Skip to content

resource-driven chef cookbook for managing linux systems via systemd

Notifications You must be signed in to change notification settings

AmazeCom/chef-systemd

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Systemd Chef Cookbook

Cookbook Build Status

A resource-driven Chef cookbook for managing GNU/Linux systems via systemd.

Drop Ins

Systemd provides support for "drop-in" units that work really well for config- mgmt systems; rather than taking over an entire unit definition, you can apply custom configuration (e.g. resource limits) that will be merged into the vendor- provided unit. It's recommended to use these when modifying units installed via the package manager. See drop-in docs for more info.

Daemon Reloads

By default, changes to unit resources will be applied to the system immediately via calls to systemctl daemon-reload. However, on systems with large numbers of units, daemon-reload can be problematic. For users encountering problems (hangs, slowness) with systemctl daemon-reload calls, this cookbook allows users to disable daemon-reloads by setting the auto_reload attribute to false.

In some cases, it may be possible to avoid daemon-reload entirely by using the set_properties action. However, only a subset of unit properties are supported by systemctl set-property, so, unfortunately, in some cases a daemon-reload may be unavoidable. For these cases, it's possible run a daemon-reload once at the end of a converge.

This cookbook provides the daemon_reload recipe to help with this. It removes the need to have every resource send a notification, and triggers a reload at the end of a converge if any auto_reload false units have been updated.

too many to describe in detail ;). in general, the attributes correspond to the related resource attributes.

  • default: no-op recipe
  • journald: configure, manage systemd-journald
  • journal_gatewayd: configure, manage systemd-journal-gatewayd
  • logind: configure, manage systemd-logind
  • machined: manage systemd-machined service
  • networkd: manage systemd-networkd service
  • resolved: configure, manage systemd-resolved
  • timesyncd: configure, manage systemd-timesyncd
  • udevd: configure, manage systemd-udevd
  • binfmt: manage systemd-binfmt one-shot boot-up unit
  • bootchart: configure systemd-bootchart
  • coredump: configure systemd-coredump
  • hostname: configure, manage hostname with systemd-hostnamed
  • locale: configure, manage locale with systemd-localed
  • real_time_clock: configure system clock mode (UTC,local) with timedatectl
  • sleep: configure system sleep, suspend, hibernate behavior with systemd-sleep
  • sysctl: manage systemd-sysctl one-shot boot-up unit (apply sysctl at boot)
  • system: configure systemd manager system-mode defaults
  • sysusers: manage systemd-sysusers one-shot boot-up unit (set up system users at boot)
  • timedated: manage systemd-timedated one-shot boot-up unit (set time/date at boot)
  • timezone: configure, manage timezone with timedatectl
  • user: configure systemd manager user-mode defaults
  • vconsole: configure, manage virtual console font and keymap with systemd-vconsole
  • daemon_reload: run delayed daemon-reload (for use with auto_reload false)

Resources

Unit Resources

All unit resources support the following actions:

Action Description
:create render unit configuration file from attributes
:delete delete unit configuration file
:enable enable the unit at boot, unless static (lacks Install section)
:disable disables the unit at boot, unless static
:start starts the unit
:stop stops the unit
:restart restarts the unit
:reload reloads the unit
:set_properties runs systemctl --runtime set-property for unit configuration

Important: The notable exception is when the unit is a drop-in unit, in which case it supports only the :create, :delete, and :set_properties actions.

systemd_automount

Unit which describes a file system automount point controlled by systemd. Documentation

Example usage (always paired with a mount unit):

systemd_mount 'proc-sys-fs-binfmt_misc' do
  description 'Arbitrary Executable File Formats File System'
  default_dependencies false
  mount do
    what 'binfmt_misc'
    where '/proc/sys/fs/binfmt_misc'
    type 'binfmt_misc'
  end
end

systemd_automount 'proc-sys-fs-binfmt_misc' do
  description 'Arbitrary Executable File Formats File System Automount Point'
  default_dependencies false
  before 'sysinit.target'
  condition_path_exists '/proc/sys/fs/binfmt_misc/'
  condition_path_is_read_write '/proc/sys/'
  automount do
    where '/proc/sys/fs/binfmt_misc'
  end
end
Attribute Description Default
where see docs nil
directory_mode see docs nil
timeout_idle_sec see docs nil

Also supports:

--

systemd_mount

Unit which describes a file system mount point controlled by systemd. Documentation

