minimal systemd "unit" file

 I used to use daemontools for running servers under process supervision.  There are other similar systems like runit.

Now, most current linux distributions use systemd.  This is presented as a disaster by purists, but the fact is, everyone else failed to make anything adequate while systemd crept up.  Unix has a process tree, so use it.  Instead of which, every shonky init script had its own error-prone concoction of pid files, daemon that backgrounds itself, commands like "stop" or "reload" that LOOK AT THE PID FILE and send it a signal.  As a side-whinge, most daemons automatically go thru a cargo-cult absurdity of detach and fork and background, or whatever the fuck it is.  A lot of the time, you can ask them not to do this, often with arcane options (look at apache: -DFOREGROUND -DNO_DETACH).  It should not even be possible, let alone some default the long-suffering sysadmin has to work around, differently for each application.  The people complaining about systemd did nothing to make simple process-supervision normal, instead of init script swamp.

systemd thingies are called units, and they are defined in unit files, in the somewhat completion-unfriendly /etc/systemd/system/*.service.

I want to keep stuff agnostic to the process supervision system, so I want as little config as possible in the unit file.  Not even the user to run it as -- that can be defined via dropto in the run script.

So what is the minimal unit file for a service?  From my non-exhaustive tinkering, the minimum appears to be three sections, each with one parameter.  Let's start with a complete example using the minimal scheme, then describe each element.

Contents of  /etc/systemd/system/wiki.ptj.apache2.service:


[Unit]

Description=wiki.ptj


[Service]

ExecStart=/etc/wiki.ptj.apache2.run


[Install]

WantedBy=multi-user.target


For Unit->Description, I found I couldn't add / enable the service without this.  I don't see the problem with using the filename stem as the default description, so I don't agree with the design of requiring this item, but that's a relatively minor design quibble.

Service->ExecStart is a clumsy way of saying the actual thing to run.  Note it's a single executable name with no options.  This means the same script can be used from daemontools and the like, as the run script.  In daemontools it has to be called "run", so it would be a symlink from a file called "run" in the service dir, or a copy under that name.  It doesn't have a basename of "run" in my systemd scheme because systemd's logging prefixes the basename of this executable to log lines.  The quickest way I found to stop all server log lines being tagged "run", was to put the server name in the run program name as above.

Again, the privilege-dropping is done inside the run-program, so after systemd, but before the server application, so no relying on shonky-unique-cargo-cult privilege-dropping from the application.  Basically "exec dropto USER ..." is how the shell script that runs the server goes.

Finally, Install->WantedBy with value "multi-user.target" is an extremely clumsy way of saying to run this server at runlevel 3 or multi-user mode.

Enabling and starting it interactively, with a quick check, then, is something along the lines of:

export SV=wiki.ptj.apache2; systemctl enable $SV && systemctl start $SV && sleep 2 && systemctl status $SV


Comments

Post a Comment

Popular posts from this blog

the persistent idiocy of "privileged ports" on Unix

TCP and UDP have ports.  These are 16 bit; there are 65535 or so per IP address. These protocols don't care to differentiate between the ports.  Elsewhere, IANA presumes to operate a process to allocate "well-known" ports in the range 1-1023, "registered ports" in the range 1024-49151, and to reserve the remainder, 49152–65535, for "ephemeral" ports.  The caller end has to have a port, which is how replies get back within the virtual connection, and these are conventionally picked from the ephemeral range by the OS's networking stack. The whole idea of ports is ridiculous, because it allows ISPs to arse around presuming to decide which services they will "not allow".  Anything that allows IPSs to do anything other than shift opaque packets will allow ISPs to meddle and break things, and due to the Law of Meddling, if they can, they will.  I am currently working around an issue with Claro, a pretend ISP, blocking port 5060, allocated to SI
Read more

google is giving more and more 500 errors

Image
Total state capture and moral bankruptcy are not the only problems facing Google.  They are also giving an increasing rate of 500 Internal Server errors.  This is the sort that means they've messed up, but not in a way that they should have messed up.  On the other hand, they have drawn a lovely picture of a robot falling apart. Today's example is from Google Calendar under calendar.google.com.  I was trying to make an appointment, and now I'm doing this. I remember, in 2018, a friend trying to convince me that 500 Internal Server Errors no longer happened, or if they did it was my fault, and that they hadn't seen any for years, and some other things.  They assured me that they would love to see screenshots of such a rare specimen, which I bored them with for a while.  That friend happens to be a Google employee. Well, there are plenty of others posting about Google Calendar on twitter today, including screenshots of 500 Internal Server errors, so I doubt this one is en
Read more

7 minute workout: a straightforward audio recording (and two broken google web sites)

Image
 Last year I had a simple rendition of the 7 minute workout routine recorded by a voice artist . I wanted a simple audio track to help get the timings right.  I used to have a good "app" that did it, but that handset died.  Subsequent "app"s have got rubbisher and rubbisher, by having mega-configurable exercise order and making it complicated, with intrusive advertising, by synthesizing unpleasant robot voices instead of simply recording a human voice, and by making everything sound so pumped. Youtube video mmq5zZfmIws is not bad, but they have not been able to resist having ads, and a quick part of the morning routine can not have ads, it's just too tacky.  But one can watch someone doing each exercise and see how to do it properly.  Incidentally, they are at 30M views, also because daily routine.  The track I got recorded, in m4a format, is: https://drive.google.com/uc?export=download&id=1c91iH6XJrfCiItTJErJAmIbNdGuHN0tr (direct download link) https://dr
Read more