updated things so this role is usable

Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-03-08 11:42:33 -06:00
parent c302169881
commit 9a4ed2d7bc
No known key found for this signature in database
GPG Key ID: 9443251A787B9FB3
10 changed files with 148 additions and 97 deletions

View File

@ -25,10 +25,10 @@ You can also use the ``ansible-galaxy`` command on the ``ansible-role-requiremen
# define "program_override" option in the systemd_services dictionary.
systemd_bin_path: /usr/local/bin
system_user_name: root
system_group_name: root
system_slice_name: system
system_lock_path: /var/lock
systemd_user_name: root
systemd_group_name: root
systemd_slice_name: system
systemd_lock_path: /var/lock
# This is the prefix used for all temp files of a given type.
systemd_tempd_prefix: tempd
@ -38,11 +38,17 @@ systemd_TimeoutSec: 120
systemd_Restart: on-failure
systemd_RestartSec: 2
# Set accounting on systemd service
system_CPUAccounting: true
system_BlockIOAccounting: true
system_MemoryAccounting: true
system_TasksAccounting: true
# Accounting options
systemd_CPUAccounting: true
systemd_BlockIOAccounting: true
systemd_MemoryAccounting: true
systemd_TasksAccounting: true
# Sandboxing options
systemd_PrivateTmp: true
systemd_PrivateDevices: false
systemd_PrivateNetwork: true
systemd_PrivateUsers: true
# Start service after a given target. This is here because we want to define common
# after targets used on most services. This can be overridden or agumented using
@ -51,16 +57,13 @@ systemd_after_targets:
- syslog.target
- network.target
# Set the service state. Valid options are: [started, stopped, restarted, reloaded].
systemd_service_state: started
# Set the service enabled state. Valid options are: [yes, no]
systemd_service_enabled: yes
# Set global service overrides used within the service unit file.
systemd_service_config_overrides: {}
# The systemD services dictionary is a set of services that will be created. The dictionary
# The systemd services dictionary is a set of services that will be created. The dictionary
# can contain the following options:
# `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.
# `init_config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.

View File

@ -17,10 +17,10 @@
# define "program_override" option in the systemd_services dictionary.
systemd_bin_path: /usr/local/bin
system_user_name: root
system_group_name: root
system_slice_name: system
system_lock_path: /var/lock
systemd_user_name: root
systemd_group_name: root
systemd_slice_name: system
systemd_lock_path: /var/lock
# This is the prefix used for all temp files of a given type.
systemd_tempd_prefix: tempd
@ -30,11 +30,17 @@ systemd_TimeoutSec: 120
systemd_Restart: on-failure
systemd_RestartSec: 2
# Set accounting on systemd service
system_CPUAccounting: true
system_BlockIOAccounting: true
system_MemoryAccounting: true
system_TasksAccounting: true
# Accounting options
systemd_CPUAccounting: true
systemd_BlockIOAccounting: true
systemd_MemoryAccounting: true
systemd_TasksAccounting: true
# Sandboxing options
systemd_PrivateTmp: true
systemd_PrivateDevices: false
systemd_PrivateNetwork: false
systemd_PrivateUsers: true
# Start service after a given target. This is here because we want to define common
# after targets used on most services. This can be overridden or agumented using
@ -43,16 +49,13 @@ systemd_after_targets:
- syslog.target
- network.target
# Set the service state. Valid options are: [started, stopped, restarted, reloaded].
systemd_service_state: started
# Set the service enabled state. Valid options are: [yes, no]
systemd_service_enabled: yes
# Set global service overrides used within the service unit file.
systemd_service_config_overrides: {}
# The systemD services dictionary is a set of services that will be created. The dictionary
# The systemd services dictionary is a set of services that will be created. The dictionary
# can contain the following options:
# `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.
# `init_config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.
@ -70,6 +73,10 @@ systemd_service_config_overrides: {}
# service_name: ServiceX
# init_config_overrides: {} # This is used to add in arbitratry unit file options
# program_config_options: '--flag1 things --flag2 other'
# program_sandboxing:
# PrivateTmp: true
# program_accounting:
# CPUAccounting: true
# ServiceY:
# service_name: ServiceY
# init_config_overrides: {} # This is used to add in arbitratry unit file options

