Re: [systemd-devel] environment variable questions
On Fri, Jun 17, 2016 at 7:04 PM, Brian Kroth wrote: > Mantas Mikulėnas 2016-06-17 07:47: > > On Fri, Jun 17, 2016 at 6:01 AM, Brian Kroth wrote: >> >> Hi again, related to my inetd conversion example, in my .service unit I >>> have something like this: >>> >>> # nagios-nrpe-server@.service: >>> [Service] >>> Environment=NICENESS=0 >>> EnvironmentFile=-/etc/default/nagios-nrpe-server >>> ExecStart=/usr/sbin/nrpe -i $DAEMON_OPTIONS >>> Nice=$NICENESS >>> >>> # /etc/default/nagios-nrpe-server: >>> DAEMON_OPTIONS="--no-ssl" >>> #NICENESS=5 >>> INETD=1 >>> >>> >>> With that I get this sort of error message: >>> [/etc/systemd/system/nagios-nrpe-server@.service] Failed to parse nice >>> priority, ignoring: $NICENESS >>> >>> I added the leading "Environment=NICENESS=0" directive to try and make >>> sure it wasn't just an empty variable kinda thing, but it didn't seem to >>> help. >>> >>> >>> It's somewhat unclear from the man pages as to whether or not $VAR >>> expansion is done outside of the Exec* directives, and I couldn't find a >>> definitive answer online, but based on the above, I'm guessing it's not, >>> correct? >>> >>> >> No, they're not expanded anywhere else. >> >> Generally it's best to entirely avoid indirection via /etc/default, and >> just configure daemons directly via their .service units. (Unlike init >> scripts, they're freely editable by sysadmins.) In certain cases, a >> variable for command-line arguments might make sense, but $NICENESS? Why? >> > > It was mostly an exercise in understanding as I went through the process > of trying to convert a legacy init script over for myself. > > I think I agree with you that it's easy enough to add the > /etc/systemd/system/$service.conf.d/override.conf style overrides for > individual parameters like that. > > The distaste I guess I'm left with is that, at least as things transition, > we end up having to look in several places to figure out where all the > configuration sources are coming from (eg: /etc/default, > /{etc,run,lib}/systemd, etc.). It's not always clear on first glance which > parts are respected by other parts. Use `systemctl cat ` (when a more recent systemd reaches your distro), and `systemd-delta`. -- Mantas Mikulėnas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] inetd-style service with connection logging
Mantas Mikulėnas 2016-06-17 08:00: On Fri, Jun 17, 2016 at 5:05 AM, Brian Kroth wrote: Hi, I'm trying to convert an old school inetd service into a systemd socket activation. More or less what was describe in [1] worked for me. However, the bit I'm currently missing is connection logging. With the openbsd-inetd package (Debian), one could enable libwrap style logging with the -l option to inetd and get something like this: Jun 16 00:00:16 faitest32 inetd[16032]: connection from 10.130.105.148, service nrpe (tcp) Anyone know how to do that with systemd socket/service pairs? Does it just require a ExecPreStart sort of rule to echo %i (or some such) into a logger pipe (or whatever the journal equivalent of that is), or is there a directive to get that that I'm just missing in my googling? As of v209, the source address is *always* logged when the instance starts (well, technically, it's added to the service description) – search the journal for MESSAGE_ID=39f53479d3a045ac8e11786248231fbf. (Can't filter by unit unfortunately since UNIT= only has the unique name of the instance, not the generic one...) Jun 16 18:19:10 frost systemd[1]: Started OpenSSH Per-Connection Daemon ([fd80:56c2:e21c:288b:8199:931f:3a4e:cfb3]:56168). Jun 16 18:22:07 frost systemd[1]: Started OpenSSH Per-Connection Daemon ( 10.114.14.18:60064). Jun 17 07:52:34 frost systemd[1]: Started Ident (RFC 1413) per-connection server ([::1]:50860). Hmm, I'm running v215 on a Debian Jessie machine, but that MESSAGE_ID isn't turning anything up for the messages I was expecting. # journalctl --all -x | grep -i nrpe ... Jun 17 10:05:15 faitest64 systemd[1]: [/etc/systemd/system/nagios-nrpe-server@.service:25] Failed to parse nice priority, ignoring: $NICENESS. (from before I took that out from my other question thread) # journalctl MESSAGE_ID=39f53479d3a045ac8e11786248231fbf -- Logs begin at Thu 2016-06-16 18:46:02 CDT, end at Fri 2016-06-17 11:09:04 CDT. -- Jun 17 00:19:35 faitest64 systemd[886]: Reached target Paths. Jun 17 00:19:35 faitest64 systemd[886]: Reached target Timers. Jun 17 00:19:35 faitest64 systemd[886]: Reached target Sockets. Jun 17 00:19:35 faitest64 systemd[886]: Reached target Basic System. Jun 17 00:19:35 faitest64 systemd[886]: Reached target Default. Jun 17 00:19:40 faitest64 systemd[886]: Reached target Shutdown. Do you know the commit id for that change offhand? Maybe Debian stripped the patch or something, though I'm not sure why that would have happened. Thanks, Brian signature.asc Description: Digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] environment variable questions