Example usage:

systemd_mount 'tmp' do
  description 'Temporary Directory'
  condition_path_is_symbolic_link '!/tmp'
  default_dependencies false
  conflicts 'umount.target'
  before %w( local-fs.target umount.target )
  mount do
    what 'tmpfs'
    where '/tmp'
    type 'tmpfs'
    options 'mode=1777,strictatime,noexec,nosuid'
  end
end
Attribute Description Default
directory_mode see docs nil
kill_mode see docs nil
kill_signal see docs nil
options see docs nil
send_sighup see docs nil
send_sigkill see docs nil
sloppy_options see docs nil
timeout_sec see docs nil
type see docs nil
what see docs nil
where see docs nil

Also supports:

--

systemd_path

Unit which describes information about a path monitored by systemd for path-based activities. Documentation

Example usage (showing cups service activation when work is available):

systemd_path 'cups' do
  description 'CUPS Scheduler'
  install do
    wanted_by 'multi-user.target'
  end
  path do
    path_exists_glob '/var/spool/cups/d*'
  end
  action [:create, :enable, :start]
end

systemd_service 'cups' do
  description 'CUPS Scheduler'
  after 'network.target'
  install do
    wanted_by 'printer.target'
    also %w( cups.socket cups.path )
  end
  service do
    type 'notify'
    exec_start '/usr/sbin/cupsd -l'
  end
end
Attribute Description Default
directory_mode see docs nil
directory_not_empty see docs nil
make_directory see docs nil
path_changed see docs nil
path_exists see docs nil
path_exists_glob see docs nil
path_modified see docs nil
unit see docs nil

Also supports:

--

systemd_service

Unit which describes information about a process controlled and supervised by systemd. Documentation.

While there is some overlap with the service resource in Chef-core, this resource is more narrowly focused on service unit config/management on systemd-based platforms, whereas the Chef-core service resource works across multiple service-management frameworks.

As such, while it is possible to perform lifecycle management of services on systemd platforms using the systemd_service resource, the systemd cookbook authors do not recommend doing so. Instead, it is recommended to pair systemd_service instances with platform-agnostic service resources, as demonstrated below.

Example usage:

cookbook_file '/etc/init/httpd.conf' do
  source 'httpd.conf'
  only_if { ::File.executable?('/sbin/initctl') } # Upstart
end

systemd_service 'httpd' do
  description 'Apache HTTP Server'
  after %w( network.target remote-fs.target nss-lookup.target )
  install do
    wanted_by 'multi-user.target'
  end
  service do
    environment 'LANG' => 'C'
    exec_start '/usr/sbin/httpd $OPTIONS -DFOREGROUND'
    exec_reload '/usr/sbin/httpd $OPTIONS -k graceful'
    kill_signal 'SIGWINCH'
    kill_mode 'mixed'
    private_tmp true
  end
  only_if { ::File.open('/proc/1/comm').gets.chomp == 'systemd' } # systemd
end

service 'httpd' do
  action [:enable, :start]
end
Attribute Description Default
bus_name see docs nil
bus_policy see docs nil
exec_reload see docs nil
exec_start see docs nil
exec_start_post see docs nil
exec_start_pre see docs nil
exec_stop see docs nil
exec_stop_post see docs nil
failure_action see docs nil
file_descriptor_store_max see docs nil
guess_main_pid see docs nil
non_blocking see docs nil
notify_access see docs nil
permissions_start_only see docs nil
pid_file see docs nil
reboot_argument see docs nil
remain_after_exit see docs nil
restart see docs nil
restart_force_exit_status see docs nil
restart_prevent_exit_status see docs nil
restart_sec see docs nil
root_directory_start_only see docs nil
sockets see docs nil
start_limit_action see docs nil
start_limit_burst see docs nil
start_limit_interval see docs nil
success_exit_status see docs nil
timeout_sec see docs nil
timeout_start_sec see docs nil
timeout_stop_sec see docs nil
type see docs nil
watchdog_sec see docs nil

Also supports:

--

systemd_slice

Unit which describes a "slice" of the system; useful for managing resources for of a group of processes. Documentation

This resource has no specific options.

