Bug 1221320 - error in systemd service file
Summary: error in systemd service file
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: sslh
Version: epel7
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: James Hogarth
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-05-13 17:36 UTC by redhat
Modified: 2015-08-22 05:51 UTC (History)
2 users (show)

Fixed In Version: 1.17-2.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1246531 1246532 (view as bug list)
Environment:
Last Closed: 2015-08-22 05:51:52 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description redhat 2015-05-13 17:36:54 UTC
Description of problems:
file: /usr/lib/systemd/system/sslh.service
-ExecStart=/usr/sbin/sslh -F /etc/sslh.cfg ${DAEMON_OPTS}
+ExecStart=/usr/sbin/sslh -F /etc/sslh.cfg $DAEMON_OPTS

file: /etc/sysconfig/sslh
non existent - should be there with defaults like:
DAEMON_OPTS=--foreground --user sslh --listen 0.0.0.0:443 --ssl 127.0.0.1:8443 --ssh 127.0.0.1:22

file: /etc/sslh.cfg
-# Change hostname with your external address name.
-listen:
-(
-    { host: "klaut-ng"; port: "443"; }
-);
-
-protocols:
-(
-     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
-     { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
-     { name: "ssl"; host: "localhost"; port: "442"; probe: "builtin"; },
-);
These defaults do not work. Use /etc/sysconfig/sslh instead.


Version-Release number of selected component (if applicable):
sslh-1.17-1.el7.x86_64

Comment 1 James Hogarth 2015-05-14 11:04:57 UTC
I disagree with using /etc/sysconfig/sslh to configure it in entirety (the whole reason for libconfig is to use /etc/sslh.cfg and that configuration file allows for other probes than builtin).

The sysconfig file is nonexistent but the systemd service file does reference it if it exists ... 

How about this as an option that, so far as I can see, will satisfy your need but not affect current behaviour from a straight install ...

1) Create /etc/sysconfig/sslh from install 
2) Have the systemd unit reference it
3) Have the default DAEMON_OPTS be '-F /etc/sslh.cfg' so it's clear and easily overridable rather than hard code that into the systemd unit.

As for the defaults  not working ... I was running on the reasoning that someone would have to change these anyway to configure appropriately - just as they'd have to config mod_ssl to use localhost (or a different port) and so on ... Setting the listening port to 0.0.0.0:443 would conflict with a standard install of httpd/mod_ssl ... and it's better to have mod_ssl listen on localhost:443 (selinux reasons etc) than to move that ...

In fact the config file explicitly states "Change hostname with your external address name" to make this clear.

Comment 2 James Hogarth 2015-05-18 14:18:36 UTC
If you can let me know what you think of my alternative I can edit the package and push updates.

Comment 3 redhat 2015-05-18 14:25:47 UTC
your approach...

1) Create /etc/sysconfig/sslh from install 
2) Have the systemd unit reference it
3) Have the default DAEMON_OPTS be '-F /etc/sslh.cfg' so it's clear and easily overridable rather than hard code that into the systemd unit.

... is a reasonable compromise. 

Please push this update.

Comment 4 Fedora Update System 2015-07-24 14:07:57 UTC
sslh-1.17-2.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/sslh-1.17-2.el7

Comment 5 Fedora Update System 2015-07-27 23:12:43 UTC
Package sslh-1.17-2.el7:
* should fix your issue,
* was pushed to the Fedora EPEL 7 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing sslh-1.17-2.el7'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7382/sslh-1.17-2.el7
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2015-08-22 05:51:51 UTC
sslh-1.17-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.