1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
|
'\" t
.TH "SYSTEMD\-SOFT\-REBOOT\&.SERVICE" "8" "" "systemd 254" "systemd-soft-reboot.service"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd-soft-reboot.service \- Userspace reboot operation
.SH "SYNOPSIS"
.PP
systemd\-soft\-reboot\&.service
.SH "DESCRIPTION"
.PP
systemd\-soft\-reboot\&.service
is a system service that is pulled in by
soft\-reboot\&.target
and is responsible for performing a userspace\-only reboot operation\&. When invoked, it will send the
\fBSIGTERM\fR
signal to any processes left running (but does not follow up with
\fBSIGKILL\fR, and does not wait for the processes to exit)\&. If the
/run/nextroot/
directory exists (which may be a regular directory, a directory mount point or a symlink to either) then it will switch the file system root to it\&. It then reexecutes the service manager off the (possibly now new) root file system, which will enqueue a new boot transaction as in a normal reboot\&.
.PP
Such a userspace\-only reboot operation permits updating or resetting the entirety of userspace with minimal downtime, as the reboot operation does
\fInot\fR
transition through:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The second phase of regular shutdown, as implemented by
\fBsystemd-shutdown\fR(8)\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The third phase of regular shutdown, i\&.e\&. the return to the initrd context
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The hardware reboot operation
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The firmware initialization
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The boot loader initialization
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The kernel initialization
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The initrd initialization
.RE
.PP
However this form of reboot comes with drawbacks as well:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The OS update remains incomplete, as the kernel is not reset and continues running\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Kernel settings (such as
/proc/sys/
settings, a\&.k\&.a\&. "sysctl", or
/sys/
settings) are not reset\&.
.RE
.PP
These limitations may be addressed by various means, which are outside of the scope of this documentation, such as kernel live\-patching and sufficiently comprehensive
/etc/sysctl\&.d/
files\&.
.SH "RESOURCE PASS\-THROUGH"
.PP
Various runtime OS resources can passed from a system runtime to the next, through the userspace reboot operation\&. Specifically:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
File descriptors placed in the file descriptor store of services that remain active until the very end are passed to the next boot, where they are placed in the file descriptor store of the same unit\&. For this to work, units must declare
\fIDefaultDependencies=no\fR
(and avoid a manual
\fIConflicts=shutdown\&.target\fR
or similar) to ensure they are not terminated as usual during the system shutdown operation\&. Alternatively, use
\fIFileDescriptorStorePreserve=\fR
to allow the file descriptor store to remain pinned even when the unit is down\&. See
\fBsystemd.service\fR(5)
for details about the file descriptor store\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Similar to this, file descriptors associated with
\&.socket
units remain open (and connectible) if the units are not stopped during the transition\&. (Achieved by
\fIDefaultDependencies=no\fR\&.)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The
/run/
file system remains mounted and populated and may be used to pass state information between such userspace reboot cycles\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Service processes may continue to run over the transition, if they are placed in services that remain active until the very end of shutdown (which again is achieved via
\fIDefaultDependencies=no\fR)\&. They must also be set up to avoid being killed by the aforementioned
\fBSIGTERM\fR
spree (as per
\m[blue]\fBsystemd and Storage Daemons for the Root File System\fR\m[]\&\s-2\u[1]\d\s+2)\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
File system mounts may remain mounted during the transition, and complex storage attached, if configured to remain until the very end of the shutdown process\&. (Also achieved via
\fIDefaultDependencies=no\fR, and by avoiding
\fIConflicts=umount\&.target\fR)
.RE
.PP
Even though passing resources from one soft reboot cycle to the next is possible this way, we strongly suggest to use this functionality sparingly only, as it creates a more fragile system as resources from different versions of the OS and applications might be mixed with unforeseen consequences\&. In particular it\*(Aqs recommended to
\fIavoid\fR
allowing processes to survive the soft reboot operation, as this means code updates will necessarily be incomplete, and processes typically pin various other resources (such as the file system they are backed by), thus increasing memory usage (as two versions of the OS/application/file system might be kept in memory)\&. Leaving processes running during a soft\-reboot operation requires disconnecting the service comprehensively from the rest of the OS, i\&.e\&. minimizing IPC and reducing sharing of resources with the rest of the OS\&. A possible mechanism to achieve this is the concept of
\m[blue]\fBPortable Services\fR\m[]\&\s-2\u[2]\d\s+2, but make sure no resource from the host\*(Aqs OS filesystems is pinned via
\fIBindPaths=\fR
or similar unit settings, otherwise the old, originating filesystem will remain mounted as long as the unit is running\&.
.SH "NOTES"
.PP
Note that because
\fBsystemd-shutdown\fR(8)
is not executed, the executables in
/lib/systemd/system\-shutdown/
are not executed either\&.
.PP
Note that
systemd\-soft\-reboot\&.service
(and related units) should never be executed directly\&. Instead, trigger system shutdown with a command such as
"systemctl soft\-reboot"\&.
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1),
\fBsystemctl\fR(1),
\fBsystemd.special\fR(7),
\fBsystemd-poweroff.service\fR(8),
\fBsystemd-suspend.service\fR(8),
\fBbootup\fR(7)
.SH "NOTES"
.IP " 1." 4
systemd and Storage Daemons for the Root File System
.RS 4
\%https://systemd.io/ROOT_STORAGE_DAEMONS
.RE
.IP " 2." 4
Portable Services
.RS 4
\%https://systemd.io/PORTABLE_SERVICES
.RE
|