27

I tried to restrict the number of a service (in a container) restarts. The OS version is CentOs 7.5, the service file is pretty much as below (removed some parameters for reading convenience). It should be pretty straight forward as some other posts pointed out (Post of Server Fault restart limit 1 , Post of Stack Overflow restart limit 2 ). Yet StartLimitBurst and StartLimitIntervalSec never work for me.

I tested with several ways:

  1. I check the service PID, kill the service with kill -9 **** several times. The service always gets restarted after 20s!
  2. I also tried to mess up the service file, make the container never runs. Still, it doesn't work, the service file just keep restarting.

Any idea?

[Unit]
Description=Hello Fluentd
After=docker.service
Requires=docker.service
StartLimitBurst=2
StartLimitIntervalSec=150s

[Service]
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker stop "fluentd"
ExecStartPre=-/usr/bin/docker rm -f "fluentd"
ExecStart=/usr/bin/docker run fluentd
ExecStop=/usr/bin/docker stop "fluentd"
Restart=always
RestartSec=20s
SuccessExitStatus=143


[Install]
WantedBy=multi-user.target
Edgar Magallon
  • 4,820
batilei
  • 531
  • 4
    This is more significant than someone forgetting to type "Sec", as shown by the answers. I do not think it is helpful to close such a question, which was asked with so many of the details we want. – sourcejedi Aug 22 '18 at 10:28

2 Answers2

49

StartLimitIntervalSec= was added as part of systemd v230. In systemd v229 and below, you can only use StartLimitInterval=. You will also need to put StartLimitInterval= and StartLimitBurst= in the [Service] section - not the [Unit] section.

To check your systemd version on CentOS, run rpm -q systemd.

If you ever upgrade to systemd v230 or above, the old names in the [Service] section will continue to work.

References:

You can have this problem without seeing any error at all, because systemd ignores unknown directives. systemd assumes that many newer directives can be ignored and still allow the service to run.

It is possible to manually check a unit file for unknown directives. At least it seems to work on recent systemd:

$ systemd-analyze verify foo.service
/etc/systemd/system/foo.service:9: Unknown lvalue 'FancyNewOption' in section 'Service'
sourcejedi
  • 50,249
  • 2
    That's interesting. You suggest to put StartLimitBurst in [Service] section, but documentation says it should be in [Unit] section. https://www.freedesktop.org/software/systemd/man/systemd.unit.html StartLimitIntervalSec=interval, StartLimitBurst=burst Configure unit start rate limiting. Units which are started more than burst times within an interval time interval are not permitted to start any more. – Ikrom Oct 17 '18 at 06:08
  • 4
    @Ikrom In systemd v229 and below – sourcejedi Oct 17 '18 at 07:25
  • 2
    @sourcejedi Thanks! Just checked systemd on my centos 7 /usr/lib/systemd/systemd --version and it was v219. I need to take care systemd version. – Ikrom Oct 17 '18 at 09:29
  • 2
    +10 if I could. I've looked for this solution several times before (and been bad at googling apparently). Also new to me is systemd-analyze. Thank you! – JCotton Jan 08 '20 at 03:18
  • 1
    It seems that systemd-analyze only works for service files already installed, not on (say) a local file that you are trying to write but haven't installed yet. (At least, that's what seems to be the case on v219 in my attempts to use it.) If that's true, it might be worth mentioning it in this answer. – mhucka Apr 24 '20 at 19:37
  • Incorrect. Please always consult the man pages before assuming things. Generally it's faster and more informative than googling. You may verify service files by using systemd-analyze verify /path/to/file for service files not installed. In fact, the command doesn't seem to even to query running services at all and only works on files.

    It's possible that you're confused due to receiving no output. No output + 0 exit code on Linux generally means that all's well, nothing to worry about. If that's what you got, it worked correctly. Try breaking your service file to get some output.

     – William T Froggard Jun 16 '23 at 14:18
9

I think I found the issue. All the doc online suggests those all parameters are in UNIT file (systemd unit file), but still in my system (centos 7.5), they are in service file. Besides the name is "StartLimitInterval", not "StartLimitIntervalSec".

batilei
  • 531
  • It depends on the version. As per the answer above you, StartLimitInterval= and StartLimitBurst= can be placed under [Service] even on newer versions since they are (apparently) backwards compatible. StartLimitIntervalSec= is new in v230 and if you can use it, it belongs under [Unit]. – pzkpfw Jun 08 '22 at 17:05