packaging/linux: cleanups of systemd scripts

- console creates the run directories (albatross albatross/fifo albatross/util)
-> log depends on console
- albatross/fifo needs special permission (albatross_daemon creates fifo there, albatross_console needs to read them)
- use /var/lib/albatross/albatross.log for the log file
- only require root in albatross_daemon, use user albatross in albatross_console and albatross_log
- defer albatross_stat for now
This commit is contained in:
Hannes Mehnert 2020-04-03 16:34:30 +02:00
parent 59212bdca9
commit 18728a7601
5 changed files with 37 additions and 86 deletions

View file

@ -1,34 +1,21 @@
[Unit] [Unit]
# To configure this service, please use the following command # To configure this service, please use the following command
# to create an override configuration: # to create an override configuration:
# systemctl edit albatross_console.service # systemctl edit albatross_console.service
Description=Albatross console daemon (albatross_console) Description=Albatross console daemon (albatross_console)
After=syslog.target After=syslog.target
[Service] [Service]
Type=simple Type=simple
User=albatross
#TODO no need to run as root! ExecStart=/usr/local/sbin/albatross-console --tmpdir="%t/albatross/" -vv
#Environment="albatross_console_user=root"
User=root
WorkingDirectory=/
# TODO what does the following line do?
Environment=albatross_prefix=/usr/local/sbin/albatross_console.exe
#ExecStartPre=id # the fbsd scripts do something here, not sure what
ExecStart=/usr/local/sbin/albatross_console.exe --tmpdir="%t/albatross/" -vv
# state=%S
# runtime=%t
# small temp=%T
# large temp=%V
# PrivateTmp=yes
RuntimeDirectoryPreserve=yes RuntimeDirectoryPreserve=yes
RuntimeDirectory=albatross albatross/fifo albatross/util RuntimeDirectory=albatross
ExecStartPre=/bin/mkdir -p %t/albatross/fifo
ExecStartPre=/bin/chmod 2770 %t/albatross/fifo
ExecStartPre=/bin/mkdir -p %t/albatross/util
PIDFile=%t/albatross/console.pid PIDFile=%t/albatross/console.pid
RestrictAddressFamilies=AF_UNIX
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -1,37 +1,29 @@
[Unit] [Unit]
Description=Albatross VMM daemon (albatrossd) Description=Albatross VMM daemon (albatrossd)
Requires=albatross_console.service albatross_log.service albatross_stat.service Requires=albatross_console.service albatross_log.service
After=syslog.target albatross_console.service albatross_log.service albatross_stat.service After=syslog.target albatross_console.service albatross_log.service
[Service] [Service]
Type=simple Type=simple
# TODO not necessarily needs to be run as root, anything that can solo5-spt/hvt, # TODO not necessarily needs to be run as root, anything that can solo5-spt/hvt,
# create tap interfaces should be fine! # create tap interfaces should be fine!
#Environment=albatross_daemon_user=root
#User=${albatross_daemon_user}
User=root User=root
ExecStart=/usr/local/sbin/albatrossd --tmpdir="%t/albatross/" -vv
WorkingDirectory=/ #RuntimeDirectoryPreserve=yes
#RuntimeDirectory=albatross
#ExecStartPre=id # the fbsd scripts do something here, not sure what PIDFile=%t/albatross/daemon.pid
ExecStart=/usr/local/sbin/albatrossd.exe --tmpdir="%t/albatross/" -vv
#--dbdir (defaults to /run/albatross)
RuntimeDirectoryPreserve=yes
RuntimeDirectory=albatross albatross/fifo albatross/util
PIDFile=/%t/albatross/daemon.pid
## hardening stuff ## hardening stuff
ProtectSystem=full ProtectSystem=full
ProtectHome=true ProtectHome=true
UMask=0077 #UMask=0077
OOMScoreAdjust=-1000 OOMScoreAdjust=-1000
#AppArmorProfile= #AppArmorProfile=
#SmackProcessLabel=albatross_vmm #SmackProcessLabel=albatross_vmm
IgnoreSIGPIPE=true IgnoreSIGPIPE=true
#SystemCallFilter=~reboot #SystemCallFilter=~reboot
#SystemCallFilter= #SystemCallFilter=
RestrictAddressFamilies=AF_UNIX AF_INET #RestrictAddressFamilies=AF_UNIX
#RuntimeDirectoryMode=0700 #RuntimeDirectoryMode=0700
[Install] [Install]

