SIGTERM is not handled correctly, re-requests password

[cherio]

I automated openvpn startup via my own custom systemd service. It works well but killall openvpn fails to shutdown the process when invoked from the systemd service. Here is my service, it is as simple as a brick (/etc/systemd/system/my-ovpn-service.service):

Code: Select all

[Unit]
Description=start/stop my OpenVPN connection on startup/shutdown
After=network-online.target
Requires=network-online.target

[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/path/to/startup_script
ExecStop=/usr/bin/killall openvpn

[Install]
WantedBy=multi-user.target

When I run /usr/bin/killall openvpn from the command line it works as expected. I tried replacing it with killall openvpn, and with /usr/bin/pkill openvpn, tried specifying the signal explicitly as pkill -SIGTERM openvpn etc. All those invocations work as expected from command line (openvpn connection shuts down) but fail when executed from the service via ExecStop=. All it does is tries to re-authenticate into the remote server with the password.

I am lost at what I can do and need advice from the experts here

[TinCanTech]

Try:

Code: Select all

man killall

[cherio]

Try:

Code: Select all

man killall

man killall seems to be working as expected showing man for killall.

Turns out the problem was not OpenVPN. It was correctly shutting down. The problem is systemd expects ExecStop command to wait until openvpn shuts down. Since the process needs time to shutdown it was still present when systemd checked whether the service was still alive; it determined the process didn't shutdown successfully and re-spawned it

I solved it by adding another ExecStop line

Code: Select all

ExecStop=/bin/bash -c "while /usr/bin/pgrep openvpn>/dev/null; do /bin/sleep 0.02; done"

after killall openvpn. This way systemd was satisfied.

[TinCanTech]

OpednVPN fully supports systemd .. perhaps you should consider using the tools correctly ?