Merge pull request #204 from kylemanna/docs_systemd

Document systemd service usage
2017-01-16 15:45:45 -08:00 · 2017-01-16 15:45:45 -08:00 · b07b4957f8
commit b07b4957f8
parent 5e95b64ff1 4725f3621f
3 changed files with 74 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -56,6 +56,10 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
        $ dig google.com  # won't use the search directives in resolv.conf
        $ nslookup google.com # will use search

+* Consider setting up a [systemd service](/docs/systemd.md) for automatic
+  start-up at boot time and restart in the event the OpenVPN daemon or Docker
+  crashes.
+
 ## How Does It Work?

 Initialize the volume container using the `kylemanna/openvpn` image with the
@ -166,7 +170,7 @@ of a guarantee in the future.
  volume for re-use across containers
 * Addition of tls-auth for HMAC security

-## Tested On
+## Originally Tested On

 * Docker hosts:
  * server a [Digital Ocean](https://www.digitalocean.com/?refcode=d19f7fe88c94) Droplet with 512 MB RAM running Ubuntu 14.04
@ -175,8 +179,3 @@ of a guarantee in the future.
     * OpenVPN core 3.0 android armv7a thumb2 32-bit
  * OS X Mavericks with Tunnelblick 3.4beta26 (build 3828) using openvpn-2.3.4
  * ArchLinux OpenVPN pkg 2.3.4-1
-  * 
-
-## Having permissions issues with Selinux enabled?
-
-See [this](docs/selinux.md)
--- a/docs/systemd.md
+++ b/docs/systemd.md
@ -0,0 +1,37 @@
+# Docker + OpenVPN systemd Service
+
+The systemd service aims to make the update and invocation of the
+`docker-openvpn` container seamless.  It automatically downloads the latest
+`docker-openvpn` image and instantiates a Docker container with that image.  At
+shutdown it cleans-up the old container.
+
+In the event the service dies (crashes, or is killed) systemd will attempt to
+restart the service every 10 seconds until the service is stopped with
+`systemctl stop docker-openvpn@NAME.service`.
+
+A number of IPv6 hacks are incorporated to workaround Docker shortcomings and
+are harmless for those not using IPv6.
+
+To use and enable automatic start by systemd:
+
+1. Create a Docker volume container named `ovpn-data-NAME` where `NAME` is the
+   user's choice to describe the use of the container.  In the example
+   configuration given in the [README](/README.md) `NAME=data`.
+2. Initialize the data container according to the [docker-openvpn
+   README](/README.md), but don't start the container. Stop the Docker
+   container if started.
+3. Download the [docker-openvpn@.service](https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service)
+   file to `/etc/systemd/system`:
+
+        curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service | sudo tee /etc/systemd/system/docker-openvpn@.service
+
+4. Enable and start the service with:
+
+        systemctl enable --now docker-openvpn@NAME.service
+
+5. Verify service start-up with:
+
+        systemctl status docker-openvpn@NAME.service
+        journalctl --unit docker-openvpn@NAME.service
+
+For more information, see the [systemd manual pages](https://www.freedesktop.org/software/systemd/man/index.html).
--- a/init/docker-openvpn@.service
+++ b/init/docker-openvpn@.service
@ -1,3 +1,35 @@
+#
+# Docker + OpenVPN systemd service
+#
+# Author: Kyle Manna <kyle@kylemanna.com>
+# Source: https://github.com/kylemanna/docker-openvpn
+#
+# This service aims to make the update and invocation of the docker-openvpn
+# container seemless.  It automatically downloads the latest docker-openvpn
+# image and instantiates a Docker container with that image.  At shutdown it
+# cleans-up the old container.
+#
+# In the event the service dies (crashes, or is killed) systemd will attempt
+# to restart the service every 10 seconds until the service is stopped with
+# `systemctl stop docker-openvpn@NAME`.
+#
+# A number of IPv6 hacks are incorporated to workaround Docker shortcomings and
+# are harmless for those not using IPv6.
+#
+# To use:
+# 1. Create a Docker volume container named `ovpn-data-NAME` where NAME is the
+#    user's choice to describe the use of the container.
+# 2. Initialize the data container according to the docker-openvpn README, but
+#    don't start the container. Stop the docker container if started.
+# 3. Download this service file to /etc/systemd/service/docker-openvpn@.service
+# 4. Enable and start the service template with:
+#    `systemctl enable --now docker-openvpn@NAME.service`
+# 5. Verify service start-up with:
+#    `systemctl status docker-openvpn@NAME.service`
+#    `journalctl --unit docker-openvpn@NAME.service`
+# 
+# For more information, see the systemd manual pages.
+#
 [Unit]
 Description=OpenVPN Docker Container
 Documentation=https://github.com/kylemanna/docker-openvpn