View File

@ -264,7 +264,7 @@ ga('send', 'pageview');
<span class="c1"># Set the service enabled state. Valid options are: [yes, no]</span>
<span class="l l-Scalar l-Scalar-Plain">systemd_service_enabled</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">yes</span>
<span class="c1"># The systemD services dictionary is a set of services that will be created. The dictionary</span>
<span class="c1"># The systemd services dictionary is a set of services that will be created. The dictionary</span>
<span class="c1"># can contain the following options:</span>
<span class="c1"># `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.</span>
<span class="c1"># `init_config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.</span>

View File

@ -26,8 +26,13 @@ galaxy_info:
- name: EL
versions:
- 7
- name: opensuse
versions:
- 42.1
- 42.2
- 42.3
categories:
- systemd_init
- systemd
- development
dependencies:
- role: plugins
- plugins

View File

@ -15,56 +15,66 @@
- name: Create TEMP run dir
file:
path: "/var/run/{{ item.value.service_name }}"
path: "/var/run/{{ item.service_name }}"
state: directory
owner: "{{ system_user_name }}"
group: "{{ system_group_name }}"
owner: "{{ systemd_user_name }}"
group: "{{ systemd_group_name }}"
mode: "02755"
with_dict: "{{ systemd_services }}"
with_items: "{{ systemd_services }}"
tags:
- systemd-init
- name: Create TEMP lock dir
file:
path: "/var/lock/{{ item.value.service_name }}"
path: "/var/lock/{{ item.service_name }}"
state: directory
owner: "{{ system_user_name }}"
group: "{{ system_group_name }}"
owner: "{{ systemd_user_name }}"
group: "{{ systemd_group_name }}"
mode: "02755"
with_dict: "{{ systemd_services }}"
with_items: "{{ systemd_services }}"
tags:
- systemd-init
- name: Create tmpfiles.d entry
template:
src: "systemd-tmpfiles.j2"
dest: "/etc/tmpfiles.d/{{ systemd_tempd_prefix }}-{{ item.value.service_name }}.conf"
dest: "/etc/tmpfiles.d/{{ systemd_tempd_prefix }}-{{ item.service_name }}.conf"
mode: "0644"
owner: "root"
group: "root"
with_items: "{{ systemd_services }}"
tags:
- systemd-init
- name: Create tmpfiles.d entry
template:
src: "systemd-tmpfiles-lock.j2"
dest: "/etc/tmpfiles.d/{{ systemd_tempd_prefix }}-{{ systemd_lock_path.strip('/') | replace('/', '-') }}-lock.conf"
mode: "0644"
owner: "root"
group: "root"
with_dict: "{{ systemd_services }}"
tags:
- systemd-init
- name: Place the systemd init script
config_template:
src: "systemd-init.j2"
dest: "/etc/systemd/system/{{ item.value.service_name }}.service"
src: "systemd-service.j2"
dest: "/etc/systemd/system/{{ item.service_name }}.service"
mode: "0644"
owner: "root"
group: "root"
config_overrides: "{{ item.value.init_config_overrides | default(systemd_service_config_overrides) }}"
config_overrides: "{{ item.init_config_overrides | default(systemd_service_config_overrides) }}"
config_type: "ini"
with_dict: "{{ systemd_services }}"
with_items: "{{ systemd_services }}"
tags:
- systemd-init
- name: Load service
systemd:
name: "{{ item.value.service_name }}"
name: "{{ item.service_name }}"
daemon_reload: yes
enabled: "{{ item.value.enabled | default(systemd_service_enabled) }}"
state: "{{ item.value.service_state | default(systemd_service_state) }}"
with_dict: "{{ systemd_services }}"
enabled: "{{ item.enabled | default(systemd_service_enabled) }}"
state: "{{ item.state | default(omit) }}"
with_items: "{{ systemd_services }}"
tags:
- systemd-init

