updated things so this role is usable
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
c302169881
commit
9a4ed2d7bc
29
README.md
29
README.md
@ -25,10 +25,10 @@ You can also use the ``ansible-galaxy`` command on the ``ansible-role-requiremen
|
||||
# define "program_override" option in the systemd_services dictionary.
|
||||
systemd_bin_path: /usr/local/bin
|
||||
|
||||
system_user_name: root
|
||||
system_group_name: root
|
||||
system_slice_name: system
|
||||
system_lock_path: /var/lock
|
||||
systemd_user_name: root
|
||||
systemd_group_name: root
|
||||
systemd_slice_name: system
|
||||
systemd_lock_path: /var/lock
|
||||
|
||||
# This is the prefix used for all temp files of a given type.
|
||||
systemd_tempd_prefix: tempd
|
||||
@ -38,11 +38,17 @@ systemd_TimeoutSec: 120
|
||||
systemd_Restart: on-failure
|
||||
systemd_RestartSec: 2
|
||||
|
||||
# Set accounting on systemd service
|
||||
system_CPUAccounting: true
|
||||
system_BlockIOAccounting: true
|
||||
system_MemoryAccounting: true
|
||||
system_TasksAccounting: true
|
||||
# Accounting options
|
||||
systemd_CPUAccounting: true
|
||||
systemd_BlockIOAccounting: true
|
||||
systemd_MemoryAccounting: true
|
||||
systemd_TasksAccounting: true
|
||||
|
||||
# Sandboxing options
|
||||
systemd_PrivateTmp: true
|
||||
systemd_PrivateDevices: false
|
||||
systemd_PrivateNetwork: true
|
||||
systemd_PrivateUsers: true
|
||||
|
||||
# Start service after a given target. This is here because we want to define common
|
||||
# after targets used on most services. This can be overridden or agumented using
|
||||
@ -51,16 +57,13 @@ systemd_after_targets:
|
||||
- syslog.target
|
||||
- network.target
|
||||
|
||||
# Set the service state. Valid options are: [started, stopped, restarted, reloaded].
|
||||
systemd_service_state: started
|
||||
|
||||
# Set the service enabled state. Valid options are: [yes, no]
|
||||
systemd_service_enabled: yes
|
||||
|
||||
# Set global service overrides used within the service unit file.
|
||||
systemd_service_config_overrides: {}
|
||||
|
||||
# The systemD services dictionary is a set of services that will be created. The dictionary
|
||||
# The systemd services dictionary is a set of services that will be created. The dictionary
|
||||
# can contain the following options:
|
||||
# `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.
|
||||
# `init_config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.
|
||||
|
@ -17,10 +17,10 @@
|
||||
# define "program_override" option in the systemd_services dictionary.
|
||||
systemd_bin_path: /usr/local/bin
|
||||
|
||||
system_user_name: root
|
||||
system_group_name: root
|
||||
system_slice_name: system
|
||||
system_lock_path: /var/lock
|
||||
systemd_user_name: root
|
||||
systemd_group_name: root
|
||||
systemd_slice_name: system
|
||||
systemd_lock_path: /var/lock
|
||||
|
||||
# This is the prefix used for all temp files of a given type.
|
||||
systemd_tempd_prefix: tempd
|
||||
@ -30,11 +30,17 @@ systemd_TimeoutSec: 120
|
||||
systemd_Restart: on-failure
|
||||
systemd_RestartSec: 2
|
||||
|
||||
# Set accounting on systemd service
|
||||
system_CPUAccounting: true
|
||||
system_BlockIOAccounting: true
|
||||
system_MemoryAccounting: true
|
||||
system_TasksAccounting: true
|
||||
# Accounting options
|
||||
systemd_CPUAccounting: true
|
||||
systemd_BlockIOAccounting: true
|
||||
systemd_MemoryAccounting: true
|
||||
systemd_TasksAccounting: true
|
||||
|
||||
# Sandboxing options
|
||||
systemd_PrivateTmp: true
|
||||
systemd_PrivateDevices: false
|
||||
systemd_PrivateNetwork: false
|
||||
systemd_PrivateUsers: true
|
||||
|
||||
# Start service after a given target. This is here because we want to define common
|
||||
# after targets used on most services. This can be overridden or agumented using
|
||||
@ -43,16 +49,13 @@ systemd_after_targets:
