[Pkg-systemd-maintainers] Bug#700888: Can't start OpenVPN using ifupdown when running systemd

Mon Mar 17 17:15:25 GMT 2014

On Sun, Mar 16, 2014 at 03:01:02AM +0100, Michael Biebl wrote:
> Am 16.03.2014 02:23, schrieb Michael Biebl:
> > Afaics there a few issues:
> > - The existence of /bin/systemctl doesn't mean that systemd is active /
> >   PID 1. If you want to check if systemd is running, use something like
> >   [ -d /run/systemd/system ]
> > - The native .systemd service file and the LSB/SysV init script name do
> >   not match openvpn vs. openvpn at .service.
> >   This means, during boot systemd will start the old LSB/SysV init
> >   script.
> 
> The point here is, that the ifup.d hook under systemd starts one
> instance service per configuration.
> But the SysV init script is not aware of that.
> E.g. "service openvpn stop" would simply try to kill all openvpn daemons
> but not actually stop the service instances.

The init script will stop all openvpn daemons if AUTOSTART=all in
/etc/default/openvpn. The service instances are stopped the same way the
were started, either manually (because they aren't listed in AUTOSTART)
or by the openvpn option present in an interface definition in
network/interfaces.

> I guess this needs a bit more thought how to do it properly.
> 
> I guess the safest would be, to make /etc/init.d/openvpn a no-op under
> systemd (e.g. by blacklisting it)
> 
> And maybe use a simple generator which creates openvpn@<config>.service
> symlinks in /run/systemd/generator/multi-user.target.wants/ depending on
> what AUTOSTART= is set to.
>
> The only downside of this approach would be, that you no longer have a
> "single service" which restarts all tunnels, which you apparently use in
> openvpn.postinst:
>   invoke-rc.d openvpn cond-restart || invoke-rc.d openvpn restart
> 
> 
> > I'm afraid the current state of systemd support in openvpn is broken and
> > this bug should be re-opened.
> 
> Something else I noticed: src/openvpn/console.c contains
> 
> 
> static bool
> check_systemd_running ()
> {
>   struct stat a, b;
> 
>   /* We simply test whether the systemd cgroup hierarchy is
>    * mounted */
> 
>   return (lstat("/sys/fs/cgroup", &a) == 0)
>           && (lstat("/sys/fs/cgroup/systemd", &b) == 0)
>           && (a.st_dev != b.st_dev);
> 
> }
> 
> This check is broken as well, since a standalone logind will create that
> /sys/fs/cgroup/systemd mount. You should check for /run/systemd/system
> if you want to test for systemd = PID 1. See [0]
> 
> You might just as well use libsystemd-daemon's sd_booted() function. On
> Linux it will basically be installed on every system anyway.

Thanks, I'll report this upstream.

Regards,

Alberto

-- 
Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
mailto/sip: agi at inittab.org | en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D  4BF2 009B 3375 6B9A AA55