minimal systemd "unit" file

 I used to use daemontools for running servers under process supervision.  There are other similar systems like runit.

Now, most current linux distributions use systemd.  This is presented as a disaster by purists, but the fact is, everyone else failed to make anything adequate while systemd crept up.  Unix has a process tree, so use it.  Instead of which, every shonky init script had its own error-prone concoction of pid files, daemon that backgrounds itself, commands like "stop" or "reload" that LOOK AT THE PID FILE and send it a signal.  As a side-whinge, most daemons automatically go thru a cargo-cult absurdity of detach and fork and background, or whatever the fuck it is.  A lot of the time, you can ask them not to do this, often with arcane options (look at apache: -DFOREGROUND -DNO_DETACH).  It should not even be possible, let alone some default the long-suffering sysadmin has to work around, differently for each application.  The people complaining about systemd did nothing to make simple process-supervision normal, instead of init script swamp.

systemd thingies are called units, and they are defined in unit files, in the somewhat completion-unfriendly /etc/systemd/system/*.service.

I want to keep stuff agnostic to the process supervision system, so I want as little config as possible in the unit file.  Not even the user to run it as -- that can be defined via dropto in the run script.

So what is the minimal unit file for a service?  From my non-exhaustive tinkering, the minimum appears to be three sections, each with one parameter.  Let's start with a complete example using the minimal scheme, then describe each element.

Contents of  /etc/systemd/system/wiki.ptj.apache2.service:


[Unit]

Description=wiki.ptj


[Service]

ExecStart=/etc/wiki.ptj.apache2.run


[Install]

WantedBy=multi-user.target


For Unit->Description, I found I couldn't add / enable the service without this.  I don't see the problem with using the filename stem as the default description, so I don't agree with the design of requiring this item, but that's a relatively minor design quibble.

Service->ExecStart is a clumsy way of saying the actual thing to run.  Note it's a single executable name with no options.  This means the same script can be used from daemontools and the like, as the run script.  In daemontools it has to be called "run", so it would be a symlink from a file called "run" in the service dir, or a copy under that name.  It doesn't have a basename of "run" in my systemd scheme because systemd's logging prefixes the basename of this executable to log lines.  The quickest way I found to stop all server log lines being tagged "run", was to put the server name in the run program name as above.

Again, the privilege-dropping is done inside the run-program, so after systemd, but before the server application, so no relying on shonky-unique-cargo-cult privilege-dropping from the application.  Basically "exec dropto USER ..." is how the shell script that runs the server goes.

Finally, Install->WantedBy with value "multi-user.target" is an extremely clumsy way of saying to run this server at runlevel 3 or multi-user mode.

Enabling and starting it interactively, with a quick check, then, is something along the lines of:

export SV=wiki.ptj.apache2; systemctl enable $SV && systemctl start $SV && sleep 2 && systemctl status $SV


Comments

Post a Comment

Popular posts from this blog

the persistent idiocy of "privileged ports" on Unix

TCP and UDP have ports.  These are 16 bit; there are 65535 or so per IP address. These protocols don't care to differentiate between the ports.  Elsewhere, IANA presumes to operate a process to allocate "well-known" ports in the range 1-1023, "registered ports" in the range 1024-49151, and to reserve the remainder, 49152–65535, for "ephemeral" ports.  The caller end has to have a port, which is how replies get back within the virtual connection, and these are conventionally picked from the ephemeral range by the OS's networking stack. The whole idea of ports is ridiculous, because it allows ISPs to arse around presuming to decide which services they will "not allow".  Anything that allows IPSs to do anything other than shift opaque packets will allow ISPs to meddle and break things, and due to the Law of Meddling, if they can, they will.  I am currently working around an issue with Claro, a pretend ISP, blocking port 5060, allocated to SI...
Read more

easyjet: repeated entry of information they already have

Image
As I observed earlier today, airline web sites are obsessed with making people re-enter information, apparently arbitrarily. The following seems to be required for Easyjet, for an "existing" customer relationship, every time: country of residence selected from big list, involving skidding around on the screen that makes the victim feel sick should be remembered. If it has to be changed, should be type-and-choose victim is taunted with the text "tell us about you", when they thought they had logged in form with the following on one page: business / leisure title, first name, last name, age there is a button to "copy from contact details", but this doesn't do the "age" field.  Since they have my date of birth, they are of course able to calculate my age.  As well, the only values for this field are "18+", "17", or "16".  Is it a deliberate decision, to not fill this field based on the customer data, and to make the...
Read more

Guernsey Waste in incorrect bag-rejection horror May 6th, 2024

Image
The rubbish collection folk at my new place seem pickier than at other places on Guernsey. Last week, they removed some card packaging that I'd included in the card and paper (plastic) clear bag, and left it on the lane.  This week, they have attached a rejection label entitled "Polite Notice".  Just like modern software-engineered error messages (see attached tag "extremely_general_error_handling"), this does not give a specific reason why the bag was rejected, but instead lists miscellaneous possible "reasons", leaving the victim guessing, or perhaps trying to follow a process of elimination. In this case, some possible reasons, which the label does not claim to be exhaustive ("was most likely because ..."), and of which none apply, are: (i) "did not have the required payment sticker" -- no, I applied to 90 litre sticker; or  (ii) (a) "too heavy" -- no, I estimate it was 3kg, and I easily supported the bag's weight o...
Read more