On 07/09/2017 09:16, Gert Doering wrote:
> Hi,
>
> On Thu, Sep 07, 2017 at 01:52:02AM +0200, David Sommerseth wrote:
>> @@ -18,6 +18,8 @@ DeviceAllow=/dev/net/tun rw
>> ProtectSystem=true
>> ProtectHome=true
>> KillMode=process
>> +RestartSec=5s
>> +Restart=on-failure
>
> Is there a way to get
On 07/09/2017 10:16, Samuli Seppänen wrote:
> On 07/09/2017 09:16, Gert Doering wrote:
>> Hi,
>>
>> On Thu, Sep 07, 2017 at 01:52:02AM +0200, David Sommerseth wrote:
>>> @@ -18,6 +18,8 @@ DeviceAllow=/dev/net/tun rw
>>> ProtectSystem=true
>>> ProtectHome=true
>>> KillMode=process
>>> +RestartSec
Hi,
On Thu, Sep 07, 2017 at 11:04:01AM +0300, Samuli Seppänen wrote:
> "Note that units which are configured for Restart= and which reach the
> start limit are not attempted to be restarted anymore; however, they may
> still be restarted manually at a later point, from which point on, the
> restar
From: Antonio Quartulli
Commit 23d61c56 introduced the AF_UNSPEC socket family
to be used when we don't know the actual one until the local
socket binding is performed.
In such case AF_UNSPEC is stored in the `ce.af` member of
the `c->options` object, indicating that the family has to be
determi
Am 07.09.17 um 11:55 schrieb Antonio Quartulli:
> From: Antonio Quartulli
>
> Commit 23d61c56 introduced the AF_UNSPEC socket family
> to be used when we don't know the actual one until the local
> socket binding is performed.
>
> In such case AF_UNSPEC is stored in the `ce.af` member of
> the `
On 07/09/2017 11:13, Gert Doering wrote:
> Hi,
>
> On Thu, Sep 07, 2017 at 11:04:01AM +0300, Samuli Seppänen wrote:
>> "Note that units which are configured for Restart= and which reach the
>> start limit are not attempted to be restarted anymore; however, they may
>> still be restarted manually a
On 07/09/17 10:04, Samuli Seppänen wrote:
> On 07/09/2017 10:16, Samuli Seppänen wrote:
>> On 07/09/2017 09:16, Gert Doering wrote:
>>> Hi,
>>>
>>> On Thu, Sep 07, 2017 at 01:52:02AM +0200, David Sommerseth wrote:
@@ -18,6 +18,8 @@ DeviceAllow=/dev/net/tun rw
ProtectSystem=true
Pro
On 07/09/17 10:13, Gert Doering wrote:
> Hi,
>
> On Thu, Sep 07, 2017 at 11:04:01AM +0300, Samuli Seppänen wrote:
>> "Note that units which are configured for Restart= and which reach the
>> start limit are not attempted to be restarted anymore; however, they may
>> still be restarted manually at
Hi,
On 07/09/17 04:45, David Sommerseth wrote:
> On 23/08/17 07:30, Antonio Quartulli wrote:
>> This patch does not introduce any functional change.
>>
>> The code in route.c seems to have been written in different
>> periods by different people, without sticking to a clear
>> codestyle. For this
Hi,
On Thu, Sep 07, 2017 at 03:02:20PM +0200, David Sommerseth wrote:
> > Which is not what I hoped for... "turn it off and leave it so" is non
> > helpful (it might be a transient error preventing the startup).
>
> I'm confused. What is it you want?
>
> * try restarting in an endless loop?
> *
On 07/09/17 15:07, Gert Doering wrote:
> Hi,
>
> On Thu, Sep 07, 2017 at 03:02:20PM +0200, David Sommerseth wrote:
>>> Which is not what I hoped for... "turn it off and leave it so" is non
>>> helpful (it might be a transient error preventing the startup).
>>
>> I'm confused. What is it you want?
On 07/09/17 14:17, Samuli Seppänen wrote:
> On 07/09/2017 11:13, Gert Doering wrote:
>> Hi,
>>
>> On Thu, Sep 07, 2017 at 11:04:01AM +0300, Samuli Seppänen wrote:
>>> "Note that units which are configured for Restart= and which reach the
>>> start limit are not attempted to be restarted anymore; ho
On 07/09/17 08:13, Gert Doering wrote:> HI,
>
> On Thu, Sep 07, 2017 at 04:28:27AM +0200, David Sommerseth wrote:
>> We are using a deprecated function, LZ4_compress_limitedOutput(), which
>> will be removed with time. The correct function to use is
>> LZ4_compress_default().
