Reputation: 163
systemd: start service after the previous one have finished
I have installed certbot, and certbot makes it's own systemd service file "certbot.service" for auto cert renew, which is started trough a .timer file once a day.
After this "certbot.service" is sucessfully executed I like to execute a second one ("cert-copy-after-certbot.service") that copys the certificate to another place.
Currently my setting looks like this:
"certbot.service" (gernerated by certbot):
pi@raspberrypi:/lib/systemd/system $ cat certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true
"cert-copy-after-certbot.service":
pi@raspberrypi:/etc/systemd/system $ cat cert-copy-after-certbot.service
[Unit]
Description=crt update after certbot has run
Wants=certbot.service
After=certbot.service
[Service]
Type=simple
ExecStart=/bin/sh -c "cat /etc/letsencrypt/live/<mydomain>/privkey.pem /etc/letsencrypt/live/<mydomain>/fullchain.pem > /etc/ejabberd/ejabberd.pem"
If i run this files with:
systemctl start <unitname>
Both services are working.
But when I start certbot with "systemctl start certbot" and check
systemctl status cert-copy-after-certbot
the cert-copy-after-certbot.service didn't run.
Did i configured something wrong?
Upvotes: 6
Views: 7856
Answers (2)
Reputation: 1386
You might find that cert-copy-after-certbot.service is started before cerbot.service is complete unless you also set RemainAfterExit=yes in cerbot.service
Upvotes: -1
Reputation: 163
I found the solution, so here the answer just if someone has the same issue.
The problem is that the "certbot.service" unit don't know about "cert-copy-after-certbot.service". So if "certbot.service" is called no one calls the inactive "cert-copy-after-certbot.service" because the "Wants=" is never executed.
So if you don't wan't to alter the "certbot.service" unit (with "Wants=cert-copy-after-certbot.service", you can do the following.
Add an additional [Install] section in "cert-copy-after-certbot.service", with a line "WantedBy=cerbot.service". So that the file look like this:
pi@raspberrypi:/etc/systemd/system $ cat cert-copy-after-certbot.service
[Unit]
Description=crt update after certbot has run
After=certbot.service
[Service]
Type=simple
ExecStart=/bin/sh -c "cat /etc/letsencrypt/live/<mydomain>/privkey.pem/etc/letsencrypt/live/<mydomain>/fullchain.pem > /etc/ejabberd/ejabberd.pem"
[Install]
WantedBy=certbot.service
An install section requires an enable or disable call by systemctl (or start or stop for temporary testing).
systemctl enable cert-copy-after-certbot
This [Install] section will create a symbolic link as soon as you enable the unit that informs the systemd deamon if "certbot.service" is called, he have to call "cert-copy-after-certbot.service" to. (And the "After=" in the unit section tells systemd the row in which the sould called, without it, both units would run simultaneously)
Upvotes: 8
Related Questions
- How to ensure that there is a delay before a service is started in systemd?
- start request repeated too quickly
- make certbot wait for another instance
- How to start service only when other service had completed?
- Systemd service B to start after another service A only if Service A exists
- systemd service run before and after other service starts
- How to restart a service if its dependent service is restarted
- systemd start service after another one stopped issue
- systemd Force Service to Complete Before Proceeding in CentOS 7.1
- systemd not waiting for my service unit to finish before starting the next one