diff --git a/.fixtures.yml b/.fixtures.yml index f7b8106..1efeade 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,5 +1,6 @@ fixtures: forge_modules: stdlib: puppetlabs/stdlib + eyplib: eyp/eyplib symlinks: systemd: "#{source_dir}" diff --git a/.rspec b/.rspec new file mode 100644 index 0000000..8cf94aa --- /dev/null +++ b/.rspec @@ -0,0 +1,4 @@ +--format documentation +--color + + diff --git a/CHANGELOG.md b/CHANGELOG.md index cff2b4c..e51e7fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CHANGELOG +## 0.1.39 + +* logind.conf is now managed via **systemd::logind** with a lot of new options - thanks to [cedef](https://github.com/cedef) for this [PR-59](https://github.com/NTTCom-MS/eyp-systemd/pull/59), it have been marged with some changes using [PR-81](https://github.com/NTTCom-MS/eyp-systemd/pull/81) + ## 0.1.38 * Add syslog facility, memlock and core limits to service template - thanks to [davidnewhall](https://github.com/davidnewhall) for this [PR-53](https://github.com/NTTCom-MS/eyp-systemd/pull/53) diff --git a/README.md b/README.md index ce648ec..6caf056 100644 --- a/README.md +++ b/README.md @@ -21,8 +21,8 @@ systemd service support ## Module Description basic systemd support implemented: -* service definitions (sys-v wrapper also available) -* **logind.conf** (disables IPC deletion on user logout) +* service,socket and timer definitions (sys-v wrapper also available) +* **logind.conf** management (default behaviour is to **disable RemoveIPC** by default) * `/etc/systemd/system.conf` (systemd manager configuration) For systemd related questions please refer to: @@ -35,13 +35,16 @@ For systemd related questions please refer to: ### What systemd affects - Creates service definitions: **/etc/systemd/system/${servicename}.service** +- Creates socket definitions: **/etc/systemd/system/${servicename}.socket** +- Creates timer definitions: **/etc/systemd/system/${servicename}.timer** +- Creates drop-in definitions: **/etc/systemd/system/${servicename}/${dropin_order}-${dropin_name}.service** +- Creates systemd/sys-v compatibility scripts - Manages **/etc/systemd/logind.conf** ### Setup Requirements This module requires pluginsync enabled - ### Basic example: --- #### Systemd Service @@ -205,6 +208,7 @@ root 27399 0.0 0.0 113120 1396 ? S Jan09 0:00 /bin/bash /etc/ root 7173 0.0 0.0 107896 608 ? S 10:34 0:00 \_ sleep 10m ``` ### Systemd Service Overrides: + ```puppet systemd::service::dropin { 'node_exporter': user => 'monitoring', @@ -221,14 +225,41 @@ Restart=on-failure User=monitoring ``` - ## Reference ### classes #### systemd -* **removeipc**: IPC deletion on user logout (default: no) +base class for systemd reload management + +#### systemd::logind + +/etc/systemd/logind.conf management: + +* **handle_hibernate_key**: (default: 'hibernate') +* **handle_lid_switch**: (default: suspend') +* **handle_lid_switch_docked**: (default: ignore') +* **handle_power_key**: (default: poweroff') +* **handle_suspend_key**: (default: suspend') +* **hibernate_key_ignore_inhibited**: (default: false) +* **holdoff_timeout_sec**: (default: 30) +* **idle_action**: (default: ignore') +* **idle_action_sec**: (default: 30min') +* **inhibit_delay_max_sec**: (default: 5) +* **inhibitors_max**: (default: 8192) +* **kill_exclude_users**: (default: ['root']) +* **kill_only_users**: (default: []) +* **kill_user_processes**: (default: true) +* **lid_switch_ignore_inhibited**: (default: true) +* **n_auto_vts**: (default: 6) +* **power_key_ignore_inhibited**: (default: false) +* **remove_ipc**: (default: false) +* **reserve_vt**: (default: 6) +* **runtime_directory_size**: (default: 10%') +* **sessions_max**: (default: 8192) +* **suspend_key_ignore_inhibited**: (default: false) +* **user_tasks_max**: (default: 33%') ### defines @@ -280,6 +311,8 @@ User=monitoring #### systemd::service::dropin +* **dropin_order**: dropin priority - part of the filename, only useful for multiple dropin files (default: 99) +* **dropin_name**: dropin name (default: override) * **execstart**: command to start daemon (default: undef) * **execstop**: command to stop daemon (default: undef) * **execreload**: commands or scripts to be executed when the unit is reloaded (default: undef) diff --git a/manifests/init.pp