如何将 socat 作为 systemd 服务运行以桥接两个远程 unix 套接字?

如何将 socat 作为 systemd 服务运行以桥接两个远程 unix 套接字?

为了使用 Exim 的 dovecot 身份验证,我需要在两台不同的机器上桥接两个 unix 套接字:exim 服务器和 dovecot 一台。

为此,我使用 socat:

eximserver# socat UNIX-LISTEN:/run/exim4/auth-client,fork,group=Debian-exim,mode=660 OPENSSL:10.10.20.5:9999,cert=/etc/ssl/certs/eximserver.pem,key=/etc/ssl/private/eximserver.key,cafile=/etc/ssl/certs/dovecotserver.pem,commonname=dovecotserver

dovecotserver# socat OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client

它就像一个魅力。 Exim 通过本地 /run/exim4/auth-client unix 套接字连接到 dovecot,该套接字通过 TCP/IP 通过加密连接连接到另一端,在另一端连接到 /run/dovecot/auth-client 套接字 unix。

现在,我想将 socat 作为 systemd 服务运行,以便在 dovecot 启动后自动运行它,所以我编写了这个 systemd 单元:

# /etc/systemd/system/dovecot-auth-bridge.service
[Unit]
Description=Dovecot auth bridge
After=dovecot.service
Requires=dovecot.service

[Service]
ExecStart=socat OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client
Type=forking

[Install]
WantedBy=multi-user.target

但是,每当我尝试启动服务时,我都会收到超时错误:

dovecotserver# systemctl start dovecot-auth-bridge.service
Job for dovecot-auth-bridge.service failed because a timeout was exceeded.
See "systemctl status dovecot-auth-bridge.service" and "journalctl -xe" for details.

dovecotserver# # systemctl status dovecot-auth-bridge.service
● dovecot-auth-bridge.service - Dovecot auth bridge
   Loaded: loaded (/etc/systemd/system/dovecot-auth-bridge.service; disabled; vendor preset: enabled)
   Active: failed (Result: timeout) since Wed 2021-07-14 09:38:42 CEST; 28s ago
  Process: 13251 ExecStart=/usr/bin/socat OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client (code=exited, status=143)

Jul 14 09:37:12 Dovecotserver systemd[1]: Starting Dovecot auth bridge...
Jul 14 09:38:42 Dovecotserver systemd[1]: dovecot-auth-bridge.service: Start operation timed out. Terminating.
Jul 14 09:38:42 Dovecotserver systemd[1]: dovecot-auth-bridge.service: Control process exited, code=exited, status=143/n/a
Jul 14 09:38:42 Dovecotserver systemd[1]: dovecot-auth-bridge.service: Failed with result 'timeout'.
Jul 14 09:38:42 Dovecotserver systemd[1]: Failed to start Dovecot auth bridge.

我觉得有问题,因为socat没有进入后台,而是一直在前台运行,所以服务在一分钟左右后由于超时而失败。

也许我应该将 socat 命令包装在 shell 脚本中,以便在后台运行它,如下所示:

# /usr/local/bin/dovecot-auth-bridge.sh
#!/bin/bash
/usr/bin/socat OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client &

尽管如此,我想知道是否有更好的方法来做到这一点。

问候,

答案1

我真的很抱歉。我在发布问题后立即找到了问题的答案。问题是 socat 试图打开标准输出进行写入。我已经编辑了单元文件,如下所示:

# /etc/systemd/system/dovecot-auth-bridge.service
[Unit]
Description=Dovecot auth bridge
After=dovecot.service
Requires=dovecot.service

[Service]
Type=simple
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=dovecot-auth-bridge

ExecStart=socat -d -d OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client
Restart=always

[Install]
WantedBy=multi-user.target

现在服务立即启动。输出被写入日志。

相关内容