Re: Seeking help with OpenVPN scripts and systemd

To: "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: Seeking help with OpenVPN scripts and systemd
From: Patrick Matthäi <pmatthaei@debian.org>
Date: Tue, 9 Sep 2014 22:47:11 +0200
Message-id: <[🔎] E2283334-3BA5-47BE-9BBA-3A81F14AE5FE@debian.org>
In-reply-to: <[🔎] 201409092126.28256.envite@rolamasao.org>
References: <[🔎] 20140909155120.GA18953@bin.inittab.org> <[🔎] 201409092126.28256.envite@rolamasao.org>


Von meinem iPad gesendet

> Am 09.09.2014 um 22:26 schrieb Noel Torres <envite@rolamasao.org>:
> 
> On Tuesday, 9 de September de 2014 16:51:20 Alberto Gonzalez Iniesta escribió:
>> AltSubject: For those who care about OpenVPN
>> 
>> Dear fellow developers,
>> 
>> This is a cry for help. I've been trying to support systemd in OpenVPN for
>> some time, but the results are not satisfactory. I'd like to keep the
>> current (SysV) behaviour in systemd but it's becoming quite an annoying
>> task.
>> 
>> I'd love to hear recommendations, receive patches or any other help with
>> this. Let me explain what the SysV init script did, so you can figure out
>> what I'd like to achieve. If you aren't interested in the task you may
>> skip the rest of this mail.
>> 
>> What was working?
>> -----------------
>> 
>> First of all, openvpn in Debian is able to run several VPN daemons.
>> Depending on the value of the configuration variable AUTOSTART (in
>> /etc/default/openvpn): - all -> A daemon for each of the configuration
>> files found in /etc/openvpn - none -> Do not manage any VPN (they can be
>> started manually or through a directive in /etc/network/interfaces
>> - A list of the VPNs you want automatically managed (i.e. AUTOSTART="work
>>  home"). The rest can be managed manually.
>> 
>> In order to be able to control individual VPNs the init.d script accepts a
>> second argument (after start/stop/...) with the name of the VPN to manage.
>> I know this was a hack, but it worked like a charm. This is no longer
>> possible with systemd.
>> 
>> stop, reload, soft-restart and cond-restart will only affect running VPNs.
>> The last one is specially important in upgrades, when the currently running
>> daemons have to restart. That includes those VPNs that are managed
>> automatically (in AUTOSTART) *and* those started manually or through a
>> network/interfaces directive. Whereas restart will only affect those
>> managed automatically unless a VPN name is specified.
>> 
>> In addition to the init.d script, there are two script in
>> /etc/network/if-(up|down).d/openvpn that allow for VPNs to be managed when
>> interfaces are brought up or down. So you may have AUTOSTART=none, or
>> AUTOSTART="home office", and then enable "work" tunnel when only when using
>> a specific network interface.
>> 
>> Where are we now?
>> -----------------
>> 
>> The latest version of openvpn's package (in experimental) includes two
>> service files for systemd. One instantiated (openvpn@.service) allows the
>> control of single VPNs, piece of cake.
>> 
>> The main issue is with the other one, openvpn.service, that tries to
>> replace the old init.d script and all its features. It is, currently,
>> calling a helper script that (tries to) mimic(s) the former behaviour.
>> 
>> First of all, the script can only be called with start, stop or reload
>> arguments. So no distinction can be made between a restart and a
>> stop-then-start. So there's no way (i.e.  on an upgrade) to restart all
>> VPNs (those in AUTOSTART *and* those manually controlled), since "start"
>> and "stop" should only manage those in AUTOSTART.
>> 
>> Another problem is the package upgrade to systemd in a running system,
>> since the VPNs started with the current init.d script are not recognized
>> by openvpn@NAME.service. So when upgrading the package from the
>> non-systemd-enabled package (< 2.3.2-7) to the package with the service
>> files, we end up with two active VPNs (the one that was running, and one
>> started by systemd) for each AUTOSTARTed configuration.
>> 
>> If you know systemd and would like to help with this please Cc: me (since
>> I'm not subscribed to -devel) or mail me directly. You may find the
>> current git repo for openvpn in Debian at:
>> git.debian.org/git/collab-maint/openvpn.git
>> 
>> Thanks,
>> 
>> Alberto
> 
> Hi Alberto
> 
> openvpn package should Conflitcs systemd in order to avoid systemd being 
> installed and so messing with OpenVPN-working systems, until systemd gets 
> appropiately fixed or you get a workaround.

Please troll elsewhere. The upcoming Debian Release will come with systemd and it is not helpful at all if trolls just trolling around on serious user questions.

Reply to:

References:
- Seeking help with OpenVPN scripts and systemd
  - From: Alberto Gonzalez Iniesta <agi@inittab.org>
- Re: Seeking help with OpenVPN scripts and systemd
  - From: Noel Torres <envite@rolamasao.org>

Prev by Date: Re: upgrades must not change the installed init system [was: Re: Cinnamon environment now available in testing]
Next by Date: Re: upgrades must not change the installed init system [was: Re: Cinnamon environment now available in testing]
Previous by thread: Re: Seeking help with OpenVPN scripts and systemd
Next by thread: Re: Seeking help with OpenVPN scripts and systemd
Index(es):
- Date
- Thread