|
||||
- syslog.target
|
||||
- network.target
|
||||
|
||||
# Set the service state. Valid options are: [started, stopped, restarted, reloaded].
|
||||
systemd_service_state: started
|
||||
|
||||
# Set the service enabled state. Valid options are: [yes, no]
|
||||
systemd_service_enabled: yes
|
||||
|
||||
# Set global service overrides used within the service unit file.
|
||||
systemd_service_config_overrides: {}
|
||||
|
||||
# The systemD services dictionary is a set of services that will be created. The dictionary
|
||||
# The systemd services dictionary is a set of services that will be created. The dictionary
|
||||
# can contain the following options:
|
||||
# `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.
|
||||
# `init_config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.
|
||||
@ -70,6 +73,10 @@ systemd_service_config_overrides: {}
|
||||
# service_name: ServiceX
|
||||
# init_config_overrides: {} # This is used to add in arbitratry unit file options
|
||||
# program_config_options: '--flag1 things --flag2 other'
|
||||
# program_sandboxing:
|
||||
# PrivateTmp: true
|
||||
# program_accounting:
|
||||
# CPUAccounting: true
|
||||
# ServiceY:
|
||||
# service_name: ServiceY
|
||||
# init_config_overrides: {} # This is used to add in arbitratry unit file options
|
||||
|
@ -264,7 +264,7 @@ ga('send', 'pageview');
|
||||
<span class="c1"># Set the service enabled state. Valid options are: [yes, no]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">systemd_service_enabled</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">yes</span>
|
||||
|
||||
<span class="c1"># The systemD services dictionary is a set of services that will be created. The dictionary</span>
|
||||
<span class="c1"># The systemd services dictionary is a set of services that will be created. The dictionary</span>
|
||||
<span class="c1"># can contain the following options:</span>
|
||||
<span class="c1"># `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.</span>
|
||||
<span class="c1"># `init_config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.</span>
|
||||
|
@ -26,8 +26,13 @@ galaxy_info:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
- name: opensuse
|
||||
versions:
|
||||
- 42.1
|
||||
- 42.2
|
||||
- 42.3
|
||||
categories:
|
||||
- systemd_init
|
||||
- systemd
|
||||
- development
|
||||
dependencies:
|
||||
- role: plugins
|
||||
- plugins
|
||||
|
@ -15,56 +15,66 @@
|
||||
|
||||
- name: Create TEMP run dir
|
||||
file:
|
||||
path: "/var/run/{{ item.value.service_name }}"
|
||||
path: "/var/run/{{ item.service_name }}"
|
||||
state: directory
|
||||
owner: "{{ system_user_name }}"
|
||||
group: "{{ system_group_name }}"
|
||||
owner: "{{ systemd_user_name }}"
|
||||
group: "{{ systemd_group_name }}"
|
||||
mode: "02755"
|
||||
with_dict: "{{ systemd_services }}"
|
||||
with_items: "{{ systemd_services }}"
|
||||
tags:
|
||||
- systemd-init
|
||||
|
||||
- name: Create TEMP lock dir
|
||||
file:
|
||||
path: "/var/lock/{{ item.value.service_name }}"
|
||||
path: "/var/lock/{{ item.service_name }}"
|
||||
state: directory
|
||||
owner: "{{ system_user_name }}"
|
||||
group: "{{ system_group_name }}"
|
||||
owner: "{{ systemd_user_name }}"
|
||||
group: "{{ systemd_group_name }}"
|
||||
mode: "02755"
|
||||
with_dict: "{{ systemd_services }}"
|
||||
with_items: "{{ systemd_services }}"
|
||||
tags:
|
||||
- systemd-init
|
||||
|
||||
- name: Create tmpfiles.d entry
|
||||
template:
|
||||
src: "systemd-tmpfiles.j2"
|
||||
dest: "/etc/tmpfiles.d/{{ systemd_tempd_prefix }}-{{ item.value.service_name }}.conf"
|
||||
dest: "/etc/tmpfiles.d/{{ systemd_tempd_prefix }}-{{ item.service_name }}.conf"
|
||||
mode: "0644"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
with_items: "{{ systemd_services }}"
|
||||
tags:
|
||||
- systemd-init
|
||||
|
||||
- name: Create tmpfiles.d entry
|
||||
template:
|
||||
src: "systemd-tmpfiles-lock.j2"
|
||||
dest: "/etc/tmpfiles.d/{{ systemd_tempd_prefix }}-{{ systemd_lock_path.strip('/') | replace('/', '-') }}-lock.conf"
|
||||
mode: "0644"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
with_dict: "{{ systemd_services }}"
|
||||
tags:
|
||||
- systemd-init
|
||||
|
||||
- name: Place the systemd init script
|
||||
config_template:
|
||||
src: "systemd-init.j2"
|
||||
dest: "/etc/systemd/system/{{ item.value.service_name }}.service"
|
||||
src: "systemd-service.j2"
|
||||
dest: "/etc/systemd/system/{{ item.service_name }}.service"
|
||||
mode: "0644"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
config_overrides: "{{ item.value.init_config_overrides | default(systemd_service_config_overrides) }}"
|
||||
config_overrides: "{{ item.init_config_overrides | default(systemd_service_config_overrides) }}"
|
||||
config_type: "ini"
|
||||
with_dict: "{{ systemd_services }}"
|
||||
with_items: "{{ systemd_services }}"
|
||||
tags:
|
||||
- systemd-init
|
||||
|
||||
- name: Load service
|
||||
systemd:
|
||||
name: "{{ item.value.service_name }}"
|
||||
name: "{{ item.service_name }}"
|
||||
daemon_reload: yes
|
||||
enabled: "{{ item.value.enabled | default(systemd_service_enabled) }}"
|
||||
state: "{{ item.value.service_state | default(systemd_service_state) }}"
|
||||
with_dict: "{{ systemd_services }}"
|
||||
enabled: "{{ item.enabled | default(systemd_service_enabled) }}"
|
||||
state: "{{ item.state | default(omit) }}"
|
||||
with_items: "{{ systemd_services }}"
|
||||
tags:
|
||||
- systemd-init
|
||||
|
@ -1,37 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
[Unit]
|
||||
Description={{ item.value.service_name }} service
|
||||
{% for item in systemd_after_targets %}
|
||||
After={{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ system_user_name }}
|
||||
Group={{ system_group_name }}
|
||||
|
||||
{% if item.value.program_override is defined %}
|
||||
ExecStart={{ item.value.program_override }} {{ item.value.program_config_options | default('') }}
|
||||
{% else %}
|
||||
ExecStart={{ systemd_bin_path }}/{{ item.value.service_name }} {{ item.value.program_config_options | default('') }}
