Discussion:
Multiple services using the same core service?
(too old to reply)
林自均
2017-12-26 01:39:59 UTC
Permalink
Raw Message
Hi folks,

I am trying to achieve:

# systemctl start sshd-shell.service (1)
# systemctl start sshd-sftp.service (2)
# systemctl stop sshd-shell.service (3)
# systemctl stop sshd-sftp.service (4)

Before the command (1), sshd is not running. By typing (1),
/etc/sshd_config is configured to accept ssh shell connections but no sftp
connections, and then start sshd. By typing (2), /etc/sshd_config is
configured to accept sftp connections too, and sshd is reloaded. By typing
(3), /etc/sshd_config is configured to refuse ssh shell connection, and
sshd is reloaded again. By typing (4), sshd will be stopped.

Basically, I wrote the following 3 service units:

- sshd-core.service: the original sshd
- sshd-shell.service: ssh shell
- sshd-sftp.service: sftp server

The units looks like:

# sshd-core.service
[Unit]
Description=OpenSSH Daemon
After=network.target
StopWhenUnneeded=yes
RefuseManualStart=yes

[Service]
ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always

# sshd-shell.service
[Unit]
Requires=sshd-core.service
After=sshd-core.service
PropagatesReloadTo=sshd-core.service

[Service]
Type=oneshot
ExecStart=/usr/local/bin/config-sshd.sh enable-shell
ExecStop=/usr/local/bin/config-sshd.sh disable-shell
ExecReload=/bin/true
RemainAfterExit=yes
ExecStartPost=/bin/sleep 1
ExecStartPost=-/bin/systemctl reload --no-block sshd-core.service
ExecStopPost=-/bin/systemctl reload --no-block sshd-core.service

And sshd-sftp.service is similar to sshd-shell.service except the
ExecStart= and ExecStop= configures sftp.

The current problem is that I don't know if there is a better way to
achieve this. For example, I have to sleep 1 second before reloading
sshd-core.service in sshd-shell.service because otherwise sshd didn't setup
the signal handler for SIGHUP and will terminate itself. Or systemd doesn't
suggest such use case?

Thanks for any comments.

John
林自均
2018-01-15 09:18:37 UTC
Permalink
Raw Message
Hi folks,

I re-designed my units as follows:

# sshd-core.service
[Unit]
Description=OpenSSH Daemon
After=network.target

[Service]
ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always

# sshd-shell.service
[Unit]
PropagatesReloadTo=sshd-core.service

[Service]
Type=oneshot
ExecStart=/usr/local/bin/config-sshd.sh enable-shell
ExecStop=/usr/local/bin/config-sshd.sh disable-shell
ExecReload=/bin/true
RemainAfterExit=yes
ExecStartPost=/bin/mkdir -p /var/run/sshd-running
ExecStartPost=/bin/systemctl reload-or-restart sshd-core.service
ExecStartPost=/bin/touch /var/run/sshd-running/sshd-shell.service
ExecStopPost=/bin/rm -f /var/run/sshd-running/sshd-shell.service
ExecStopPost=/bin/bash -c 'if [ "$(ls /var/run/sshd-running | wc -l)"
== "0" ] ; then /bin/systemctl stop sshd-core.service ; else /bin/systemctl
reload-or-restart sshd-core.service ; fi'

This version doesn't need to sleep 1 second to wait for sshd, so I guess it
makes more sense.

Is there any suggestion on that? Thanks!

