Blame SOURCES/0001-Issue-49875-Move-SystemD-service-config-to-a-drop-in.patch

232633
From 5b36c591ef0e79ee1fd4a0db4644d9d0e8d183ca Mon Sep 17 00:00:00 2001
232633
From: Matus Honek <mhonek@redhat.com>
232633
Date: Mon, 27 May 2019 10:59:03 +0000
232633
Subject: [PATCH] Issue 49875 - Move SystemD service config to a drop-in file
232633
232633
Bug Description:
232633
Runtime configuration options are mixed into the service specification
232633
which should seldom be changed by users.
232633
232633
Fix Description:
232633
Move the runtime configuration options into a drop-in file. These options
232633
are then automatically pulled in by SystemD.
232633
232633
Additional Info:
232633
Erasing the default values of the mentioned options to implicitly pull in
232633
system defaults which are more sane nowadays.
232633
232633
The .service file is now common for xsan and non-xsan builds, the former
232633
differring only by an additional drop-in file.
232633
232633
Related https://pagure.io/389-ds-base/issue/49875
232633
232633
Author: Matus Honek <mhonek@redhat.com>
232633
232633
Review by: firstyear, mreynolds, vashirov (thanks!)
232633
---
232633
 Makefile.am                                   | 23 ++++--
232633
 configure.ac                                  |  2 +
232633
 .../systemd.template.service.custom.conf.in   | 52 +++++++++++++
232633
 wrappers/systemd.template.service.in          | 57 +-------------
232633
 .../systemd.template.service.xsan.conf.in     | 11 +++
232633
 wrappers/systemd.template.xsan.service.in     | 77 -------------------
232633
 6 files changed, 85 insertions(+), 137 deletions(-)
232633
 create mode 100644 wrappers/systemd.template.service.custom.conf.in
232633
 create mode 100644 wrappers/systemd.template.service.xsan.conf.in
232633
 delete mode 100644 wrappers/systemd.template.xsan.service.in
232633
232633
diff --git a/Makefile.am b/Makefile.am
232633
index 01ac3a04d..de9e0c460 100644
232633
--- a/Makefile.am
232633
+++ b/Makefile.am
232633
@@ -300,6 +300,7 @@ serverdir = $(libdir)/@serverdir@
232633
 serverplugindir = $(libdir)@serverplugindir@
232633
 taskdir = $(datadir)@scripttemplatedir@
232633
 systemdsystemunitdir = @with_systemdsystemunitdir@
232633
+systemdsystemunitdropindir = @with_systemdsystemunitdir@/$(PACKAGE_NAME)@.service.d
