I'm running several openvpn instances on my server with debian stable; as well some clients as a server instance. Right now, when one of these instances fails, systemd seems to kill and restart the whole group of processes:
May 27 12:09:44 tritone systemd[1]: openvpn@client_uk.service: main process exited, code=exited, status=1/FAILURE May 27 12:09:44 tritone systemd[1]: Unit openvpn@client_uk.service entered failed state. May 27 12:10:01 tritone systemd[1]: Stopping OpenVPN connection to client_rhode... May 27 12:10:01 tritone systemd[1]: Starting OpenVPN connection to client_uk... May 27 12:10:01 tritone systemd[1]: Stopping OpenVPN connection to client_ukraine... May 27 12:10:01 tritone systemd[1]: Stopping OpenVPN connection to server_udp... May 27 12:10:01 tritone systemd[1]: Stopping OpenVPN service... May 27 12:10:01 tritone systemd[1]: Starting OpenVPN service... May 27 12:10:01 tritone systemd[1]: Started OpenVPN service. ...
This is as well undesired as superfluous imho. Restarting the single failed service would suffice. This is the systemd config from /etc/systemd/system/multi-user.target.wants/openvpn.service:
[Unit] Description=OpenVPN service After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true ExecReload=/bin/true WorkingDirectory=/etc/openvpn [Install] WantedBy=multi-user.target
I have seen configs, where ExecReload had been set to kill -HUP $MAINPID, and also my server seems to do this, as systemctl status says:
Process: 5893 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
So what I don't understand, where is this kill command defined, if the systemd config ExecReload actually says otherwise? Also, why is the service getting restarted, even if Type=oneshot is defined? Am I looking at the right file at all?
And how should the restart command look like? Kill won't work, as the process is supposedly dead already.
Edit: I found /lib/systemd/system-generators/openvpn-generator and /lib/systemd/system/openvpn@.service now, nevertheless, it remains unclear, when they get run or executed. The generator seems to fail, as none of the links actually got created, probably due to selinux restrictions. Nevertheless, this file seems to be used for init. So I wonder, why is the dummy file /etc/systemd/system/multi-user.target.wants/openvpn.service created at all?
Best Answer
If you use CONFIGNAME as your config file name for your
.conffile you could try