With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I4aab8ba621228d3fbf79b1da8227be41f3258b5f
WHile you can leverage config_overrides for that, it might become
tricky if you need to define more then 1 pre/post exec tasks.
Change-Id: I3d8b36f5e9f4be89eaff848d8ba88a38ce5285e4
This functionality is pretty neat and used widely if you need to pass
specific argument to the unit service, but rest of the parameters can
be left intact.
Change-Id: I6eb80ac0f9f0257402697a255518bb2c66d0dfd5
To remove complexity from the code we remove variable systemd_lock_path
since variable systemd_lock_dir with common functionality has been
introduced.
Change-Id: I61bb44450a7fb1cface2b93302e02c8fd358a034
Since /var/run is a symlink to /run and /var/lock is a symlink to
/run/lock for all modern operationg systems, it makes sense to
change default paths that are used.
To make such changes more flexible, ``systemd_run_dir`` and
``systemd_lock_dir`` are introduced.
Change-Id: I60d321fcdce3d3a94233cc25c92898d9e9f2a9b8
Since there might be a necessity to override already existing in the
system services, like provided ones by system packages, which we
just want to adjust, we need option to create service overrides in
systemd.servce.d directory.
Change-Id: Ic7488edbc0487fe932c706dc26f2f8adb36cb427
We need to be able to configure systemd-sockets. Since they are attached
to the service it make sense to make it as an element to the service.
Change-Id: Ic481921151fc8d7af7f1ca9b003adb8e3c967e16
This reverts commit 6285b6c638.
There is no use made of this functionality anywhere outside the tests
for this role, so revert the code. The intention is to reduce general
overhead in systemd_service and reduce the number of skipped tasks
in an OSA deployment.
Conflicts: tests/test.yml
Change-Id: I3d28967a64ea9d91219294bdc30d337c9c6d2e50
Depending on the network-online.target rather than network.target
will result in more reliable service startups since network.target
does not indicate that the network stack has fully started, only
that networking has been initialized. When starting network-related
services like neturon, where a bridge or veth interface may be
expected to exist already, relying on network.target can cause broken
service startup during system reboots since the interfaces depended
on may not exist yet once network.target is reached.
By relying on network-online.target instead, units will start more
reliably during system reboots or network restarts.
The systemd docs at
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/#conceptsinsystemd
provide more information about why we should use the network-online
instead of the network target.
Change-Id: I7fca0af11bf7a0fed18294c97b81ef1dfa074e34
This change adds the ability to effectively use the PrivateNetwork
functionality systemd provides for services. Now, if enabled, services
can be created in a network namespace which isolates it from the reset
of the host. Additional options have been added allowing access into the
network namespace over ephemeral devices as needed.
Highlights:
* Isolated private networking for services will sandbox using a stand
alone namespace which has no access to anything via the network.
* Access into a private namespace can be provided over a single network
interface which can be IP'd via local DHCP + NAT or using an upstream
DHCP server.
* Tests have been added to exercise the new functionality.
All of the funcality has been documented in the defaults of this role.
Change-Id: I6751765131f32393a1605eb2100bec46199d980a
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This patch allows PartOf to be defined in the [Unit] section of
a given systemd service. Doing so creates a one-way dependency
on the given service that is limited to stopping and restarting of units.
Change-Id: I2b802d868ba0c8b085379daae8a9fa4f36281eea
Make sure those options are only set if systemd >= 235, since they were
introduced in that version.
Change-Id: I51f133931a73d648604b5166a7c09da6ffd4c178
Related-Bug: 1805847
Systemd service units may require additional environment settings to
be effective. This patch adds two new variables to the systemd_service
role which will allow operators to add environment variables to a
given service as needed. These options be be supplied globally or
from within a service definition.
Documentation on how these options are used has been added to the
defaults file.
A test has been added to ensure we're exercising the new capability.
Change-Id: If4ea993b7173ac3218f051a1d4f0fba9aeb838ea
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
The option `systemd_lock_path` is intended to be set globally
and locally however the global implementation has never been
implemented.
* The global option will ensure the run and lock path is setup
for all services within the `systemd_services` array.
* The local option provices a way to override a global lock path
based on specific service needs.
Change-Id: I373b8905c01ff666b5705bd3bb3c76c3e74a64ab
Add 'after_targets' as its own key inside a systemd services dictionary
instead of using config_template overrides.
Change-Id: I8d2ae74010c040544b8099f596678acd71e727e9
The private sandbox options are emitting odd behaviour in newer kernels.
This change sets the sandbox options to false by default so that we're
not creating unexpected issues.
Change-Id: I670ae94525f80e70f03327591cba0e27c2ac0f2b
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Systemd provides for "timers" which is replacing cron. This change
implements timers as an option to any created service.
Change-Id: I8fdca58fcb43726560521c7c25f7e57cfb61353b
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change adds the documentation list default to our systemd service
files when populated. This is feature will provide us the ability to
link services to specific documentation which operators will be able to
see when querying a service.
Change-Id: I514d907ccbb52cc6010a29c4c3e10eb2cf558dfa
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
A global var systemd_service_restart_changed is added which toggles
restart on unit file change for all systemd_services.
A systemd_services var 'restart_changed' is added to toggle restarts
on a per-service basis.
systemd daemon is not reloaded in a loop anymore, it is only
reloaded once, in a handler, when unit files change.
Consumer roles of systemd_service can listen to the handler
'systemd service changed' to implement additional orchestration when
service units are modified.
Change-Id: I803bca638c30696004f934ad1e28920786948f38
* Document the optionality in the defaults
* validate the input in the tasks before it's templated
* Standardize on the exec(starts,stops,reloads} interface
* Update the readme
* Add functional test
Change-Id: Icae36f970178b1cc79d069a94321afb1732a8c5c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Combine the flow for simple and oneshot services into one set of
execstart/execreload/execstop loops.
Change-Id: I2c250f7d0d14747b50fd77f54d3777c28f11e957
Dmitriy Rabotyagov