View file

@ -1,25 +1,19 @@
[Unit] [Unit]
# To configure this service, please use the following command # To configure this service, please use the following command
# to create an override configuration: # to create an override configuration:
# systemctl edit albatross_log.service # systemctl edit albatross_log.service
Description=Albatross log daemon (albatross_log) Description=Albatross log daemon (albatross_log)
After=syslog.target After=syslog.target albatross_console.service
Requires=albatross_console.service
[Service] [Service]
Type=simple Type=simple
User=albatross
# TODO should not be root (needs to write to logfile (%L/albatross.log)) ExecStart=/usr/local/sbin/albatross-log --logfile="/var/lib/albatross/albatross.log" --tmpdir="%t/albatross/" -vv
User=root #RuntimeDirectory=albatross albatross/util
#RuntimeDirectoryPreserve=yes # avoid albatross.log being cleaned up
WorkingDirectory=/ PIDFile=%t/albatross/log.pid
RestrictAddressFamilies=AF_UNIX
#ExecStartPre=id # the fbsd scripts do something here, not sure what
ExecStart=/usr/local/sbin/albatross_log.exe --logfile="%L/albatross.log" --tmpdir="%t/albatross/" -vv
RuntimeDirectory=albatross
RuntimeDirectory=albatross albatross/fifo albatross/util
PIDFile=/%t/albatross/log.pid
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -1,34 +1,18 @@
[Unit] [Unit]
# To configure this service, please use the following command # To configure this service, please use the following command
# to create an override configuration: # to create an override configuration:
# systemctl edit albatross_stat.service # systemctl edit albatross_stat.service
Description=Albatross stat daemon (albatross_stat) Description=Albatross stat daemon (albatross_stat)
After=syslog.target After=syslog.target
[Service] [Service]
Type=simple Type=simple
User=albatross
# TODO no need to run as root! ExecStart=/usr/local/sbin/albatross-stats --tmpdir="%t/albatross/" -vv
#Environment="albatross_stat_user=root"
User=root
WorkingDirectory=/
# TODO what does the following line do?
Environment=albatross_prefix=/usr/local/sbin/albatross_stats.exe
#ExecStartPre=id # the fbsd scripts do something here, not sure what
ExecStart=/usr/local/sbin/albatross_stats.exe --tmpdir="%t/albatross/" -vv
# state=%S
# runtime=%t
# small temp=%T
# large temp=%V
# PrivateTmp=yes
RuntimeDirectoryPreserve=yes RuntimeDirectoryPreserve=yes
RuntimeDirectory=albatross albatross/fifo albatross/util RuntimeDirectory=albatross albatross/util
PIDFile=%t/albatross/stat.pid PIDFile=%t/albatross/stat.pid
RestrictAddressFamilies=AF_UNIX
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -1,18 +1,12 @@
#!/bin/sh #!/bin/sh
sudo mkdir -m 0700 -p /var/lib/albatross/block sudo mkdir -m 0700 -p /var/lib/albatross/block
sudo cp ../../_build/default/client/*.exe /usr/local/sbin/ sudo cp ../../_build/install/default/bin/* /usr/local/sbin/
sudo cp ../../_build/default/daemon/*.exe /usr/local/sbin/ sudo cp ./albatross_*.service /etc/systemd/system/
sudo cp ../../_build/default/provision/*.exe /usr/local/sbin/
sudo cp ../../_build/default/stats/*.exe /usr/local/sbin/
sudo cp ../../_build/default/tls/*.exe /usr/local/sbin/
sudo cp ./albatross_*.service /lib/systemd/system/
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl stop albatross_console sudo systemctl stop albatross_console
sudo systemctl start albatross_console sudo systemctl start albatross_console
sudo systemctl stop albatross_log sudo systemctl stop albatross_log
sudo systemctl start albatross_log sudo systemctl start albatross_log
sudo systemctl stop albatross_stat sudo systemctl stop albatross_daemon
sudo systemctl start albatross_stat
sudo systemctl stop albatross_daemon
sudo systemctl start albatross_daemon sudo systemctl start albatross_daemon