FS#56086 - [sshuttle] systemd service should use notify start mode as recommended by the sshuttle authors
Attached to Project:
Community Packages
Opened by desbma (desbma) - Sunday, 22 October 2017, 18:53 GMT
Last edited by Felix Yan (felixonmars) - Friday, 11 May 2018, 08:50 GMT
Opened by desbma (desbma) - Sunday, 22 October 2017, 18:53 GMT
Last edited by Felix Yan (felixonmars) - Friday, 11 May 2018, 08:50 GMT
|
Details
To allow other services or programs to depend on a sshuttle
SSH tunnel, the sshuttle systemd service should use notify
start mode.
This is actually recommended in the sshuttle documentation: "If you are using systemd, sshuttle can notify it when the connection to the remote end is established and the firewall rules are installed. For this feature to work you must configure the process start-up type for the sshuttle service unit to notify" https://raw.githubusercontent.com/sshuttle/sshuttle/master/docs/requirements.rst Currently the service is considered ready when the process has been started, but that does not mean the SSH tunnel is ready so other service or programs depending on it have to implement retry loops to work around this. The only change needed to fix this is this one line patch: --- sshuttle.service.orig 2017-10-22 20:50:01.000000000 +0200 +++ sshuttle.service 2017-10-22 20:51:37.963310698 +0200 @@ -2,6 +2,7 @@ Description=Create a transparent proxy over SSH [Service] +Type=notify ExecStart=/usr/bin/sshuttle --dns --listen 0.0.0.0 --remote sshuttle_tunnel -s /etc/sshuttle/prefixes.conf -e "ssh -F /etc/sshuttle/tunnel.conf" [Install] |
This task depends upon
Closed by Felix Yan (felixonmars)
Friday, 11 May 2018, 08:50 GMT
Reason for closing: Implemented
Additional comments about closing: 0.78.4-2
Friday, 11 May 2018, 08:50 GMT
Reason for closing: Implemented
Additional comments about closing: 0.78.4-2
After=network.target
in the [Unit] service file section, to avoid starting the service too early, again as recommended by the sshuttle authors.