目标
我正在尝试在网络命名空间中运行服务(传输守护进程)以供 VPN 使用。该服务应该使用 systemd 自动启动。
实施细节
我在用命名空间-openvpn创建网络命名空间。为此,我创建了 systemd 单元文件 /lib/systemd/system/namespaced-openvpn.service:
[Unit]
Description=Namespaced OpenVPN
After=network.target
[Service]
User=root
Type=notify
ExecStart=/usr/local/sbin/namespaced-openvpn --config /etc/openvpn/myconfig.conf
ExecStop=/bin/kill -s STOP $MAINPID
ExecReload=/bin/kill -s HUP $MAINPID
[Install]
WantedBy=multi-user.target
这按预期工作,启动服务后,我可以使用以下命令在网络命名空间中打开 shell:
sudo ip netns exec protected sudo -u myuser -i
从该 shell 运行 Transmission-daemon 也可以。
为了使这个过程自动化,我创建了单元文件 /lib/systemd/system/transmission-daemon-vpn.service:
[Unit]
Description=Transmission BitTorrent Daemon in VPN Tunnel
After=namespaced-openvpn.service
[Service]
User=root
Type=notify
ExecStart=ip netns exec protected /usr/bin/sudo -u myuser /usr/bin/transmission-daemon -f --log-error
#ExecStart=/usr/bin/transmission-daemon -f --log-error
ExecStop=/bin/kill -s STOP $MAINPID
ExecReload=/bin/kill -s HUP $MAINPID
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
使用注释行是ExecStart可行的,但当然不使用 VPN。省略/usr/bin/sudo -u myuser也可以,但我需要守护进程以特定用户身份运行。
问题
启动 Transmission-daemon-vpn 失败并出现以下错误:
Job for transmission-daemon-vpn.service failed because a timeout was exceeded.
See "systemctl status transmission-daemon-vpn.service" and "journalctl -xe" for details.
# systemctl status transmission-daemon-vpn.service
● transmission-daemon-vpn.service - Transmission BitTorrent Daemon in VPN Tunnel
Loaded: loaded (/lib/systemd/system/transmission-daemon-vpn.service; disabled; vendor preset: enabled)
Active: failed (Result: timeout) since Wed 2023-01-04 16:13:16 CET; 7min ago
Process: 8116 ExecStart=ip netns exec protected /usr/bin/sudo -u myuser /usr/bin/transmission-daemon -f --log-error (code=exited, status=0/SUCCESS)
Main PID: 8116 (code=exited, status=0/SUCCESS)
CPU: 6.936s
Jan 04 16:11:42 nas systemd[1]: Starting Transmission BitTorrent Daemon in VPN Tunnel...
Jan 04 16:11:42 nas sudo[8116]: root : PWD=/ ; USER=myuser ; COMMAND=/usr/bin/transmission-daemon -f --log-error
Jan 04 16:11:42 nas sudo[8116]: pam_unix(sudo:session): session opened for user myuser(uid=1000) by (uid=0)
Jan 04 16:13:12 nas systemd[1]: transmission-daemon-vpn.service: start operation timed out. Terminating.
Jan 04 16:13:16 nas ip[8117]: Closing transmission session... done.
Jan 04 16:13:16 nas sudo[8116]: pam_unix(sudo:session): session closed for user myuser
Jan 04 16:13:16 nas systemd[1]: transmission-daemon-vpn.service: Failed with result 'timeout'.
Jan 04 16:13:16 nas systemd[1]: Failed to start Transmission BitTorrent Daemon in VPN Tunnel.
Jan 04 16:13:16 nas systemd[1]: transmission-daemon-vpn.service: Consumed 6.936s CPU time.
答案1
感谢 Tom Yan 的权利暗示,即使用NetworkNamespacePath=。现在看起来
是这样的/lib/systemd/system/transmission-daemon-vpn.service:
[Unit]
Description=Transmission BitTorrent Daemon in VPN Tunnel
After=namespaced-openvpn.service
[Service]
User=myuser
Type=notify
NetworkNamespacePath=/var/run/netns/protected
ExecStart=/usr/bin/transmission-daemon -f --log-error
ExecStop=/bin/kill -s STOP $MAINPID
ExecReload=/bin/kill -s HUP $MAINPID
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target