[systemd-devel] restricting systemd user services by hostname

Mike Gulick Mike.Gulick at mathworks.com
Wed Jan 4 20:56:22 UTC 2017


Hi systemd-devel,


I'm on Debian 8 with systemd 215 (I realized its old, but its nontrivial to upgrade Debian, especially in a corporate environment).  We have NFS mounted home directories.  I'm trying to configure a vnc server to startup on a specific display at system boot.  I first tried doing this as a user service:


$ cat ~/.config/systemd/user/vncserver\@.service
[Unit]
Description=VNC Server
[Service]
Type=simple
PIDFile=/home/%u/.vnc/%H:%i.pid
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :%i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=default.target

Enabling this service, and using loginctl enable-linger, the service starts up on boot and works fine.  However, when I ssh to other systems, systemd also tries to start a VNC server on those systems as well, and then kills it when I logout (which I assume is because we have NFS home directories, and the service is "enabled" in my home directory).  Many developers here frequently run remote processes through SSH, and it seems wasteful to start and stop a vnc server every time I ssh to another system.  I was unable to find a way to enable this service only on a specific system.


Is there any way to prevent this from starting on other hosts, and instead only start it on boot on the system which I have run "loginctl enable-linger"?  I tried searching for a directive, or WantedBy target which allows me to restrict which hosts to enable the service on, but couldn't find anything.


In an attempt to work around this, I instead implemented this as a system service instead of a user service.  However that also ran into problems.  Systemd would kill the vnc server immediately after starting it.  After several hours of trying to figure out why, I eventually realized that it was most likely because the PIDFile is not accessible to systemd.  This is again due to NFS home directories, which are mounted with root_squash, and the .vnc/ folder has 0700 permissions.  It would be great if systemd could log an error message when the PIDFile is not accessible.  It took me hours to realize why systemd was continually stopping my service immediately after starting it.


Thanks for any advice you can offer.


-Mike Gulick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20170104/20fa873e/attachment.html>


More information about the systemd-devel mailing list