Menu
▾
▴
Re: [Openvpn-devel] [PATCH 1/1] Use systemd service manager notification
|
From: Christian H. <li...@ew...> - 2016-12-01 12:48:20
|
Christian Hesse <li...@ew...> on Wed, 2016/11/30 09:12:
> Ok, lets go into detail. We can use three different settings: Type=simple,
> Type=forking and Type=notify.
>
> * We used Type=forking for a long time. That is fine: systemd reports
> success when the process forks off first time. That is when openvpn
> successfully completed initialization sequence.
>
> * The current systemd unit use Type=simple (which is implicit). systemd
> reports success as soon as the process is executed, it does not wait for
> anything. So startup can look like that: systemd starts openvpn process ->
> unit is in state 'started' -> openvpn bails out with an error
> before the initialization sequence completed -> systemd unit is in state
> 'failed' now. The problem is that it was in state 'started'
> intermittently: Manual systemctl (starting service from command line)
> reports success, other services depending on openvpn are started while
> dependency failed later, ... This is just broken.
>
> * My patch introduces Type=notify. The (main) process must not fork, so most
> things work like simple, except that systemd does not report success on
> process execution, but waits for the sd_notify() call. We do not have
> intermittent state 'success' and everything works as expected.
>
> I will not package the code as-is with our Arch Linux package. Either I
> revert back to Type=forking or apply the patch for Type=notify.
>
> So I still vote to apply this as soon as possible.
I prepared an example:
root@leda ~ # systemctl start openvpn-client@lugor
root@leda ~ # systemctl status openvpn-client@lugor
● ope...@lu... - OpenVPN tunnel for lugor
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2016-12-01 13:35:12 CET; 8s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 11700 ExecStartPre=/bin/sh -c grep -q -E ^daemon %i.conf || exit 0 && /usr/bin/echo "OpenVPN configuration cannot contain --daemon when being managed by systemd" ; exit 1 (code=exited, status=0/SUCCESS)
Main PID: 11703 (openvpn)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/system-openvpn\x2dclient.slice/ope...@lu...
└─11703 /usr/sbin/openvpn --suppress-timestamps --nobind --config lugor.conf
Dec 01 13:35:13 leda openvpn[11703]: GID set to nobody
Dec 01 13:35:13 leda openvpn[11703]: UID set to nobody
Dec 01 13:35:13 leda openvpn[11703]: Initialization Sequence Completed
root@leda ~ # # looks good...
root@leda ~ # echo "bad-option" >> /etc/openvpn/client/lugor.conf
root@leda ~ # systemctl restart openvpn-client@lugor
root@leda ~ # # succeeds, no?
root@leda ~ # systemctl status openvpn-client@lugor
● ope...@lu... - OpenVPN tunnel for lugor
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2016-12-01 13:36:14 CET; 15s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 11911 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf (code=exited, status=1/FAILURE)
Process: 11908 ExecStartPre=/bin/sh -c grep -q -E ^daemon %i.conf || exit 0 && /usr/bin/echo "OpenVPN configuration cannot contain --daemon when being managed by systemd" ; exit 1 (code=exited, status=0/SUCCESS)
Main PID: 11911 (code=exited, status=1/FAILURE)
Dec 01 13:36:14 leda systemd[1]: Starting OpenVPN tunnel for lugor...
Dec 01 13:36:14 leda systemd[1]: Started OpenVPN tunnel for lugor.
Dec 01 13:36:14 leda openvpn[11911]: Options error: Unrecognized option or missing or extra parameter(s) in lugor.conf:32: bad-option (2.4_beta2)
Dec 01 13:36:14 leda openvpn[11911]: Use --help for more information.
Dec 01 13:36:14 leda systemd[1]: ope...@lu...: Main process exited, code=exited, status=1/FAILURE
Dec 01 13:36:14 leda systemd[1]: ope...@lu...: Unit entered failed state.
Dec 01 13:36:14 leda systemd[1]: ope...@lu...: Failed with result 'exit-code'.
3 root@leda ~ # # Oops...
3 root@leda ~ # # now install openvpn with my systemd patches
3 root@leda ~ # systemctl restart openvpn-client@lugor
Job for ope...@lu... failed because the control process exited with error code.
See "systemctl status ope...@lu..." and "journalctl -xe" for details.
1 root@leda ~ # systemctl status openvpn-client@lugor
● ope...@lu... - OpenVPN tunnel for lugor
Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2016-12-01 13:37:10 CET; 50s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 12227 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf (code=exited, status=1/FAILURE)
Main PID: 12227 (code=exited, status=1/FAILURE)
Dec 01 13:37:10 leda systemd[1]: Starting OpenVPN tunnel for lugor...
Dec 01 13:37:10 leda openvpn[12227]: Options error: Unrecognized option or missing or extra parameter(s) in lugor.conf:32: bad-option (2.4_beta2)
Dec 01 13:37:10 leda openvpn[12227]: Use --help for more information.
Dec 01 13:37:10 leda systemd[1]: ope...@lu...: Main process exited, code=exited, status=1/FAILURE
Dec 01 13:37:10 leda systemd[1]: Failed to start OpenVPN tunnel for lugor.
Dec 01 13:37:10 leda systemd[1]: ope...@lu...: Unit entered failed state.
Dec 01 13:37:10 leda systemd[1]: ope...@lu...: Failed with result 'exit-code'.
With current code the unit reports success and fails later in background,
with my code it fails immediately and reports the error to the user. Later
behavior lets things work for enabled unit with dependencies.
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];)
putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
|