232633
 systemdsystemconfdir = @with_systemdsystemconfdir@
232633
 systemdgroupname = @with_systemdgroupname@
232633
 initdir = @initdir@
232633
@@ -880,6 +881,11 @@ if SYSTEMD
232633
 systemdsystemunit_DATA = wrappers/$(PACKAGE_NAME)@.service \
232633
 	wrappers/$(systemdgroupname) \
232633
 	wrappers/$(PACKAGE_NAME)-snmp.service
232633
+
232633
+systemdsystemunitdropin_DATA = wrappers/$(PACKAGE_NAME)@.service.d/custom.conf
232633
+if with_sanitizer
232633
+systemdsystemunitdropin_DATA += wrappers/$(PACKAGE_NAME)@.service.d/xsan.conf
232633
+endif
232633
 else
232633
 if INITDDIR
232633
 init_SCRIPTS = wrappers/$(PACKAGE_NAME) \
232633
@@ -2314,12 +2320,17 @@ endif
232633
 # yes, that is an @ in the filename . . .
232633
 %/$(PACKAGE_NAME)@.service: %/systemd.template.service.in
232633
 	if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
232633
-	if [ ! -z ${SANITIZER} ] ; then \
232633
-		service_template=$(shell echo $^ | sed 's/template/template.xsan/g'); \
232633
-		else \
232633
-		service_template=$^; \
232633
-	fi; \
232633
-	$(fixupcmd) $$service_template > $@
232633
+	$(fixupcmd) $^ > $@
232633
+
232633
+%/$(PACKAGE_NAME)@.service.d/custom.conf: %/systemd.template.service.custom.conf.in
232633
+	if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
232633
+	$(fixupcmd) $^ > $@
232633
+
232633
+if with_sanitizer
232633
+%/$(PACKAGE_NAME)@.service.d/xsan.conf: %/systemd.template.service.xsan.conf.in
232633
+	if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
232633
+	$(fixupcmd) $^ > $@
232633
+endif
232633
 
232633
 %/$(systemdgroupname): %/systemd.group.in
232633
 	if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
232633
diff --git a/configure.ac b/configure.ac
232633
index 3660e6816..d329e84a9 100644
232633
--- a/configure.ac
232633
+++ b/configure.ac
232633
@@ -196,6 +196,8 @@ AC_SUBST([ubsan_cflags])
232633
 AC_SUBST([ubsan_rust_defs])
232633
 AM_CONDITIONAL(enable_ubsan,test "$enable_ubsan" = "yes")
232633
 
232633
+AM_CONDITIONAL(with_sanitizer,test "$enable_asan" = "yes" -o "$enable_msan" = "yes" -o "$enable_tsan" = "yes" -o "$enable_ubsan" = "yes")
232633
+
232633
 # Enable CLANG
232633
 AC_MSG_CHECKING(for --enable-clang)
232633
 AC_ARG_ENABLE(clang, AS_HELP_STRING([--enable-clang], [Enable clang (default: no)]),
232633
diff --git a/wrappers/systemd.template.service.custom.conf.in b/wrappers/systemd.template.service.custom.conf.in
232633
new file mode 100644
232633
index 000000000..0dce62826
232633
--- /dev/null
232633
+++ b/wrappers/systemd.template.service.custom.conf.in
232633
@@ -0,0 +1,52 @@
232633
+# To change any of the below values, please use a drop-in file in which
232633
+# you can declare overrides according to systemd.unit(5), either of:
232633
+# - applying to all instances:
232633
+#   /etc/systemd/system/dirsrv@.service.d/custom.conf
232633
+# - applying to a single instance (overriding the above):
232633
+#   /etc/systemd/system/dirsrv@<instance>.service.d/custom.conf
232633
+#
232633
+# Some of the most interesting coniguration options are mentioned below.
232633
+# See systemd.service(5) and systemd.exec(5) for the respective documentation.
232633
+#
232633
+# After updating the service configuration, do not forget to apply the changes:
232633
+# - reload systemd configuration: systemctl daemon-reload
232633
+# - restart the service: systemctl restart @package_name@@<instance>.service
232633
+
232633
+[Service]
232633
+TimeoutStartSec=0
232633
+TimeoutStopSec=600
232633
+
232633
+# These are from man systemd.exec and man systemd.resource-control
232633
+
232633
+# This controls the resources to the direct child of systemd, in
232633
+# this case ns-slapd. Because we are type notify we recieve these
232633
+# limits correctly.
232633
+
232633
+# This controls the number of file handles avaliable. File handles
232633
+# correlate to sockets for the process, and our access to logs and
232633
+# databases.  Note, the configuration setting in Directory Server,
232633
+# "nsslapd-maxdescriptors", can override this limit.
232633
+#LimitNOFILE=
232633
+
232633
+# You can limit the memory in the cgroup with these, and ns-slapd
232633
+# will account for them in it's autotuning.
232633
+# Memory account may be controlled by DefaultMemoryAccounting= in systemd-system.conf
232633
+#MemoryAccounting=yes
232633
+#MemoryLimit=<bytes>
232633
+
232633
+# Limits on the size of coredump that may be produced by the process. It's not
232633
+# specified how this interacts with coredumpd.
232633
+# 0 means not to produce cores.
232633
+#LimitCORE=<bytes>
232633
+
232633
+# Limit number of processes (threads) we may spawn. We don't advise you change
232633
+# this as DS will autodetect your threads / cpus and adjust as needed.
