos +RestartSec=10s +Slice=octez.slice # We wrap the command in /bin/sh to identify the baker associated to $PROTOCOL ExecStart=/bin/sh -c "/usr/bin/octez-baker-%i --base-dir $HOME/.tezos-client run with local node $DATADIR --liquidity-baking-toggle-vote $LQVOTE $RUNTIME_OPTS $BAKING_KEY" diff --git a/scripts/packaging/octez/debian/octez-dal-node.service b/scripts/packaging/octez/debian/octez-dal-node.service index 7b0c756ed2d0..eded3b5a5a33 100644 --- a/scripts/packaging/octez/debian/octez-dal-node.service +++ b/scripts/packaging/octez/debian/octez-dal-node.service @@ -5,12 +5,15 @@ After=network.target [Service] EnvironmentFile=-/etc/default/octez-dal-node +User=tezos WorkingDirectory=~ Restart=on-failure -User=tezos +RestartSec=10s +KillMode=control-group ExecStart=/usr/bin/octez-dal-node run $RUNTIME_OPTS StandardOutput=append:/var/log/tezos/octez-dal-node.log StandardError=inherit +Slice=octez.slice [Install] WantedBy=multi-user.target diff --git a/scripts/packaging/octez/debian/octez-node.service b/scripts/packaging/octez/debian/octez-node.service index f6550b8946de..0087bcc4fd03 100644 --- a/scripts/packaging/octez/debian/octez-node.service +++ b/scripts/packaging/octez/debian/octez-node.service @@ -4,15 +4,18 @@ Documentation=https://tezos.gitlab.io/ After=network.target [Service] -TimeoutSec=600s EnvironmentFile=-/etc/default/octez-node +User=tezos WorkingDirectory=~ Restart=on-failure +RestartSec=10s +KillMode=control-group TimeoutStartSec=infinity -TimeoutSec=1500 -User=tezos +TimeoutStopSec=300s + ExecStartPre=/usr/share/octez-node/octez-node-prestart.sh ExecStart=/usr/bin/octez-node run --data-dir $DATADIR --log-output /var/log/tezos/node.log $RUNTIME_OPTS +Slice=octez.slice [Install] WantedBy=multi-user.target diff --git a/scripts/packaging/octez/debian/octez-smart-rollup-node.service b/scripts/packaging/octez/debian/octez-smart-rollup-node.service index 6e5505f7d5c1..c4cbd638c315 100644 --- a/scripts/packaging/octez/debian/octez-smart-rollup-node.service +++ b/scripts/packaging/octez/debian/octez-smart-rollup-node.service @@ -5,9 +5,11 @@ After=network.target octez-node.service [Service] EnvironmentFile=-/etc/default/octez-smart-rollup-node +User=tezos WorkingDirectory=~ Restart=on-failure -User=tezos +RestartSec=10s +KillMode=control-group ExecStart=/usr/bin/octez-smart-rollup-node run $RUNTIME_OPTS ExecStartPre=+touch /var/log/tezos/smart-rollup-node.log -- GitLab From 15c2f29057eb596aa64d1494265c65122cb3b7a9 Mon Sep 17 00:00:00 2001 From: Pierrick Couderc Date: Thu, 4 Sep 2025 14:27:08 +0200 Subject: [PATCH 3/5] Package/Baker: never enable sub services --- scripts/packaging/octez/scripts/systemd-octez-bakers.