Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
packaging
deb-redis
Commits
ae3fb252
Commit
ae3fb252
authored
Nov 28, 2019
by
Noah Hilverling
Browse files
Do not use generate-systemd-service-files
parent
4ca6895f
Pipeline
#7431
passed with stages
in 1 minute and 44 seconds
Changes
5
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
debian/.gitignore
View file @
ae3fb252
*.c
*.service
debian/bin/generate-systemd-service-files
deleted
100755 → 0
View file @
4ca6895f
#!/bin/sh
for
BINARY
in
icinga-redis icinga-redis-sentinel
do
for
MODE
in
default
# templated
do
case
"
${
BINARY
}
"
in
icinga-redis
)
NAME
=
"redis"
;;
icinga-redis-sentinel
)
NAME
=
"sentinel"
;;
esac
case
"
${
MODE
}
"
in
default
)
EXTRA
=
""
TARGET
=
"debian/
${
BINARY
}
.service"
NAMESPACED
=
"
${
NAME
}
"
DESCRIPTION
=
"Advanced key-value store for Icinga"
;;
templated
)
EXTRA
=
""
TARGET
=
"debian/
${
BINARY
}
@.service"
NAMESPACED
=
"
${
NAME
}
-%i"
DESCRIPTION
=
"Advanced key-value store for Icinga (%I)"
;;
esac
:
>
${
TARGET
}
if
[
"
${
MODE
}
"
=
"templated"
]
then
cat
>>
${
TARGET
}
<<
EOF
# Templated service file for
${
BINARY
}
(1)
#
# Each instance of
${
BINARY
}
requires its own configuration file:
#
#
$
cp /etc/redis/
${
NAME
}
.conf /etc/redis/
${
NAME
}
-myname.conf
#
$
chown redis:redis /etc/redis/
${
NAME
}
-myname.conf
#
# Ensure each instance is using their own database:
#
#
$
sed -i -e 's@^dbfilename .*@dbfilename dump-myname.rdb@' /etc/redis/
${
NAME
}
-myname.conf
#
# We then listen exlusively on UNIX sockets to avoid TCP port collisions:
#
#
$
sed -i -e 's@^port .*@port 0@' /etc/redis/
${
NAME
}
-myname.conf
#
$
sed -i -e 's@^
\\
(#
\\
)
\\
{0,1
\\
}unixsocket .*@unixsocket /var/run/
${
NAME
}
-myname/
${
BINARY
}
.sock@' /etc/redis/
${
NAME
}
-myname.conf
#
# ... and ensure we are logging, etc. in a unique location:
#
#
$
sed -i -e 's@^logfile .*@logfile /var/log/redis/
${
BINARY
}
-myname.log@' /etc/redis/
${
NAME
}
-myname.conf
#
$
sed -i -e 's@^pidfile .*@pidfile /run/redis-myname/
${
BINARY
}
.pid@' /etc/redis/
${
NAME
}
-myname.conf
#
# We can then start the service as follows, validating we are using our own
# configuration:
#
#
$
systemctl start
${
BINARY
}
@myname.service
#
$
redis-cli -s /var/run/
${
NAME
}
-myname/
${
BINARY
}
.sock info | grep config_file
#
# -- Chris Lamb <lamby@debian.org> Mon, 09 Oct 2017 22:17:24 +0100
EOF
fi
cat
>>
${
TARGET
}
<<
EOF
[Unit]
Description=
${
DESCRIPTION
}
After=network.target
Documentation=http://redis.io/documentation, man:
${
BINARY
}
(1)
[Service]
Type=forking
ExecStart=/usr/bin/
${
BINARY
}
/etc/redis/
${
NAMESPACED
}
.conf
ExecStop=/bin/kill -s TERM
\$
MAINPID
PIDFile=/run/
${
NAMESPACED
}
/
${
BINARY
}
.pid
TimeoutStopSec=0
Restart=always
User=redis
Group=redis
RuntimeDirectory=
${
NAMESPACED
}
RuntimeDirectoryMode=2755
UMask=007
PrivateTmp=yes
LimitNOFILE=65535
PrivateDevices=yes
ProtectHome=yes
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/redis
ReadWriteDirectories=-/var/log/redis
ReadWriteDirectories=-/var/run/
${
NAMESPACED
}
NoNewPrivileges=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
#
${
BINARY
}
can write to its own config file when in cluster mode so we
# permit writing there by default. If you are not using this feature, it is
# recommended that you replace the following lines with "ProtectSystem=full".
ProtectSystem=true
ReadWriteDirectories=-/etc/redis
[Install]
WantedBy=multi-user.target
EOF
if
[
"
${
EXTRA
}
"
!=
""
]
then
echo
"
${
EXTRA
}
"
>>
"
${
TARGET
}
"
fi
done
done
debian/icinga-redis.install
View file @
ae3fb252
debian
/
bash_completion
.
d
/*
/
usr
/
share
/
bash
-
completion
/
completions
debian
/
icinga
-
redis
.
service
/
lib
/
systemd
/
system
redis
.
conf
/
etc
/
icinga
-
redis
src
/
icinga
-
redis
-
benchmark
/
usr
/
bin
src
/
icinga
-
redis
-
check
-
aof
/
usr
/
bin
...
...
debian/icinga-redis.service
0 → 100644
View file @
ae3fb252
[Unit]
Description
=
Advanced key-value store for Icinga
After
=
network.target
Documentation
=
http://redis.io/documentation, man:icinga-redis(1)
[Service]
Type
=
notify
ExecStart
=
/usr/bin/icinga-redis-server /etc/icinga-redis/redis.conf --supervised systemd
TimeoutStopSec
=
0
Restart
=
always
User
=
icinga-redis
Group
=
icinga-redis
RuntimeDirectory
=
icinga-redis
RuntimeDirectoryMode
=
2755
UMask
=
007
PrivateTmp
=
yes
LimitNOFILE
=
65535
PrivateDevices
=
yes
ProtectHome
=
yes
ReadOnlyDirectories
=
/
ReadWriteDirectories
=
-/var/lib/icinga-redis
ReadWriteDirectories
=
-/var/log/icinga-redis
ReadWriteDirectories
=
-/var/run/icinga-redis
NoNewPrivileges
=
true
CapabilityBoundingSet
=
CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
MemoryDenyWriteExecute
=
true
ProtectKernelModules
=
true
ProtectKernelTunables
=
true
ProtectControlGroups
=
true
RestrictRealtime
=
true
RestrictNamespaces
=
true
RestrictAddressFamilies
=
AF_INET AF_INET6 AF_UNIX
# icinga-redis can write to its own config file when in cluster mode so we
# permit writing there by default. If you are not using this feature, it is
# recommended that you replace the following lines with "ProtectSystem=full".
ProtectSystem
=
true
ReadWriteDirectories
=
-/etc/icinga-redis
[Install]
WantedBy
=
multi-user.target
\ No newline at end of file
debian/rules
View file @
ae3fb252
...
...
@@ -38,7 +38,7 @@ debian/lua_libs_debian.c:
override_dh_auto_clean:
dh_auto_clean
rm -f src/release.h
debian/*.service
debian/lua_libs_debian.c
rm -f src/release.h debian/lua_libs_debian.c
override_dh_auto_build: debian/lua_libs_debian.c
# Build the non-bundled Lua libraries
...
...
@@ -57,7 +57,6 @@ ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
endif
override_dh_auto_install:
debian/bin/generate-systemd-service-files
override_dh_compress:
dh_compress -Xicinga-redis-trib.rb
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment