[systemd-devel] Shut down system after all sshd instances terminate

Benjamin Berg benjamin at sipsolutions.net
Sun Aug 23 15:13:31 UTC 2020 

Hi,

you can use Wants= to pull in another service, and then use
StopWhenUnneeded= to make that shutdown after the last sshd at .service
disappears.

So, I guess something like the below:

sshd at .service drop-in:
```
[Unit]
Wants=sshd-running.service
```

sshd-running.service
```
[Unit]
StopWhenUnneeded=true

[Service]
Type=oneshot
RemainAfterExit=yes

# Not sure if SuccessAction works
# probably does but you might need a dummy ExecStart=/sbin/true then
ExecStop=systemctl poweroff
#SuccessAction=exit
```

Benjamin

On Sun, 2020-08-23 at 16:02 +0100, Daan De Meyer wrote:
> Nvm, that wouldn't work at all because inhibitor locks are ignored if
> the user is privileged enough.
> 
> So getting the system to shut down after an sshd instance exits is
> easy enough with SuccessAction. Waiting for all sshd instances to
> finish before shutting down turns out to be extremely hard. I've been
> trying out stuff for multiple hours now and haven't come even close.
> There definitely seems to be at least a documentation issue here so
> if
> there's a solution I intend to make a PR that clarifies this
> somewhere
> in the official documentation.
> 
> My last (failed) attempt is this (sshd at .service) :
> 
> ```
> [Unit]
> Description=SSH Server for {args.devserver_name} devserver
> After=network.target
> After=exit.target
> 
> [Service]
> ExecStart=/usr/sbin/sshd -i
> KillMode=none
> TimeoutStopSec=infinity
> StandardInput=socket
> SuccessAction=exit
> FailureAction=exit
> ```
> 
> When an ssh connection comes in, an instance of this template is
> started to handle the connection. Now, what I want to achieve is that
> when all instances of this sshd template exit after at least one
> instance has started, the system shuts down.
> 
> Daan
> 
> On Sun, 23 Aug 2020 at 14:47, Daan De Meyer <daan.j.demeyer at gmail.com
> > wrote:
> > Hi,
> > 
> > After following
> > http://0pointer.de/blog/projects/socket-activated-containers.html
> > which details how to set up a socket activated container, I'm
> > looking
> > into ways to have the container automatically shut down when the
> > last
> > ssh connection terminates.
> > 
> > My idea was to have each sshd instance take an inhibitor lock (the
> > blocking kind) that prevents poweroff and make each sshd instance
> > pull
> > in poweroff.target. The problem is that the inhibitor documentation
> > mentions that poweroff operations will fail if a blocking inhibitor
> > lock is taken. For this to work, I need poweroff.target to wait
> > indefinitely until all locks are released. Is this possible at the
> > moment?
> > 
> > Any other suggestions on how to achieve this are appreciated as
> > well.
> > 
> > Cheers,
> > 
> > Daan
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200823/4e58a277/attachment-0001.sig>

More information about the systemd-devel mailing list