232633
+#LimitNPROC=
232633
+
232633
+# Possible hardening options:
232633
+#PrivateDevices=yes
232633
+#ProtectSystem=yes
232633
+#ProtectHome=yes
232633
+#PrivateTmp=yes
232633
+
232633
+
232633
diff --git a/wrappers/systemd.template.service.in b/wrappers/systemd.template.service.in
232633
index 7142c3492..2ac6f978f 100644
232633
--- a/wrappers/systemd.template.service.in
232633
+++ b/wrappers/systemd.template.service.in
232633
@@ -1,17 +1,6 @@
232633
-# you usually do not want to edit this file - instead, edit the
232633
-# @initconfigdir@/@package_name@.systemd file instead - otherwise,
232633
-# do not edit this file in /lib/systemd/system - instead, do the following:
232633
-# cp /lib/systemd/system/dirsrv\@.service /etc/systemd/system/dirsrv\@.service
232633
-# mkdir -p /etc/systemd/system/@systemdgroupname@.wants
232633
-# edit /etc/systemd/system/dirsrv\@.service - uncomment the LimitNOFILE=8192 line
232633
-# where %i is the name of the instance
232633
-# you may already have a symlink in
232633
-# /etc/systemd/system/@systemdgroupname@.wants/dirsrv@%i.service pointing to
232633
-# /lib/systemd/system/dirsrv\@.service - you will have to change it to link
232633
-# to /etc/systemd/system/dirsrv\@.service instead
232633
-# ln -s /etc/systemd/system/dirsrv\@.service /etc/systemd/system/@systemdgroupname@.wants/dirsrv@%i.service
232633
-# systemctl daemon-reload 
232633
-# systemctl (re)start @systemdgroupname@
232633
+# You should not need to edit this file. Instead, use a drop-in file as described in:
232633
+#   /usr/lib/systemd/system/@package_name@@.service.d/custom.conf
232633
+
232633
 [Unit]
232633
 Description=@capbrand@ Directory Server %i.
232633
 PartOf=@systemdgroupname@
232633
@@ -21,51 +10,11 @@ Before=radiusd.service
232633
 [Service]
232633
 Type=notify
232633
 NotifyAccess=all
232633
-TimeoutStartSec=0
232633
-TimeoutStopSec=600
232633
 EnvironmentFile=-@initconfigdir@/@package_name@
232633
 EnvironmentFile=-@initconfigdir@/@package_name@-%i
232633
 PIDFile=@localstatedir@/run/@package_name@/slapd-%i.pid
232633
 ExecStartPre=@libexecdir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif
232633
 ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name@/slapd-%i.pid
232633
 
232633
-#### To change any of these values or directives, you should use a drop in file
232633
-# such as: /etc/systemd/system/dirsrv@<instance>.d/custom.conf
232633
-
232633
-# These are from man systemd.exec and man systemd.resource-control
232633
-
232633
-# This controls the resources to the direct child of systemd, in
232633
-# this case ns-slapd. Because we are type notify we recieve these
232633
-# limits correctly.
232633
-
232633
-# This controls the number of file handles avaliable. File handles
232633
-# correlate to sockets for the process, and our access to logs and
232633
-# databases.  Note, the configuration setting in Directory Server,
232633
-# "nsslapd-maxdescriptors", can override this limit.
232633
-LimitNOFILE=16384
232633
-
232633
-# You can limit the memory in the cgroup with these, and ns-slapd
232633
-# will account for them in it's autotuning.
232633
-# Memory account may be controlled by DefaultMemoryAccounting= in systemd-system.conf
232633
-# MemoryAccounting=true
232633
-# MemoryLimit=bytes
232633
-
232633
-# Limits on the size of coredump that may be produced by the process. It's not
232633
-# specified how this interacts with coredumpd.
232633
-# 0 means not to produce cores.
232633
-# This value is 64G
232633
-LimitCORE=68719476736
232633
-
232633
-# Limit number of processes (threads) we may spawn. We don't advise you change
232633
-# this as DS will autodetect your threads / cpus and adjust as needed.
232633
-# LimitNPROC=
232633
-
232633
-# Hardening options:
232633
-# PrivateDevices=true
232633
-# ProtectSystem=true
232633
-# ProtectHome=true
232633
-# PrivateTmp=true
232633
-
232633
 [Install]
232633
 WantedBy=multi-user.target
232633
-
232633
diff --git a/wrappers/systemd.template.service.xsan.conf.in b/wrappers/systemd.template.service.xsan.conf.in
232633
new file mode 100644
232633
index 000000000..f4bf809b9
232633
--- /dev/null
232633
+++ b/wrappers/systemd.template.service.xsan.conf.in
232633
@@ -0,0 +1,11 @@
232633
+# This file is present because the server has been built with a sanitizer.
232633
+# It is not meant for a production usage.
232633
+[Unit]
232633
+Description=@capbrand@ Directory Server with @SANITIZER@ %i.
232633
+
232633
+[Service]
232633
+# We can't symbolize here, as llvm symbolize crashes when it goes near systemd.