|
||||
{% endif %}
|
||||
|
||||
# Give a reasonable amount of time for the server to start up/shut down
|
||||
TimeoutSec={{ systemd_TimeoutSec }}
|
||||
Restart={{ systemd_Restart }}
|
||||
RestartSec={{ systemd_RestartSec }}
|
||||
|
||||
# This creates a specific slice which all services will operate from
|
||||
# The accounting options give us the ability to see resource usage through
|
||||
# the `systemd-cgtop` command.
|
||||
Slice={{ system_slice_name }}.slice
|
||||
|
||||
# Set Accounting
|
||||
CPUAccounting={{ system_CPUAccounting }}
|
||||
BlockIOAccounting={{ system_BlockIOAccounting }}
|
||||
MemoryAccounting={{ system_MemoryAccounting }}
|
||||
TasksAccounting={{ system_TasksAccounting }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
61
templates/systemd-service.j2
Normal file
61
templates/systemd-service.j2
Normal file
@ -0,0 +1,61 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
[Unit]
|
||||
Description={{ item.service_name }} service
|
||||
{% for item in systemd_after_targets %}
|
||||
After={{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[Service]
|
||||
Type={{ item.service_type | default('simple') }}
|
||||
User={{ systemd_user_name }}
|
||||
Group={{ systemd_group_name }}
|
||||
|
||||
{% if item.program_override is defined %}
|
||||
ExecStart={{ item.program_override }} {{ item.program_config_options | default('') }}
|
||||
{% else %}
|
||||
ExecStart={{ systemd_bin_path }}/{{ item.service_name }} {{ item.program_config_options | default('') }}
|
||||
{% endif %}
|
||||
|
||||
{% if item.program_reload is defined %}
|
||||
ExecReload={{ item.program_reload }}
|
||||
{% else %}
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
{% endif %}
|
||||
|
||||
# Give a reasonable amount of time for the server to start up/shut down
|
||||
TimeoutSec={{ systemd_TimeoutSec }}
|
||||
Restart={{ systemd_Restart }}
|
||||
RestartSec={{ systemd_RestartSec }}
|
||||
|
||||
# This creates a specific slice which all services will operate from
|
||||
# The accounting options give us the ability to see resource usage through
|
||||
# the `systemd-cgtop` command.
|
||||
Slice={{ systemd_slice_name }}.slice
|
||||
|
||||
# Set Accounting
|
||||
{% if item.program_accounting is defined %}
|
||||
{% for key, value in item.program_accounting.items() %}
|
||||
{{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
CPUAccounting={{ systemd_CPUAccounting }}
|
||||
BlockIOAccounting={{ systemd_BlockIOAccounting }}
|
||||
MemoryAccounting={{ systemd_MemoryAccounting }}
|
||||
TasksAccounting={{ systemd_TasksAccounting }}
|
||||
{% endif %}
|
||||
|
||||
# Set Sandboxing
|
||||
{% if item.program_sandboxing is defined %}
|
||||
{% for key, value in item.program_sandboxing.items() %}
|
||||
{{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
PrivateTmp={{ systemd_PrivateTmp }}
|
||||
PrivateDevices={{ systemd_PrivateDevices }}
|
||||
PrivateNetwork={{ systemd_PrivateNetwork }}
|
||||
PrivateUsers={{ systemd_PrivateUsers }}
|
||||
{% endif %}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
3
templates/systemd-tmpfiles-lock.j2
Normal file
3
templates/systemd-tmpfiles-lock.j2
Normal file
@ -0,0 +1,3 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
D {{ systemd_lock_path }} 2755 {{ systemd_user_name }} {{ systemd_group_name }}
|
@ -1,5 +1,4 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
D /var/lock/{{ item.value.service_name }} 2755 {{ system_user_name }} {{ system_group_name }}
|
||||
D /var/run/{{ item.value.service_name }} 2755 {{ system_user_name }} {{ system_group_name }}
|
||||
D {{ system_lock_path }} 2755 {{ system_user_name }} {{ system_group_name }}
|
||||
D /var/lock/{{ item.service_name }} 2755 {{ systemd_user_name }} {{ systemd_group_name }}
|
||||
D /var/run/{{ item.service_name }} 2755 {{ systemd_user_name }} {{ systemd_group_name }}
|
||||
|
Loading…
Reference in New Issue
Block a user