[CentOS] cleaner than before RHEL7 -> Re: Run script at startup

Wed Aug 20 15:53:50 UTC 2014
Alan Holt <berber.it at gmail.com>

Thanks.

I will try to use this solution (Second Way) and I'll report how it works.
This is very critical for me.


On Wed, Aug 20, 2014 at 5:58 PM, Reindl Harald <h.reindl at thelounge.net>
wrote:

>
> "Type=oneshot" does what the name says -> fire up a command once
> it expects that this command is short running
> since it is a bash-script and the PID is the one from
> the bash which is supposed to end after it has finished
> it would fail/restart all the time in case of monitoring
>
> "Type=simple" is a long running, non-forking service aka a
> ordinary binary which don't exit and so it's PID can be
> watched and if it disappears without a stop command, well
>
> as said, i have a lot of SSH tunnels expected to work
> 24 hours a day over different networks with Type=simple
>
> http://www.freedesktop.org/software/systemd/man/systemd.service.html
>
> Am 20.08.2014 um 16:40 schrieb Alan Holt:
> > Hello,
> >
> > thank you for your quick answer.
> >
> > You are completely right with this:
> >
> >     because they die away in case of network errors and reboots
> >
> >
> > my script contain Reverse SSH Tunnel:
> > [root at lab3 system]# cat /opt/ssh_tunnel.sh
> > #!/bin/bash
> > ssh -f -N -R 12345:localhost:22 root at 158.216.189.170 <mailto:
> root at 158.216.189.170>
> >
> > So as I understood from your explanation, I can do it in two different
> ways.
> >
> > *First way: *
> > To create systemd-unit with path to existing script:
> >
> >     [Unit]
> >     Description=My Service
> >     After=network.service systemd-networkd.service network-online.target
> >     [Service]
> >     Type=oneshot
> >     *ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh*
> >     [Install]
> >     WantedBy=multi-user.target
> >
> >
> >
> > *Second way:*
> > To create systemd-unit with all configuration inside.
> >
> >     [Unit]
> >     Description=SSH-Forwarding
> >     After=network.service systemd-networkd.service network-online.target
> >     [Service]
> >     Type=simple
> >     ExecStart=*/usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST}
> -N -C
> >     **-L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT}
> >     *Restart=always
> >     RestartSec=60
> >     TimeoutSec=30
> >     CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE
> >     [Install]
> >     WantedBy=multi-user.target
> >
> >
> > But in First Way I don't see this records:
> >
> >     Restart=always
> >     RestartSec=60
> >     TimeoutSec=30
> >
> >
> > So that means that my tunnel will die from time to time. (because
> network failure or something like that)
> > And i see difference in this record (I will try to learn about it):
> >
> >     Type=oneshot
> >     Type=simple
> >
> >
> > So this means that the best practice is to use *Second Way* described by
> you?
> >
> >
> > On Wed, Aug 20, 2014 at 4:24 PM, Reindl Harald <h.reindl at thelounge.net
> <mailto:h.reindl at thelounge.net>> wrote:
> >
> >
> >     Am 20.08.2014 um 15:07 schrieb Alan Holt:
> >     > I just install the newest version of Centos 7 and I am a bit
> disappointed
> >     > with new /etc/rc/local file
> >     > I found that it's not usable anymore.
> >     >
> >     > *[root at lab3 ~]# cat /etc/rc.local*
> >     > " THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES"
> >     > It is highly advisable to create own systemd services or udev rules
> >     > to run scripts during boot instead of using this file.
> >     >
> >     > Usually I was added my script to /etc/rc.local
> >     >
> >     > *[root at lab3 ~]# echo /usr/bin/bash /opt/ssh_tunnel.sh >>
> /etc/rc.local*
> >     >
> >     > And it was working perfect.
> >     >
> >     > What I should do in new Centos 7, please help
> >
> >     create a systemd-unit?
> >
> >     in general such scripts for port-forwarding are plain crap
> >     because they die away in case of network errors and reboots
> >
> >     look at the service below, this survives a restart of the
> >     forwarded remote machine because in case of a failure after
> >     60 seconds it executes ExecStart again
> >
> >     and no - don't put multiple forwards in one service
> >
> >     i have a machine with 8 such forwarder-services and they
> >     are monitored by systemd because one MAINPID
> >
>  _____________________________________________________________________________
> >
> >     * touch /etc/systemd/system/tunnel.service
> >     * put the content below in the file
> >     * systemctl enable tunnel.service
> >     * systemctl start tunnel.service
> >
> >     [Unit]
> >     Description=My Service
> >     After=network.service systemd-networkd.service network-online.target
> >
> >     [Service]
> >     Type=oneshot
> >     ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh
> >
> >     [Install]
> >     WantedBy=multi-user.target
> >
>  _____________________________________________________________________________
> >
> >     [Unit]
> >     Description=SSH-Forwarding
> >     After=network.service systemd-networkd.service network-online.target
> >
> >     [Service]
> >     Type=simple
> >     ExecStart=/usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST}
> -N -C
> >     -L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT}
> >     Restart=always
> >     RestartSec=60
> >     TimeoutSec=30
> >     CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE
> >
> >     [Install]
> >     WantedBy=multi-user.target
> >
>  _____________________________________________________________________________
> >
> >     ${REMOTE_HOST}   = the machine with the service you want forwarded
> >     ${LOCAL_ADDRESS} = 127.0.0.1 or your WAN-IP if the port should be
> reachable from your LAN
> >     ${LOCAL_PORT}    = the port on your side
> >     ${REMOTE_PORT}   = the port of the service you want to forward
> >
> >
> >
> >
> > --
> > /בברכה, /
> > /אלכס ברבר/
> > /+9 72 54 285 952 3
> > /
> > /www.linuxspace.org/ <http://www.linuxspace.org>
> > /--/
> > /Best regards./
> > /Alex Berber/
> > /+9 72 54 285 952 3/
> > /www.linuxspace.org/ <http://www.linuxspace.org/>
>
> --
>
> Reindl Harald
> the lounge interactive design GmbH
> A-1060 Vienna, Hofmühlgasse 17
> CTO / CISO / Software-Development
> m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33
> icq: 154546673, http://www.thelounge.net/
>
> http://www.thelounge.net/signature.asc.what.htm
>
>


-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>