Il 11/11/2016 14:35, David Sommerseth ha scritto: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11/11/16 13:28, Samuli Seppänen wrote: >> This comes a bit late, sorry. >> >> Il 20/10/2016 23:42, David Sommerseth ha scritto: >>> There are several changes which allows systemd to take care of >>> several aspects of hardening the execution of OpenVPN. >>> >>> - Let systemd take care of the process tracking directly, >>> instead of doing that via PID files >>> >> >> This makes sense, but it has one caveat. If there is no pidfile, >> external, local monitoring applications might not be able to >> monitor the status of the OpenVPN process anymore. I, for example, >> heavily utilize monit for it's email notification capabilities, and >> because it can actually do things if it detects anomalies. >> >> The last time I checked, there is no easy way to get systemd to >> notify the admin if, say, a daemon goes down and systemd restarts >> it. Is this still the case? > > Systemd will in this case mark the service as "Failed" and the status > message will try to give an indication of what happened - was the > process killed, segfault, stopped with an exit code, etc.
Yeah, and systemd integration will probably eventually find its way into external monitoring tools. > For external tools, you can now actually add the PID file yourself via > the configuration file, and place the PID file exactly where it fits > your need. So this actually gives a far better flexibility. Yes, that is what I ended up doing, so this is definitely not a dealbreaker. > > We can of course investigate if we should enable systemd to restart > OpenVPN, at least the server profile, if it dies unexpectedly. > Currently, I am not fully convinced we want that. That should probably be a admin decision. > > > - -- > kind regards, > > David Sommerseth > OpenVPN Technologies, Inc > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iQIcBAEBAgAGBQJYJbstAAoJEIbPlEyWcf3yTEUQAMFkuQ+9wBYvLVqIilcPBEtL > gM6rFzmtmQO9HkJnE5DdxxCLTPQu2FDpH66QxUOOkQgilji2iuub0L5ebo/yhfKH > +mKCnn56553kcFSYozDDiW3S0nulCjDGZ3/dWh/jjnVbthpdnigpFswEaTfJsTn8 > ZQ7Uw6rIN4ocqsySLDhTdVaxzcEE3tLXpxsvh7cqGrY7gdodxQfZ6guIN2jNpgOW > vzKTr/oDbLl7mfE/yCIahH2b++rIWezPwcdXccQdCs1EiadQLwpTm7YCkc+RGXH6 > cYANjeXzBCMUqb+PceRcNBgxQy+6Bo3zBNh5UC3eVcitc9I/3fAxZ+7z3H+Yacyq > bOX5RGU2vjDO6M1SBtvS3fPSKAIj/yL9DxWmeOyYWJwqSXcixdXBmBtprulMhR1p > LdO/Fj95onek2qeXQOuoppQO5bUu71r5OwoYmDi/BGKDvIbU7r4watNfHM8v6fiR > WU4JFMGIvK0oXknv2LJUDpPjyOlMwty9y+aTIPNr+TrxEKzE9PjbfVRpCsNSDJxq > W4iYZV0qS4OPJl2fHdZeX7bPxeyYsoZ6Qn2qf7QKLB6SQeEheWxeEl4JsBHgvlbO > 4RgVBFJSGVKhgz7pjpYEDVXyBOCKidUBjiIDXyC5C8phIniFQb5umNDFC/6i8Deh > AkfV28b/RdHq+/TUfLq+ > =tTI/ > -----END PGP SIGNATURE----- > -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
