From 8f109f3e43e74ff683f819571b45a6765579467a Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Tue, 5 Oct 2021 19:05:50 +0100 Subject: [PATCH] Add systemd_socket resource --- cookbooks/systemd/resources/socket.rb | 115 ++++++++++++ .../systemd/templates/default/socket.erb | 174 ++++++++++++++++++ 2 files changed, 289 insertions(+) create mode 100644 cookbooks/systemd/resources/socket.rb create mode 100644 cookbooks/systemd/templates/default/socket.erb diff --git a/cookbooks/systemd/resources/socket.rb b/cookbooks/systemd/resources/socket.rb new file mode 100644 index 000000000..beb44feb4 --- /dev/null +++ b/cookbooks/systemd/resources/socket.rb @@ -0,0 +1,115 @@ +# +# Cookbook:: systemd +# Resource:: systemd_socket +# +# Copyright:: 2021, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +default_action :create + +property :socket, String, :name_property => true +property :description, String, :required => [:create] +property :after, [String, Array] +property :wants, [String, Array] +property :listen_stream, [String, Array] +property :listen_datagram, [String, Array] +property :listen_sequential_packet, [String, Array] +property :listen_fifo, [String, Array] +property :listen_special, [String, Array] +property :listen_netlink, [String, Array] +property :listen_message_queue, [String, Array] +property :listen_usb_function, [String, Array] +property :socket_protocol, String +property :bind_ipv6_only, String +property :backlog, Integer +property :bind_to_device, String +property :socket_user, String +property :socket_group, String +property :socket_mode, Integer +property :directory_mode, Integer +property :accept, [true, false] +property :writable, [true, false] +property :max_connections, Integer +property :max_connections_per_source, Integer +property :keep_alive, [true, false] +property :keep_alive_time_sec, Integer +property :keep_alive_interval_sec, Integer +property :keep_alive_probes, Integer +property :no_delay, [true, false] +property :priority, Integer +property :defer_accept_sec, Integer +property :receive_buffer, Integer +property :send_buffer, Integer +property :ip_tos, Integer +property :ip_ttl, Integer +property :mark, Integer +property :reuse_port, [true, false] +property :pipe_size, Integer +property :message_queue_max_messages, Integer +property :message_queue_message_size, Integer +property :free_bind, [true, false] +property :transparent, [true, false] +property :broadcast, [true, false] +property :pass_credentials, [true, false] +property :pass_security, [true, false] +property :tcp_congestion, String +property :exec_start_pre, [String, Array] +property :exec_start, [String, Array] +property :exec_start_post, [String, Array] +property :exec_stop, [String, Array] +property :timeout_sec, [Integer, String] +property :service, String +property :remove_on_stop, [true, false] +property :symlinks, [String, Array] +property :file_descriptor_name, String +property :trigger_limit_interval_sec, [Integer, String] +property :trigger_limit_burst, Integer + +action :create do + socket_variables = new_resource.to_hash + + template "/etc/systemd/system/#{new_resource.socket}.socket" do + cookbook "systemd" + source "socket.erb" + owner "root" + group "root" + mode "644" + variables socket_variables + end + + execute "systemctl-reload-#{new_resource.socket}.socket" do + action :nothing + command "systemctl daemon-reload" + user "root" + group "root" + subscribes :run, "template[/etc/systemd/system/#{new_resource.socket}.socket]" + end +end + +action :delete do + file "/etc/systemd/system/#{new_resource.socket}.socket" do + action :delete + end + + execute "systemctl-reload-#{new_resource.socket}.socket" do + action :nothing + command "systemctl daemon-reload" + user "root" + group "root" + subscribes :run, "file[/etc/systemd/system/#{new_resource.socket}.socket]" + end +end diff --git a/cookbooks/systemd/templates/default/socket.erb b/cookbooks/systemd/templates/default/socket.erb new file mode 100644 index 000000000..0da3533a6 --- /dev/null +++ b/cookbooks/systemd/templates/default/socket.erb @@ -0,0 +1,174 @@ +# DO NOT EDIT - This file is being maintained by Chef + +[Unit] +Description=<%= @description %> +<% if @after -%> +After=<%= Array(@after).join(" ") %> +<% end -%> +<% if @wants -%> +Wants=<%= Array(@wants).join(" ") %> +<% end -%> + +[Socket] +<% Array(@listen_stream).each do |listen| -%> +ListenStream=<%= listen %> +<% end -%> +<% Array(@listen_datagram).each do |listen| -%> +ListenDatagram=<%= listen %> +<% end -%> +<% Array(@listen_sequential_packet).each do |listen| -%> +ListenSequentialPacket=<%= listen %> +<% end -%> +<% Array(@listen_fifo).each do |listen| -%> +ListenFIFO=<%= listen %> +<% end -%> +<% Array(@listen_special).each do |listen| -%> +ListenSpecial=<%= listen %> +<% end -%> +<% Array(@listen_netlink).each do |listen| -%> +ListenNetlink=<%= listen %> +<% end -%> +<% Array(@listen_message_queue).each do |listen| -%> +ListenMessageQueue=<%= listen %> +<% end -%> +<% Array(@listen_usb_function).each do |listen| -%> +ListenUSBFunction=<%= listen %> +<% end -%> +<% if @socket_protocol -%> +SocketProtocol=<%= @socket_protocol %> +<% end -%> +<% if @bind_ipv6_only -%> +BindIpv6Only=<%= @bind_ipv6_only %> +<% end -%> +<% if @backlog -%> +Backlog=<%= @backlog %> +<% end -%> +<% if @bind_to_device -%> +BindToDevice=<%= @bind_to_device %> +<% end -%> +<% if @socket_user -%> +SocketUser=<%= @socket_user %> +<% end -%> +<% if @socket_group -%> +SocketGroup=<%= @socket_group %> +<% end -%> +<% if @socket_mode -%> +SocketMode=<%= sprintf("0%o", @socket_mode) %> +<% end -%> +<% if @directory_mode -%> +DirectoryMode=<%= sprintf("0%o", @directory_mode) %> +<% end -%> +<% if @accept -%> +Accept=<%= @accept %> +<% end -%> +<% if @writable -%> +Writable=<%= @writable %> +<% end -%> +<% if @max_connections -%> +MaxConnections=<%= @max_connections %> +<% end -%> +<% if @max_connections_per_source -%> +MaxConnectionsPerSource=<%= @max_connections_per_source %> +<% end -%> +<% if @keep_alive -%> +KeepAlive=<%= @keep_alive %> +<% end -%> +<% if @keep_alive_time_sec -%> +KeepAliveTimeSec=<%= @keep_alive_time_sec %> +<% end -%> +<% if @keep_alive_interval_sec -%> +KeepAliveIntervalSec=<%= @keep_alive_interval_sec %> +<% end -%> +<% if @keep_alive_probes -%> +KeepAliveProbes=<%= @keep_alive_probes %> +<% end -%> +<% if @no_delay -%> +NoDelay=<%= @no_delay %> +<% end -%> +<% if @priority -%> +Priority=<%= @priority %> +<% end -%> +<% if @defer_accept_sec -%> +DeferAcceptSec=<%= @defer_accept_sec %> +<% end -%> +<% if @receive_buffer -%> +ReceiveBuffer=<%= @receive_buffer %> +<% end -%> +<% if @send_buffer -%> +SendBuffer=<%= @send_buffer %> +<% end -%> +<% if @ip_tos -%> +IpTos=<%= @ip_tos %> +<% end -%> +<% if @ip_ttl -%> +IpTtl=<%= @ip_ttl %> +<% end -%> +<% if @mark -%> +Mark=<%= @mark %> +<% end -%> +<% if @reuse_port -%> +ReusePort=<%= @reuse_port %> +<% end -%> +<% if @pipe_size -%> +PipeSize=<%= @pipe_size %> +<% end -%> +<% if @message_queue_max_messages -%> +MessageQueueMaxMessages=<%= @message_queue_max_messages %> +<% end -%> +<% if @message_queue_message_size -%> +MessageQueueMessageSize=<%= @message_queue_message_size %> +<% end -%> +<% if @free_bind -%> +FreeBind=<%= @free_bind %> +<% end -%> +<% if @transparent -%> +Transparent=<%= @transparent %> +<% end -%> +<% if @broadcast -%> +Broadcast=<%= @broadcast %> +<% end -%> +<% if @pass_credentials -%> +PassCredentials=<%= @pass_credentials %> +<% end -%> +<% if @pass_security -%> +PassSecurity=<%= @pass_security %> +<% end -%> +<% if @tcp_congestion -%> +TcpCongestion=<%= @tcp_congestion %> +<% end -%> +<% Array(@exec_start_pre).each do |exec| -%> +ExecStartPre=<%= exec %> +<% end -%> +<% Array(@exec_start).each do |exec| -%> +ExecStart=<%= exec %> +<% end -%> +<% Array(@exec_stop_post).each do |exec| -%> +ExecStopPost=<%= exec %> +<% end -%> +<% Array(@exec_stop).each do |exec| -%> +ExecStop=<%= exec %> +<% end -%> +<% if @timeout_sec -%> +TimeoutSec=<%= @timeout_sec %> +<% end -%> +<% if @service -%> +Service=<%= @service %> +<% end -%> +<% if @remove_on_stop -%> +RemoveOnStop=<%= @remove_on_stop %> +<% end -%> +<% Array(@symlinks).each do |symlink| -%> +Symlinks=<%= symlink %> +<% end -%> +<% if @file_descriptor_name -%> +FileDescriptorName=<%= @file_descriptor_name %> +<% end -%> +<% if @trigger_limit_interval_sec -%> +TriggerLimitIntervalSec=<%= @trigger_limit_interval_sec %> +<% end -%> +<% if @trigger_limit_burst -%> +TriggerLimitBurst=<%= @trigger_limit_burst %> +<% end -%> + +[Install] +WantedBy=multi-user.target -- 2.39.5