From: Tomas Krizek Date: Wed, 15 Jan 2020 09:51:23 +0000 (+0100) Subject: systemd: remove files for socket-activation X-Git-Tag: v5.0.0~3^2~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76e1701d2345f961d6b750e88642623d61c0edea;p=thirdparty%2Fknot-resolver.git systemd: remove files for socket-activation --- diff --git a/doc/meson.build b/doc/meson.build index 186042789..1131b61ea 100644 --- a/doc/meson.build +++ b/doc/meson.build @@ -8,8 +8,6 @@ man_config.set('date', run_command('../scripts/get-date.sh').stdout()) man_config.set('man_seealso_systemd', '') if systemd_files == 'enabled' man_config.set('man_seealso_systemd', '\\fIkresd.systemd(7)\\fR, ') -elif systemd_files == 'nosocket' - man_config.set('man_seealso_systemd', '\\fIkresd.systemd.nosocket(7)\\fR, ') endif man_kresd = configure_file( diff --git a/meson_options.txt b/meson_options.txt index b85631b68..75e079cd3 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -94,7 +94,6 @@ option( choices: [ 'disabled', 'enabled', - 'nosocket', ], value: 'disabled', description: 'installs systemd-related files', diff --git a/systemd/kresd-control@.socket.in b/systemd/kresd-control@.socket.in deleted file mode 100644 index 2280f0840..000000000 --- a/systemd/kresd-control@.socket.in +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Knot Resolver control socket -Documentation=man:kresd.systemd(7) -Documentation=man:kresd(8) -Before=sockets.target -PartOf=kresd@%i.service - -[Socket] -Service=kresd@%i.service -ListenStream=@run_dir@/control@%i -FileDescriptorName=control -SocketMode=0660 -Slice=system-kresd.slice - -[Install] -WantedBy=sockets.target diff --git a/systemd/kresd-doh.socket b/systemd/kresd-doh.socket deleted file mode 100644 index c4d0e0204..000000000 --- a/systemd/kresd-doh.socket +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Knot Resolver DNS-over-HTTPS socket -Documentation=man:kresd.systemd(7) -Documentation=man:kresd(8) -Before=sockets.target - -[Socket] -FreeBind=true -BindIPv6Only=both -FileDescriptorName=doh -ListenStream=[::1]:44353 -ListenStream=127.0.0.1:44353 -Service=kresd@1.service -Slice=system-kresd.slice - -[Install] -WantedBy=sockets.target diff --git a/systemd/kresd-doh.socket.d/all-interfaces.conf b/systemd/kresd-doh.socket.d/all-interfaces.conf deleted file mode 100644 index 6df2bfee6..000000000 --- a/systemd/kresd-doh.socket.d/all-interfaces.conf +++ /dev/null @@ -1,10 +0,0 @@ -# /etc/systemd/system/kresd-doh.socket.d/override.conf - -# Configure kresd-doh.socket to listen on all IPv4 and IPv6 interfaces. - -# Empty ListenStream= directive is required to avoid port clash with default -# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0:port instead - -[Socket] -ListenStream= -ListenStream=443 diff --git a/systemd/kresd-doh.socket.d/specific-interfaces.conf b/systemd/kresd-doh.socket.d/specific-interfaces.conf deleted file mode 100644 index 1108d3b29..000000000 --- a/systemd/kresd-doh.socket.d/specific-interfaces.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/systemd/system/kresd-doh.socket.d/override.conf - -# Configure which interfaces should kresd-doh.socket listen on. - -# ListenStream can be added multiple times. - -[Socket] -ListenStream=192.0.2.115:443 -ListenStream=[2001:db8::115]:443 diff --git a/systemd/kresd-tls.socket b/systemd/kresd-tls.socket deleted file mode 100644 index 22cddcd8f..000000000 --- a/systemd/kresd-tls.socket +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Knot Resolver DNS-over-TLS socket -Documentation=man:kresd.systemd(7) -Documentation=man:kresd(8) -Before=sockets.target - -[Socket] -FreeBind=true -BindIPv6Only=both -FileDescriptorName=tls -ListenStream=[::1]:853 -ListenStream=127.0.0.1:853 -Service=kresd@1.service -Slice=system-kresd.slice - -[Install] -WantedBy=sockets.target diff --git a/systemd/kresd-tls.socket.d/all-interfaces.conf b/systemd/kresd-tls.socket.d/all-interfaces.conf deleted file mode 100644 index 3d9d74aa5..000000000 --- a/systemd/kresd-tls.socket.d/all-interfaces.conf +++ /dev/null @@ -1,10 +0,0 @@ -# /etc/systemd/system/kresd-tls.socket.d/override.conf - -# Configure kresd-tls.socket to listen on all IPv4 and IPv6 interfaces. - -# Empty ListenStream= directive is required to avoid port clash with default -# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0:port instead - -[Socket] -ListenStream= -ListenStream=853 diff --git a/systemd/kresd-tls.socket.d/specific-interfaces.conf b/systemd/kresd-tls.socket.d/specific-interfaces.conf deleted file mode 100644 index ca3d21ede..000000000 --- a/systemd/kresd-tls.socket.d/specific-interfaces.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/systemd/system/kresd-tls.socket.d/override.conf - -# Configure which interfaces should kresd-tls.socket listen on. - -# ListenStream can be added multiple times. - -[Socket] -ListenStream=192.0.2.115:853 -ListenStream=[2001:db8::115]:853 diff --git a/systemd/kresd-webmgmt.socket b/systemd/kresd-webmgmt.socket deleted file mode 100644 index 1106bb993..000000000 --- a/systemd/kresd-webmgmt.socket +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Knot Resolver web management and API socket -Documentation=man:kresd.systemd(7) -Documentation=man:kresd(8) -Before=sockets.target - -[Socket] -FreeBind=true -BindIPv6Only=both -FileDescriptorName=webmgmt -ListenStream=[::1]:8453 -ListenStream=127.0.0.1:8453 -Service=kresd@1.service -Slice=system-kresd.slice - -[Install] -WantedBy=sockets.target diff --git a/systemd/kresd.socket b/systemd/kresd.socket deleted file mode 100644 index cf844b733..000000000 --- a/systemd/kresd.socket +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=Knot Resolver DNS socket -Documentation=man:kresd.systemd(7) -Documentation=man:kresd(8) -Before=sockets.target - -[Socket] -FreeBind=true -BindIPv6Only=both -FileDescriptorName=dns -ListenDatagram=[::1]:53 -ListenStream=[::1]:53 -ListenDatagram=127.0.0.1:53 -ListenStream=127.0.0.1:53 -Service=kresd@1.service -Slice=system-kresd.slice - -[Install] -WantedBy=sockets.target diff --git a/systemd/kresd.socket.d/all-interfaces.conf b/systemd/kresd.socket.d/all-interfaces.conf deleted file mode 100644 index bbe2eedcb..000000000 --- a/systemd/kresd.socket.d/all-interfaces.conf +++ /dev/null @@ -1,13 +0,0 @@ -# /etc/systemd/system/kresd.socket.d/override.conf - -# Configure kresd.socket to listen on all IPv4 and IPv6 interfaces. - -# Empty ListenDatagram= and ListenStream= directives are required to avoid port -# clash with default localhost. If you've disabled IPv6 support in kernel, use -# 0.0.0.0:port instead - -[Socket] -ListenDatagram= -ListenStream= -ListenDatagram=53 -ListenStream=53 diff --git a/systemd/kresd.socket.d/specific-interfaces.conf b/systemd/kresd.socket.d/specific-interfaces.conf deleted file mode 100644 index 24e7ae9f9..000000000 --- a/systemd/kresd.socket.d/specific-interfaces.conf +++ /dev/null @@ -1,11 +0,0 @@ -# /etc/systemd/system/kresd.socket.d/override.conf - -# Configure specific interfaces should kresd.socket listen on. - -# ListenDatagram and ListenStream can be added multiple times. - -[Socket] -ListenDatagram=192.0.2.115:53 -ListenStream=192.0.2.115:53 -ListenDatagram=[2001:db8::115]:53 -ListenStream=[2001:db8::115]:53 diff --git a/systemd/kresd.systemd.7.in b/systemd/kresd.systemd.7.in index f74525886..b1784de0b 100644 --- a/systemd/kresd.systemd.7.in +++ b/systemd/kresd.systemd.7.in @@ -14,11 +14,6 @@ kresd.systemd .SH "SYNOPSIS" .nf kresd@.service -kresd.socket -kresd-tls.socket -kresd-control@.socket -kresd-doh.socket -kresd-webmgmt.socket kresd.target system-kresd.slice .fi @@ -36,116 +31,6 @@ units. .RE .fi -.B SOCKET ACTIVATION - -\fBkresd\fR integration with systemd takes advantage of socket activation, -which enables the daemon to run without super user priviledges or any -additional capabilities. The network interface sockets are created by systemd -and then passed to the daemon. - -Network configuration has to take place in \fIsystemd.socket(5)\fR, which can -be done using drop-in files. Each instance of \fIkresd@.service\fR may have -these systemd sockets associated with it: - -.nf -.RS -\fIkresd.socket\fR - UDP/TCP network socket (default: localhost:53) -\fIkresd-tls.socket\fR - network socket for DNS-over-TLS (default: localhost:853) -\fIkresd-control@.socket\fR - UNIX socket with control terminal -\fIkresd-doh.socket\fR - DNS-over-HTTPS (with http module: localhost:44353) -\fIkresd-webmgmt.socket\fR - web management and APIs (with http module: localhost:8453) -.RE -.fi - -.B CONFIGURING NETWORK INTERFACES - -By default, \fBkresd is configured to listen on localhost\fR (see ports above). -You MUST NOT repeat these defaults in the following drop-in overrides, -otherwise the socket will fail to start with "Address in use" error. To view -the entire socket configuration, including any drop-ins, use \fBsystemctl -cat\fR. - -To configure \fBkresd\fR to listen on \fBpublic interfaces\fR, drop-in files (see -\fIsystemd.unit\fR(5)) should be used. These can be created with: - -.nf -.RS 4n -.B systemctl edit kresd.socket -.B systemctl edit kresd-tls.socket -.B systemctl edit kresd-doh.socket -.RE -.fi - -If you change network interfaces of systemd sockets for already running kresd instance, -make sure to call \fBsystemctl restart system-kresd.slice\fR for these changes -to take effect. - -For example, to configure \fBkresd\fR to listen on 192.0.2.115 on ports 53 and -853, the drop-in files would look like: - -.nf -.RS 4n -# /etc/systemd/system/kresd.socket.d/override.conf -[Socket] -ListenDatagram=192.0.2.115:53 -ListenStream=192.0.2.115:53 - -# /etc/systemd/system/kresd-tls.socket.d/override.conf -[Socket] -ListenStream=192.0.2.115:853 -.RE -.fi - -To configure \fBkresd\fR to listen on all IPv4 and IPv6 interfaces, use empty -\fIListenDatagram=\fR and \fIListenStream=\fR directives to remove the default -localhost address and then specify port to bind to. If you've disabled IPv6 -support in kernel, use the 0.0.0.0:port syntax instead. - -.nf -.RS 4n -# /etc/systemd/system/kresd.socket.d/override.conf -[Socket] -ListenDatagram= -ListenStream= -ListenDatagram=53 -ListenStream=53 - -# /etc/systemd/system/kresd-tls.socket.d/override.conf -[Socket] -ListenStream= -ListenStream=853 -.RE -.fi - -Please note that using IPv6 to bind to IPv4 interfaces is currently not -compatible with IPv4 syntax in \fIview:addr()\fR when using the view module. -For possible workarounds, see -https://gitlab.labs.nic.cz/knot/knot-resolver/issues/445 - -To configure socket for DNS-over-HTTPS, make sure you have -\fBkresd-doh.socket\fR installed (it might be part of a separate -knot-resolver-module-http package). Then, you can configure its network -interfaces as above. Also, don't forget to load http module