我有一个systemd单元旨在build立两个服务器之间的SSH隧道。 具有该单元的服务器运行Debian 9.这就是.service文件的样子,除了一些Documentation指令(为了简洁起见我省略了它们(它们不是问题,而且systemd可以parsing它们):
# cat /etc/systemd/system/ssh-tunnel-remote1.service [Unit] Description=SSH tunnel for services on remote1 After=network-online.target [Install] WantedBy=networking.target [Service] Type=simple User=ssh-remote1 Group=ssh-remote1 Environment=AUTOSSH_POLL=90 ExecStart=/usr/bin/autossh -M 0 -q -N -p 15539 -o "PubkeyAuthentication yes" -o "PreferredAuthentications publickey" -o "IdentityFile /home/ssh-remote1/.ssh/id_rsa" -L 9999:127.0.0.1:X [email protected] Restart=always PrivateTmp=true #
(注意: -L的X是一个真实的端口号。)
在运行此服务的服务器上, /usr/bin处于/ ,因此,启动服务时不会挂载文件系统。
After=network-online.target应该足够使DNS可用,即使是这样的问题,你会认为systemd在失败时会重启服务。
服务本身看起来像启用:
# find /etc/systemd -name ssh-tunnel-remote1\* /etc/systemd/system/networking.target.wants/ssh-tunnel-remote1.service /etc/systemd/system/ssh-tunnel-remote1.service #
但systemctl list-units似乎并不知道它:
# systemctl list-units -t service --all | grep ssh-tunnel-remote1 #
我已经尝试了systemctl daemon-reload , systemctl reenable ssh-tunnel-remote1 , systemctl enable ssh-tunnel-remote1 , systemctl disable ssh-tunnel-remote1和reboot各种排列。
看起来不pipe我做什么,启动后,服务显示为inactive (dead) :
# systemctl -o verbose -l status ssh-tunnel-remote1 ● ssh-tunnel-remote1.service - SSH tunnel for services on remote1 Loaded: loaded (/etc/systemd/system/ssh-tunnel-remote1.service; enabled; vendor preset: enabled) Active: inactive (dead) #
但是,如果我手动执行,它会开始很好。
# systemctl start ssh-tunnel-remote1 # systemctl status ssh-tunnel-remote1 ● ssh-tunnel-remote1.service - SSH tunnel for services on remote1 Loaded: loaded (/etc/systemd/system/ssh-tunnel-remote1.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2017-07-10 13:01:11 UTC; 55s ago Main PID: 17835 (autossh) Tasks: 2 (limit: 4915) CGroup: /system.slice/ssh-tunnel-remote1.service ├─17835 /usr/lib/autossh/autossh -M 0 -q -N -p 15539 -o PubkeyAuthentication yes -o PreferredAuthentications publickey -o IdentityFile /home/ssh-remote1/.ssh/id_rsa -L 9999:127.0.0.1:X ssh-tunnel └─17838 /usr/bin/ssh -q -N -p 15539 -o PubkeyAuthentication yes -o PreferredAuthentications publickey -o IdentityFile /home/ssh-remote1/.ssh/id_rsa -L 9999:127.0.0.1:X [email protected]. Jul 10 13:01:11 localhost systemd[1]: Started SSH tunnel for services on remote1. Jul 10 13:01:11 localhost autossh[17835]: port set to 0, monitoring disabled Jul 10 13:01:11 localhost autossh[17835]: starting ssh (count 1) Jul 10 13:01:11 localhost autossh[17835]: ssh child pid is 17838 # telnet 127.0.0.1 9999 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. <usable connection here> Connection closed by foreign host. #
紧接在重新启动后, journalctl -xru ssh-tunnel-remote1.service只是打印-- No entries -- 。 通过journalctl的输出手动search也不会显示在任何地方。 相反,在手动启动服务之后,相同的命令会输出与以下内容类似的内容:
-- Logs begin at Mon 2017-07-10 12:46:14 UTC, end at Mon 2017-07-10 13:10:24 UTC. -- Jul 10 13:01:11 localhost autossh[17835]: ssh child pid is 17838 Jul 10 13:01:11 localhost autossh[17835]: starting ssh (count 1) Jul 10 13:01:11 localhost autossh[17835]: port set to 0, monitoring disabled Jul 10 13:01:11 localhost systemd[1]: Started SSH tunnel for services on remote1. -- Subject: Unit ssh-tunnel-remote1.service has finished start-up -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit ssh-tunnel-remote1.service has finished starting up. -- -- The start-up result is done.
这是一个本土的.service文件,但在运行Debian 8的另一台服务器上工作正常。
我试过把它放在/ etc / systemd / system和/ lib / systemd / system下,没有明显的区别。
当从命令行执行su -l ssh-remote1 -c '/usr/bin/autossh -M 0 -q ...' , autossh和ssh在前台运行正常,隧道可用。
我几乎可以肯定,我错过了Debian 9的systemd 232和Debian 8的systemd 215之间的一些简单的区别,但是什么? 在Debian 9上启动这个服务需要什么咒语?