On 24 July 2015 at 10:38, James Hogarth <james.hoga...@gmail.com> wrote: > Hi, > > I'm in the process of adding systemd native sockets to a service > (rather than using inetd compatibility) and am trying to get my head > around the proper way to configure the unit files so that the socket > is optional rather than required but allowing restarting of the socket > unit. > > https://github.com/yrutschle/sslh/pull/56 > > [root@hoglaptop ~]# systemctl cat sslh.socket > # /etc/systemd/system/sslh.socket > [Socket] > ListenStream=10.81.60.229:443 > ListenStream=10.81.60.229:444 > ListenStream=10.81.60.229:445 > ListenStream=10.81.60.229:446 > ListenStream=10.81.60.229:447 > FreeBind=true > > [Install] > WantedBy=sockets.target > > [root@hoglaptop ~]# systemctl cat sslh.service > # /etc/systemd/system/sslh.service > [Service] > ExecStart=/home/hogarthj/workspace/github-sslh/sslh-fork -v -f --ssh > 127.0.0.1:22 > KillMode=process > > I want a user to be able to systemctl start sslh and use listening > addresses in /etc/sslh.cfg as always (so I'm reluctant to put a > straight Sockets= in the service unit file) but as it stands the lazy > activation of sslh works a treat however once the service is activated > it is listening on the sockets so it's not possible to systemctl > restart sslh.socket to change an IP or add a port without stopping > sslh.service first ... > > Is what I'm trying to do flat out a bad idea and impossible or is > there a way of ordering this in such a way that a restart of > sslh.socket stops sslh.service in the process ... or something to > attain the goal of a restartable socket unit and an associated that > has not explicit need of the socket? > > Regards, > > James
And for the sake of google searches and the archives within 5 minutes of sending the email I worked out my answer ... Adding Before=sslh.service to the socket and PartOf=sslh.socket to the service gets me the behavior I was searching for. [root@hoglaptop ~]# systemctl cat sslh.service # /etc/systemd/system/sslh.service [Unit] PartOf=sslh.socket [Service] ExecStart=/usr/sbin/sslh -v -f --ssh 127.0.0.1:22 KillMode=process CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_SETGID CAP_SETUID PrivateTmp=true PrivateDevices=true ProtectSystem=full ProtectHome=true [root@hoglaptop ~]# systemctl cat sslh.socket # /etc/systemd/system/sslh.socket [Unit] Before=sslh.service [Socket] ListenStream=10.81.60.229:443 ListenStream=10.81.60.229:444 ListenStream=10.81.60.229:445 ListenStream=10.81.60.229:446 ListenStream=10.81.60.229:447 FreeBind=true [Install] WantedBy=sockets.target Which is great! Now I can start as a non-root user and not have to drop user after binding low ports. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
