From 4737654cb203e60a0743158bd46e33d301b25416 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Mon, 16 Jan 2017 13:55:42 -0800 Subject: [PATCH 1/3] docs: Add systemd documentation * Describe how to use the reference service. * Closes #200 --- docs/systemd.md | 37 ++++++++++++++++++++++++++++++++++++ init/docker-openvpn@.service | 32 +++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 docs/systemd.md diff --git a/docs/systemd.md b/docs/systemd.md new file mode 100644 index 0000000..ae14eb3 --- /dev/null +++ b/docs/systemd.md @@ -0,0 +1,37 @@ +# Docker + OpenVPN systemd Service + +The systemd service aims to make the update and invocation of the +`docker-openvpn` container seamless. It automatically downloads the latest +`docker-openvpn` image and instantiates a Docker container with that image. At +shutdown it cleans-up the old container. + +In the event the service dies (crashes, or is killed) systemd will attempt to +restart the service every 10 seconds until the service is stopped with +`systemctl stop docker-openvpn@NAME.service`. + +A number of IPv6 hacks are incorporated to workaround Docker shortcomings and +are harmless for those not using IPv6. + +To use and enable automatic start by systemd: + +1. Create a Docker volume container named `ovpn-data-NAME` where `NAME` is the + user's choice to describe the use of the container. In the example + configuration given in the [README](/README.md) `NAME=data`. +2. Initialize the data container according to the [docker-openvpn + README](/README.md), but don't start the container. Stop the Docker + container if started. +3. Download the [docker-openvpn@.service](https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service) + file to `/etc/systemd/system`: + + curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service | sudo tee /etc/systemd/system/docker-openvpn@.service + +4. Enable and start the service with: + + systemctl enable --now docker-openvpn@NAME.service + +5. Verify service start-up with: + + systemctl status docker-openvpn@NAME.service + journalctl --unit docker-openvpn@NAME.service + +For more information, see the [systemd manual pages](https://www.freedesktop.org/software/systemd/man/index.html). diff --git a/init/docker-openvpn@.service b/init/docker-openvpn@.service index 31925fb..19f7e46 100644 --- a/init/docker-openvpn@.service +++ b/init/docker-openvpn@.service @@ -1,3 +1,35 @@ +# +# Docker + OpenVPN systemd service +# +# Author: Kyle Manna +# Source: https://github.com/kylemanna/docker-openvpn +# +# This service aims to make the update and invocation of the docker-openvpn +# container seemless. It automatically downloads the latest docker-openvpn +# image and instantiates a Docker container with that image. At shutdown it +# cleans-up the old container. +# +# In the event the service dies (crashes, or is killed) systemd will attempt +# to restart the service every 10 seconds until the service is stopped with +# `systemctl stop docker-openvpn@NAME`. +# +# A number of IPv6 hacks are incorporated to workaround Docker shortcomings and +# are harmless for those not using IPv6. +# +# To use: +# 1. Create a Docker volume container named `ovpn-data-NAME` where NAME is the +# user's choice to describe the use of the container. +# 2. Initialize the data container according to the docker-openvpn README, but +# don't start the container. Stop the docker container if started. +# 3. Download this service file to /etc/systemd/service/docker-openvpn@.service +# 4. Enable and start the service template with: +# `systemctl enable --now docker-openvpn@NAME.service` +# 5. Verify service start-up with: +# `systemctl status docker-openvpn@NAME.service` +# `journalctl --unit docker-openvpn@NAME.service` +# +# For more information, see the systemd manual pages. +# [Unit] Description=OpenVPN Docker Container Documentation=https://github.com/kylemanna/docker-openvpn From c6d0a71901ed0566a8b27317934caf757bb94cac Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Mon, 16 Jan 2017 13:56:42 -0800 Subject: [PATCH 2/3] README: Remove extraneous references to problems We're not going to reference all the thing potential issues that could go wrong in the README. Remove this to keep it concise. --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index 8fb4133..001a33b 100644 --- a/README.md +++ b/README.md @@ -166,7 +166,7 @@ of a guarantee in the future. volume for re-use across containers * Addition of tls-auth for HMAC security -## Tested On +## Originally Tested On * Docker hosts: * server a [Digital Ocean](https://www.digitalocean.com/?refcode=d19f7fe88c94) Droplet with 512 MB RAM running Ubuntu 14.04 @@ -175,8 +175,3 @@ of a guarantee in the future. * OpenVPN core 3.0 android armv7a thumb2 32-bit * OS X Mavericks with Tunnelblick 3.4beta26 (build 3828) using openvpn-2.3.4 * ArchLinux OpenVPN pkg 2.3.4-1 - * - -## Having permissions issues with Selinux enabled? - -See [this](docs/selinux.md) From 4725f3621f7e34c3c3e5f71a7e543d83111a86d8 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Mon, 16 Jan 2017 13:59:49 -0800 Subject: [PATCH 3/3] README: Add reference to the systemd doc * Encourage users to use systemd to manage the Docker container. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 001a33b..956c345 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,10 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq). $ dig google.com # won't use the search directives in resolv.conf $ nslookup google.com # will use search +* Consider setting up a [systemd service](/docs/systemd.md) for automatic + start-up at boot time and restart in the event the OpenVPN daemon or Docker + crashes. + ## How Does It Work? Initialize the volume container using the `kylemanna/openvpn` image with the