[Pkg-systemd-maintainers] Bug#700888: Can't start OpenVPN using ifupdown when running systemd

Michael Biebl biebl at debian.org
Sun Mar 16 02:01:02 GMT 2014 

Am 16.03.2014 02:23, schrieb Michael Biebl:
> Afaics there a few issues:
> - The existence of /bin/systemctl doesn't mean that systemd is active /
>   PID 1. If you want to check if systemd is running, use something like
>   [ -d /run/systemd/system ]
> - The native .systemd service file and the LSB/SysV init script name do
>   not match openvpn vs. openvpn at .service.
>   This means, during boot systemd will start the old LSB/SysV init
>   script.

The point here is, that the ifup.d hook under systemd starts one
instance service per configuration.
But the SysV init script is not aware of that.
E.g. "service openvpn stop" would simply try to kill all openvpn daemons
but not actually stop the service instances.

I guess this needs a bit more thought how to do it properly.

I guess the safest would be, to make /etc/init.d/openvpn a no-op under
systemd (e.g. by blacklisting it)

And maybe use a simple generator which creates openvpn@<config>.service
symlinks in /run/systemd/generator/multi-user.target.wants/ depending on
what AUTOSTART= is set to.

The only downside of this approach would be, that you no longer have a
"single service" which restarts all tunnels, which you apparently use in
openvpn.postinst:
  invoke-rc.d openvpn cond-restart || invoke-rc.d openvpn restart


> I'm afraid the current state of systemd support in openvpn is broken and
> this bug should be re-opened.

Something else I noticed: src/openvpn/console.c contains


static bool
check_systemd_running ()
{
  struct stat a, b;

  /* We simply test whether the systemd cgroup hierarchy is
   * mounted */

  return (lstat("/sys/fs/cgroup", &a) == 0)
          && (lstat("/sys/fs/cgroup/systemd", &b) == 0)
          && (a.st_dev != b.st_dev);

}

This check is broken as well, since a standalone logind will create that
/sys/fs/cgroup/systemd mount. You should check for /run/systemd/system
if you want to test for systemd = PID 1. See [0]

You might just as well use libsystemd-daemon's sd_booted() function. On
Linux it will basically be installed on every system anyway.


Michael


[0] http://cgit.freedesktop.org/systemd/systemd/commit/?id=66e411811b8090
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20140316/ad95ef9c/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list