[systemd-devel] Shut down system after all sshd instances terminate
Daan De Meyer
daan.j.demeyer at gmail.com
Sun Aug 23 15:02:19 UTC 2020
Nvm, that wouldn't work at all because inhibitor locks are ignored if
the user is privileged enough.
So getting the system to shut down after an sshd instance exits is
easy enough with SuccessAction. Waiting for all sshd instances to
finish before shutting down turns out to be extremely hard. I've been
trying out stuff for multiple hours now and haven't come even close.
There definitely seems to be at least a documentation issue here so if
there's a solution I intend to make a PR that clarifies this somewhere
in the official documentation.
My last (failed) attempt is this (sshd at .service) :
```
[Unit]
Description=SSH Server for {args.devserver_name} devserver
After=network.target
After=exit.target
[Service]
ExecStart=/usr/sbin/sshd -i
KillMode=none
TimeoutStopSec=infinity
StandardInput=socket
SuccessAction=exit
FailureAction=exit
```
When an ssh connection comes in, an instance of this template is
started to handle the connection. Now, what I want to achieve is that
when all instances of this sshd template exit after at least one
instance has started, the system shuts down.
Daan
On Sun, 23 Aug 2020 at 14:47, Daan De Meyer <daan.j.demeyer at gmail.com> wrote:
>
> Hi,
>
> After following
> http://0pointer.de/blog/projects/socket-activated-containers.html
> which details how to set up a socket activated container, I'm looking
> into ways to have the container automatically shut down when the last
> ssh connection terminates.
>
> My idea was to have each sshd instance take an inhibitor lock (the
> blocking kind) that prevents poweroff and make each sshd instance pull
> in poweroff.target. The problem is that the inhibitor documentation
> mentions that poweroff operations will fail if a blocking inhibitor
> lock is taken. For this to work, I need poweroff.target to wait
> indefinitely until all locks are released. Is this possible at the
> moment?
>
> Any other suggestions on how to achieve this are appreciated as well.
>
> Cheers,
>
> Daan
More information about the systemd-devel
mailing list