Do not use generate-systemd-service-files

ae3fb252 · Noah Hilverling · 4ca6895f · ae3fb252 · 4ca6895f · ae3fb252
Commit ae3fb252 authored Nov 28, 2019 by Noah Hilverling
--- a/debian/.gitignore
+++ b/debian/.gitignore
 *.c
-*.service
--- a/debian/bin/generate-systemd-service-files
+++ b/debian/bin/generate-systemd-service-files
-#!/bin/sh
-
-for BINARY in icinga-redis icinga-redis-sentinel
-do
-	for MODE in default
-	# templated
-	do
-		case "${BINARY}" in
-		icinga-redis)
-			NAME="redis"
-			;;
-		icinga-redis-sentinel)
-			NAME="sentinel"
-			;;
-		esac
-
-		case "${MODE}" in
-		default)
-			EXTRA=""
-			TARGET="debian/${BINARY}.service"
-			NAMESPACED="${NAME}"
-			DESCRIPTION="Advanced key-value store for Icinga"
-			;;
-		templated)
-			EXTRA=""
-			TARGET="debian/${BINARY}@.service"
-			NAMESPACED="${NAME}-%i"
-			DESCRIPTION="Advanced key-value store for Icinga (%I)"
-			;;
-		esac
-
-		: >${TARGET}
-
-		if [ "${MODE}" = "templated" ]
-		then
-			cat >> ${TARGET} <<EOF
-# Templated service file for ${BINARY}(1)
-#
-# Each instance of ${BINARY} requires its own configuration file:
-#
-#   $ cp /etc/redis/${NAME}.conf /etc/redis/${NAME}-myname.conf
-#   $ chown redis:redis /etc/redis/${NAME}-myname.conf
-#
-# Ensure each instance is using their own database:
-#
-#   $ sed -i -e 's@^dbfilename .*@dbfilename dump-myname.rdb@' /etc/redis/${NAME}-myname.conf
-#
-# We then listen exlusively on UNIX sockets to avoid TCP port collisions:
-#
-#   $ sed -i -e 's@^port .*@port 0@' /etc/redis/${NAME}-myname.conf
-#   $ sed -i -e 's@^\\(# \\)\\{0,1\\}unixsocket .*@unixsocket /var/run/${NAME}-myname/${BINARY}.sock@' /etc/redis/${NAME}-myname.conf
-#
-# ... and ensure we are logging, etc. in a unique location:
-#
-#   $ sed -i -e 's@^logfile .*@logfile /var/log/redis/${BINARY}-myname.log@' /etc/redis/${NAME}-myname.conf
-#   $ sed -i -e 's@^pidfile .*@pidfile /run/redis-myname/${BINARY}.pid@' /etc/redis/${NAME}-myname.conf
-#
-# We can then start the service as follows, validating we are using our own
-# configuration:
-#
-#   $ systemctl start ${BINARY}@myname.service
-#   $ redis-cli -s /var/run/${NAME}-myname/${BINARY}.sock info | grep config_file
-#
-#  -- Chris Lamb <lamby@debian.org>  Mon, 09 Oct 2017 22:17:24 +0100
-EOF
-		fi
-
-		cat >> ${TARGET} <<EOF
-[Unit]
-Description=${DESCRIPTION}
-After=network.target
-Documentation=http://redis.io/documentation, man:${BINARY}(1)
-
-[Service]
-Type=forking
-ExecStart=/usr/bin/${BINARY} /etc/redis/${NAMESPACED}.conf
-ExecStop=/bin/kill -s TERM \$MAINPID
-PIDFile=/run/${NAMESPACED}/${BINARY}.pid
-TimeoutStopSec=0
-Restart=always
-User=redis
-Group=redis
-RuntimeDirectory=${NAMESPACED}
-RuntimeDirectoryMode=2755
-
-UMask=007
-PrivateTmp=yes
-LimitNOFILE=65535
-PrivateDevices=yes
-ProtectHome=yes
-ReadOnlyDirectories=/
-ReadWriteDirectories=-/var/lib/redis
-ReadWriteDirectories=-/var/log/redis
-ReadWriteDirectories=-/var/run/${NAMESPACED}
-
-NoNewPrivileges=true
-CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
-MemoryDenyWriteExecute=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectControlGroups=true
-RestrictRealtime=true
-RestrictNamespaces=true
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
-
-# ${BINARY} can write to its own config file when in cluster mode so we
-# permit writing there by default. If you are not using this feature, it is
-# recommended that you replace the following lines with "ProtectSystem=full".
-ProtectSystem=true
-ReadWriteDirectories=-/etc/redis
-
-[Install]
-WantedBy=multi-user.target
-EOF
-		if [ "${EXTRA}" != "" ]
-		then
-			echo "${EXTRA}" >> "${TARGET}"
-		fi
-	done
-done
--- a/debian/icinga-redis.install
+++ b/debian/icinga-redis.install
 debian/bash_completion.d/*	/usr/share/bash-completion/completions
-debian/icinga-redis.service /lib/systemd/system
 redis.conf	/etc/icinga-redis
 src/icinga-redis-benchmark		/usr/bin
 src/icinga-redis-check-aof	/usr/bin

--- a/debian/icinga-redis.service
+++ b/debian/icinga-redis.service
+[Unit]
+Description=Advanced key-value store for Icinga
+After=network.target
+Documentation=http://redis.io/documentation, man:icinga-redis(1)
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/icinga-redis-server /etc/icinga-redis/redis.conf --supervised systemd
+TimeoutStopSec=0
+Restart=always
+User=icinga-redis
+Group=icinga-redis
+RuntimeDirectory=icinga-redis
+RuntimeDirectoryMode=2755
+
+UMask=007
+PrivateTmp=yes
+LimitNOFILE=65535
+PrivateDevices=yes
+ProtectHome=yes
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/icinga-redis
+ReadWriteDirectories=-/var/log/icinga-redis
+ReadWriteDirectories=-/var/run/icinga-redis
+
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
+MemoryDenyWriteExecute=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictRealtime=true
+RestrictNamespaces=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+
+# icinga-redis can write to its own config file when in cluster mode so we
+# permit writing there by default. If you are not using this feature, it is
+# recommended that you replace the following lines with "ProtectSystem=full".
+ProtectSystem=true
+ReadWriteDirectories=-/etc/icinga-redis
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
--- a/debian/rules
+++ b/debian/rules
@@ -38,7 +38,7 @@ debian/lua_libs_debian.c:

 override_dh_auto_clean:
 	dh_auto_clean
-	rm -f src/release.h debian/*.service debian/lua_libs_debian.c
+	rm -f src/release.h debian/lua_libs_debian.c

 override_dh_auto_build: debian/lua_libs_debian.c
 	# Build the non-bundled Lua libraries
@@ -57,7 +57,6 @@ ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
 endif

 override_dh_auto_install:
-	debian/bin/generate-systemd-service-files

 override_dh_compress:
 	dh_compress -Xicinga-redis-trib.rb