Example usage:

systemd_slice 'user' do
  description 'User and Session Slice'
  documentation 'man:systemd.special(7)'
  before 'slices.target'
end

Also supports:

--

systemd_socket

Unit which describes an IPC, network socket, or file-system FIFO controlled and supervised by systemd for socket-based service activation. Documentation

Example usage:

# Set up OpenSSH Server socket-activation
systemd_socket 'sshd' do
  description 'OpenSSH Server Socket'
  documentation 'man:sshd(8) man:sshd_config(5)'
  conflicts 'sshd.service'
  install do
    wanted_by 'sockets.target'
  end
  socket do
    listen_stream 22
    accept true
  end
  action [:create, :enable, :start]
end

# No need to enable/start the service, the socket-activation will
systemd_service 'sshd' do
  description 'OpenSSH Server Daemon'
  documentation 'man:sshd(8) man:sshd_config(5)'
  after %w( network.target sshd-keygen.service )
  wants %w( sshd-keygen.service )
  service do
    environment_file '/etc/sysconfig/sshd'
    exec_start '/usr/sbin/sshd -D $OPTIONS'
    exec_reload '/bin/kill -HUP $MAINPID'
    kill_mode 'process'
    restart 'on-failure'
    restart_sec '42s'
  end
  install do
    wanted_by 'multi-user.target'
  end
end
Attribute Description Default
accept see docs nil
backlog see docs nil
bind_i_pv6_only see docs nil
bind_to_device see docs nil
broadcast see docs nil
defer_accept_sec see docs nil
directory_mode see docs nil
exec_start_post see docs nil
exec_start_pre see docs nil
exec_stop_post see docs nil
exec_stop_pre see docs nil
free_bind see docs nil
iptos see docs nil
ipttl see docs nil
keep_alive see docs nil
keep_alive_interval_sec see docs nil
keep_alive_probes see docs nil
keep_alive_time_sec see docs nil
listen_datagram see docs nil
listen_fifo see docs nil
listen_message_queue see docs nil
listen_netlink see docs nil
listen_sequential_packet see docs nil
listen_special see docs nil
listen_stream see docs nil
mark see docs nil
max_connections see docs nil
message_queue_max_messages see docs nil
message_queue_message_size see docs nil
no_delay see docs nil
pass_credentials see docs nil
pass_security see docs nil
pipe_size see docs nil
priority see docs nil
receive_buffer see docs nil
remove_on_stop see docs nil
reuse_port see docs nil
se_linux_context_from_net see docs nil
send_buffer see docs nil
service see docs nil
smack_label see docs nil
smack_label_ip_in see docs nil
smack_label_ip_out see docs nil
socket_group see docs nil
socket_mode see docs nil
socket_user see docs nil
symlinks see docs nil
tcp_congestion see docs nil
timeout_sec see docs nil
transparent see docs nil

Also supports:

--

systemd_swap

Unit which describes a swap device or file for memory paging. Documentation

Example usage:

systemd_swap 'dev-vdb' do
  install do
    wanted_by 'swap.target'
  end
  swap do
    what '/dev/vdb'
  end
end
Attribute Description Default
options see docs nil
priority see docs nil
timeout_sec see docs nil
what see docs nil

Also supports:

--

systemd_target

Unit which describes a systemd target, used for grouping units and synchronization points during system start-up. Documentation

This unit has no specific options.

Example usage:

systemd_target 'plague' do
  description 'Never fear, I is here.'
  documentation 'man:systemd.special(7)'
end

Also supports:

--

systemd_timer

Unit which describes a timer managed by systemd, for timer-based unit activation (typically a service of the same name). Documentation

Example usage:

# Given this example service
systemd_service 'mlocate-updatedb' do
  description 'Update a database for mlocate'
  service do
    type 'oneshot'
    exec_start '/usr/libexec/mlocate-run-updatedb'
    nice 19
    io_scheduling_class 2
    io_scheduling_priority 7
    private_tmp true
    private_devices true
    private_network true
    protect_system true
  end
end

# Set up a corresponding timer unit
systemd_timer 'mlocate-updatedb' do
  description 'Updates mlocate database every day'
  install do
    wanted_by 'timers.target'
  end
  timer do
    on_calendar 'daily'
    accuracy_sec '24h'
    persistent true
  end
  action [:create, :enable, :start]
end
Attribute Description Default
accuracy_sec see docs nil
on_active_sec see docs nil
on_boot_sec see docs nil
on_calendar see docs nil
on_startup_sec see docs nil
on_unit_active_sec see docs nil
on_unit_inactive_sec see docs nil
persistent see docs nil
unit see docs nil
wake_system see docs nil

Also supports:

Daemon Resources

Resources for managing configuration of common systemd daemons.

