I am trying, without success, to create an upstart config file to
automatically start and restart an ssh proxy. The command sting that
I use in the script has been checked and verified from the shell but
it fails in the upstart file.
The file contents are:
. . .
# proxy is used to authenticate smtp submissions
# so start it before the postfix service starts
start on starting postfix
# Take down proxy after postfix stops
stop on stopped postfix
# tell upstart that this script creates a daemon
# and have upstart manage PID creation
# but it is generally a bad idea to use this with a
# script / end script block, use exec() instead
# no fork in ssh
#expect fork
# restart automatically if connection fails
respawn
# for script debugging with strace
# but not available in 0.6.3 of course
#debug
# use strace -p <pid> -o /tmp/upstart_debug.log -Ff -s 1024 -v
# Setup script configuration variables:
# localhost means we do not expose proxy to internet
env LOCAL_HOST=localhost
# port 143 is default IMAP service port for plain text connections
env LOCAL_PORT=143
# ports less than 1024 require root privileges to establish
# this must be a passwordless login using PKI certificates
# requires one time setup of local root user ssh key and cert
# and adding this host's root user cert to authorized_keys of
# login host's root user.
env LOGIN_USER=root
# login PKI credentials for LOGIN_USER
env LOGIN_IDENT=/root/.ssh/id_rsa
# login host, may be different than remote host for port forwarding
# must resolve to an address that sshd login server listens on
env LOGIN_HOST=inet07.hamilton.harte-lyne.ca
# the remote host destination for port forwarding
env REMOTE_HOST=inet07.hamilton.harte-lyne.ca
# port that remote service listens on
env REMOTE_PORT=143
# Locate ssh binary
env SSH_BINARY=/usr/bin/ssh
# SSH options used:
### -D : "dynamic" app-level port forwarding - not used. ###
# -f : run in background without a terminal implies -n
# -i : identity file for pki login credentials
# -l : login user name
# -L local_host:local_port:remote_host:remote_port
# : Establishes proxy connection from local port
# port on the remote host.
# -n : stdin from /dev/null, must be used when ssh is run in bg.
# -N : Do not run a command on the remote host. Otherwise an
# error results because we are not initiating a session.
# -o ExitOnForwardFailure=yes : Wait until connection successfully
# completes before daemonizing
# -o ServerAliveInterval=15 : Keep connection alive every 15 seconds
# -q : Run quietly, do not produce local output.
# -T : disable pseudo-tty allocation
# SSH options used
env SSH_OPTIONS=" -o ExitOnForwardFailure=yes "
env SSH_OPTIONS=${SSH_OPTIONS}" -o ServerAliveInterval=15 "
# SSH switches used:
env SSH_SWITCHES=" -fNqT "
exec ${SSH_BINARY} ${SSH_OPTIONS} ${SSH_SWITCHES} -l ${LOGIN_USER} -i
${LOGIN_IDENT} -L
${LOCAL_HOST}:${LOCAL_PORT}:${REMOTE_HOST}:${REMOTE_PORT}
${LOGIN_HOST}
# EOF
The exec is all one line.
I have tried removing -f from the switches but this makes no
difference. Whenever I start this job it immediately fails with the
following in the syslog:
. . .
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process ended,
respawning
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process (3393)
terminated with status 255
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process ended,
respawning
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process (3397)
terminated with status 255
May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy respawning too fast,
stopped
Is what I am doing wrong obvious to anyone?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3