b/manifests/init.pp index 5be0d46..8921b8d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,7 +1,7 @@ # # https://wiki.archlinux.org/index.php/systemd#Service_types # -class systemd($removeipc='no') inherits systemd::params { +class systemd($removeipc = 'no') inherits systemd::params { Exec { path => '/bin:/sbin:/usr/bin:/usr/sbin', @@ -19,11 +19,5 @@ refreshonly => true, } - file { '/etc/systemd/logind.conf': - ensure => 'present', - owner => 'root', - group => 'root', - mode => '0644', - content => template("${module_name}/logind.erb"), - } + include ::systemd::logind } diff --git a/manifests/logind.pp b/manifests/logind.pp new file mode 100644 index 0000000..fafe91f --- /dev/null +++ b/manifests/logind.pp @@ -0,0 +1,69 @@ +class systemd::logind( + $handle_hibernate_key = 'hibernate', + $handle_lid_switch = 'suspend', + $handle_lid_switch_docked = 'ignore', + $handle_power_key = 'poweroff', + $handle_suspend_key = 'suspend', + $hibernate_key_ignore_inhibited = false, + $holdoff_timeout_sec = 30, + $idle_action = 'ignore', + $idle_action_sec = '30min', + $inhibit_delay_max_sec = 5, + $inhibitors_max = 8192, + $kill_exclude_users = ['root'], + $kill_only_users = [], + $kill_user_processes = true, + $lid_switch_ignore_inhibited = true, + $n_auto_vts = 6, + $power_key_ignore_inhibited = false, + $remove_ipc = yesno2bool($systemd::removeipc), + $reserve_vt = 6, + $runtime_directory_size = '10%', + $sessions_max = 8192, + $suspend_key_ignore_inhibited = false, + $user_tasks_max = '33%', + ) inherits systemd { + + validate_bool($hibernate_key_ignore_inhibited, $kill_user_processes, + $lid_switch_ignore_inhibited, $power_key_ignore_inhibited, + $remove_ipc, $suspend_key_ignore_inhibited) + + validate_array($kill_exclude_users, $kill_only_users) + + validate_integer([$inhibitors_max, $n_auto_vts, $reserve_vt]) + + validate_re($handle_hibernate_key, ['^ignore$', '^poweroff$', '^reboot$', + '^halt$', '^kexec$', '^suspend$', '^hibernate$', + '^hybrid-sleep$', '^lock$']) + + validate_re($handle_hibernate_key, ['^ignore$', '^poweroff$', '^reboot$', + '^halt$', '^kexec$', '^suspend$', '^hibernate$', + '^hybrid-sleep$', '^lock$']) + + validate_re($handle_lid_switch, ['^ignore$', '^poweroff$', '^reboot$', + '^halt$', '^kexec$', '^suspend$', + '^hibernate$', '^hybrid-sleep$', '^lock$']) + + validate_re($handle_lid_switch_docked, ['^ignore$', '^poweroff$', + '^reboot$', '^halt$', '^kexec$', + '^suspend$', '^hibernate$', + '^hybrid-sleep$', '^lock$']) + + validate_re($handle_power_key, ['^ignore$', '^poweroff$', '^reboot$', + '^halt$', '^kexec$', '^suspend$', + '^hibernate$', '^hybrid-sleep$', '^lock$']) + + validate_re($handle_suspend_key, ['^ignore$', '^poweroff$', '^reboot$', + '^halt$', '^kexec$', '^suspend$', + '^hibernate$', '^hybrid-sleep$', '^lock$']) + + + file { '/etc/systemd/logind.conf': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0644', + content => template("${module_name}/logind.erb"), + notify => Exec['systemctl reload'], + } +} diff --git a/metadata.json b/metadata.json index 4ae4215..663ec1a 100644 --- a/metadata.json +++ b/metadata.json @@ -1,15 +1,15 @@ { "name": "eyp-systemd", - "version": "0.1.38", + "version": "0.1.39", "author": "eyp", - "summary": "management of systemd services (/etc/systemd/system/...), basic socket management", + "summary": "management of systemd services, services dropins, sockets and timers", "license": "Apache-2.0", "source": "https://github.com/NTTCom-MS/eyp-systemd", "project_page": "https://github.com/NTTCom-MS/eyp-systemd", "issues_url": "https://github.com/NTTCom-MS/eyp-systemd/issues", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 1.0.0 < 9.9.9"}, - {"name":"eyp/eyplib","version_requirement":">= 0.1.0 < 0.2.0"} + {"name":"eyp/eyplib","version_requirement":">= 0.1.12 < 0.2.0"} ], "operatingsystem_support": [ { diff --git a/spec/acceptance/base_spec.rb b/spec/acceptance/base_spec.rb index 2e85ef6..124b6dc 100644 --- a/spec/acceptance/base_spec.rb +++ b/spec/acceptance/base_spec.rb @@ -31,6 +31,11 @@ class { 'systemd': } its(:content) { should match 'ExecStart=/bin/sleep 60' } end + describe file("/etc/systemd/logind.conf") do + it { should be_file } + its(:content) { should match 'RemoveIPC=no' } + end + it "systemctl status" do