in configuration -file, otherwise the socket won't have any function. - -For example, to remove the default localhost:44353 and listen on all interfaces -on port 443, create the following drop-in file for \fBkresd-doh.socket\fR: - -.nf -.RS 4n -# /etc/systemd/system/kresd-doh.socket.d/override.conf -[Socket] -ListenStream= -ListenStream=443 -.RE -.fi - -Make sure no other service is using port 443, as that will result in -unpredictable behaviour. Alternately, you can use port 44353 where a collision -is unlikely. - -For more detailed socket configuration, see \fBsystemd.socket\fR(5). - .B CONCURRENT DAEMONS \fBkresd\fR daemon can be executed in multiple independent processes, which are @@ -154,10 +39,8 @@ Each \fBsystemd\fR service instance of \fBkresd\fR (\fIkresd@.service\fR) represents a single, independent kresd process. The systemd-managed \fBkresd\fR service set is grouped in the -\fIsystem-kresd.slice\fR slice. The slice includes one or more running daemons -(instances of \fIkresd@.service\fR), network sockets \fIkresd.socket\fR and -\fIkresd-tls.socket\fR (shared by all instances) and a dedicated control -\fIkresd-control@.socket\fR for each running daemon. +\fIsystem-kresd.slice\fR slice. The slice includes all running daemons +(instances of \fIkresd@.service\fR). If you have more than one CPU core available, a single running \fBkresd\fR daemon will only be able to make use of one core at a @@ -166,7 +49,7 @@ advantage of all available cores, while sharing both cache and public listening ports, you should enable and start as many instances of the \fBkresd@.service\fR as you have cores. Typically, each instance is just named \fIkresd@\fBN\fI.service\fR, where \fIN\fR is a decimal -number. To enable 3 concurrent daemons: +number. To enable and start 3 concurrent daemons: .nf .RS 4n @@ -174,83 +57,31 @@ number. To enable 3 concurrent daemons: .RE .fi -.SH "NOTES" - -.IP * 2 -When an instance of \fIkresd@.service\fR is started, stopped or -restarted, its associated control socket is also automatically -started, stopped or restarted, but the public listening sockets remain -open. As long as either of the public sockets are listening, at least -\fIkresd@1.service\fR will be automatically activated when a request arrives. - .SH "EXAMPLES" -To start the service: -.nf -.RS 4n -.B systemctl start kresd@1.service -.RE -.fi -To start the service at boot: +To start a single kresd instance and enable it at boot: .nf .RS 4n -.B systemctl enable kresd@1.service +.B systemctl enable --now kresd@1.service .RE .fi -To delay the service startup until some traffic arrives, start (or enable) just -the sockets: +To restart (or stop) all running instances, you can use a glob expression: .nf .RS 4n -.B systemctl start kresd.socket -.B systemctl start kresd-tls.socket +.B systemctl restart 'kresd@*' .RE .fi -To disable optional sockets, you can mask them. For example, to disable -DNS-over-TLS socket: - -.RS 4n -.B systemctl mask kresd-tls.socket -.RE - -.B Using system-kresd.slice and kresd.target - -The easiest way to view the status of multiple \fBkresd\fR -instances is to use the \fIsystem-kresd.slice\fR: - -.nf -.RS 4n -.B systemctl status system-kresd.slice -.RE -.fi - -You can also use the slice to restart all sockets as well as daemons: - -.nf -.RS 4n -.B systemctl restart system-kresd.slice -.RE -.fi - -Alternatively, to restart just kresd daemons, you can use \fIBrace Expansion\fR: - -.nf -.RS 4n -.B systemctl enable kresd@{1..4}.service -.RE -.fi - -Or you can use it to stop kresd altogether (e.g. during package removal): - +Please