Bug#858381: Openvpn inside systemd-nspawn stops shutdown of container
On 03/27/2017 10:58 AM, Alberto Gonzalez Iniesta wrote: > In order to use upstream's systemd unit files, you have to move your > configuration to /etc/openvpn/server and enable it with: > systemctl enable openvpn-server@server *ups* *sorry* My /etc/openvpn/server.conf is a (soft) link root@openvpn:~# ll /etc/openvpn/server.conf lrwxrwxrwx 1 root root 18 Mar 17 20:34 /etc/openvpn/server.conf -> server/server.conf Doesn't make sense. Just to confuse you and me ;-) I have delete it. Bye
Bug#858381: Openvpn inside systemd-nspawn stops shutdown of container
On Fri, Mar 24, 2017 at 08:41:00PM +0100, Daniel Schröter wrote: > On 03/21/2017 10:16 PM, Alberto Gonzalez Iniesta wrote: > > On Tue, Mar 21, 2017 at 09:27:28PM +0100, Daniel Schröter wrote: > >> this one > >> https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/openvpn-server%40.service.in > >> is included? > >> > >> For me it is different: > >> > > > > $ dpkg -L openvpn | grep openvpn-server > > (Sorry for my long response time.) > Yes I know this file. > > I enable openvpn via systemd template. My config is (and has not the > best name) under: > /etc/openvpn/server.conf > > So I enable it via: > systemctl enable openvpn@server > > If I also enable the one form github via: > systemctl enable my-openvpn@server > > And now diff those two files (see attachment because of the long lines) > they are different. > > I'm not a systemd expert. Maybe I understand something wrong. In order to use upstream's systemd unit files, you have to move your configuration to /etc/openvpn/server and enable it with: systemctl enable openvpn-server@server Regards, Alberto -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Bug#858381: Openvpn inside systemd-nspawn stops shutdown of container
On 03/21/2017 10:16 PM, Alberto Gonzalez Iniesta wrote: > On Tue, Mar 21, 2017 at 09:27:28PM +0100, Daniel Schröter wrote: >> this one >> https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/openvpn-server%40.service.in >> is included? >> >> For me it is different: >> > > $ dpkg -L openvpn | grep openvpn-server (Sorry for my long response time.) Yes I know this file. I enable openvpn via systemd template. My config is (and has not the best name) under: /etc/openvpn/server.conf So I enable it via: systemctl enable openvpn@server If I also enable the one form github via: systemctl enable my-openvpn@server And now diff those two files (see attachment because of the long lines) they are different. I'm not a systemd expert. Maybe I understand something wrong. Any ideas? Thanks in advanced! Bye [Unit] [Unit] Description=OpenVPN connection to %i | Description=OpenVPN service for %I PartOf=openvpn.service| After=syslog.target network-online.target ReloadPropagatedFrom=openvpn.service | Wants=network-online.target Before=systemd-user-sessions.service < Documentation=man:openvpn(8) Documentation=man:openvpn(8) Documentation=https://community.openvpn.net/openvpn/wiki/Open | Documentation=https://community.openvpn.net/openvpn/wiki/Open Documentation=https://community.openvpn.net/openvpn/wiki/HOWT Documentation=https://community.openvpn.net/openvpn/wiki/HOWT [Service] [Service] > Type=notify PrivateTmp=true PrivateTmp=true KillMode=mixed| WorkingDirectory=/etc/openvpn/server Type=forking | ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/op | CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND PIDFile=/run/openvpn/%i.pid < ExecReload=/bin/kill -HUP $MAINPID< WorkingDirectory=/etc/openvpn < ProtectSystem=yes < CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND < LimitNPROC=10 LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw DeviceAllow=/dev/net/tun rw > ProtectSystem=true > ProtectHome=true [Install] [Install] WantedBy=multi-user.target WantedBy=multi-user.target < <
Bug#858381: Openvpn inside systemd-nspawn stops shutdown of container
On Tue, Mar 21, 2017 at 09:27:28PM +0100, Daniel Schröter wrote: > Hello > > On 03/21/2017 09:02 PM, Alberto Gonzalez Iniesta wrote: > > upstream's openvpn-server@.service unit is in fact included in > > Debian's package. > > this one > https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/openvpn-server%40.service.in > is included? > > For me it is different: > $ dpkg -L openvpn | grep openvpn-server -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Bug#858381: Openvpn inside systemd-nspawn stops shutdown of container
Hello On 03/21/2017 09:02 PM, Alberto Gonzalez Iniesta wrote: > upstream's openvpn-server@.service unit is in fact included in > Debian's package. this one https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/openvpn-server%40.service.in is included? For me it is different: # diff lib/systemd/system/openvpn@.service etc/systemd/system/my-openvpn@server.service 2,5c2,4 < Description=OpenVPN connection to %i < PartOf=openvpn.service < ReloadPropagatedFrom=openvpn.service < Before=systemd-user-sessions.service --- > Description=OpenVPN service for %I > After=syslog.target network-online.target > Wants=network-online.target 7c6 < Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage --- > Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage 10a10 > Type=notify 12,19c12,14 < KillMode=mixed < Type=forking < ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid < PIDFile=/run/openvpn/%i.pid < ExecReload=/bin/kill -HUP $MAINPID < WorkingDirectory=/etc/openvpn < ProtectSystem=yes < CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE --- > WorkingDirectory=/etc/openvpn/server > ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf > CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE 22a18,19 > ProtectSystem=true > ProtectHome=true 26,27d22 < < Bye
Bug#858381: Openvpn inside systemd-nspawn stops shutdown of container
On Tue, Mar 21, 2017 at 08:09:52PM +0100, Daniel Schröter wrote: > Package: openvpn > Version: 2.4.0-3 > > Hello, > > I'm using Debian stretch via systemd-nspawn inside a container: > root@ivy:~# machinectl > MACHINE CLASS SERVICEOS VERSION ADDRESSES > stretch container systemd-nspawn debian 9 192.168.178.43... > > 1 machines listed. > > > If I try to stop the container via > machinectl poweroff stretch > it hangs. If I stop (inside the container) openvpn before I poweroff the > container it works fine. > > If I replace the systemd service file with this one: > https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/openvpn-server%40.service.in > I can shutdown my container as expected. > > Can you update the service file? > > Thanks in advanced! > > Bye Hi, upstream's openvpn-server@.service unit is in fact included in Debian's package. Regards, Alberto -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Bug#858381: Openvpn inside systemd-nspawn stops shutdown of container
Package: openvpn Version: 2.4.0-3 Hello, I'm using Debian stretch via systemd-nspawn inside a container: root@ivy:~# machinectl MACHINE CLASS SERVICEOS VERSION ADDRESSES stretch container systemd-nspawn debian 9 192.168.178.43... 1 machines listed. If I try to stop the container via machinectl poweroff stretch it hangs. If I stop (inside the container) openvpn before I poweroff the container it works fine. If I replace the systemd service file with this one: https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/openvpn-server%40.service.in I can shutdown my container as expected. Can you update the service file? Thanks in advanced! Bye