David Sommerseth <open...@sf.lists.topphemmelig.net> on Fri, 2016/12/16 22:15: > On 16/12/16 20:09, Christian Hesse wrote: > > David Sommerseth <open...@sf.lists.topphemmelig.net> on Fri, 2016/12/16 > > 19:14: > >> On 16/12/16 16:57, Christian Hesse wrote: > >>> From: Christian Hesse <m...@eworm.de> > >>> > >>> Different unit instances create and destroy the same RuntimeDirectory. > >>> This leads to running instances where the status file (and possibly > >>> more runtime data) is no longer accessible. > >>> > >>> So create a RuntimeDirectory per instance. > >>> > >>> Signed-off-by: Christian Hesse <m...@eworm.de> > >>> --- > >>> distro/systemd/openvpn-client@.service | 2 +- > >>> distro/systemd/openvpn-server@.service | 4 ++-- > >>> 2 files changed, 3 insertions(+), 3 deletions(-) > >>> > >>> diff --git a/distro/systemd/openvpn-client@.service > >>> b/distro/systemd/openvpn-client@.service index 5618af3..fcb5302 100644 > >>> --- a/distro/systemd/openvpn-client@.service > >>> +++ b/distro/systemd/openvpn-client@.service > >>> @@ -9,7 +9,7 @@ > >>> Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] > >>> Type=notify > >>> PrivateTmp=true > >>> -RuntimeDirectory=openvpn-client > >>> +RuntimeDirectory=openvpn-client@%i > >> > >> I am quite sure we tested this, without any luck. We ended up with a > >> directory named openvpn-client@%i ... well, we used openvpn-client-%i, > >> but the principle should be the same. > >> > >> This *might* have been fixed in a newer systemd releases, but as we have > >> RHEL7 as the oldest release we need to ensure this works properly there > >> too. > >> > >> For the server side, we used status-%i.log to avoid clashing on the > >> status log. > >> > >> debbie10t did plenty of testing with various configurations, so he can > >> probably fill out more details in the various test cases he used. We > >> should probably document those tests in our wiki though. > > > > Running systemd 232 here and everything works as expected. This is with > > unit files from current master: > > > > # systemctl start openvpn-server@test1.service > > # systemctl start openvpn-server@test2.service > > # systemctl stop openvpn-server@test2.service > > # ls -l /run/openvpn-server/ > > ls: cannot access '/run/openvpn-server/': No such file or directory > > > > And the same with my patch applied: > > > > # ls -l /run/openvpn-server@test1/status.log > > -rw------- 1 root root 8419 Dec 16 > > 20:03 /run/openvpn-server@test1/status.log > > > > From systemd.exec(5) about RuntimeDirectory=: > >> Takes a list of directory names. If set, one or more directories by the > >> specified names will be created below /run (for system services) [...] > >> when the unit is started, and removed when the unit is stopped. > > > > So this works as long the no service is stopped or fails. > > > > I do not have RHEL7 around... What exactly fails there? > > The directory is literally named 'openvpn-server@%i'
Ok, that's bad. So another idea... Let's remove RuntimeDirectory= and
RuntimeDirectoryMode= from unit files. Instead we provide a file openvpn.conf
to be installed to /usr/lib/tmpfiles.d/ containing:
d /run/openvpn-client 0710 root root -
d /run/openvpn-server 0710 root root -
systemd will create the directories for us and nobody will
(unintentionally) delete them. As /run is volatile we do not have to care.
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];)
putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
pgpzEsTVbc2Yn.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
