[systemd-devel] script assigned via Unit's ExecStartPre= only partially executes, fails to complete ?

Sun, 01 Dec 2013 00:11:49 -0800 

I'm using an openvpn unit,

        cat openvpn.service
                [Unit]
                Description=OpenVPN
                After=syslog.target network.target
                Before=openvpn.target

                [Service]
                PrivateTmp=true
                Environment=PATH="/usr/local/openvpn-unpriv:$PATH"

                Type=forking
                PIDFile=/var/run/openvpn/openvpn.pid
                ExecStartPre=/usr/local/etc/openvpn/up.script
                ExecStart=/usr/local/sbin/openvpn --daemon --writepid
                /var/run/openvpn/openvpn.pid --cd
                /usr/local/etc/openvpn/ --config server.conf
                ExecStopPost=/usr/local/etc/openvpn/down.script

                [Install]
                WantedBy=multi-user.target

with the ExecStartPre= script,

        cat /usr/local/etc/openvpn/up.script

                #!/bin/sh
                /usr/local/sbin/openvpn --rmtun --dev tun1 > /dev/null
                2>&1
                /usr/local/sbin/openvpn --mktun --dev tun1 --dev-type
                tun --user openvpn --group openvpn
                /usr/sbin/iptables -I FORWARD -i eth0 -o tun1 -j ACCEPT
                /usr/sbin/iptables -I FORWARD -i tun1 -o eth0 -j ACCEPT

After boot, checking for the iptables tun1 rules, nothing's been added,

        iptables -L -v -n | grep tun
                (nothing ...)

testing manually @ shell works,

        /usr/sbin/iptables -I FORWARD -i eth0 -o tun1 -j ACCEPT
        iptables -L -v -n | grep tun
            0     0 ACCEPT     all  --  eth0   tun1    0.0.0.0/0        
               0.0.0.0/0

journalctl shows the up.script launched, and the tun1 device is broight
up,

        journalctl -xb | egrep -i "up.script|tables"
                Dec 01 00:16:18 test kernel: TCP: Hash tables configured
                (established 16384 bind 16384)
                Dec 01 00:16:18 test kernel: ip_tables: (C) 2000-2006
                Netfilter Core Team
                Dec 01 00:16:18 test kernel: ip6_tables: (C) 2000-2006
                Netfilter Core Team
                Dec 01 00:16:27 test systemd[1]: About to execute:
                /usr/local/etc/openvpn/up.script
                Dec 01 00:16:27 test systemd[1]: Forked
                /usr/local/etc/openvpn/up.script as 1653
                Dec 01 00:16:27 test systemd[1653]: Executing:
                /usr/local/etc/openvpn/up.script
                Dec 01 00:16:28 test up.script[1653]: Sun Dec  1
                00:16:28 2013 TUN/TAP device tun1 opened
                Dec 01 00:16:28 test up.script[1653]: Sun Dec  1
                00:16:28 2013 Persist state set to: ON
                Dec 01 00:16:32 test kernel: Ebtables v2.0 registered

but provides no clue why the iptables rules aren't added.

Is there a problem with a dependency here, or running iptables from a
systemd script?  something else?

JenL
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to