232633
+Environment=ASAN_OPTIONS=log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.asan:print_stacktrace=1
232633
+Environment=TSAN_OPTIONS=log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.tsan:print_stacktrace=1:second_deadlock_stack=1:history_size=7
232633
+Environment=MSAN_OPTIONS=log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.msan:print_stacktrace=1
232633
+Environment=UBSAN_OPTIONS=log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.ubsan:print_stacktrace=1
232633
diff --git a/wrappers/systemd.template.xsan.service.in b/wrappers/systemd.template.xsan.service.in
232633
deleted file mode 100644
232633
index 541392ff8..000000000
232633
--- a/wrappers/systemd.template.xsan.service.in
232633
+++ /dev/null
232633
@@ -1,77 +0,0 @@
232633
-# you usually do not want to edit this file - instead, edit the
232633
-# @initconfigdir@/@package_name@.systemd file instead - otherwise,
232633
-# do not edit this file in /lib/systemd/system - instead, do the following:
232633
-# cp /lib/systemd/system/dirsrv\@.service /etc/systemd/system/dirsrv\@.service
232633
-# mkdir -p /etc/systemd/system/@systemdgroupname@.wants
232633
-# edit /etc/systemd/system/dirsrv\@.service - uncomment the LimitNOFILE=8192 line
232633
-# where %i is the name of the instance
232633
-# you may already have a symlink in
232633
-# /etc/systemd/system/@systemdgroupname@.wants/dirsrv@%i.service pointing to
232633
-# /lib/systemd/system/dirsrv\@.service - you will have to change it to link
232633
-# to /etc/systemd/system/dirsrv\@.service instead
232633
-# ln -s /etc/systemd/system/dirsrv\@.service /etc/systemd/system/@systemdgroupname@.wants/dirsrv@%i.service
232633
-# systemctl daemon-reload 
232633
-# systemctl (re)start @systemdgroupname@
232633
-[Unit]
232633
-Description=@capbrand@ Directory Server with @SANITIZER@ %i.
232633
-PartOf=@systemdgroupname@
232633
-After=chronyd.service ntpd.service network-online.target syslog.target
232633
-Before=radiusd.service
232633
-
232633
-[Service]
232633
-Type=notify
232633
-NotifyAccess=all
232633
-TimeoutStartSec=0
232633
-TimeoutStopSec=600
232633
-EnvironmentFile=@initconfigdir@/@package_name@
232633
-EnvironmentFile=@initconfigdir@/@package_name@-%i
232633
-PIDFile=@localstatedir@/run/@package_name@/slapd-%i.pid
232633
-# We can't symbolize here, as llvm symbolize crashes when it goes near systemd.
232633
-Environment=ASAN_OPTIONS=log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.asan:print_stacktrace=1
232633
-Environment=TSAN_OPTIONS=log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.tsan:print_stacktrace=1:second_deadlock_stack=1:history_size=7
232633
-Environment=MSAN_OPTIONS=log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.msan:print_stacktrace=1
232633
-Environment=UBSAN_OPTIONS=log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.ubsan:print_stacktrace=1
232633
-LimitCORE=infinity
232633
-ExecStartPre=@libexecdir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif
232633
-ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name@/slapd-%i.pid
232633
-
232633
-#### To change any of these values or directives, you should use a drop in file
232633
-# such as: /etc/systemd/system/dirsrv@<instance>.d/custom.conf
232633
-
232633
-# These are from man systemd.exec and man systemd.resource-control
232633
-
232633
-# This controls the resources to the direct child of systemd, in
232633
-# this case ns-slapd. Because we are type notify we recieve these
232633
-# limits correctly.
232633
-
232633
-# This controls the number of file handles avaliable. File handles
232633
-# correlate to sockets for the process, and our access to logs and
232633
-# databases.
232633
-LimitNOFILE=16384
232633
-
232633
-# You can limit the memory in the cgroup with these, and ns-slapd
232633
-# will account for them in it's autotuning.
232633
-# Memory account may be controlled by DefaultMemoryAccounting= in systemd-system.conf
232633
-# MemoryAccounting=true
232633
-# MemoryLimit=bytes
232633
-
232633
-# Limits on the size of coredump that may be produced by the process. It's not
232633
-# specified how this interacts with coredumpd.
232633
-# 0 means not to produce cores.
232633
-# This value is 64G
232633
-LimitCORE=68719476736
232633
-
232633
-# Limit number of processes (threads) we may spawn. We don't advise you change
232633
-# this as DS will autodetect your threads / cpus and adjust as needed.
232633
-# LimitNPROC=
232633
-
232633
-# Hardening options:
232633
-# PrivateDevices=true
232633
-# ProtectSystem=true
232633
-# ProtectHome=true
232633
-# PrivateTmp=true
232633
-
232633
-
232633
-[Install]
232633
-WantedBy=multi-user.target
232633
-
232633
-- 
232633
2.21.0
232633