diff --git a/defaults/main.yml b/defaults/main.yml index b55852d..3b761d4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -24,21 +24,21 @@ systemd_service_restart_changed: yes systemd_tempd_prefix: tempd # Give a reasonable amount of time for the server to start up/shut down -systemd_TimeoutSec: 120 -systemd_Restart: on-failure -systemd_RestartSec: 2 +systemd_service_timeout_sec: "{{ systemd_TimeoutSec | default(120) }}" +systemd_service_restart: "{{ systemd_Restart | default('on-failure') }}" +systemd_service_restart_sec: "{{ systemd_RestartSec | default(2) }}" # Accounting options -systemd_CPUAccounting: true -systemd_BlockIOAccounting: true -systemd_MemoryAccounting: true -systemd_TasksAccounting: true +systemd_service_cpu_accounting: "{{ systemd_CPUAccounting | default(true) }}" +systemd_service_block_io_accounting: "{{ systemd_BlockIOAccounting | default(true) }}" +systemd_service_memory_accounting: "{{ systemd_MemoryAccounting | default(true) }}" +systemd_service_tasks_accounting: "{{ systemd_TasksAccounting | default(true) }}" # Sandboxing options -systemd_PrivateTmp: false -systemd_PrivateDevices: false -systemd_PrivateNetwork: false -systemd_PrivateUsers: false +systemd_service_private_tmp: "{{ systemd_PrivateTmp | default(false) }}" +systemd_service_private_devices: "{{ systemd_PrivateDevices | default(false) }}" +systemd_service_private_network: "{{ systemd_PrivateNetwork | default(false) }}" +systemd_service_private_users: "{{ systemd_PrivateUsers | default(false) }}" # Start service after a given target. This is here because we want to define common # after targets used on most services. This can be overridden or agumented using @@ -138,7 +138,7 @@ systemd_environment: {} # `bind_targets` -- (optional) Bind the socket to this dependency unit. # `enabled` -- (optional) Set the enabled state of the socket. # `options` -- (optional) Additional options, like `ListenStream` or other. Specifying ListenStream in -# the options will suppress the default 'Service' field in [Socket]. +# the options will suppress the default 'Service' field in [Socket]. # `state` -- (optional) Set the running state of the socket. # Under the service dictionary the "timer" key can be added which will enable a given service diff --git a/handlers/main.yml b/handlers/main.yml index 19df154..874edc4 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -26,7 +26,7 @@ tags: - systemd-service tags: - - systemd-service + - systemd-service - name: Restart changed services @@ -45,4 +45,4 @@ loop_control: loop_var: services_results tags: - - systemd-service + - systemd-service diff --git a/handlers/systemd_restart.yml b/handlers/systemd_restart.yml index 05f38f6..acb0264 100644 --- a/handlers/systemd_restart.yml +++ b/handlers/systemd_restart.yml @@ -15,7 +15,10 @@ - name: "Restart service {{ services_results.item.service_name | replace(' ', '_') }}" systemd: - name: "{{ services_results.item.service_name | replace(' ', '_') }}{{ template_argument }}.{{ (services_results.item.timer is defined) | ternary('timer', 'service') }}" + name: >- + {{ services_results.item.service_name | replace(' ', '_') }}{{ template_argument }}.{{ + (services_results.item.timer is defined) | ternary('timer', 'service') + }} state: restarted loop: "{{ services_results.item.template_arguments | default(['']) }}" loop_control: diff --git a/meta/main.yml b/meta/main.yml index f384269..a7a060d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -18,18 +18,20 @@ galaxy_info: description: Installation and setup of systemd_service company: Rackspace license: Apache2 - min_ansible_version: 2.0 + role_name: systemd_service + namespace: openstack + min_ansible_version: "2.10" platforms: - name: Debian versions: - - buster + - bullseye - name: Ubuntu versions: - - bionic - focal + - jammy - name: EL versions: - - 8 - categories: + - "9" + galaxy_tags: - systemd - development diff --git a/releasenotes/notes/accounting_sandboxing_var_rename-95725d5a123c0dc5.yaml