systemd: integrate http module with systemd

parent 58d9311e
......@@ -62,9 +62,14 @@ package() {
DESTDIR=${pkgdir} ninja -C build_arch install
# add kresd.target to multi-user.target.wants to support enabling kresd services
install -dm 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants"
install -d -m 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants"
ln -s ../kresd.target "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants/kresd.target"
# mask kresd-doh.socket, kresd-webmgmt.socket by default (unmask if using http module)
install -d -m 0755 "${pkgdir}/etc/systemd/system"
ln -s /dev/null "${pkgdir}/etc/systemd/system/kresd-doh.socket"
ln -s /dev/null "${pkgdir}/etc/systemd/system/kresd-webmgmt.socket"
# remove modules with missing dependencies
rm "${pkgdir}/usr/lib/knot-resolver/kres_modules/etcd.lua"
}
......@@ -62,11 +62,13 @@ Description: caching, DNSSEC-validating DNS resolver
Package: knot-resolver-module-http
Architecture: all
Depends:
knot-resolver,
libjs-bootstrap,
libjs-d3,
libjs-jquery,
lua-http,
lua-mmdb,
systemd,
${misc:Depends},
${shlibs:Depends},
Breaks:
......
usr/lib/systemd/system/kresd@.service.d/module-http.conf lib/systemd/system/kresd@.service.d/
usr/lib/systemd/system/kresd-doh.socket lib/systemd/system/
usr/lib/systemd/system/kresd-webmgmt.socket lib/systemd/system/
usr/lib/knot-resolver/kres_modules/http*.lua
usr/lib/knot-resolver/kres_modules/prometheus.lua
usr/lib/knot-resolver/kres_modules/http/*.css
......
dev/null etc/systemd/system/kresd-doh.socket
usr/share/javascript/bootstrap/css/bootstrap-theme.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap-theme.min.css
usr/share/javascript/bootstrap/css/bootstrap.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap.min.css
usr/share/javascript/bootstrap/js/bootstrap.min.js usr/lib/knot-resolver/kres_modules/http/bootstrap.min.js
......
/lib/systemd/system/kresd@.service.d
/var/lib/knot-resolver
etc/knot-resolver/kresd.conf
usr/lib/systemd/system/* lib/systemd/system/
usr/lib/systemd/system/kresd@.service lib/systemd/system/
usr/lib/systemd/system/kresd.target lib/systemd/system/
usr/lib/systemd/system/kresd.socket lib/systemd/system/
usr/lib/systemd/system/kresd-tls.socket lib/systemd/system/
usr/lib/systemd/system/kresd-control@.socket lib/systemd/system/
usr/lib/*.so.*
usr/lib/tmpfiles.d/knot-resolver.conf
usr/lib/knot-resolver/*.so
......
......@@ -117,6 +117,7 @@ Documentation for Knot Resolver
%if "x%{?suse_version}" == "x"
%package module-http
Summary: HTTP/2 module for Knot Resolver
Requires: knot-resolver
%if 0%{?fedora}
Requires: compat-lua-http
Requires: compat-lua-mmdb
......@@ -180,11 +181,21 @@ install -m 0750 -d %{buildroot}/run/%{name}
# remove modules with missing dependencies
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/etcd.lua
%if 0%{?suse_version}
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/experimental_dot_auth.lua
rm -r %{buildroot}%{_libdir}/knot-resolver/kres_modules/http
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/http*.lua
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/prometheus.lua
rm %{buildroot}%{_unitdir}/kresd@.service.d/module-http.conf
rm %{buildroot}%{_unitdir}/kresd-doh.socket
rm %{buildroot}%{_unitdir}/kresd-webmgmt.socket
%endif
%if 0%{?fedora}
# mask kresd-doh.socket by default
install -d -m 0755 %{buildroot}%{_sysconfdir}/systemd/system
ln -s /dev/null %{buildroot}%{_sysconfdir}/systemd/system/kresd-doh.socket
%endif
# rename doc directory for centos, opensuse
......@@ -228,12 +239,15 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc
%attr(664,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.keys
%attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.hints
%attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/icann-ca.pem
%{_unitdir}/kresd*.service
%{_unitdir}/kresd@.service
%{_unitdir}/kresd.target
%dir %{_unitdir}/multi-user.target.wants
%{_unitdir}/multi-user.target.wants/kresd.target
%if "x%{?rhel}" == "x"
%{_unitdir}/kresd*.socket
%dir %{_unitdir}/kresd@.service.d
%{_unitdir}/kresd.socket
%{_unitdir}/kresd-tls.socket
%{_unitdir}/kresd-control@.socket
%ghost /run/%{name}/
%{_mandir}/man7/kresd.systemd.7.gz
%else
......@@ -285,6 +299,12 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc
%if "x%{?suse_version}" == "x"
%files module-http
%if 0%{?fedora}
%{_unitdir}/kresd@.service.d/module-http.conf
%{_unitdir}/kresd-doh.socket
%{_sysconfdir}/systemd/system/kresd-doh.socket
%{_unitdir}/kresd-webmgmt.socket
%endif
%{_libdir}/knot-resolver/kres_modules/http
%{_libdir}/knot-resolver/kres_modules/http*.lua
%{_libdir}/knot-resolver/kres_modules/prometheus.lua
......
