为了使用 Exim 的 dovecot 身份验证,我需要在两台不同的机器上桥接两个 unix 套接字:exim 服务器和 dovecot 一台。
为此,我使用 socat:
eximserver# socat UNIX-LISTEN:/run/exim4/auth-client,fork,group=Debian-exim,mode=660 OPENSSL:10.10.20.5:9999,cert=/etc/ssl/certs/eximserver.pem,key=/etc/ssl/private/eximserver.key,cafile=/etc/ssl/certs/dovecotserver.pem,commonname=dovecotserver
dovecotserver# socat OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client
它就像一个魅力。 Exim 通过本地 /run/exim4/auth-client unix 套接字连接到 dovecot,该套接字通过 TCP/IP 通过加密连接连接到另一端,在另一端连接到 /run/dovecot/auth-client 套接字 unix。
现在,我想将 socat 作为 systemd 服务运行,以便在 dovecot 启动后自动运行它,所以我编写了这个 systemd 单元:
# /etc/systemd/system/dovecot-auth-bridge.service
[Unit]
Description=Dovecot auth bridge
After=dovecot.service
Requires=dovecot.service
[Service]
ExecStart=socat OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client
Type=forking
[Install]
WantedBy=multi-user.target
但是,每当我尝试启动服务时,我都会收到超时错误:
dovecotserver# systemctl start dovecot-auth-bridge.service
Job for dovecot-auth-bridge.service failed because a timeout was exceeded.
See "systemctl status dovecot-auth-bridge.service" and "journalctl -xe" for details.
dovecotserver# # systemctl status dovecot-auth-bridge.service
● dovecot-auth-bridge.service - Dovecot auth bridge
Loaded: loaded (/etc/systemd/system/dovecot-auth-bridge.service; disabled; vendor preset: enabled)
Active: failed (Result: timeout) since Wed 2021-07-14 09:38:42 CEST; 28s ago
Process: 13251 ExecStart=/usr/bin/socat OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client (code=exited, status=143)
Jul 14 09:37:12 Dovecotserver systemd[1]: Starting Dovecot auth bridge...
Jul 14 09:38:42 Dovecotserver systemd[1]: dovecot-auth-bridge.service: Start operation timed out. Terminating.
Jul 14 09:38:42 Dovecotserver systemd[1]: dovecot-auth-bridge.service: Control process exited, code=exited, status=143/n/a
Jul 14 09:38:42 Dovecotserver systemd[1]: dovecot-auth-bridge.service: Failed with result 'timeout'.
Jul 14 09:38:42 Dovecotserver systemd[1]: Failed to start Dovecot auth bridge.
我觉得有问题,因为socat没有进入后台,而是一直在前台运行,所以服务在一分钟左右后由于超时而失败。
也许我应该将 socat 命令包装在 shell 脚本中,以便在后台运行它,如下所示:
# /usr/local/bin/dovecot-auth-bridge.sh
#!/bin/bash
/usr/bin/socat OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client &
尽管如此,我想知道是否有更好的方法来做到这一点。
问候,
答案1
我真的很抱歉。我在发布问题后立即找到了问题的答案。问题是 socat 试图打开标准输出进行写入。我已经编辑了单元文件,如下所示:
# /etc/systemd/system/dovecot-auth-bridge.service
[Unit]
Description=Dovecot auth bridge
After=dovecot.service
Requires=dovecot.service
[Service]
Type=simple
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=dovecot-auth-bridge
ExecStart=socat -d -d OPENSSL-LISTEN:9999,reuseaddr,fork,cert=/etc/ssl/certs/dovecotserver.pem,key=/etc/ssl/private/dovecotserver.key,bind=10.10.20.5,cafile=/etc/ssl/certs/eximserver.pem UNIX:/run/dovecot/auth-client
Restart=always
[Install]
WantedBy=multi-user.target
现在服务立即启动。输出被写入日志。