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/packaging/octez/scripts/systemd-octez-bakers.sh b/scripts/packaging/octez/scripts/systemd-octez-bakers.sh index a99f79e88360..e2405d8fb81d 100755 --- a/scripts/packaging/octez/scripts/systemd-octez-bakers.sh +++ b/scripts/packaging/octez/scripts/systemd-octez-bakers.sh @@ -20,22 +20,22 @@ for file in /usr/bin/octez-baker-P*; do systemctl start octez-dal-node fi if [ "$AGNOSTIC_BAKER" = "true" ]; then - systemctl enable "octez-agnostic-baker" systemctl start "octez-agnostic-baker" - systemctl enable "octez-agnostic-accuser" systemctl start "octez-agnostic-accuser" else - systemctl enable "octez-baker@$proto" systemctl start "octez-baker@$proto" - systemctl enable "octez-accuser@$proto" systemctl start "octez-accuser@$proto" fi elif [ "$1" = "stop" ]; then systemctl stop "octez-baker@$proto" || true + systemctl disable "octez-baker@$proto" || true systemctl stop "octez-accuser@$proto" || true + systemctl disable "octez-accuser@$proto" || true systemctl stop "octez-agnostic-baker" || true + systemctl disable "octez-agnostic-baker" || true systemctl stop "octez-agnostic-accuser" || true + systemctl disable "octez-agnostic-accuser" || true if grep -q "\-\-dal-node" /etc/default/octez-baker; then systemctl stop octez-dal-node fi -- GitLab From 15708ee6e3f9f744bd59b6999c8fc0e0891b4529 Mon Sep 17 00:00:00 2001 From: Pierrick Couderc Date: Thu, 4 Sep 2025 15:20:57 +0200 Subject: [PATCH 4/5] Packages/Baker: handle unquoted RUNTIME_OPTS from v22.1 --- scripts/packaging/octez/debian/octez-baker.config | 6 ++++++ scripts/packaging/octez/scripts/systemd-octez-bakers.sh | 1 + 2 files changed, 7 insertions(+) diff --git a/scripts/packaging/octez/debian/octez-baker.config b/scripts/packaging/octez/debian/octez-baker.config index 2513d48f65e4..e5410cc1a269 100755 --- a/scripts/packaging/octez/debian/octez-baker.config +++ b/scripts/packaging/octez/debian/octez-baker.config @@ -18,6 +18,12 @@ case "$new" in *) echoerr "Upgrade from $new" if [ -e /etc/default/octez-baker ]; then + # v22.1 is building an unquoted RUNTIME_OPTS when not using DAL, which breaks when using it with + + # this only replaces the parameters to RUNTIME_OPTS if it is at least two + # values separated by a space, and not starting with `"`. + sed -i '/^RUNTIME_OPTS=[^"].* .*$/ s/^RUNTIME_OPTS=\(.*\)$/RUNTIME_OPTS="\1"/' /etc/default/octez-baker + #shellcheck disable=SC1091 . /etc/default/octez-baker db_set octez-baker/liquidity-vote "$LQVOTE" diff --git a/scripts/packaging/octez/scripts/systemd-octez-bakers.sh b/scripts/packaging/octez/scripts/systemd-octez-bakers.sh index e2405d8fb81d..b3a6f41660a1 100755 --- a/scripts/packaging/octez/scripts/systemd-octez-bakers.sh +++ b/scripts/packaging/octez/scripts/systemd-octez-bakers.sh @@ -22,6 +22,7 @@ for file in /usr/bin/octez-baker-P*; do if [ "$AGNOSTIC_BAKER" = "true" ]; then systemctl start "octez-agnostic-baker" systemctl start "octez-agnostic-accuser" + break else systemctl start "octez-baker@$proto" systemctl start "octez-accuser@$proto" -- GitLab From 7568d0698ed1dd74d43fb7c5497e49a878d94bb6 Mon Sep 17 00:00:00 2001 From: mbourgoin Date: Fri, 5 Sep 2025 12:54:25 +0200 Subject: [PATCH 5/5] ci/packages: tests number of running bakers after upgrade + version --- .../tests/deb/upgrade-systemd-test.sh | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/scripts/packaging/tests/deb/upgrade-systemd-test.sh b/scripts/packaging/tests/deb/upgrade-systemd-test.sh index