expect(shell("systemctl status test").exit_code).to be_zero end diff --git a/spec/classes/logind_spec.rb b/spec/classes/logind_spec.rb new file mode 100644 index 0000000..7b38201 --- /dev/null +++ b/spec/classes/logind_spec.rb @@ -0,0 +1,35 @@ +require 'spec_helper' +describe 'systemd::logind' do + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) { facts } + context 'with defaults for all parameters' do + it { should contain_class('systemd::logind') } + it do + should contain_file('/etc/systemd/logind.conf') + .with_content(/KillExcludeUsers=root/) + .with_content(/KillUserProcesses=yes/) + .with_content(/NAutoVTs=6/) + .without_content(/KillOnlyUsers/) + .with_content(/InhibitDelayMaxSec=5/) + end + end + context 'with some values set' do + let(:params) do + { + :inhibit_delay_max_sec => 55, + :kill_only_users => ['foo', 'bar'] + } + end + it do + should contain_file('/etc/systemd/logind.conf') + .with_content(/KillExcludeUsers=root/) + .with_content(/KillUserProcesses=yes/) + .with_content(/NAutoVTs=6/) + .with_content(/KillOnlyUsers=foo bar/) + .with_content(/InhibitDelayMaxSec=55/) + end + end + end + end +end diff --git a/templates/logind.erb b/templates/logind.erb index 40d0035..01c5d74 100644 --- a/templates/logind.erb +++ b/templates/logind.erb @@ -1,5 +1,4 @@ -# -# puppet managed file +###  puppet managed file # # This file is part of systemd. # @@ -9,24 +8,68 @@ # (at your option) any later version. # # See logind.conf(5) for details +<%- + +var_to_systemd_directives = { + 'handle_hibernate_key' => 'HandleHibernateKey', + 'handle_lid_switch' => 'HandleLidSwitch', + 'handle_lid_switch_docked' => 'HandleLidSwitchDocked', + 'handle_power_key' => 'HandlePowerKey', + 'handle_suspend_key' => 'HandleSuspendKey', + 'hibernate_key_ignore_inhibited' => 'HibernateKeyIgnoreInhibited', + 'holdoff_timeout_sec' => 'HoldoffTimeoutSec', + 'idle_action' => 'IdleAction', + 'idle_action_sec' => 'IdleActionSec', + 'inhibit_delay_max_sec' => 'InhibitDelayMaxSec', + 'inhibitors_max' => 'InhibitorsMax', + 'kill_exclude_users' => 'KillExcludeUsers', + 'kill_only_users' => 'KillOnlyUsers', + 'kill_user_processes' => 'KillUserProcesses', + 'lid_switch_ignore_inhibited' => 'LidSwitchIgnoreInhibited', + 'n_auto_vts' => 'NAutoVTs', + 'power_key_ignore_inhibited' => 'PowerKeyIgnoreInhibited', + 'remove_ipc' => 'RemoveIPC', + 'reserve_vt' => 'ReserveVT', + 'runtime_directory_size' => 'RuntimeDirectorySize', + 'sessions_max' => 'SessionsMax', + 'suspend_key_ignore_inhibited' => 'SuspendKeyIgnoreInhibited', + 'user_tasks_max' => 'UserTasksMax' +} + +-%> [Login] -#NAutoVTs=6 -#ReserveVT=6 -#KillUserProcesses=no -#KillOnlyUsers= -#KillExcludeUsers=root -#InhibitDelayMaxSec=5 -#HandlePowerKey=poweroff -#HandleSuspendKey=suspend -#HandleHibernateKey=hibernate -#HandleLidSwitch=suspend -#PowerKeyIgnoreInhibited=no -#SuspendKeyIgnoreInhibited=no -#HibernateKeyIgnoreInhibited=no -#LidSwitchIgnoreInhibited=yes -#IdleAction=ignore -#IdleActionSec=30min -<% if defined?(@removeipc) -%> -RemoveIPC=<%= @removeipc %> +<% + all_var_names = %w( handle_hibernate_key handle_lid_switch handle_lid_switch_docked + handle_power_key handle_suspend_key + hibernate_key_ignore_inhibited holdoff_timeout_sec + idle_action idle_action_sec inhibit_delay_max_sec + inhibitors_max kill_exclude_users kill_only_users + kill_user_processes lid_switch_ignore_inhibited + n_auto_vts power_key_ignore_inhibited remove_ipc + reserve_vt runtime_directory_size sessions_max + suspend_key_ignore_inhibited user_tasks_max) + + bool_var_names = %w( hibernate_key_ignore_inhibited kill_user_processes + lid_switch_ignore_inhibited power_key_ignore_inhibited + remove_ipc suspend_key_ignore_inhibited ) + + list_var_names = %w(kill_exclude_users kill_only_users) + +all_var_names.each do | variableName | -%> +<%- if scope[variableName].to_s != 'undef' and !scope[variableName].nil? + if list_var_names.include? variableName + next if scope[variableName].empty? + myvalue = scope[variableName].join(' ') + + elsif bool_var_names.include? variableName + myvalue = scope.function_bool2yesno([scope[variableName]]) + + else + myvalue = scope[variableName] + + end +-%> +<%= var_to_systemd_directives[variableName] -%>=<%= myvalue %> +<%- end -%> <% end -%>