systemd: compatibility drop-in for kresd@.service

Unify the drop-in files for manual activation and systemd compatibility,
since it is not recommended to use manual activation if socket
activation is supported.

Also add --forks=1 to the command, otherwise the service attempts to
start in interactive mode.

diff --git a/systemd/README.md b/systemd/README.md
index a194c5d5ba4673ed0672fce7c9a85c6b96c8d19b..aa7046d0199712392380ec9c8d763f200627ade0 100644 (file)
--- a/systemd/README.md
+++ b/systemd/README.md
@@ -11,26 +11,13 @@ Usage and Configuration
 
 See kresd.systemd(7) for details.
 
-Manual activation
------------------
+Compatibility with older systemd
+--------------------------------
 
-If you wish to use manual activation without sockets, you have to
-grant the service the capability to bind to well-known ports, and you
-should disable allocation of other sockets from systemd itself. You
-can use a drop-in file like so:
-
-    # /etc/systemd/system/kresd@.service.d/override.conf
-    [Service]
-    AmbientCapabilities=CAP_NET_BIND_SERVICE
-    Sockets=
-
-If you do this, make sure you've indicated which ports to bind to in
-/etc/knot-resolver/kresd.conf , and also do:
-
-    systemctl disable --now kresd.socket kresd-tls.socket 'kresd-control@*.socket'
+If you're using systemd prior to version 227, use the systemd-compat.conf
+drop-in file to use manual activation. In this case, socket files shouldn't
+be packaged, because they won't be used.
 
 Notes
 -----
 
-*  If you're using systemd prior to version 227, use a drop-in file to change
-   the service type to simple. See drop-in/systemd-compat.conf.

diff --git a/systemd/drop-in/manual-activation.conf b/systemd/drop-in/manual-activation.conf
deleted file mode 100644 (file)
index dbf6055..0000000
--- a/systemd/drop-in/manual-activation.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/systemd/system/kresd@.service.d/override.conf
-
-# If socket activation isn't used, the CAP_NET_BIND_SERVICE is necessary
-# to be able to bind to a well-known port as an unprivilidged user.
-
-[Service]
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-Sockets=

diff --git a/systemd/drop-in/systemd-compat.conf b/systemd/drop-in/systemd-compat.conf
index b33671a3ef5f978288b8771f84de337930f93b59..d251c4152f5c9fed56bc7a77c8c05b243d885b17 100644 (file)
--- a/systemd/drop-in/systemd-compat.conf
+++ b/systemd/drop-in/systemd-compat.conf
@@ -1,6 +1,17 @@
-# /etc/systemd/system/kresd@.service.d/override.conf
+# /usr/lib/systemd/system/kresd@.service.d/override.conf
 
-# If systemd.227+ isn't available (e.g. CentOS 7), change the service type.
+# If systemd.227+ isn't available (e.g. CentOS 7), socket activation can't be used
+# and the following modifications are required to use the service with
+# manual activation.
+
+# CAP_NET_BIND_SERVICE is necessary to be able to bind to a well-known port
+# as an unprivilidged user.
+
+# Explicit --forks=1 turns off interactive mode.
 
 [Service]
 Type=simple
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+ExecStart=
+ExecStart=/usr/sbin/kresd --config=/etc/knot-resolver/kresd.conf --forks=1
+Sockets=