note that glob can't be used to start or enable instances. These can be either listed manually. It is also possible to use Bash Brace Expansion. .nf .RS 4n -.B systemctl stop system-kresd.slice +.B systemctl enable --now kresd@{1..4}.service .RE .fi -To start all enabled kresd daemons, use the provided \fIkresd.target\fR: +To start all enabled kresd daemons, you can also use the provided \fIkresd.target\fR: .nf .RS 4n @@ -263,7 +94,6 @@ To start all enabled kresd daemons, use the provided \fIkresd.target\fR: .SH "SEE ALSO" \fIkresd(8)\fR, \fIsystemd.unit(5)\fR, -\fIsystemd.socket(5)\fR, \fIhttps://knot-resolver.readthedocs.io/en/v@version@/\fR .SH "AUTHORS" diff --git a/systemd/kresd@.service.d/module-http.conf b/systemd/kresd@.service.d/module-http.conf deleted file mode 100644 index 9534400bd..000000000 --- a/systemd/kresd@.service.d/module-http.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -Sockets=kresd-doh.socket -Sockets=kresd-webmgmt.socket diff --git a/systemd/kresd@.service.in b/systemd/kresd@.service.in index b6dcf29d2..886e6da05 100644 --- a/systemd/kresd@.service.in +++ b/systemd/kresd@.service.in @@ -11,16 +11,15 @@ After=network-online.target Type=notify Environment="SYSTEMD_INSTANCE=%i" WorkingDirectory=@systemd_work_dir@ -ExecStart=@sbin_dir@/kresd --config=@etc_dir@/kresd.conf +ExecStart=@sbin_dir@/kresd --config=@etc_dir@/kresd.conf --noninteractive User=@user@ Group=@group@ +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP TimeoutStopSec=10s WatchdogSec=10s Restart=on-abnormal LimitNOFILE=524288 -Sockets=kresd.socket -Sockets=kresd-tls.socket -Sockets=kresd-control@%i.socket [Install] WantedBy=kresd.target diff --git a/systemd/meson.build b/systemd/meson.build index ac8965429..549e5e4a6 100644 --- a/systemd/meson.build +++ b/systemd/meson.build @@ -3,7 +3,6 @@ ## paths systemd_work_dir = join_paths( prefix, get_option('localstatedir'), 'cache', 'knot-resolver') -run_dir = join_paths('/run', 'knot-resolver') systemd_unit_dir = join_paths(prefix, 'lib', 'systemd', 'system') systemd_tmpfiles_dir = join_paths(prefix, 'lib', 'tmpfiles.d') @@ -24,12 +23,6 @@ if systemd_files == 'enabled' configuration: systemd_config, install_dir: systemd_unit_dir, ) - kresd_control_socket = configure_file( - input: 'kresd-control@.socket.in', - output: 'kresd-control@.socket', - configuration: systemd_config, - install_dir: systemd_unit_dir, - ) kres_cache_gc_service = configure_file( input: 'kres-cache-gc.service.in', output: 'kres-cache-gc.service', @@ -37,21 +30,9 @@ if systemd_files == 'enabled' install_dir: systemd_unit_dir, ) install_data( - sources: [ - 'kresd.socket', - 'kresd-tls.socket', - 'kresd-doh.socket', - 'kresd-webmgmt.socket', - 'kresd.target', - ], + sources: 'kresd.target', install_dir: systemd_unit_dir, ) - install_data( - sources: [ - 'kresd@.service.d/module-http.conf', - ], - install_dir: join_paths(systemd_unit_dir, 'kresd@.service.d'), - ) ## man page kresd_systemd_man = configure_file( @@ -68,29 +49,4 @@ if systemd_files == 'enabled' configuration: systemd_config, install_dir: systemd_tmpfiles_dir, ) - - ## example drop-ins - install_data( - sources: [ - 'kresd.socket.d/all-interfaces.conf', - 'kresd.socket.d/specific-interfaces.conf', - ], - install_dir: join_paths(examples_dir, 'kresd.socket.d'), - ) - install_data( - sources: [ - 'kresd-tls.socket.d/all-interfaces.conf', - 'kresd-tls.socket.d/specific-interfaces.conf', - ], - install_dir: join_paths(examples_dir, 'kresd-tls.socket.d'), - ) - install_data( - sources: [ - 'kresd-doh.socket.d/all-interfaces.conf', - 