Re: [CentOS] cleaner than before RHEL7 -> Re: Run script at startup - Discuss

20 Aug 2014

      Thanks.
I will try to use this solution (Second Way) and I'll report how it works.
This is very critical for me.
On Wed, Aug 20, 2014 at 5:58 PM, Reindl Harald h.reindl@thelounge.net
wrote:
...
"Type=oneshot" does what the name says -> fire up a command once
it expects that this command is short running
since it is a bash-script and the PID is the one from
the bash which is supposed to end after it has finished
it would fail/restart all the time in case of monitoring
"Type=simple" is a long running, non-forking service aka a
ordinary binary which don't exit and so it's PID can be
watched and if it disappears without a stop command, well
as said, i have a lot of SSH tunnels expected to work
24 hours a day over different networks with Type=simple
http://www.freedesktop.org/software/systemd/man/systemd.service.html
Am 20.08.2014 um 16:40 schrieb Alan Holt:
...
Hello,
thank you for your quick answer.
You are completely right with this:
because they die away in case of network errors and reboots

my script contain Reverse SSH Tunnel:
[root@lab3 system]# cat /opt/ssh_tunnel.sh
#!/bin/bash
ssh -f -N -R 12345:localhost:22 root@158.216.189.170 <mailto:
root@158.216.189.170>
...
So as I understood from your explanation, I can do it in two different
ways.
...
*First way: *
To create systemd-unit with path to existing script:
[Unit]
Description=My Service
After=network.service systemd-networkd.service network-online.target
[Service]
Type=oneshot
*ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh*
[Install]
WantedBy=multi-user.target

*Second way:*
To create systemd-unit with all configuration inside.
[Unit]
Description=SSH-Forwarding
After=network.service systemd-networkd.service network-online.target
[Service]
Type=simple
ExecStart=*/usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST}

-N -C
...
**-L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT}
*Restart=always
RestartSec=60
TimeoutSec=30
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE
[Install]
WantedBy=multi-user.target

But in First Way I don't see this records:
Restart=always
RestartSec=60
TimeoutSec=30

So that means that my tunnel will die from time to time. (because
network failure or something like that)
...
And i see difference in this record (I will try to learn about it):
Type=oneshot
Type=simple

So this means that the best practice is to use *Second Way* described by
you?
...
On Wed, Aug 20, 2014 at 4:24 PM, Reindl Harald <h.reindl@thelounge.net
mailto:h.reindl@thelounge.net> wrote:
...
Am 20.08.2014 um 15:07 schrieb Alan Holt:
> I just install the newest version of Centos 7 and I am a bit

disappointed
...
> with new /etc/rc/local file
> I found that it's not usable anymore.
>
> *[root@lab3 ~]# cat /etc/rc.local*
> " THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES"
> It is highly advisable to create own systemd services or udev rules
> to run scripts during boot instead of using this file.
>
> Usually I was added my script to /etc/rc.local
>
> *[root@lab3 ~]# echo /usr/bin/bash /opt/ssh_tunnel.sh >>

/etc/rc.local*
...
>
> And it was working perfect.
>
> What I should do in new Centos 7, please help

create a systemd-unit?

in general such scripts for port-forwarding are plain crap
because they die away in case of network errors and reboots

look at the service below, this survives a restart of the
forwarded remote machine because in case of a failure after
60 seconds it executes ExecStart again

and no - don't put multiple forwards in one service

i have a machine with 8 such forwarder-services and they
are monitored by systemd because one MAINPID

...
* touch /etc/systemd/system/tunnel.service
* put the content below in the file
* systemctl enable tunnel.service
* systemctl start tunnel.service

[Unit]
Description=My Service
After=network.service systemd-networkd.service network-online.target

[Service]
Type=oneshot
ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh

[Install]
WantedBy=multi-user.target

...
[Unit]
Description=SSH-Forwarding
After=network.service systemd-networkd.service network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST}

-N -C
...
-L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT}
Restart=always
RestartSec=60
TimeoutSec=30
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE

[Install]
WantedBy=multi-user.target

...
${REMOTE_HOST}   = the machine with the service you want forwarded
${LOCAL_ADDRESS} = 127.0.0.1 or your WAN-IP if the port should be

reachable from your LAN
...
${LOCAL_PORT}    = the port on your side
${REMOTE_PORT}   = the port of the service you want to forward

--
/בברכה, /
/אלכס ברבר/
/+9 72 54 285 952 3
/
/www.linuxspace.org/ http://www.linuxspace.org
/--/
/Best regards./
/Alex Berber/
/+9 72 54 285 952 3/
/www.linuxspace.org/ http://www.linuxspace.org/
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33
icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* http://www.linuxspace.org
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* http://www.linuxspace.org/