…simply because I think there are few downsides to waiting in this case for a short time, and a lot of upsides: my own debugging got a bit easier this way.

(Background: we nowadays auto-reboot if PCR measurements fail, for security reasons, and it's fricking annoying if you cannot even see what triggered the immediate shutdown at boot.)

With v261 we'll help you with this a bit. There's now a new system-wide knob MinimumUptimeSec= which can be used to define – well, the name suggests it – a minimum uptime. The idea is simple: if systemd's shutdown code notices the system has been running for less than the specified time, it will just wait for the time to pass, and only then proceed with the actual shutdown. The screen contents is left in place at this time.

The new knob defaults to 15s, …

As defined above the only input for the hash function is the machine ID, which would mean that for any unit you condition like this, it would be the very same subset of systems that would run it, and the same subset that wouldn't, regardless of the unit.

This typically is not what you want. Hence, you can also specify "ConditionFraction=foo 15%" where "foo" is an arbitrary string called the "tag". When specified it's mixed into the hash, and thus selects a random, yet deterministic subset…

With that simple setting you just declared that the service shall be run on only ~15% of systems and be skipped on ~85% of them.

How does this work?

Basically, we derive an 32bit integer value from the machine ID (i.e. /etc/machine-id) by hashing, and if that integer is below the specified percentage of 2^32, the condition holds, and otherwise it doesn't.

You can also invert the check, so that you can condition some stuff to run on the in-group, and something else on the out-group.

There's a new setting ConditionFraction= which allows to condition a unit to only run on a certain, randomly selected (but deterministic) subset of your fleet.

You can use it like this:

[Unit]
…
ConditionFraction=15%
…