'kresd-doh.socket.d/specific-interfaces.conf', - ], - install_dir: join_paths(examples_dir, 'kresd-doh.socket.d'), - ) -elif systemd_files == 'nosocket' - subdir('nosocket') endif diff --git a/systemd/nosocket/kres-cache-gc.service.in b/systemd/nosocket/kres-cache-gc.service.in deleted file mode 100644 index 38da02290..000000000 --- a/systemd/nosocket/kres-cache-gc.service.in +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Knot Resolver Garbage Collector daemon -Documentation=man:kresd.systemd.nosocket(7) -Documentation=man:kresd(8) - -[Service] -Type=simple -ExecStart=@sbin_dir@/kres-cache-gc -c @systemd_work_dir@ -d 1000 -User=@user@ -Group=@group@ -Restart=on-failure -RestartSec=30 -StartLimitInterval=400 -StartLimitBurst=10 -Slice=system-kresd.slice - -[Install] -WantedBy=kresd.target diff --git a/systemd/nosocket/kresd.systemd.nosocket.7.in b/systemd/nosocket/kresd.systemd.nosocket.7.in deleted file mode 100644 index 0110c7a19..000000000 --- a/systemd/nosocket/kresd.systemd.nosocket.7.in +++ /dev/null @@ -1,127 +0,0 @@ -.TH "kresd.systemd" "7" "@date@" "CZ.NIC" "Knot Resolver @version@ Systemd Units" -.\" -.\" kresd.systemd.nosocket.7 -- man page for systemd units for kresd -.\" -.\" Copyright (c) 2018, CZ.NIC. All rights reserved. -.\" -.\" See COPYING for the license. -.\" -.\" -.SH "NAME" -kresd.systemd.nosocket -\- managing Knot Resolver @version@ through systemd without socket activation - -.SH "SYNOPSIS" -.nf -kresd@.service -kresd.target -system-kresd.slice -.fi - -.SH "DESCRIPTION" -.P -This manual page describes how to manage \fBkresd\fR using \fBsystemd\fR -units without socket activation support. - -.B Concurrent daemons - -\fBkresd\fR daemon can be executed in multiple independent processes, which can -be managed with \fBsystemd\fR via systemd templates (see -\fBsystemd.unit\fR(5)). Each \fBsystemd\fR service instance of \fBkresd\fR -(\fIkresd@.service\fR) represents a single, independent kresd process. - -The systemd-managed \fBkresd\fR service set is grouped in the -\fIsystem-kresd.slice\fR slice. The slice includes all running daemons -(instances of \fIkresd@.service\fR). - -If you have more than one CPU core available, a single running -\fBkresd\fR daemon will only be able to make use of one core at a -time, leaving the other cores idle. If you want \fBkresd\fR to take -advantage of all available cores, while sharing both cache and public -listening ports, you should enable and start as many instances of the -\fBkresd@.service\fR as you have cores. Typically, each instance is -just named \fIkresd@\fBN\fI.service\fR, where \fIN\fR is a decimal -number. To enable 3 concurrent daemons: - -.nf -.RS 4n -.B systemctl enable --now kresd@1.service kresd@2.service kresd@3.service -.RE -.fi - -.SH "EXAMPLES" - -.B Single instance -.RS 4n - -To start the service: -.nf -.RS 4n -.B systemctl start kresd@1.service -.RE -.fi - -To start the service at boot: -.nf -.RS 4n -.B systemctl enable kresd@1.service -.RE -.fi - -To delay the service startup until some traffic arrives, start (or enable) just -the sockets: -.nf -.RS 4n -.B systemctl start kresd.socket -.B systemctl start kresd-tls.socket -.RE -.fi - -To disable the TLS socket, you can mask it: - -.RS 4n -.B systemctl mask kresd-tls.socket -.RE - -.RE - -.B Multiple instances -.RS 4n - -Multiple instances can be handled with the use of \fIBrace Expansion\fR (see -\fBbash\fR(1)). - -To enable multiple concurrent daemons, for example 16: -.nf -.RS -.B systemctl enable kresd@{1..16}.service -.RE -.fi - -To start all enabled daemons: -.nf -.RS -.B systemctl