>> Both function ta
On 07/09/17 08:12, Gert Doering wrote:
> Hi,
>
> On Thu, Sep 07, 2017 at 03:22:25AM +0200, David Sommerseth wrote:
>> This change will expect the system to have LZ4 libraries and headers
>> installed by default. We still carry a bundled LZ4 library, which
>> must now be explicitly enabled through
On 07/09/2017 16:00, David Sommerseth wrote:
> On 07/09/17 10:04, Samuli Seppänen wrote:
>> On 07/09/2017 10:16, Samuli Seppänen wrote:
>>> On 07/09/2017 09:16, Gert Doering wrote:
Hi,
On Thu, Sep 07, 2017 at 01:52:02AM +0200, David Sommerseth wrote:
> @@ -18,6 +18,8 @@ DeviceAll
On 07/09/17 08:16, Gert Doering wrote:
>
> Restarting is good, but if there is something faulty that leads to
> "the process always dies right away", this can lead to very quickly
> filling disks with not-so-useful logging...
Oh, I overlooked this one. Just one comment in regards to the "filling
On 07/09/17 16:06, David Sommerseth wrote:
> On 07/09/17 08:12, Gert Doering wrote:
>> Hi,
>>
>> On Thu, Sep 07, 2017 at 03:22:25AM +0200, David Sommerseth wrote:
>>> This change will expect the system to have LZ4 libraries and headers
>>> installed by default. We still carry a bundled LZ4 library
Hi,
On 07/09/17 00:52, David Sommerseth wrote:
Systemd supervises services it has started and can act upon unexpected
scenarios. This change will restart OpenVPN after 5 seconds if the OpenVPN
process exits unexpectedly.
Define "unexpectedly"
(my2c: something needs to be fixed)
The on-failu
On 07/09/17 17:08, fragmentux wrote:
> Hi,
>
> On 07/09/17 00:52, David Sommerseth wrote:
>> Systemd supervises services it has started and can act upon unexpected
>> scenarios. This change will restart OpenVPN after 5 seconds if the
>> OpenVPN
>> process exits unexpectedly.
>
> Define "unexpect
We are using a deprecated function, LZ4_compress_limitedOutput(), which
will be removed with time. The correct function to use is
LZ4_compress_default().
Both function takes the same number of arguments and data types, so the change
is minimal.
This patch will also enforce the system LZ4 library
Hi,
While we are at it, I found it useful to see the used LZ4 version at
runtime as it is done with LZO and other libraries.
I've patched my rpms with the patch attached.
Regards,
Simon
> We are using a deprecated function, LZ4_compress_limitedOutput(), which
> will be removed with time. The c
Hi,
all your comment are totally valid from a sys-admin point of view but
from an openvpn POV, the only responsibility is to provide a secure VPN.
Use all of systemd's functions to maximize openvpn's process *security*
But *forcing* restart as an almost unconditional default is nonsense.
How wou
On 07/09/17 23:02, fragmentux wrote:
i,
>
> all your comment are totally valid from a sys-admin point of view but
> from an openvpn POV, the only responsibility is to provide a secure VPN.
>
> Use all of systemd's functions to maximize openvpn's process *security*
> But *forcing* restart as an al
Hi,
On 07/09/17 23:55, David Sommerseth wrote:
On 07/09/17 23:02, fragmentux wrote:
i,
all your comment are totally valid from a sys-admin point of view but
from an openvpn POV, the only responsibility is to provide a secure VPN.
Use all of systemd's functions to maximize openvpn's process *s
WRT systemd and 3rd party 'servers'
I am curious to know of any other "Server service" who decide ..
to *rely* on ..
a *forced* 'systemd (almost) unconditional restart by default'
Regards,
--
Check out the vibrant tech
On 2017-09-08 10:41, fragmentux wrote:
WRT systemd and 3rd party 'servers'
I am curious to know of any other "Server service" who decide ..
to *rely* on ..
a *forced* 'systemd (almost) unconditional restart by default'
As a basic list:
/usr/lib/systemd/system $ grep -r Restart *.service
autov
Hi,
On 08/09/17 01:20, David Sommerseth wrote:
[CUT]
> diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
> index e056caa8..bdb3247d 100644
> --- a/src/openvpn/comp-lz4.c
> +++ b/src/openvpn/comp-lz4.c
> @@ -43,6 +43,7 @@
>
> #include "memdbg.h"
>
> +
> static void
> lz4_compres
Hi,
On 08/09/17 02:30, Steven Haigh wrote:
On 2017-09-08 10:41, fragmentux wrote:
WRT systemd and 3rd party 'servers'
I am curious to know of any other "Server service" who decide ..
to *rely* on ..
a *forced* 'systemd (almost) unconditional restart by default'
As a basic list:
/usr/lib/sys
This patch does not introduce any functional change.
The code in route.c seems to have been written in different
periods by different people, without sticking to a clear
codestyle. For this reason the code in this file in not
consistent at all.
Clean it up by:
- removing spaces from function invo
On 08/09/17 02:45, fragmentux wrote:
Hi,
On 08/09/17 02:30, Steven Haigh wrote:
On 2017-09-08 10:41, fragmentux wrote:
WRT systemd and 3rd party 'servers'
I am curious to know of any other "Server service" who decide ..
to *rely* on ..
a *forced* 'systemd (almost) unconditional restart by d
30 matches
Mail list logo
