On 27/12/16 23:15, Christian Hesse wrote:
> From: Christian Hesse <m...@eworm.de>
> 
> Different unit instances create and destroy the same RuntimeDirectory.
> This leads to running instances where the status file (and possibly
> more runtime data) is no longer accessible.
> 
> So do not handle this in unit files but provide a tmpfiles.d
> configuration and let systemd-tmpfiles do the work.
> Nobody will (unintentionally) delete the directories and its content.
> As /run is volatile we do not have to care about cleanup.
> 
> Signed-off-by: Christian Hesse <m...@eworm.de>
> ---
>  configure.ac                              | 8 ++++++++
>  distro/systemd/Makefile.am                | 8 ++++++++
>  distro/systemd/openvpn-cli...@.service.in | 2 --
>  distro/systemd/openvpn-ser...@.service.in | 2 --
>  distro/systemd/openvpn.conf               | 2 ++
>  5 files changed, 18 insertions(+), 4 deletions(-)
>  create mode 100644 distro/systemd/openvpn.conf
> 

[...snip...]

> diff --git a/distro/systemd/Makefile.am b/distro/systemd/Makefile.am
> index 53a88c9..1a6c974 100644
> --- a/distro/systemd/Makefile.am
> +++ b/distro/systemd/Makefile.am
> @@ -12,7 +12,12 @@
>       $(AM_V_GEN)sed -e 's|\@sbindir\@|$(sbindir)|' \
>               $< > $@.tmp && mv $@.tmp $@
>  
> +install-data-local:
> +     $(INSTALL) -d -m0710 $(DESTDIR)/run/openvpn-client
> +     $(INSTALL) -d -m0710 $(DESTDIR)/run/openvpn-server

Hmm ... that doesn't make much sense, does it?

$ mount | grep '/run '
tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)

IIRC, upstream systemd recommends /run to be a ramdisk, as it should
always be clean on freshly rebooted systems.  And it probably saves a
lot of SSD/flash storage write cycles, for those using that.

[...snip...]

> @@ -21,6 +26,9 @@ systemdunitdir = $(systemdunitdir)
>  systemdunit_DATA = \
>       openvpn-client@.service \
>       openvpn-server@.service
> +tmpfilesdir = $(tmpfilesdir)

This conflicts with AC_SUBST([tmpfilesdir])

$ autoreconf -vi
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal -I m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy
autoreconf: running: /usr/bin/autoconf
autoreconf: running: /usr/bin/autoheader
autoreconf: running: automake --add-missing --copy --no-force
distro/systemd/Makefile.am:28: warning: tmpfilesdir was already defined
in condition TRUE, which includes condition ENABLE_SYSTEMD ...
configure.ac:1293: ... 'tmpfilesdir' previously defined here
autoreconf: Leaving directory `.'
$ rpm -q autoconf
autoconf-2.69-11.el7.noarch

Removing that tmpfilesdir declaration line in Makefile.am resolves this
issue, and it still works as expected.

[...snip...]

> diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
> new file mode 100644
> index 0000000..57f20cd
> --- /dev/null
> +++ b/distro/systemd/openvpn.conf
> @@ -0,0 +1,2 @@
> +d /run/openvpn-client 0710 root root -
> +d /run/openvpn-server 0710 root root -
> \ No newline at end of file

This makes more sense though, as this will tell systemd to create these
directories with the proper attributes.

But I'm not too happy about the filename in our git repository.  The
destination file may very well be called openvpn.conf, as then it should
reside in $libdir/tmpfiles.d/ ... but openvpn.conf causes quite a bit of
ambiguity inside the openvpn source tree, and unaware users might more
see this as a sample configuration for OpenVPN and be even more confused.

I propose ... either rename this file to tmpfiles.d--openvpn.conf or
move this openvpn.conf inside a tmpfiles.d/ subdirectory inside the
./distro/systemd/ directory.


Otherwise, this looks very reasonable.


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc


Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to