How to prevent console and ssh logins until a service has started in RHEL7

https://access.redhat.com/solutions/1341723

How to prevent console and ssh logins until a service has started in RHEL7

 SOLUTION 已验证 - 已更新 2015年二月28日00:36 - 

English 

环境

• Red Hat Enterprise Linux 7

问题

• We have a custom service that starts a configuration script. We don't want the RHEL7 system to allow any logins (including ssh or local black & white ttys) until the script has finished. How?
• How to disallow login in RHEL 7 until a SysV init script has finished?

决议

1. Create a unit file for the service which must be started before logins are allowed
   The file should be located in either /usr/lib/systemd/system/ or /etc/systemd/system/1
   A service unit named MYSERVICE would have file named MYSERVICE.service

2. Ensure the service definition2 meets AT LEAST the following conditions

   Raw

   [Unit]
   Before=sshd.service systemd-logind.service getty@tty1.service
   
   [Service]
   Type=oneshot
   ExecStart=/path/to/script "script args" "more script args"
   TimeoutStartSec=0
   
   [Install]
   RequiredBy=sshd.service systemd-logind.service getty@tty1.service
   

3. After modifying (or creating) the service unit file, run the following commands, even if MYSERVICE was already enabled

   Raw

   systemctl daemon-reload
   systemctl enable MYSERVICE.service
   

4. Reboot and note that sshd and console login screens (not including serial) will fail to start until MYSERVICE has started

---

1. See UNIT LOAD PATH section of systemd.unit(5) man page ↩

2. For more detail, see: How to make custom script that runs automatically during boot up in RHEL7? ↩