我有一个 systemd 单元,用于在两台服务器之间建立 SSH 隧道。装有该单元的服务器运行 Debian 9。.service 文件如下所示,除了一些Documentation指令外,我为了简洁起见在这里省略了这些指令(它们不是问题,而且 systemd 可以很好地解析它们):
# cat /etc/systemd/system/ssh-tunnel-remote1.service
[Unit]
Description=SSH tunnel for services on remote1
After=network-online.target
[Install]
WantedBy=networking.target
[Service]
Type=simple
User=ssh-remote1
Group=ssh-remote1
Environment=AUTOSSH_POLL=90
ExecStart=/usr/bin/autossh -M 0 -q -N -p 15539 -o "PubkeyAuthentication yes" -o "PreferredAuthentications publickey" -o "IdentityFile /home/ssh-remote1/.ssh/id_rsa" -L 9999:127.0.0.1:X [email protected]
Restart=always
PrivateTmp=true
#
(注意:X中的-L是真实的端口号。)
在运行此服务的服务器上,/usr/bin处于 状态/,因此这不是启动服务时未挂载文件系统的问题。
这After=network-online.target应该足以保证 DNS 可用,即使这是问题所在,您也会认为 systemd 会在发生故障时重新启动该服务。
该服务本身看起来已经启用:
# find /etc/systemd -name ssh-tunnel-remote1\*
/etc/systemd/system/networking.target.wants/ssh-tunnel-remote1.service
/etc/systemd/system/ssh-tunnel-remote1.service
#
但systemctl list-units似乎并不知道这一点:
# systemctl list-units -t service --all | grep ssh-tunnel-remote1
#
我尝试了systemctl daemon-reload、systemctl reenable ssh-tunnel-remote1、systemctl enable ssh-tunnel-remote1和systemctl disable ssh-tunnel-remote1的各种排列reboot。
似乎无论我做什么,启动后,服务都会显示为inactive (dead):
# systemctl -o verbose -l status ssh-tunnel-remote1
● ssh-tunnel-remote1.service - SSH tunnel for services on remote1
Loaded: loaded (/etc/systemd/system/ssh-tunnel-remote1.service; enabled; vendor preset: enabled)
Active: inactive (dead)
#
但是,如果我手动执行此操作,它就可以正常启动:
# systemctl start ssh-tunnel-remote1
# systemctl status ssh-tunnel-remote1
● ssh-tunnel-remote1.service - SSH tunnel for services on remote1
Loaded: loaded (/etc/systemd/system/ssh-tunnel-remote1.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2017-07-10 13:01:11 UTC; 55s ago
Main PID: 17835 (autossh)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/ssh-tunnel-remote1.service
├─17835 /usr/lib/autossh/autossh -M 0 -q -N -p 15539 -o PubkeyAuthentication yes -o PreferredAuthentications publickey -o IdentityFile /home/ssh-remote1/.ssh/id_rsa -L 9999:127.0.0.1:X ssh-tunnel
└─17838 /usr/bin/ssh -q -N -p 15539 -o PubkeyAuthentication yes -o PreferredAuthentications publickey -o IdentityFile /home/ssh-remote1/.ssh/id_rsa -L 9999:127.0.0.1:X [email protected].
Jul 10 13:01:11 localhost systemd[1]: Started SSH tunnel for services on remote1.
Jul 10 13:01:11 localhost autossh[17835]: port set to 0, monitoring disabled
Jul 10 13:01:11 localhost autossh[17835]: starting ssh (count 1)
Jul 10 13:01:11 localhost autossh[17835]: ssh child pid is 17838
# telnet 127.0.0.1 9999
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
<usable connection here>
Connection closed by foreign host.
#
重新启动后,journalctl -xru ssh-tunnel-remote1.service只会打印-- No entries --。手动搜索 的输出journalctl也根本没有显示任何内容。相比之下,手动启动服务后,同一命令会输出非常类似于以下内容的内容:
-- Logs begin at Mon 2017-07-10 12:46:14 UTC, end at Mon 2017-07-10 13:10:24 UTC. --
Jul 10 13:01:11 localhost autossh[17835]: ssh child pid is 17838
Jul 10 13:01:11 localhost autossh[17835]: starting ssh (count 1)
Jul 10 13:01:11 localhost autossh[17835]: port set to 0, monitoring disabled
Jul 10 13:01:11 localhost systemd[1]: Started SSH tunnel for services on remote1.
-- Subject: Unit ssh-tunnel-remote1.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit ssh-tunnel-remote1.service has finished starting up.
--
-- The start-up result is done.
这是一个自主开发的 .service 文件,但它在另一台运行 Debian 8 的服务器上运行良好。
我尝试将其放在 /etc/systemd/system 和 /lib/systemd/system 下,没有明显区别。
当从命令行执行时su -l ssh-remote1 -c '/usr/bin/autossh -M 0 -q ...',autossh和ssh在前台运行良好并且隧道可用。
我几乎可以肯定,我忽略了 Debian 9 的 systemd 232 和 Debian 8 的 systemd 215 之间的一些简单区别,但是什么? 要使该服务在 Debian 9 上启动时启动,需要什么咒语?