-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/11/16 13:28, Samuli Seppänen wrote: > This comes a bit late, sorry. > > Il 20/10/2016 23:42, David Sommerseth ha scritto: >> There are several changes which allows systemd to take care of >> several aspects of hardening the execution of OpenVPN. >> >> - Let systemd take care of the process tracking directly, >> instead of doing that via PID files >> > > This makes sense, but it has one caveat. If there is no pidfile, > external, local monitoring applications might not be able to > monitor the status of the OpenVPN process anymore. I, for example, > heavily utilize monit for it's email notification capabilities, and > because it can actually do things if it detects anomalies. > > The last time I checked, there is no easy way to get systemd to > notify the admin if, say, a daemon goes down and systemd restarts > it. Is this still the case?
Systemd will in this case mark the service as "Failed" and the status message will try to give an indication of what happened - was the process killed, segfault, stopped with an exit code, etc. For external tools, you can now actually add the PID file yourself via the configuration file, and place the PID file exactly where it fits your need. So this actually gives a far better flexibility. We can of course investigate if we should enable systemd to restart OpenVPN, at least the server profile, if it dies unexpectedly. Currently, I am not fully convinced we want that. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYJbstAAoJEIbPlEyWcf3yTEUQAMFkuQ+9wBYvLVqIilcPBEtL gM6rFzmtmQO9HkJnE5DdxxCLTPQu2FDpH66QxUOOkQgilji2iuub0L5ebo/yhfKH +mKCnn56553kcFSYozDDiW3S0nulCjDGZ3/dWh/jjnVbthpdnigpFswEaTfJsTn8 ZQ7Uw6rIN4ocqsySLDhTdVaxzcEE3tLXpxsvh7cqGrY7gdodxQfZ6guIN2jNpgOW vzKTr/oDbLl7mfE/yCIahH2b++rIWezPwcdXccQdCs1EiadQLwpTm7YCkc+RGXH6 cYANjeXzBCMUqb+PceRcNBgxQy+6Bo3zBNh5UC3eVcitc9I/3fAxZ+7z3H+Yacyq bOX5RGU2vjDO6M1SBtvS3fPSKAIj/yL9DxWmeOyYWJwqSXcixdXBmBtprulMhR1p LdO/Fj95onek2qeXQOuoppQO5bUu71r5OwoYmDi/BGKDvIbU7r4watNfHM8v6fiR WU4JFMGIvK0oXknv2LJUDpPjyOlMwty9y+aTIPNr+TrxEKzE9PjbfVRpCsNSDJxq W4iYZV0qS4OPJl2fHdZeX7bPxeyYsoZ6Qn2qf7QKLB6SQeEheWxeEl4JsBHgvlbO 4RgVBFJSGVKhgz7pjpYEDVXyBOCKidUBjiIDXyC5C8phIniFQb5umNDFC/6i8Deh AkfV28b/RdHq+/TUfLq+ =tTI/ -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
