search

iPherian / manual-connections

Scripts for manual connections to Private Internet Access
MIT License
10 stars 0 forks source link

Systemd PID File related error #8

Open RudyBzhBzh opened 3 years ago

RudyBzhBzh commented 3 years ago

Hi & thanks for your code !

Now I'm trying to install default systemd service but it's throwing me an error each time, complaining about PID File : piavpn-manual.service: Can't open PID file /opt/piavpn-manual/pia_pid (yet?) after start: Operation not permitted

As I understood, it's not the job of systemd to generate the PID file and, to me, nothing creates this PID file in the code (sorry if I miss something). If I comment the "PIDFile" line, it seems to work correctly. Looking at systemd status, all processes are seen :

systemctl status piavpn-manual.service ● piavpn-manual.service - PIA vpn Loaded: loaded (/etc/systemd/system/piavpn-manual.service; disabled; vendor preset: enabled) Active: active (running) since Mon 2021-01-11 14:54:04 CET; 1h 19min ago Process: 5005 ExecStart=/opt/piavpn-manual/systemd_launcher.sh (code=exited, status=0/SUCCESS) Main PID: 5007 (get_regionand) Tasks: 5 (limit: 4606) Memory: 11.3M > CGroup: /system.slice/piavpn-manual.service ├─5007 /bin/bash ./get_region_and_token.sh ├─5133 /bin/bash ./connect_to_wireguard_with_token.sh ├─5254 /bin/bash ./port_forwarding_auto.sh ├─5255 /bin/bash ./port_forwarding.sh └─5426 sleep 900

But is a "Fork" systemd needed or a "Simple" systemd would be enough ? (avantage to have fork systemd ?)

How systemd reacts to this cases : 1) if VPN tunnel drops for any reason 2) if Port forwarding can not be refreshed/retrieved anymore (token expires or whatever)

Does it react and tries to restart service or not ?

On the 1st case, if I wg-quick down pia, service does not react immediately. It dies after some -long- minutes (900sec max) on port renew (throwing The API did not return OK when trying to bind port. Exiting. and Error: port_forwarding.sh fatal error (10). Ending. and, finaly, an abnormal piavpn-manual.service: Succeeded.) but does not automatically restart. I guess this should be the same on the 2nd case. Is there a way to better monitor this (faster), without lowering PF refresh..., & recover automatically ? To recover, perhaps we could play with something like Restart=on-failure and RestartSec=5s and eventually StartLimitIntervalSec and StartLimitBurst to prevent to many unsuccessful retries ?

Last point, I didn't find a way to use PIA_WRITE_STARTUP_DONE_FILE var. Looking at systemd_launcher.sh, it seems its just relying on mktemp.

Thanks in advance.

iPherian commented 3 years ago

Hi & thanks for your code !

You're welcome!

But is a "Fork" systemd needed or a "Simple" systemd would be enough ? (avantage to have fork systemd ?) ...

"Simple" is fine. "Fork" is only needed if you are having another systemd service start after this one. "Fork" ensures that subsequent services won't start too early.

Now I'm trying to install default systemd service but it's throwing me an error each time, complaining about PID File : piavpn-manual.service: Can't open PID file /opt/piavpn-manual/pia_pid (yet?) after start: Operation not permitted

As I understood, it's not the job of systemd to generate the PID file and, to me, nothing creates this PID file in the code (sorry if I miss something). If I comment the "PIDFile" line, it seems to work correctly. Looking at systemd status, all processes are seen :

It's created under openvpn only. I'm afraid the systemd service is somewhat oriented towards openvpn not wireguard. But with some minor tweaks (like commenting that line) it should work under wireguard.

How systemd reacts to this cases :

  1. if VPN tunnel drops for any reason

Does it react and tries to restart service or not ?

Sadly, it doesn't deal with dropped vpn.

  1. if Port forwarding can not be refreshed/retrieved anymore (token expires or whatever)

It will automatically get a new port. You can use the PIA_ON_PORT_FORWARD=command env var to have a command be run whenever this happens. The first argument will be the new port number.

On the 1st case, if I wg-quick down pia, service does not react immediately. It dies after some -long- minutes (900sec max) on port renew (throwing The API did not return OK when trying to bind port. Exiting. and Error: port_forwarding.sh fatal error (10). Ending. and, finaly, an abnormal piavpn-manual.service: Succeeded.) but does not automatically restart. I guess this should be the same on the 2nd case. Is there a way to better monitor this (faster), without lowering PF refresh..., & recover automatically ? To recover, perhaps we could play with something like Restart=on-failure and RestartSec=5s and eventually StartLimitIntervalSec and StartLimitBurst to prevent to many unsuccessful retries ?

Good suggestions! I'll have a look at this, although I'm not sure when, I've been very busy lately.

Last point, I didn't find a way to use PIA_WRITE_STARTUP_DONE_FILE var. Looking at systemd_launcher.sh, it seems its just relying on mktemp.

You'll have to not use systemd_launcher.sh if you want to use it. For example, you could write your own script based on systemd_launcher, and do whatever you need to do when startup is done, and then have systemd run yours.

Basically, copy it and then find this section:

 if [[ "$file_contents" == "startup done" ]]; then
    exit 0
  fi

and replace exit 0 with whatever you want to happen after startup has completed.