__single_binary_service: envvars and user-reuse support

The new --env flag allows type users to pass env files that will be
used to setup environment variables on both sytemd and runit.

While there, also solve a minor issue where users managed by this type
could not be re-used for multiple services.
This commit is contained in:
evilham 2023-04-21 11:07:25 +02:00
parent 239a1f20cf
commit 7cd606a52f
Signed by untrusted user: evilham
GPG key ID: AE3EE30D970886BF
4 changed files with 26 additions and 3 deletions

View file

@ -90,6 +90,11 @@ binary
If `--unpack` is used, a binary with this name must be unpacked. If `--unpack` is used, a binary with this name must be unpacked.
Otherwise, the contents of `--url` will be placed under this binary name. Otherwise, the contents of `--url` will be placed under this binary name.
env
An `env` file consiting of `ENVIRONMENT_VARIABLE=VALUE`, one variable per
line.
Empty lines and those starting with `#` are ignored.
service-args service-args
Any extra arguments to pass along with `--service-exec`. Beware that any Any extra arguments to pass along with `--service-exec`. Beware that any
service-args having the format `--config=/etc/foo.cfg` should be service-args having the format `--config=/etc/foo.cfg` should be

View file

@ -112,7 +112,7 @@ if [ "${USER}" != "root" ] && \
--system \ --system \
--state "${STATE}" \ --state "${STATE}" \
--home "${USER_HOME_DIR}" \ --home "${USER_HOME_DIR}" \
--comment "cdist-managed ${SERVICE_NAME} user" \ --comment "cdist-managed service user" \
${USER_CREATE_HOME} ${USER_CREATE_HOME}
# Track dependencies # Track dependencies
service_require="${service_require} __user/${USER}" service_require="${service_require} __user/${USER}"
@ -136,11 +136,21 @@ fi
# These messages will trigger a service restart (overridden for systemd)
service_config_reload_pattern="^__file${CONFIG_FILE_DEST}"
# This should setup the object in $service_definition_require # This should setup the object in $service_definition_require
# See above. # See above.
case "${INIT}" in case "${INIT}" in
systemd) systemd)
if [ -z "${SERVICE_DEFINITION}" ]; then if [ -z "${SERVICE_DEFINITION}" ]; then
SYSTEMD_ENV_FILE="/etc/systemd/system/${SERVICE_NAME}.env"
__file "${SYSTEMD_ENV_FILE}" \
--mode 0400 \
--source "${__object}/parameter/env"
# We need to take into account the envionment file for systemd too
service_config_reload_pattern="(${service_config_reload_pattern}|^__file${SYSTEMD_ENV_FILE})"
SERVICE_DEFINITION="$(cat <<EOF SERVICE_DEFINITION="$(cat <<EOF
[Unit] [Unit]
Description=${SERVICE_DESCRIPTION} Description=${SERVICE_DESCRIPTION}
@ -153,6 +163,7 @@ User=${USER}
Group=${GROUP} Group=${GROUP}
ExecStart=${SERVICE_EXEC} ExecStart=${SERVICE_EXEC}
Restart=always Restart=always
EnvironmentFile=${SYSTEMD_ENV_FILE}
${WORKING_DIRECTORY_SYSTEMD} ${WORKING_DIRECTORY_SYSTEMD}
[Install] [Install]
@ -169,12 +180,18 @@ EOF
;; ;;
runit|sysvinit) runit|sysvinit)
if [ -z "${SERVICE_DEFINITION}" ]; then if [ -z "${SERVICE_DEFINITION}" ]; then
RUNIT_ENV="$(sed -Ee 's!^([[:alnum:]_]+)=(.*)$!export \1=\2!' "${__object}/parameter/env")"
SERVICE_DEFINITION="$(cat <<EOF SERVICE_DEFINITION="$(cat <<EOF
#!/bin/sh -e #!/bin/sh -e
${WORKING_DIRECTORY_RUNIT} ${WORKING_DIRECTORY_RUNIT}
# User-provided environment
${RUNIT_ENV}
# System vars
export HOME="\$(getent passwd '${USER}' | cut -d: -f6)" export HOME="\$(getent passwd '${USER}' | cut -d: -f6)"
export USER="${USER}" export USER="${USER}"
export GROUP="${GROUP}" export GROUP="${GROUP}"
exec 2>&1
exec chpst -u "${USER}:${GROUP}" ${SERVICE_EXEC} exec chpst -u "${USER}:${GROUP}" ${SERVICE_EXEC}
EOF EOF
)" )"
@ -279,10 +296,10 @@ EOF
--onchange "${perform_service_upgrade}" \ --onchange "${perform_service_upgrade}" \
--source "-" --source "-"
else else
# We only restart here if there was a config change # We only restart here if there was a config or env change
# but there was not a version change # but there was not a version change
require="${service_require}" __check_messages \ require="${service_require}" __check_messages \
"single_binary_service_${__object_id}" \ "single_binary_service_${__object_id}" \
--pattern "^__file${CONFIG_FILE_DEST}" \ --pattern "${service_config_reload_pattern}" \
--execute "$(sv_cmd restart)" --execute "$(sv_cmd restart)"
fi fi

View file

@ -1,4 +1,5 @@
config-file-source config-file-source
env
user user
group group
state state