All daemon resources support the following actions:

Action Description
:create render the configuration file
:delete delete the configuration file

systemd_journald

Resource for configuring systemd-journald

Example use:

systemd_journald 'forward-to-syslog' do
  forward_to_syslog true
end
Attribute Description Default
storage see docs nil
compress see docs nil
seal see docs nil
split_mode see docs nil
rate_limit_interval see docs nil
rate_limit_burst see docs nil
system_max_use see docs nil
system_max_files see docs nil
system_keep_free see docs nil
system_max_file_size see docs nil
runtime_max_use see docs nil
runtime_max_files see docs nil
runtime_keep_free see docs nil
runtime_max_file_size see docs nil
max_file_sec see docs nil
max_retention_sec see docs nil
sync_interval_sec see docs nil
forward_to_syslog see docs nil
forward_to_k_msg see docs nil
forward_to_console see docs nil
forward_to_wall see docs nil
max_level_store see docs nil
max_level_syslog see docs nil
max_level_k_msg see docs nil
max_level_console see docs nil
max_level_wall see docs nil
tty_path see docs nil

Also supports:

--

systemd_logind

Resource for configuring systemd-logind

Example use:

systemd_logind 'power-down-when-idle' do
  idle_action 'hibernate'
  idle_action_sec 3_600
end
Attribute Description Default
n_auto_v_ts see docs nil
reserve_vt see docs nil
kill_user_processes see docs nil
kill_only_users see docs nil
kill_exclude_users see docs nil
idle_action see docs nil
idle_action_sec see docs nil
inhibit_delay_max_sec see docs nil
handle_power_key see docs nil
handle_suspend_key see docs nil
handle_hibernate_key see docs nil
handle_lid_switch see docs nil
handle_lid_switch_docked see docs nil
power_key_ignore_inhibited see docs nil
suspend_key_ignore_inhibited see docs nil
hibernate_key_ignore_inhibited see docs nil
lid_switch_ignore_inhibited see docs nil
holdoff_timeout_sec see docs nil
runtime_directory_size see docs nil
remove_ipc see docs nil

Also supports:

--

systemd_resolved

Resource for configuring systemd-resolved

Attribute Description Default
dns see docs nil
fallback_dns see docs nil
llmnr see docs nil

Example usage:

systemd_resolved 'enable-llmnr' do
  llmnr true
end

Also supports:

--

systemd_timesyncd

Resource for configuring systemd-timesyncd

Example usage:

systemd_timesyncd 'my-resolver' do
  ntp %w( 1.2.3.4 2.3.4.5 )
  fallback_ntp %w( 8.8.8.8 8.8.4.4 )
end
Attribute Description Default
ntp see docs nil
fallback_ntp see docs nil

Also supports:

Utility Resources

Resources for configuring common systemd utilities.

All utility resources support the following actions:

Action Description
:create render the configuration file
:delete delete the configuration file

systemd_bootchart

Resource for configuring systemd-bootchart

Example usage:

systemd_bootchart 'include-cgroup-info' do
  control_group true
end
Attribute Description Default
samples see docs nil
frequency see docs nil
relative see docs nil
filter see docs nil
output see docs nil
init see docs nil
plot_memory_usage see docs nil
plot_entropy_graph see docs nil
scale_x see docs nil
scale_y see docs nil
control_group see docs nil

Also supports:

--

systemd_coredump

Resource for configuring systemd-coredump

Example usage:

systemd_coredump 'compress-coredumps' do
  compress true
end
Attribute Description Default
storage see docs nil
compress see docs nil
process_size_max see docs nil
external_size_max see docs nil
journal_size_max see docs nil
max_use see docs nil
keep_free see docs nil

Also supports:

--

systemd_sleep

Resource for configuring systemd-sleep

Example usage:

systemd_sleep 'freeze-suspend' do
  suspend_state 'freeze'
end
Attribute Description Default
suspend_mode see docs nil
hibernate_mode see docs nil
hybrid_sleep_mode see docs nil
suspend_state see docs nil
hibernate_state see docs nil
hybrid_sleep_state see docs nil

Also supports:

systemd_run

Resource for running (optionally) resource-constrained transient units with systemd-run. Think of it like an "execute" resource with cgroups.

Example usage:

systemd_run 'sshd-2222.service' do
  command ''/usr/sbin/sshd -D -o Port=2222'
  cpu_shares 1_024
  nice 19
  service_type 'simple'
  kill_mode 'mixed'
end
Attribute Description
unit name of transient unit
command the command to run
service_type same as service unit Type directive
setenv Hash of env vars
timer_property Hash of timer properties
delegate see docs
cpu_accounting see docs
cpu_quota see docs
cpu_shares see docs
block_io_accounting see docs
block_io_weight see docs
block_io_read_bandwidth see docs
block_io_write_bandwidth see docs
block_io_device_weight see docs
memory_accounting see docs
memory_limit see docs
device_policy see docs
device_allow see docs
tasks_accounting see docs
tasks_max see docs
user see docs
group see docs
syslog_identifier see docs
syslog_facility see docs
syslog_level see docs
nice see docs
tty_path see docs
working_directory see docs
root_directory see docs
standard_input see docs
standard_output see docs
standard_error see docs
ignore_sigpipe see docs
ttyv_hangup see docs
tty_reset see docs
private_tmp see docs
private_devices see docs
private_network see docs
no_new_privileges see docs
syslog_level_prefix see docs
utmp_identifier see docs
utmp_mode see docs
pam_name see docs
environment see docs
environment_file see docs
timer_slack_n_sec see docs
oom_score_adjust see docs
pass_environment see docs
read_write_directories see docs
read_only_directories see docs
inaccessible_directories see docs
protect_system see docs
protect_home see docs
runtime_directory see docs
limit_cpu see docs
limit_fsize see docs
limit_data see docs
limit_stack see docs
limit_core see docs
limit_rss see docs
limit_nofile see docs
limit_as see docs
limit_nproc see docs
limit_memlock see docs
limit_locks see docs
limit_sigpending see docs
limit_msgqueue see docs
limit_nice see docs
limit_rtprio see docs
limit_rttime see docs
kill_mode see docs
kill_signal see docs
send_sigkill see docs
what see docs
type see docs
options see docs
exec_start see docs
on_active_sec see docs
on_boot_sec see docs
on_startup_sec see docs
on_unit_active_sec see docs
on_unit_inactive_sec see docs
on_calendar see docs
accuracy_sec see docs
wake_system see docs
remain_after_elapse see docs
random_sec see docs
default_dependencies see docs
requires see docs
requires_overridable see docs
requisite see docs
requisite_overridable see docs
wants see docs
binds_to see docs
part_of see docs
conflicts see docs
before see docs
after see docs
on_failure see docs
propagates_reload_to see docs
reload_propagated_from see docs
description see docs
slice see docs
uid see docs
gid see docs
host see docs
machine see docs
scope see docs
remain_after_exit see docs
send_sighup see docs
no_block see docs
on_active see docs
on_boot see docs
on_startup see docs
on_unit_active see docs
on_unit_inactive see docs

Miscellaneous Resources

systemd_system

Resource for configuring systemd system service manager:

systemd_system supports the following actions:

Action Description
:create render the configuration file to disk
:delete delete the configuration file

Example usage:

systemd_system 'reboot-on-crash' do
  crash_reboot true
end
Attribute Description Default
log_level see docs nil
log_target see docs nil
log_color see docs nil
log_location see docs nil
dump_core see docs nil
crash_shell see docs nil
crash_reboot see docs nil
show_status see docs nil
crash_ch_vt see docs nil
crash_change_vt see docs nil
default_standard_output see docs nil
default_standard_error see docs nil
cpu_affinity see docs nil
join_controllers see docs nil
runtime_watchdog_sec see docs nil
shutdown_watchdog_sec see docs nil
capability_bounding_set see docs nil
system_call_architectures see docs nil
timer_slack_n_sec see docs nil
default_timer_accuracy_sec see docs nil
default_timeout_start_sec see docs nil
default_timeout_stop_sec see docs nil
default_restart_sec see docs nil
default_start_limit_interval see docs nil
default_start_limit_burst see docs nil
default_environment see docs nil
default_cpu_accounting see docs nil
default_block_io_accounting see docs nil
default_tasks_accounting see docs nil
default_memory_accounting see docs nil
default_limit_cpu see docs nil
default_limit_fsize see docs nil
default_limit_data see docs nil
default_limit_stack see docs nil
default_limit_core see docs nil
default_limit_rss see docs nil
default_limit_nofile see docs nil
default_limit_as see docs nil
default_limit_nproc see docs nil
default_limit_memlock see docs nil
default_limit_locks see docs nil
default_limit_sigpending see docs nil
default_limit_msgqueue see docs nil
default_limit_nice see docs nil
default_limit_rtprio see docs nil
default_limit_rttime see docs nil

Also supports:

--

systemd_user

Supports same options as the systemd_system resource.