start kresd.target -.RE -.fi - -The easiest way to view the status of \fBkresd\fR instances is to use the -\fIsystem-kresd.slice\fR: - -.nf -.RS 4n -.B systemctl status system-kresd.slice -.RE -.fi - -.RE - -.SH "SEE ALSO" -\fIkresd(8)\fR, -\fIsystemd.unit(5)\fR, -\fIsystemd.socket(5)\fR, -\fIhttps://knot-resolver.readthedocs.io/en/v@version@/\fR - -.SH "AUTHORS" -.B kresd -developers are mentioned in the AUTHORS file in the distribution. diff --git a/systemd/nosocket/kresd.target b/systemd/nosocket/kresd.target deleted file mode 100644 index fb8fa813d..000000000 --- a/systemd/nosocket/kresd.target +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Knot Resolver daemons -Documentation=man:kresd.systemd.nosocket(7) -Documentation=man:kresd(8) -After=network-online.target - -[Install] -WantedBy=multi-user.target diff --git a/systemd/nosocket/kresd@.service.in b/systemd/nosocket/kresd@.service.in deleted file mode 100644 index ade5f0064..000000000 --- a/systemd/nosocket/kresd@.service.in +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Knot Resolver daemon -Documentation=man:kresd.systemd.nosocket(7) -Documentation=man:kresd(8) -Wants=kres-cache-gc.service -Before=kres-cache-gc.service -Wants=network-online.target -After=network-online.target - -[Service] -Type=notify -Environment="SYSTEMD_INSTANCE=%i" -WorkingDirectory=@systemd_work_dir@ -ExecStart=@sbin_dir@/kresd --config=@etc_dir@/kresd.conf --noninteractive -User=@user@ -Group=@group@ -CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP -AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP -TimeoutStopSec=10s -WatchdogSec=10s -Restart=on-abnormal -LimitNOFILE=524288 - -[Install] -WantedBy=kresd.target diff --git a/systemd/nosocket/meson.build b/systemd/nosocket/meson.build deleted file mode 100644 index 5fe43799b..000000000 --- a/systemd/nosocket/meson.build +++ /dev/null @@ -1,36 +0,0 @@ -# systemd: nosocket - -## unit files -kresd_service = configure_file( - input: 'kresd@.service.in', - output: 'kresd@.service', - configuration: systemd_config, - install_dir: systemd_unit_dir, -) -kres_cache_gc_service = configure_file( - input: 'kres-cache-gc.service.in', - output: 'kres-cache-gc.service', - configuration: systemd_config, - install_dir: systemd_unit_dir, -) - -install_data( - sources: 'kresd.target', - install_dir: systemd_unit_dir, -) - -## man page -kresd_systemd_man = configure_file( - input: 'kresd.systemd.nosocket.7.in', - output: 'kresd.systemd.nosocket.7', - configuration: man_config, -) -install_man(kresd_systemd_man) - -# tmpfiles -tmpfiles = configure_file( - input: 'tmpfiles.d/knot-resolver.conf.in', - output: 'knot-resolver.conf', - configuration: systemd_config, - install_dir: systemd_tmpfiles_dir, -) diff --git a/systemd/nosocket/tmpfiles.d/knot-resolver.conf.in b/systemd/nosocket/tmpfiles.d/knot-resolver.conf.in deleted file mode 100644 index e984a3cb2..000000000 --- a/systemd/nosocket/tmpfiles.d/knot-resolver.conf.in +++ /dev/null @@ -1,3 +0,0 @@ -# tmpfiles.d(5) runtime directory for knot-resolver (kresd) -#Type Path Mode UID GID Age Argument - d @systemd_work_dir@ 0750 @user@ @group@ - - diff --git a/systemd/tmpfiles.d/knot-resolver.conf.in b/systemd/tmpfiles.d/knot-resolver.conf.in index ad58939fe..b5ec01e31 100644 --- a/systemd/tmpfiles.d/knot-resolver.conf.in +++ b/systemd/tmpfiles.d/knot-resolver.conf.in @@ -1,4 +1,4 @@ # tmpfiles.d(5) directories for knot-resolver (kresd) #Type Path Mode UID GID Age Argument - d @run_dir@ 0750 root root - - + d @run_dir@ 0750 @user@ @group@ - - d @systemd_work_dir@ 0750 @user@ @group@ - -