On 05/30/2012 02:00 PM, James B. Byrne wrote:
> I am trying, without success, to create an upstart config file to
> automatically start and restart an ssh proxy. The command sting that
> I use in the script has been checked and verified from the shell but
> it fails in the upstart file.
>
> The file contents are:
>
> . . .
> # proxy is used to authenticate smtp submissions
> # so start it before the postfix service starts
> start on starting postfix
>
> # Take down proxy after postfix stops
> stop on stopped postfix
>
> # tell upstart that this script creates a daemon
> # and have upstart manage PID creation
> # but it is generally a bad idea to use this with a
> # script / end script block, use exec() instead
> # no fork in ssh
> #expect fork
>
> # restart automatically if connection fails
> respawn
>
> # for script debugging with strace
> # but not available in 0.6.3 of course
> #debug
> # use strace -p <pid> -o /tmp/upstart_debug.log -Ff -s 1024 -v
>
>
> # Setup script configuration variables:
>
> # localhost means we do not expose proxy to internet
> env LOCAL_HOST=localhost
>
> # port 143 is default IMAP service port for plain text connections
> env LOCAL_PORT=143
>
> # ports less than 1024 require root privileges to establish
> # this must be a passwordless login using PKI certificates
> # requires one time setup of local root user ssh key and cert
> # and adding this host's root user cert to authorized_keys of
> # login host's root user.
> env LOGIN_USER=root
>
> # login PKI credentials for LOGIN_USER
> env LOGIN_IDENT=/root/.ssh/id_rsa
>
> # login host, may be different than remote host for port forwarding
> # must resolve to an address that sshd login server listens on
> env LOGIN_HOST=inet07.hamilton.harte-lyne.ca
>
> # the remote host destination for port forwarding
> env REMOTE_HOST=inet07.hamilton.harte-lyne.ca
>
> # port that remote service listens on
> env REMOTE_PORT=143
>
> # Locate ssh binary
> env SSH_BINARY=/usr/bin/ssh
>
> # SSH options used:
>
> ### -D : "dynamic" app-level port forwarding - not used. ###
>
> # -f : run in background without a terminal implies -n
>
> # -i : identity file for pki login credentials
>
> # -l : login user name
>
> # -L local_host:local_port:remote_host:remote_port
> # : Establishes proxy connection from local port
> # port on the remote host.
>
> # -n : stdin from /dev/null, must be used when ssh is run in bg.
>
> # -N : Do not run a command on the remote host. Otherwise an
> # error results because we are not initiating a session.
>
> # -o ExitOnForwardFailure=yes : Wait until connection successfully
> # completes before daemonizing
>
> # -o ServerAliveInterval=15 : Keep connection alive every 15 seconds
>
> # -q : Run quietly, do not produce local output.
>
> # -T : disable pseudo-tty allocation
>
> # SSH options used
> env SSH_OPTIONS=" -o ExitOnForwardFailure=yes "
> env SSH_OPTIONS=${SSH_OPTIONS}" -o ServerAliveInterval=15 "
>
> # SSH switches used:
> env SSH_SWITCHES=" -fNqT "
>
> exec ${SSH_BINARY} ${SSH_OPTIONS} ${SSH_SWITCHES} -l ${LOGIN_USER} -i
> ${LOGIN_IDENT} -L
> ${LOCAL_HOST}:${LOCAL_PORT}:${REMOTE_HOST}:${REMOTE_PORT}
> ${LOGIN_HOST}
>
> # EOF
>
> The exec is all one line.
>
> I have tried removing -f from the switches but this makes no
> difference. Whenever I start this job it immediately fails with the
> following in the syslog:
>
> . . .
> May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process ended,
> respawning
> May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process (3393)
> terminated with status 255
> May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process ended,
> respawning
> May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy main process (3397)
> terminated with status 255
> May 30 16:47:06 inet08 init: LOCAL_ssh_imap_proxy respawning too fast,
> stopped
>
> Is what I am doing wrong obvious to anyone?
>
>
The '-f option' tells SSH to run in the background, but normally upstart
expects to wait for the process. Maybe you want '-n' instead of '-f'.
Alternatively, if you run a program in the background you could specify
'task' in the config file to tell upstart not to wait for the process
(you couldn't use respawn with that because then the process is not
managed by upstart anymore).
Nataraj