Mantas Mikulėnas 2016-06-17 07:47: On Fri, Jun 17, 2016 at 6:01 AM, Brian Kroth wrote: Hi again, related to my inetd conversion example, in my .service unit I have something like this: # nagios-nrpe-server@.service: [Service] Environment=NICENESS=0 EnvironmentFile=-/etc/default/nagios-nrpe-server ExecStart=/usr/sbin/nrpe -i $DAEMON_OPTIONS Nice=$NICENESS # /etc/default/nagios-nrpe-server: DAEMON_OPTIONS="--no-ssl" #NICENESS=5 INETD=1 With that I get this sort of error message: [/etc/systemd/system/nagios-nrpe-server@.service] Failed to parse nice priority, ignoring: $NICENESS I added the leading "Environment=NICENESS=0" directive to try and make sure it wasn't just an empty variable kinda thing, but it didn't seem to help. It's somewhat unclear from the man pages as to whether or not $VAR expansion is done outside of the Exec* directives, and I couldn't find a definitive answer online, but based on the above, I'm guessing it's not, correct? No, they're not expanded anywhere else. Generally it's best to entirely avoid indirection via /etc/default, and just configure daemons directly via their .service units. (Unlike init scripts, they're freely editable by sysadmins.) In certain cases, a variable for command-line arguments might make sense, but $NICENESS? Why? It was mostly an exercise in understanding as I went through the process of trying to convert a legacy init script over for myself. I think I agree with you that it's easy enough to add the /etc/systemd/system/$service.conf.d/override.conf style overrides for individual parameters like that. The distaste I guess I'm left with is that, at least as things transition, we end up having to look in several places to figure out where all the configuration sources are coming from (eg: /etc/default, /{etc,run,lib}/systemd, etc.). It's not always clear on first glance which parts are respected by other parts. Also, so long as I'm asking questions, I've got one about Condition* directives. There doesn't seem to be one for Environment variable sort of parsing or some sort of shell command evaluation (eg: returns 0 kinda thing). Nope. (I think this was rejected once already.) Ask #debian-systemd about how they're dealing with the existing /etc/default files with "ENABLE=yes" during upgrades to native units... Will do, thanks. Though It's slightly different for .service, where a failed ExecStartPre can cancel the start of the main daemon. There's also the "generator" concept, where external tools are used to create actual unit files in RAM (or do the equivalent of `systemctl enable`) before systemd even starts the boot process; this is how /etc/fstab is parsed into .mount units by fstab-generator, for example, and also how Debian's sysv-generator creates fake .service units for old /etc/init.d scripts. Yeah, I get the reason for those, but I find them somewhat opaque when trying to analyze the configuration of a system, especially outside of a running system itself (eg: just on the config management end of things). Something like: # nagios-nrpe-server.socket: [Unit] ConditionReturnsZero=/bin/grep -q ^INETD=1$ /etc/default/nagios-nrpe-server I got to thinking about this for the INETD directive that comes in the /etc/default/nagios-nrpe-server script. It's somewhat irrelevant in this case since the .socket unit already needs to be active before the @.service pair is instantiated. Looking at some of the other examples the system ships with like ssh.service vs ssh@.service/ssh.socket, they have Conflicts= directives against each other, but there's not really a conf file that I see that directs the system to use inetd-style vs daemon mode for those. I'm not really sure how this could have worked even before systemd.. I mean, this would be selecting between two entirely separate systems, and even if the init.d scripts understood that INETD=yes means "do not start the daemon", I doubt [x]inetd itself cared about configuration /etc/default at all. (Did it?) No, that's a good point. I think you're probably right: there are inetd helpers for dpkg at least, but I think it was probably still up to the admin to make sure one was disabled and the other was enabled, so that notion at least doesn't change - just the mechanism. So, since there's not really a way to read that from an EnvironmentFile style conf file and use it in a Conditional* directive to disable one vs the other right now, is it just expected that people use something like "systemctl mask ssh.service" vs. "systemctl mask ssh.socket" to select between them? It's expected that people use `systemctl enable` and `systemctl disable` to select between them. K, that's what I figured. Good to hear it from another source though. Thanks again. Cheers, Brian signature.asc Description: Digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/