View File

@ -1,37 +0,0 @@
# {{ ansible_managed }}
[Unit]
Description={{ item.value.service_name }} service
{% for item in systemd_after_targets %}
After={{ item }}
{% endfor %}
[Service]
Type=simple
User={{ system_user_name }}
Group={{ system_group_name }}
{% if item.value.program_override is defined %}
ExecStart={{ item.value.program_override }} {{ item.value.program_config_options | default('') }}
{% else %}
ExecStart={{ systemd_bin_path }}/{{ item.value.service_name }} {{ item.value.program_config_options | default('') }}
{% endif %}
# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec={{ systemd_TimeoutSec }}
Restart={{ systemd_Restart }}
RestartSec={{ systemd_RestartSec }}
# This creates a specific slice which all services will operate from
# The accounting options give us the ability to see resource usage through
# the `systemd-cgtop` command.
Slice={{ system_slice_name }}.slice
# Set Accounting
CPUAccounting={{ system_CPUAccounting }}
BlockIOAccounting={{ system_BlockIOAccounting }}
MemoryAccounting={{ system_MemoryAccounting }}
TasksAccounting={{ system_TasksAccounting }}
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,61 @@
# {{ ansible_managed }}
[Unit]
Description={{ item.service_name }} service
{% for item in systemd_after_targets %}
After={{ item }}
{% endfor %}
[Service]
Type={{ item.service_type | default('simple') }}
User={{ systemd_user_name }}
Group={{ systemd_group_name }}
{% if item.program_override is defined %}
ExecStart={{ item.program_override }} {{ item.program_config_options | default('') }}
{% else %}
ExecStart={{ systemd_bin_path }}/{{ item.service_name }} {{ item.program_config_options | default('') }}
{% endif %}
{% if item.program_reload is defined %}
ExecReload={{ item.program_reload }}
{% else %}
ExecReload=/bin/kill -HUP $MAINPID
{% endif %}
# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec={{ systemd_TimeoutSec }}
Restart={{ systemd_Restart }}
RestartSec={{ systemd_RestartSec }}
# This creates a specific slice which all services will operate from
# The accounting options give us the ability to see resource usage through
# the `systemd-cgtop` command.
Slice={{ systemd_slice_name }}.slice
# Set Accounting
{% if item.program_accounting is defined %}
{% for key, value in item.program_accounting.items() %}
{{ key }}={{ value }}
{% endfor %}
{% else %}
CPUAccounting={{ systemd_CPUAccounting }}
BlockIOAccounting={{ systemd_BlockIOAccounting }}
MemoryAccounting={{ systemd_MemoryAccounting }}
TasksAccounting={{ systemd_TasksAccounting }}
{% endif %}
# Set Sandboxing
{% if item.program_sandboxing is defined %}
{% for key, value in item.program_sandboxing.items() %}
{{ key }}={{ value }}
{% endfor %}
{% else %}
PrivateTmp={{ systemd_PrivateTmp }}
PrivateDevices={{ systemd_PrivateDevices }}
PrivateNetwork={{ systemd_PrivateNetwork }}
PrivateUsers={{ systemd_PrivateUsers }}
{% endif %}
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,3 @@
# {{ ansible_managed }}
D {{ systemd_lock_path }} 2755 {{ systemd_user_name }} {{ systemd_group_name }}

View File

@ -1,5 +1,4 @@
# {{ ansible_managed }}
D /var/lock/{{ item.value.service_name }} 2755 {{ system_user_name }} {{ system_group_name }}
D /var/run/{{ item.value.service_name }} 2755 {{ system_user_name }} {{ system_group_name }}
D {{ system_lock_path }} 2755 {{ system_user_name }} {{ system_group_name }}
D /var/lock/{{ item.service_name }} 2755 {{ systemd_user_name }} {{ systemd_group_name }}
D /var/run/{{ item.service_name }} 2755 {{ systemd_user_name }} {{ systemd_group_name }}