I try to create a reliable systemd service for autossh.
The service works, but if the host-keys changes, the service is in state ok (running).
I want it to be in state "failed" if the tunnel does not work.
Here is my current systemd service file:
# Source is in srv/salt/tunnel/autossh\@.service
# which is a git repo.
# Don't edit /etc/systemd/system/autossh\@.service
[Unit]
Description=Tunnel For %i
After=network.target
[Service]
User=autossh
# https://serverfault.com/a/563401/90324
ExecStart=/usr/bin/autossh -M 0 -N -o "ExitOnForwardFailure yes" -o "ConnectTimeout=1" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 40443:installserver:40443 -R 8080:installserver:8080 tunnel@%i
Restart=always
[Install]
WantedBy=multi-user.target
Here is the output of systemctl status autossh@foo-work
salt:/srv # systemctl status autossh@foo-work
autossh@foo-work.service - Tunnel For foo-work
Loaded: loaded (/etc/systemd/system/autossh@.service; enabled)
Active: active (running) since Wed, 2016-02-10 14:35:01 CET; 2 months and 3 days ago
Main PID: 17995 (autossh)
CGroup: name=systemd:/system/autossh@.service/foo-work
└ 17995 /usr/bin/autossh -M 0 -N -o ExitOnForwardFailure yes -o ConnectTimeout=1 -o ServerAliveInterval 60 -o ServerAliveCountMax 3 -R 40443:installserver:40443 -R ...
Apr 14 12:35:43 salt autossh[17995]: Host key verification failed.
Apr 14 12:35:43 salt autossh[17995]: ssh exited with error status 255; restarting ssh
Apr 14 12:45:42 salt autossh[17995]: starting ssh (count 618)
Apr 14 12:45:42 salt autossh[17995]: ssh child pid is 22524
Apr 14 12:45:43 salt autossh[17995]: Host key verification failed.
Apr 14 12:45:43 salt autossh[17995]: ssh exited with error status 255; restarting ssh
My problem is not the changed host-key. That's ok.
I just want the service to tell me the truth: If the tunnel is not working, then I want it to see it.
How can I change the systemd service file to tell me the correct status?
Update: I wrote a second follow-up question: How does systemd decide if a service is ok or not
