Hello,
thank you for your quick answer.
You are completely right with this:
because they die away in case of network errors and reboots
my script contain Reverse SSH Tunnel: [root@lab3 system]# cat /opt/ssh_tunnel.sh #!/bin/bash ssh -f -N -R 12345:localhost:22 root@158.216.189.170
So as I understood from your explanation, I can do it in two different ways.
*First way: * To create systemd-unit with path to existing script:
[Unit]
Description=My Service After=network.service systemd-networkd.service network-online.target [Service] Type=oneshot *ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh* [Install] WantedBy=multi-user.target
*Second way:* To create systemd-unit with all configuration inside.
[Unit]
Description=SSH-Forwarding After=network.service systemd-networkd.service network-online.target [Service] Type=simple ExecStart= */usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST} -N -C* *-L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT}*Restart=always RestartSec=60 TimeoutSec=30 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE [Install] WantedBy=multi-user.target
But in First Way I don't see this records:
Restart=always
RestartSec=60 TimeoutSec=30
So that means that my tunnel will die from time to time. (because network failure or something like that) And i see difference in this record (I will try to learn about it):
Type=oneshot
Type=simple
So this means that the best practice is to use *Second Way* described by you?
PS: Sry for double sending
On Wed, Aug 20, 2014 at 4:24 PM, Reindl Harald h.reindl@thelounge.net wrote:
Am 20.08.2014 um 15:07 schrieb Alan Holt:
I just install the newest version of Centos 7 and I am a bit disappointed with new /etc/rc/local file I found that it's not usable anymore.
*[root@lab3 ~]# cat /etc/rc.local* " THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES" It is highly advisable to create own systemd services or udev rules to run scripts during boot instead of using this file.
Usually I was added my script to /etc/rc.local
*[root@lab3 ~]# echo /usr/bin/bash /opt/ssh_tunnel.sh >> /etc/rc.local*
And it was working perfect.
What I should do in new Centos 7, please help
create a systemd-unit?
in general such scripts for port-forwarding are plain crap because they die away in case of network errors and reboots
look at the service below, this survives a restart of the forwarded remote machine because in case of a failure after 60 seconds it executes ExecStart again
and no - don't put multiple forwards in one service
i have a machine with 8 such forwarder-services and they are monitored by systemd because one MAINPID
- touch /etc/systemd/system/tunnel.service
- put the content below in the file
- systemctl enable tunnel.service
- systemctl start tunnel.service
[Unit] Description=My Service After=network.service systemd-networkd.service network-online.target
[Service] Type=oneshot ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh
[Install] WantedBy=multi-user.target
[Unit] Description=SSH-Forwarding After=network.service systemd-networkd.service network-online.target
[Service] Type=simple ExecStart=/usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST} -N -C -L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT} Restart=always RestartSec=60 TimeoutSec=30 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE
[Install] WantedBy=multi-user.target
${REMOTE_HOST} = the machine with the service you want forwarded ${LOCAL_ADDRESS} = 127.0.0.1 or your WAN-IP if the port should be reachable from your LAN ${LOCAL_PORT} = the port on your side ${REMOTE_PORT} = the port of the service you want to forward
-
Alan Holt