On 27/12/16 23:15, Christian Hesse wrote: > From: Christian Hesse <m...@eworm.de> > > Different unit instances create and destroy the same RuntimeDirectory. > This leads to running instances where the status file (and possibly > more runtime data) is no longer accessible. > > So do not handle this in unit files but provide a tmpfiles.d > configuration and let systemd-tmpfiles do the work. > Nobody will (unintentionally) delete the directories and its content. > As /run is volatile we do not have to care about cleanup. > > Signed-off-by: Christian Hesse <m...@eworm.de> > --- > configure.ac | 8 ++++++++ > distro/systemd/Makefile.am | 8 ++++++++ > distro/systemd/openvpn-cli...@.service.in | 2 -- > distro/systemd/openvpn-ser...@.service.in | 2 -- > distro/systemd/openvpn.conf | 2 ++ > 5 files changed, 18 insertions(+), 4 deletions(-) > create mode 100644 distro/systemd/openvpn.conf >
[...snip...] > diff --git a/distro/systemd/Makefile.am b/distro/systemd/Makefile.am > index 53a88c9..1a6c974 100644 > --- a/distro/systemd/Makefile.am > +++ b/distro/systemd/Makefile.am > @@ -12,7 +12,12 @@ > $(AM_V_GEN)sed -e 's|\@sbindir\@|$(sbindir)|' \ > $< > $@.tmp && mv $@.tmp $@ > > +install-data-local: > + $(INSTALL) -d -m0710 $(DESTDIR)/run/openvpn-client > + $(INSTALL) -d -m0710 $(DESTDIR)/run/openvpn-server Hmm ... that doesn't make much sense, does it? $ mount | grep '/run ' tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755) IIRC, upstream systemd recommends /run to be a ramdisk, as it should always be clean on freshly rebooted systems. And it probably saves a lot of SSD/flash storage write cycles, for those using that. [...snip...] > @@ -21,6 +26,9 @@ systemdunitdir = $(systemdunitdir) > systemdunit_DATA = \ > openvpn-client@.service \ > openvpn-server@.service > +tmpfilesdir = $(tmpfilesdir) This conflicts with AC_SUBST([tmpfilesdir]) $ autoreconf -vi autoreconf: Entering directory `.' autoreconf: configure.ac: not using Gettext autoreconf: running: aclocal -I m4 autoreconf: configure.ac: tracing autoreconf: running: libtoolize --copy autoreconf: running: /usr/bin/autoconf autoreconf: running: /usr/bin/autoheader autoreconf: running: automake --add-missing --copy --no-force distro/systemd/Makefile.am:28: warning: tmpfilesdir was already defined in condition TRUE, which includes condition ENABLE_SYSTEMD ... configure.ac:1293: ... 'tmpfilesdir' previously defined here autoreconf: Leaving directory `.' $ rpm -q autoconf autoconf-2.69-11.el7.noarch Removing that tmpfilesdir declaration line in Makefile.am resolves this issue, and it still works as expected. [...snip...] > diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf > new file mode 100644 > index 0000000..57f20cd > --- /dev/null > +++ b/distro/systemd/openvpn.conf > @@ -0,0 +1,2 @@ > +d /run/openvpn-client 0710 root root - > +d /run/openvpn-server 0710 root root - > \ No newline at end of file This makes more sense though, as this will tell systemd to create these directories with the proper attributes. But I'm not too happy about the filename in our git repository. The destination file may very well be called openvpn.conf, as then it should reside in $libdir/tmpfiles.d/ ... but openvpn.conf causes quite a bit of ambiguity inside the openvpn source tree, and unaware users might more see this as a sample configuration for OpenVPN and be even more confused. I propose ... either rename this file to tmpfiles.d--openvpn.conf or move this openvpn.conf inside a tmpfiles.d/ subdirectory inside the ./distro/systemd/ directory. Otherwise, this looks very reasonable. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel