meson: systemd - configure and install

parent 82308a2c
Running Knot Resolver under systemd (or equivalent) socket activation
=====================================================================
You can use the files in this directory to run kresd under supervision
by systemd (or any supervisor that provides equivalent file descriptor
initialization via the interface supported by
sd_listen_fds_with_names(3)).
Usage and Configuration
-----------------------
See kresd.systemd(7) for details.
Compatibility with older systemd
--------------------------------
If you're using systemd prior to version 227, use the systemd-compat.conf
drop-in file to use manual activation. In this case, socket files shouldn't
be packaged, because they won't be used.
Notes
-----
* If you're using the upstream systemd unit files, don't forget to also include
kresd.systemd.7 manual page in the package.
* Distributions using systemd-sysv-generator should mask kresd.service to
be consistent with other distributions. Any use of kresd.service instead of
kresd@N.service is discouraged to avoid confusing the users.
* kresd.target should be enabled by default by linking it to systemd lib/
directory. Instances of kresd@.service are then added manually to
kresd.target when the user enables them.
# /etc/systemd/system/kresd-tls.socket.d/override.conf
# Configure which interfaces should kresd listen on.
# ListenStream can be added multiple times.
[Socket]
ListenStream=192.0.2.115:853
# /etc/systemd/system/kresd.socket.d/override.conf
# Configure which interfaces should kresd listen on.
# ListenDatagram and ListenStream can be added multiple times.
[Socket]
ListenDatagram=192.0.2.115:53
ListenStream=192.0.2.115:53
# /usr/lib/systemd/system/kresd@.service.d/override.conf
# If systemd.227+ isn't available (e.g. CentOS 7), socket activation can't be used
# and the following modifications are required to use the service with
# manual activation.
# CAP_NET_BIND_SERVICE is necessary to be able to bind to a well-known port
# as an unprivilidged user.
# Explicit --forks=1 turns off interactive mode.
[Service]
Type=simple
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=
ExecStart=/usr/sbin/kresd --config=/etc/knot-resolver/kresd.conf --forks=1
Sockets=
......@@ -36,6 +36,10 @@ data_dir = join_paths(prefix, get_option('datadir'), 'knot-resolver')
doc_dir = join_paths(prefix, get_option('datadir'), 'doc', 'knot-resolver')
etc_dir = join_paths(prefix, get_option('sysconfdir'), 'knot-resolver')
sbin_dir = join_paths(prefix, get_option('sbindir'))
systemd_cache_dir = ''
run_dir = ''
systemd_unit_dir = ''
systemd_tmpfiles_dir = ''
modules_dir = get_option('modules_dir')
if modules_dir == ''
......@@ -152,6 +156,11 @@ subdir('tests')
subdir('doc')
subdir('etc')
# systemd integration
if systemd
subdir('systemd')
endif
# summary message
# NOTE: ternary operator in format() not supported
......@@ -181,6 +190,8 @@ message('''
systemd: @0@'''.format(summary_systemd) + '''
socket activation: @0@'''.format(summary_systemd_socket) + '''
user mode: @0@'''.format(summary_systemd_user_mode) + '''
cache_dir: @0@'''.format(systemd_cache_dir) + '''
run_dir: @0@'''.format(run_dir) + '''
components
client: @0@'''.format(summary_build_client) + '''
......
......@@ -7,7 +7,7 @@ PartOf=kresd@%i.service
[Socket]
Service=kresd@%i.service
ListenStream=/run/knot-resolver/control@%i
ListenStream=@run_dir@/control@%i
FileDescriptorName=control
SocketMode=0660
Slice=system-kresd.slice
......
......@@ -5,9 +5,9 @@ Documentation=man:kresd(8)
[Service]
Type=notify
WorkingDirectory=/var/cache/knot-resolver
ExecStart=/usr/sbin/kresd --config=/etc/knot-resolver/kresd.conf
User=knot-resolver
WorkingDirectory=@systemd_cache_dir@
ExecStart=@sbin_dir@/kresd --config=@etc_dir@/kresd.conf
User=@user@
Restart=on-failure
Sockets=kresd.socket
Sockets=kresd-tls.socket
......
# systemd
## paths
# TODO user mode
systemd_cache_dir = join_paths(
prefix, get_option('localstatedir'), 'cache', 'knot-resolver')
run_dir = join_paths('/run', 'knot-resolver')
systemd_unit_dir = join_paths(prefix, get_option('libdir'), 'systemd', 'system')
systemd_tmpfiles_dir = join_paths(prefix, get_option('libdir'), 'tmpfiles.d')
## configuration
systemd_config = configuration_data()
systemd_config.set('user', user)
systemd_config.set('group', group)
systemd_config.set('systemd_cache_dir', systemd_cache_dir)
systemd_config.set('sbin_dir', sbin_dir)
systemd_config.set('etc_dir', etc_dir)
systemd_config.set('run_dir', run_dir)
# TODO Restart=on-abnormal
if systemd_socket
# unit files
kresd_service = configure_file(
input: 'kresd@.service.in',
output: 'kresd@.service',
configuration: systemd_config,
install_dir: systemd_unit_dir,
)
kresd_control_socket = configure_file(
input: 'kresd-control@.socket.in',
output: 'kresd-control@.socket',
configuration: systemd_config,
install_dir: systemd_unit_dir,
)
install_data(
sources: [
'kresd.socket',
'kresd-tls.socket',
'kresd.target',
],
install_dir: systemd_unit_dir,
)
install_man('kresd.systemd.7') # TODO amend man page + configure
# tmpfiles
tmpfiles = configure_file(
input: 'tmpfiles.d/knot-resolver.conf.in',
output: 'knot-resolver.conf',
configuration: systemd_config,
install_dir: systemd_tmpfiles_dir,
)
# TODO example drop-ins
else
subdir('nosocket')
endif
# tmpfiles.d(5) runtime directory for knot-resolver (kresd)
# tmpfiles.d(5) directories for knot-resolver (kresd)
#Type Path Mode UID GID Age Argument
d /run/knot-resolver 0750 root root - -
d /var/cache/knot-resolver 0750 knot-resolver knot-resolver - -
d @run_dir@ 0750 root root - -
d @systemd_cache_dir@ 0750 @user@ @group@ - -
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment