From: Tom Hughes Date: Sun, 26 Feb 2017 10:40:04 +0000 (+0000) Subject: Convert gps-update service to a systemd unit X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/b3a77d0d43c88fb8c8989319f7d436477aee07eb?ds=sidebyside Convert gps-update service to a systemd unit --- diff --git a/cookbooks/gps-tile/metadata.rb b/cookbooks/gps-tile/metadata.rb index 4ce457d42..53a5fb75f 100644 --- a/cookbooks/gps-tile/metadata.rb +++ b/cookbooks/gps-tile/metadata.rb @@ -6,3 +6,4 @@ description "Configures a GPS tile server" long_description IO.read(File.join(File.dirname(__FILE__), "README.md")) version "1.0.0" depends "apache" +depends "systemd" diff --git a/cookbooks/gps-tile/recipes/default.rb b/cookbooks/gps-tile/recipes/default.rb index ed60f1fd7..f2104bc46 100644 --- a/cookbooks/gps-tile/recipes/default.rb +++ b/cookbooks/gps-tile/recipes/default.rb @@ -78,17 +78,25 @@ git "/srv/gps-tile.openstreetmap.org/updater" do group "gpstile" end -template "/etc/init.d/gps-update" do - source "update.init.erb" - owner "root" - group "root" - mode 0o755 +systemd_service "gps-update" do + description "GPS tile update daemon" + after ["network.target", "memcached.service"] + wants ["memcached.service"] + user "gpstile" + working_directory "/srv/gps-tile.openstreetmap.org" + exec_start "/srv/gps-tile.openstreetmap.org/updater/update" + private_tmp true + private_devices true + protect_system "full" + protect_home true + no_new_privileges true + restart "on-failure" end service "gps-update" do action [:enable, :start] - supports :restart => true, :status => true subscribes :restart, "git[/srv/gps-tile.openstreetmap.org/updater]" + subscribes :restart, "systemd_service[gps-update]" end remote_directory "/srv/gps-tile.openstreetmap.org/html" do diff --git a/cookbooks/gps-tile/templates/default/update.init.erb b/cookbooks/gps-tile/templates/default/update.init.erb deleted file mode 100644 index 1cf851d2b..000000000 --- a/cookbooks/gps-tile/templates/default/update.init.erb +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -# DO NOT EDIT - This file is being maintained by Chef - -start() { - start-stop-daemon --start --chuid gpstile --chdir /srv/gps-tile.openstreetmap.org --background --make-pidfile --pidfile /var/run/gps-update.pid --exec /srv/gps-tile.openstreetmap.org/updater/update -} - -stop() { - start-stop-daemon --stop --retry 300 --pidfile /var/run/gps-update.pid -} - -status() { - start-stop-daemon --status --pidfile /var/run/gps-update.pid -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - stop || exit $? - start - ;; - status) - status - exit $? - ;; -esac diff --git a/cookbooks/systemd/resources/service.rb b/cookbooks/systemd/resources/service.rb index 943ce031b..2a8f22b2b 100644 --- a/cookbooks/systemd/resources/service.rb +++ b/cookbooks/systemd/resources/service.rb @@ -31,6 +31,7 @@ property :environment, Hash, :default => {} property :environment_file, [String, Hash] property :user, String property :group, String +property :working_directory, String property :exec_start_pre, String property :exec_start, String, :required => true property :exec_start_post, String @@ -51,6 +52,7 @@ property :private_devices, [TrueClass, FalseClass] property :private_network, [TrueClass, FalseClass] property :protect_system, [TrueClass, FalseClass, String] property :protect_home, [TrueClass, FalseClass, String] +property :no_new_privileges, [TrueClass, FalseClass] property :timeout_sec, Integer property :pid_file, String diff --git a/cookbooks/systemd/templates/default/service.erb b/cookbooks/systemd/templates/default/service.erb index 703d64281..ffc0efb72 100644 --- a/cookbooks/systemd/templates/default/service.erb +++ b/cookbooks/systemd/templates/default/service.erb @@ -26,6 +26,9 @@ User=<%= @user %> <% if @group -%> Group=<%= @group %> <% end -%> +<% if @working_directory -%> +WorkingDirectory=<%= @working_directory %> +<% end -%> <% if @exec_start_pre -%> ExecStartPre=<%= @exec_start_pre %> <% end -%> @@ -69,6 +72,9 @@ ProtectSystem=<%= @protect_system %> <% if @protect_home -%> ProtectHome=<%= @protect_home %> <% end -%> +<% if @no_new_privileges -%> +NoNewPrivileges=<%= @no_new_privileges %> +<% end -%> <% if @restart -%> Restart=<%= @restart %> <% end -%>