f4b0261307ae..abf7dbe3c65e 100755 --- a/scripts/packaging/tests/deb/upgrade-systemd-test.sh +++ b/scripts/packaging/tests/deb/upgrade-systemd-test.sh @@ -54,6 +54,17 @@ systemctl start octez-node #shellcheck disable=SC2009 ps aux | grep octez +# --- record baker process count BEFORE upgrade --- +count_bakers() { + # count only real baker binaries under tezos user + pgrep -u tezos -f '(^|/)(octez-agnostic-baker|octez-baker-P[[:alnum:]]+)( |$)' | wc -l | tr -d " " +} +echo "Listing baker units before upgrade:" +systemctl list-units --type=service --no-legend | awk '{print $1" "$4}' | grep -E '^octez-(agnostic-)?baker(@|\.service)' +sleep 3 # give systemd a moment to settle +BAKER_COUNT_BEFORE="$(count_bakers)" +echo "BAKER_COUNT_BEFORE=$BAKER_COUNT_BEFORE" + # [setup baker] PROTOCOL=$(octez-client --protocol PtParisBxoLz list understood protocols | tee | head -1) sudo su tezos -c "octez-client -p $PROTOCOL gen keys baker" @@ -91,8 +102,56 @@ systemctl status octez-baker.service systemctl status octez-baker.service +echo "Listing baker units after upgrade:" +systemctl list-units --type=service --no-legend | awk '{print $1" "$4}' | grep -E '^octez-(agnostic-)?baker(@|\.service)' +sleep 3 +BAKER_COUNT_AFTER="$(count_bakers)" +echo "BAKER_COUNT_AFTER=$BAKER_COUNT_AFTER" + +if [ "$BAKER_COUNT_BEFORE" -ne "$BAKER_COUNT_AFTER" ]; then + echo "ERROR: baker process count changed across upgrade ($BAKER_COUNT_BEFORE -> $BAKER_COUNT_AFTER)" + + ERR=1 +else + echo "OK: baker process count unchanged ($BAKER_COUNT_AFTER)" +fi + ERR=0 +# --- verify octez-baker binary version matches the installed package (and target, if given) --- +# Extract "23.1" from: "9aadd15c (...) (Octez 23.1)" +BAKER_BIN_VER_AFTER="$( + /usr/bin/octez-baker --version 2> /dev/null | + sed -n 's/.*(Octez \([0-9][0-9.]*\)).*/\1/p' | head -n1 +)" +# Get dpkg version, trim Debian revision, keep major.minor (e.g., 23.1 from 23.1-1~foo) +BAKER_PKG_VER_AFTER="$( + dpkg-query -W -f='${Version}\n' octez-baker 2> /dev/null | + cut -d- -f1 | awk -F. '{print $1"."$2}' +)" +echo "octez-baker --version -> ${BAKER_BIN_VER_AFTER}" +echo "octez-baker (dpkg) -> ${BAKER_PKG_VER_AFTER}" + +if [ -z "${BAKER_BIN_VER_AFTER}" ] || [ -z "${BAKER_PKG_VER_AFTER}" ]; then + echo "ERROR: could not determine baker binary/package version after upgrade" + ERR=1 +elif [ "${BAKER_BIN_VER_AFTER}" != "${BAKER_PKG_VER_AFTER}" ]; then + echo "ERROR: baker binary version (${BAKER_BIN_VER_AFTER}) != package version (${BAKER_PKG_VER_AFTER})" + ERR=1 +else + echo "OK: baker binary version matches package version (${BAKER_BIN_VER_AFTER})" +fi + +# Optional: enforce a target prefix (e.g., 23.1) if provided by CI +if [ -n "${TARGET_VER_PREFIX:-}" ]; then + case "${BAKER_BIN_VER_AFTER}" in + ${TARGET_VER_PREFIX}*) echo "OK: baker binary matches TARGET_VER_PREFIX=${TARGET_VER_PREFIX}" ;; + *) + echo "ERROR: baker binary version (${BAKER_BIN_VER_AFTER}) does not match TARGET_VER_PREFIX (${TARGET_VER_PREFIX})" + ERR=1 + ;; + esac +fi + # [ check configuration after the upgrade ] # we check the debconf parameters -- GitLab