John Lin
Post by 林自均
Hi folks,
# systemctl start sshd-shell.service (1)
# systemctl start sshd-sftp.service (2)
# systemctl stop sshd-shell.service (3)
# systemctl stop sshd-sftp.service (4)
Before the command (1), sshd is not running. By typing (1),
/etc/sshd_config is configured to accept ssh shell connections but no sftp
connections, and then start sshd. By typing (2), /etc/sshd_config is
configured to accept sftp connections too, and sshd is reloaded. By typing
(3), /etc/sshd_config is configured to refuse ssh shell connection, and
sshd is reloaded again. By typing (4), sshd will be stopped.
- sshd-core.service: the original sshd
- sshd-shell.service: ssh shell
- sshd-sftp.service: sftp server
# sshd-core.service
[Unit]
Description=OpenSSH Daemon
After=network.target
StopWhenUnneeded=yes
RefuseManualStart=yes
[Service]
ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
# sshd-shell.service
[Unit]
Requires=sshd-core.service
After=sshd-core.service
PropagatesReloadTo=sshd-core.service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/config-sshd.sh enable-shell
ExecStop=/usr/local/bin/config-sshd.sh disable-shell
ExecReload=/bin/true
RemainAfterExit=yes
ExecStartPost=/bin/sleep 1
ExecStartPost=-/bin/systemctl reload --no-block sshd-core.service
ExecStopPost=-/bin/systemctl reload --no-block sshd-core.service
And sshd-sftp.service is similar to sshd-shell.service except the
ExecStart= and ExecStop= configures sftp.
The current problem is that I don't know if there is a better way to
achieve this. For example, I have to sleep 1 second before reloading
sshd-core.service in sshd-shell.service because otherwise sshd didn't setup
the signal handler for SIGHUP and will terminate itself. Or systemd doesn't
suggest such use case?
Thanks for any comments.
John
Lennart Poettering
2018-01-24 11:41:45 UTC
Permalink
Raw Message
Post by 林自均
Hi folks,
# systemctl start sshd-shell.service (1)
# systemctl start sshd-sftp.service (2)
# systemctl stop sshd-shell.service (3)
# systemctl stop sshd-sftp.service (4)
Before the command (1), sshd is not running. By typing (1),
/etc/sshd_config is configured to accept ssh shell connections but no sftp
connections, and then start sshd. By typing (2), /etc/sshd_config is
configured to accept sftp connections too, and sshd is reloaded. By typing
(3), /etc/sshd_config is configured to refuse ssh shell connection, and
sshd is reloaded again. By typing (4), sshd will be stopped.
Quite frankly, this is not really in line with how systemd services
are supposed to be used. They are supposed to wrap running processes,
but not wrap configuration applied to others really.

But anyway, of course, it's up to you how to make use of this stuff...
Post by 林自均
The current problem is that I don't know if there is a better way to
achieve this. For example, I have to sleep 1 second before reloading
sshd-core.service in sshd-shell.service because otherwise sshd didn't setup
the signal handler for SIGHUP and will terminate itself. Or systemd doesn't
suggest such use case?
Yes, it's not really in-line with how this stuff was designed...

That said, I am pretty sure there's something wrong with your
sshd-core.service: the unit should not be considered up before the
daemon process is fully running, and that includes having set up
SIGHUP handlers properly.

Most likely the Type= stuff is not set up correctly in that unit (or
sshd is broken and doesn't set things up fully before reporting its
startup being complete).

Lennart
--
Lennart Poettering, Red Hat
林自均
2018-01-27 15:47:56 UTC
Permalink
Raw Message
Hi Lennart,

Thank you, I will reconsider this design.

John Lin
Post by 林自均
Post by 林自均
Hi folks,
# systemctl start sshd-shell.service (1)
# systemctl start sshd-sftp.service (2)
# systemctl stop sshd-shell.service (3)
# systemctl stop sshd-sftp.service (4)
Before the command (1), sshd is not running. By typing (1),
/etc/sshd_config is configured to accept ssh shell connections but no
sftp
Post by 林自均
connections, and then start sshd. By typing (2), /etc/sshd_config is
configured to accept sftp connections too, and sshd is reloaded. By
typing
Post by 林自均
(3), /etc/sshd_config is configured to refuse ssh shell connection, and
sshd is reloaded again. By typing (4), sshd will be stopped.
Quite frankly, this is not really in line with how systemd services
are supposed to be used. They are supposed to wrap running processes,
but not wrap configuration applied to others really.
But anyway, of course, it's up to you how to make use of this stuff...
Post by 林自均
The current problem is that I don't know if there is a better way to
achieve this. For example, I have to sleep 1 second before reloading
sshd-core.service in sshd-shell.service because otherwise sshd didn't
setup
Post by 林自均
the signal handler for SIGHUP and will terminate itself. Or systemd
doesn't
Post by 林自均
suggest such use case?
Yes, it's not really in-line with how this stuff was designed...
That said, I am pretty sure there's something wrong with your
sshd-core.service: the unit should not be considered up before the
daemon process is fully running, and that includes having set up
SIGHUP handlers properly.
Most likely the Type= stuff is not set up correctly in that unit (or
sshd is broken and doesn't set things up fully before reporting its
startup being complete).
Lennart
--
Lennart Poettering, Red Hat
Loading...