[Bug 1868127] Re: OpenVPN will not reload due to misconfigured .service file

Lucas Kanashiro Tue, 26 May 2020 12:01:12 -0700

Executing the ExecReload= command with full privileges (adding '+')
indeed fixes the reload failure (I ran my tests in a Bionic and Focal
VMs but it should apply to the other releases):


May 26 10:01:41 openvpn-reload kill[1764]: kill: (1738): Operation not
permitted

I mean the command 'systemctl reload openvpn@<server>' does not fail
(returns 0). However, after checking the journal log I found the
following error messages:

May 26 10:30:57 openvpn-reload ovpn-server[10626]: SIGHUP[hard,] received, 
process restarting
May 26 10:30:57 openvpn-reload ovpn-server[10626]: Options error: --dh fails 
with 'dh.pem': Permission denied (errno=13)
May 26 10:30:57 openvpn-reload ovpn-server[10626]: Options error: --ca fails 
with 'ca.crt': Permission denied (errno=13)
May 26 10:30:57 openvpn-reload ovpn-server[10626]: Options error: --cert fails 
with 'server.crt': Permission denied (errno=13)
May 26 10:30:57 openvpn-reload ovpn-server[10626]: Options error: --key fails 
with 'server.key': Permission denied (errno=13)
May 26 10:30:57 openvpn-reload ovpn-server[10626]: Options error: --tls-auth 
fails with 'ta.key': Permission denied (errno=13)
May 26 10:30:57 openvpn-reload ovpn-server[10626]: Options error: --writepid 
fails with '/run/openvpn/server.pid': Permission denied (errno=13)
May 26 10:30:57 openvpn-reload ovpn-server[10626]: Options error: --status 
fails with '/var/log/openvpn/openvpn-status.log': Permission denied (errno=13)
May 26 10:30:57 openvpn-reload ovpn-server[10626]: Options error: Please 
correct these errors.
May 26 10:30:57 openvpn-reload ovpn-server[10626]: Use --help for more 
information.

As discussed above I am not quite sure about the practical difference
between restarting the service and sending the SIGHUP signal to the
process. The upstream message when handling this signal is "process
restarting". Since defining a reload command is optional and the
difference between restart and reload is not clear, we may want to
remove the ExecReload= from this unit file. Maybe run the ExecReload=
with full privileges ('+') in the supported releases to not remove this
feature and avoid the failure, and remove the ExecReload= from the
development release (stop supporting reload)?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868127

Title:
  OpenVPN will not reload due to misconfigured .service file

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1868127/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1868127] Re: OpenVPN will not reload due to misconfigured .service file

Reply via email to