Thanks. I will try to use this solution (Second Way) and I'll report how it works. This is very critical for me. On Wed, Aug 20, 2014 at 5:58 PM, Reindl Harald <h.reindl at thelounge.net> wrote: > > "Type=oneshot" does what the name says -> fire up a command once > it expects that this command is short running > since it is a bash-script and the PID is the one from > the bash which is supposed to end after it has finished > it would fail/restart all the time in case of monitoring > > "Type=simple" is a long running, non-forking service aka a > ordinary binary which don't exit and so it's PID can be > watched and if it disappears without a stop command, well > > as said, i have a lot of SSH tunnels expected to work > 24 hours a day over different networks with Type=simple > > http://www.freedesktop.org/software/systemd/man/systemd.service.html > > Am 20.08.2014 um 16:40 schrieb Alan Holt: > > Hello, > > > > thank you for your quick answer. > > > > You are completely right with this: > > > > because they die away in case of network errors and reboots > > > > > > my script contain Reverse SSH Tunnel: > > [root at lab3 system]# cat /opt/ssh_tunnel.sh > > #!/bin/bash > > ssh -f -N -R 12345:localhost:22 root at 158.216.189.170 <mailto: > root at 158.216.189.170> > > > > So as I understood from your explanation, I can do it in two different > ways. > > > > *First way: * > > To create systemd-unit with path to existing script: > > > > [Unit] > > Description=My Service > > After=network.service systemd-networkd.service network-online.target > > [Service] > > Type=oneshot > > *ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh* > > [Install] > > WantedBy=multi-user.target > > > > > > > > *Second way:* > > To create systemd-unit with all configuration inside. > > > > [Unit] > > Description=SSH-Forwarding > > After=network.service systemd-networkd.service network-online.target > > [Service] > > Type=simple > > ExecStart=*/usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST} > -N -C > > **-L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT} > > *Restart=always > > RestartSec=60 > > TimeoutSec=30 > > CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE > > [Install] > > WantedBy=multi-user.target > > > > > > But in First Way I don't see this records: > > > > Restart=always > > RestartSec=60 > > TimeoutSec=30 > > > > > > So that means that my tunnel will die from time to time. (because > network failure or something like that) > > And i see difference in this record (I will try to learn about it): > > > > Type=oneshot > > Type=simple > > > > > > So this means that the best practice is to use *Second Way* described by > you? > > > > > > On Wed, Aug 20, 2014 at 4:24 PM, Reindl Harald <h.reindl at thelounge.net > <mailto:h.reindl at thelounge.net>> wrote: > > > > > > Am 20.08.2014 um 15:07 schrieb Alan Holt: > > > I just install the newest version of Centos 7 and I am a bit > disappointed > > > with new /etc/rc/local file > > > I found that it's not usable anymore. > > > > > > *[root at lab3 ~]# cat /etc/rc.local* > > > " THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES" > > > It is highly advisable to create own systemd services or udev rules > > > to run scripts during boot instead of using this file. > > > > > > Usually I was added my script to /etc/rc.local > > > > > > *[root at lab3 ~]# echo /usr/bin/bash /opt/ssh_tunnel.sh >> > /etc/rc.local* > > > > > > And it was working perfect. > > > > > > What I should do in new Centos 7, please help > > > > create a systemd-unit? > > > > in general such scripts for port-forwarding are plain crap > > because they die away in case of network errors and reboots > > > > look at the service below, this survives a restart of the > > forwarded remote machine because in case of a failure after > > 60 seconds it executes ExecStart again > > > > and no - don't put multiple forwards in one service > > > > i have a machine with 8 such forwarder-services and they > > are monitored by systemd because one MAINPID > > > _____________________________________________________________________________ > > > > * touch /etc/systemd/system/tunnel.service > > * put the content below in the file > > * systemctl enable tunnel.service > > * systemctl start tunnel.service > > > > [Unit] > > Description=My Service > > After=network.service systemd-networkd.service network-online.target > > > > [Service] > > Type=oneshot > > ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh > > > > [Install] > > WantedBy=multi-user.target > > > _____________________________________________________________________________ > > > > [Unit] > > Description=SSH-Forwarding > > After=network.service systemd-networkd.service network-online.target > > > > [Service] > > Type=simple > > ExecStart=/usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST} > -N -C > > -L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT} > > Restart=always > > RestartSec=60 > > TimeoutSec=30 > > CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE > > > > [Install] > > WantedBy=multi-user.target > > > _____________________________________________________________________________ > > > > ${REMOTE_HOST} = the machine with the service you want forwarded > > ${LOCAL_ADDRESS} = 127.0.0.1 or your WAN-IP if the port should be > reachable from your LAN > > ${LOCAL_PORT} = the port on your side > > ${REMOTE_PORT} = the port of the service you want to forward > > > > > > > > > > -- > > /בברכה, / > > /אלכס ברבר/ > > /+9 72 54 285 952 3 > > / > > /www.linuxspace.org/ <http://www.linuxspace.org> > > /--/ > > /Best regards./ > > /Alex Berber/ > > /+9 72 54 285 952 3/ > > /www.linuxspace.org/ <http://www.linuxspace.org/> > > -- > > Reindl Harald > the lounge interactive design GmbH > A-1060 Vienna, Hofmühlgasse 17 > CTO / CISO / Software-Development > m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33 > icq: 154546673, http://www.thelounge.net/ > > http://www.thelounge.net/signature.asc.what.htm > > -- *בברכה, * *אלכס ברבר* *+9 72 54 285 952 3* *www.linuxspace.org* <http://www.linuxspace.org> *--* *Best regards.* *Alex Berber* *+9 72 54 285 952 3* *www.linuxspace.org* <http://www.linuxspace.org/>