b/releasenotes/notes/accounting_sandboxing_var_rename-95725d5a123c0dc5.yaml new file mode 100644 index 0000000..e2016ec --- /dev/null +++ b/releasenotes/notes/accounting_sandboxing_var_rename-95725d5a123c0dc5.yaml @@ -0,0 +1,22 @@ +--- + +deprecations: + - | + In order to follow ansible naming conventions for variables, + following variables were renamed: + + * systemd_TimeoutSec -> systemd_service_timeout_sec + * systemd_Restart -> systemd_service_restart + * systemd_RestartSec -> systemd_service_restart_sec + * systemd_CPUAccounting -> systemd_service_cpu_accounting + * systemd_BlockIOAccounting -> systemd_service_block_io_accounting + * systemd_MemoryAccounting -> systemd_service_memory_accounting + * systemd_TasksAccounting -> systemd_service_tasks_accounting + * systemd_PrivateTmp -> systemd_service_private_tmp + * systemd_PrivateDevices -> systemd_service_private_devices + * systemd_PrivateNetwork -> systemd_service_private_network + * systemd_PrivateUsers -> systemd_service_private_users + + Old variable names were kept for backwards compatibility but will be + removed in next releases. It is highly adviced to use new variable + names in your deployments. diff --git a/tasks/main.yml b/tasks/main.yml index 42b9a82..2698b37 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -141,9 +141,13 @@ systemd: daemon_reload: yes when: - - (systemd_services_result is changed) or (systemd_timer_result is changed) or (systemd_override_result is changed ) or (systemd_socket.results | selectattr('changed', 'true') | length > 0) + - (systemd_services_result is changed) or + (systemd_timer_result is changed) or + (systemd_override_result is changed ) or + (systemd_socket.results | selectattr('changed', 'true') | length > 0) -- include_tasks: systemd_load.yml +- name: Including systemd_load tasks + include_tasks: systemd_load.yml loop: "{{ systemd_services }}" loop_control: loop_var: service diff --git a/templates/systemd-service.j2 b/templates/systemd-service.j2 index 6c92163..c97f6c4 100644 --- a/templates/systemd-service.j2 +++ b/templates/systemd-service.j2 @@ -65,10 +65,10 @@ ExecStopPost={{ execstoppost }} {% endfor %} # Give a reasonable amount of time for the server to start up/shut down -TimeoutSec={{ systemd_TimeoutSec }} +TimeoutSec={{ systemd_service_timeout_sec }} {% if service_type != 'oneshot' %} -Restart={{ systemd_Restart }} -RestartSec={{ systemd_RestartSec }} +Restart={{ systemd_service_restart }} +RestartSec={{ systemd_service_restart_sec }} {% endif %} {% if item.standard_output is defined %} @@ -86,10 +86,10 @@ Slice={{ systemd_slice_name }}.slice {{ key }}={{ value }} {% endfor %} {% else %} -CPUAccounting={{ systemd_CPUAccounting }} -BlockIOAccounting={{ systemd_BlockIOAccounting }} -MemoryAccounting={{ systemd_MemoryAccounting }} -TasksAccounting={{ systemd_TasksAccounting }} +CPUAccounting={{ systemd_service_cpu_accounting }} +BlockIOAccounting={{ systemd_service_block_io_accounting }} +MemoryAccounting={{ systemd_service_memory_accounting }} +TasksAccounting={{ systemd_service_tasks_accounting }} {% endif %} {% if service_type != 'oneshot' %} @@ -99,15 +99,15 @@ TasksAccounting={{ systemd_TasksAccounting }} {{ key }}={{ value }} {% endfor %} {% else %} -PrivateTmp={{ systemd_PrivateTmp }} -PrivateDevices={{ systemd_PrivateDevices }} -PrivateNetwork={{ systemd_PrivateNetwork }} +PrivateTmp={{ systemd_service_private_tmp }} +PrivateDevices={{ systemd_service_private_devices }} +PrivateNetwork={{ systemd_service_private_network }} {# NOTE(cloudnull): Limit the use of PrivateUsers The systemd directive "PrivateUsers" was implemented in systemd version 232. To correct a lot of spam messages in the journal the default directive is limited when to systemd version greater than or equal to 232 #} {% if (systemd_version | int) >= 232 %} -PrivateUsers={{ systemd_PrivateUsers }} +PrivateUsers={{ systemd_service_private_users }} {% endif %} {% endif %} {% if systemd_version|int >= 235 and item.state_directory is defined %}