[Unit]
Description=Knot Resolver DNS-over-HTTPS socket
Documentation=man:kresd.systemd(7)
Documentation=man:kresd(8)
Before=sockets.target
[Socket]
FreeBind=true
BindIPv6Only=both
FileDescriptorName=doh
ListenStream=[::1]:443
ListenStream=127.0.0.1:443
Service=kresd@1.service
Slice=system-kresd.slice
[Install]
WantedBy=sockets.target
# /etc/systemd/system/kresd-doh.socket.d/override.conf
# Configure kresd-doh.socket to listen on all IPv4 and IPv6 interfaces.
# Empty ListenStream= directive is required to avoid port clash with default
# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0 instead of
# [::]
[Socket]
ListenStream=
ListenStream=[::]:44353
# /etc/systemd/system/kresd-doh.socket.d/override.conf
# Configure which interfaces should kresd-doh.socket listen on.
# ListenStream can be added multiple times.
[Socket]
ListenStream=192.0.2.115:44353
ListenStream=[2001:db8::115]:44353
[Unit]
Description=Knot Resolver TLS network listener
Description=Knot Resolver DNS-over-TLS socket
Documentation=man:kresd.systemd(7)
Documentation=man:kresd(8)
Before=sockets.target
......
[Unit]
Description=Knot Resolver web management and API socket
Documentation=man:kresd.systemd(7)
Documentation=man:kresd(8)
Before=sockets.target
[Socket]
FreeBind=true
BindIPv6Only=both
FileDescriptorName=webmgmt
ListenStream=[::1]:8453
ListenStream=127.0.0.1:8453
Service=kresd@1.service
Slice=system-kresd.slice
[Install]
WantedBy=sockets.target
[Unit]
Description=Knot Resolver network listeners
Description=Knot Resolver DNS socket
Documentation=man:kresd.systemd(7)
Documentation=man:kresd(8)
Before=sockets.target
......@@ -7,6 +7,7 @@ Before=sockets.target
[Socket]
FreeBind=true
BindIPv6Only=both
FileDescriptorName=dns
ListenDatagram=[::1]:53
ListenStream=[::1]:53
ListenDatagram=127.0.0.1:53
......
......@@ -17,6 +17,8 @@ kresd@.service
kresd.socket
kresd-tls.socket
kresd-control@.socket
kresd-doh.socket
kresd-webmgmt.socket
kresd.target
system-kresd.slice
.fi
......@@ -34,14 +36,16 @@ additional capabilities. The network interface sockets are created by systemd
and then passed to the daemon.
Network configuration has to take place in \fIsystemd.socket(5)\fR, which can
be done using drop-in files. Each instance of \fIkresd@.service\fR has three
systemd sockets associated with it:
be done using drop-in files. Each instance of \fIkresd@.service\fR may have
these systemd sockets associated with it:
.nf
.RS
\fIkresd.socket\fR - UDP/TCP network socket (default: localhost:53)
\fIkresd-tls.socket\fR - network socket for DNS-over-TLS (default: localhost:853)
\fIkresd-control@.socket\fR - UNIX socket with control terminal
\fIkresd-doh.socket\fR - DNS-over-HTTPS (with http module: localhost:44353)
\fIkresd-webmgmt.socket\fR - web management and APIs (with http module: localhost:8453)
.RE
.fi
......@@ -54,6 +58,7 @@ To configure \fBkresd\fR to listen on public interfaces, drop-in files (see
.RS 4n
.B systemctl edit kresd.socket
.B systemctl edit kresd-tls.socket
.B systemctl edit kresd-doh.socket
.RE
.fi
......@@ -163,7 +168,8 @@ the sockets:
.RE
.fi
To disable the TLS socket, you can mask it:
To disable optional sockets, you can mask them. For example, to disable
DNS-over-TLS socket:
.RS 4n
.B systemctl mask kresd-tls.socket
......
[Service]
Sockets=kresd-doh.socket
Sockets=kresd-webmgmt.socket
......@@ -34,10 +34,18 @@ if systemd_files == 'enabled'
sources: [
'kresd.socket',
'kresd-tls.socket',
'kresd-doh.socket',
'kresd-webmgmt.socket',
'kresd.target',
],
install_dir: systemd_unit_dir,
)
install_data(
sources: [
'kresd@.service.d/module-http.conf',
],
install_dir: join_paths(systemd_unit_dir, 'kresd@.service.d'),
)
## man page
kresd_systemd_man = configure_file(
......@@ -70,6 +78,13 @@ if systemd_files == 'enabled'
],
install_dir: join_paths(examples_dir, 'kresd-tls.socket.d'),
)
install_data(
sources: [
'kresd-doh.socket.d/all-interfaces.conf',
'kresd-doh.socket.d/specific-interfaces.conf',
],
install_dir: join_paths(examples_dir, 'kresd-doh.socket.d'),
)
elif systemd_files == 'nosocket'
subdir('nosocket')
endif
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment