reliable systemd service for autossh

ssh systemd ssh-tunnel

I try to create a reliable systemd service for autossh.

The service works, but if the host-keys changes, the service is in state ok (running).

I want it to be in state "failed" if the tunnel does not work.

Here is my current systemd service file:

# Source is in srv/salt/tunnel/autossh\@.service
# which is a git repo.
# Don't edit /etc/systemd/system/autossh\@.service  
[Unit]
Description=Tunnel For %i
After=network.target

[Service]
User=autossh
# https://serverfault.com/a/563401/90324
ExecStart=/usr/bin/autossh -M 0 -N -o "ExitOnForwardFailure yes" -o "ConnectTimeout=1" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 40443:installserver:40443 -R 8080:installserver:8080 tunnel@%i
Restart=always

[Install]
WantedBy=multi-user.target

Here is the output of systemctl status autossh@foo-work

salt:/srv # systemctl status autossh@foo-work
[email protected] - Tunnel For foo-work
      Loaded: loaded (/etc/systemd/system/[email protected]; enabled)
      Active: active (running) since Wed, 2016-02-10 14:35:01 CET; 2 months and 3 days ago
    Main PID: 17995 (autossh)
      CGroup: name=systemd:/system/[email protected]/foo-work
          └ 17995 /usr/bin/autossh -M 0 -N -o ExitOnForwardFailure yes -o ConnectTimeout=1 -o ServerAliveInterval 60 -o ServerAliveCountMax 3 -R 40443:installserver:40443 -R ...

Apr 14 12:35:43 salt autossh[17995]: Host key verification failed.
Apr 14 12:35:43 salt autossh[17995]: ssh exited with error status 255; restarting ssh
Apr 14 12:45:42 salt autossh[17995]: starting ssh (count 618)
Apr 14 12:45:42 salt autossh[17995]: ssh child pid is 22524
Apr 14 12:45:43 salt autossh[17995]: Host key verification failed.
Apr 14 12:45:43 salt autossh[17995]: ssh exited with error status 255; restarting ssh

My problem is not the changed host-key. That's ok.

I just want the service to tell me the truth: If the tunnel is not working, then I want it to see it.

How can I change the systemd service file to tell me the correct status?

Update: I wrote a second follow-up question: How does systemd decide if a service is ok or not


The problem is not that it is failed, but that it is considering service active, because it will be restarted in next 10 minutes.

I didn't try that, but it might work. Try to add Type=forking and PIDFile

[Service]
...
Type=forking
Environment="AUTOSSH_PIDFILE=/path/to/pid"
PIDFile=/path/to/pid

With simple services, systemd can have problems to track them.

Related

GPU access on docker.io container
Is there an access log for fastcgi?
Automatic Reboot after Kernel Panic
How does $\cos(2\pi/257)$ look like in real radicals?
Distance between a point and a m-dimensional space in n-dimensional space ($m<n$)
square root of symmetric matrix and transposition
Is the product of any two invertible diagonalizable matrices diagonalizable?
Edge-coloring of bipartite graphs
Cauchy nets in a metric space
Proof that $1729$ is the smallest taxicab number
Why can't prime numbers satisfy the Pythagoras Theorem? That is, why can't a set of 3 prime numbers be a Pythagorean triplet?
Diophantine Equations : Solving $a^2+ b^2=2c^2$