[systemd-devel] Shut down system after all sshd instances terminate

Daan De Meyer daan.j.demeyer at gmail.com
Sun Aug 23 15:50:03 UTC 2020


That works! Thanks so much for the quick response.

I still feel it's a bit unintuitive though. I did find multiple open
issues asking for inhibitors that work with root as well. I think that
would be necessary for an intuitive solution.

Ideally, the following unit file would work:

```
[Unit]
Description=SSH Server for {args.devserver_name} devserver
After=network.target
After=exit.target

[Service]
ExecStart=/usr/sbin/sshd -i
StandardInput=socket
SuccessAction=exit
FailureAction=exit
Inhibit=exit:delay
InhibitDelaySec=infinite
```

This would tell systemd to start a normal exit when the first instance
exits. The Inhibit options tell systemd to delay exit infinitely if
any instance is still running.

For now, your solution is a great alternative.

Daan

On Sun, 23 Aug 2020 at 16:13, Benjamin Berg <benjamin at sipsolutions.net> wrote:
>
> Hi,
>
> you can use Wants= to pull in another service, and then use
> StopWhenUnneeded= to make that shutdown after the last sshd at .service
> disappears.
>
> So, I guess something like the below:
>
> sshd at .service drop-in:
> ```
> [Unit]
> Wants=sshd-running.service
> ```
>
> sshd-running.service
> ```
> [Unit]
> StopWhenUnneeded=true
>
> [Service]
> Type=oneshot
> RemainAfterExit=yes
>
> # Not sure if SuccessAction works
> # probably does but you might need a dummy ExecStart=/sbin/true then
> ExecStop=systemctl poweroff
> #SuccessAction=exit
> ```
>
> Benjamin
>
> On Sun, 2020-08-23 at 16:02 +0100, Daan De Meyer wrote:
> > Nvm, that wouldn't work at all because inhibitor locks are ignored if
> > the user is privileged enough.
> >
> > So getting the system to shut down after an sshd instance exits is
> > easy enough with SuccessAction. Waiting for all sshd instances to
> > finish before shutting down turns out to be extremely hard. I've been
> > trying out stuff for multiple hours now and haven't come even close.
> > There definitely seems to be at least a documentation issue here so
> > if
> > there's a solution I intend to make a PR that clarifies this
> > somewhere
> > in the official documentation.
> >
> > My last (failed) attempt is this (sshd at .service) :
> >
> > ```
> > [Unit]
> > Description=SSH Server for {args.devserver_name} devserver
> > After=network.target
> > After=exit.target
> >
> > [Service]
> > ExecStart=/usr/sbin/sshd -i
> > KillMode=none
> > TimeoutStopSec=infinity
> > StandardInput=socket
> > SuccessAction=exit
> > FailureAction=exit
> > ```
> >
> > When an ssh connection comes in, an instance of this template is
> > started to handle the connection. Now, what I want to achieve is that
> > when all instances of this sshd template exit after at least one
> > instance has started, the system shuts down.
> >
> > Daan
> >
> > On Sun, 23 Aug 2020 at 14:47, Daan De Meyer <daan.j.demeyer at gmail.com
> > > wrote:
> > > Hi,
> > >
> > > After following
> > > http://0pointer.de/blog/projects/socket-activated-containers.html
> > > which details how to set up a socket activated container, I'm
> > > looking
> > > into ways to have the container automatically shut down when the
> > > last
> > > ssh connection terminates.
> > >
> > > My idea was to have each sshd instance take an inhibitor lock (the
> > > blocking kind) that prevents poweroff and make each sshd instance
> > > pull
> > > in poweroff.target. The problem is that the inhibitor documentation
> > > mentions that poweroff operations will fail if a blocking inhibitor
> > > lock is taken. For this to work, I need poweroff.target to wait
> > > indefinitely until all locks are released. Is this possible at the
> > > moment?
> > >
> > > Any other suggestions on how to achieve this are appreciated as
> > > well.
> > >
> > > Cheers,
> > >
> > > Daan
> > _______________________________________________
> > systemd-devel mailing list
> > systemd-devel at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/systemd-devel
> >


More information about the systemd-devel mailing list