--

systemd_binfmt

Resource for managing binfmt_misc files (configure binary formats for executables at boot)

systemd_binfmt supports the following actions:

Action Description
:create render the configuration file to disk
:delete delete the configuration file

Example usage:

systemd_binfmt 'DOSWin' do
  magic 'MZ'
  interpreter '/usr/bin/wine'
end
Attribute Description Default
name see docs nil
type see docs M
offset see docs nil
magic see docs nil
mask see docs nil
interpreter see docs nil
flags see docs nil

--

systemd_modules

Resource for managing modules

systemd_modules supports the following actions:

Action Description
:create render the configuration file to disk
:delete delete the configuration file
:load load the module via modprobe
:unload remove the module via modprobe -r

Example usage:

systemd_modules 'die-beep-die' do
  blacklist true
  modules %w( pcspkr )
  action [:create, :unload]
end

systemd_modules 'zlib' do
  modules %w( zlib )
  action [:create, :load]
end
Attribute Description Default
blacklist boolean, controls whether to blacklist or load false
modules Array, list of modules to act on []

--

systemd_networkd_link

Resource for managing network devices

systemd_networkd_link supports the following actions:

Action Description
:create render the configuration file to disk
:delete delete the configuration file

Example usage:

systemd_networkd_link 'wireless' do
  match do
    match_mac_addr '12:34:56:78:9a:bc'
    driver 'brcmsmac'
    path 'pci-0000:02:00.0-*'
    type 'wlan'
    virtualization false
    host 'my-laptop'
    architecture 'x86-64'
  end
  link do
    name 'wireless0'
    mtu_bytes 1_450
    bits_per_second '10M'
    wake_on_lan 'magic'
    link_mac_addr 'cb:a9:87:65:43:21'
  end
end
Attribute Description Default
original_name see docs nil
path see docs nil
driver see docs nil
type see docs nil
host see docs nil
virtualization see docs nil
kernel_command_line see docs nil
architecture see docs nil
description see docs nil
mac_address_policy see docs nil
name_policy see docs nil
name see docs nil
mtu_bytes see docs nil
bits_per_second see docs nil
duplex see docs nil
wake_on_lan see docs nil
match_mac_addr MacAddr setting for match section nil
link_mac_addr MacAddr setting for link section nil
link_alias Alias setting for link section nil

--

systemd_sysctl

Resource for managing sysctls with systemd-sysctl

systemd_sysctl supports the following actions:

Action Description
:create render the configuration file to disk
:delete delete the configuration file
:apply apply the sysctl setting

Example usage:

systemd_sysctl 'vm.swappiness' do
  value 10
  action [:create, :apply] # next boot, immediately
end
Attribute Description Default
name resource name is sysctl name resource name
value sysctl value nil

--

systemd_sysuser

Resource for managing system users with systemd-sysusers

systemd_sysuser supports the following actions:

Action Description
:create render the configuration file to disk
:delete delete the configuration file

Example usage:

systemd_sysuser '_testuser' do
  id 65_530
  gecos 'my test user'
  home '/var/lib/test'
end
Attribute Description Default
name resource name is username resource name
type see docs u
id see docs nil
gecos see docs -
home see docs -

--

systemd_tmpfile

Resource for managing tmp files with systemd-tmpfiles

systemd_tmpfile supports the following actions:

Action Description
:create render the configuration file to disk
:delete delete the configuration file

Example usage:

systemd_tmpfile 'my-app' do
  path '/tmp/my-app'
  age '10d'
  type 'f'
end
Attribute Description Default
path see docs nil
mode see docs -
uid see docs -
gid see docs -
age see docs -
argument see docs -
type see docs f

--

systemd_udev_rules

Resource for managing udev rules files

systemd_udev_rules supports the following actions:

Action Description
:create render the configuration file to disk
:delete delete the configuration file
:disable disables a udev rule

Example usage:

# hide docker's loopback devices from udisks, and thus from user desktops
systemd_udev_rules 'udev-test' do
  rules [
    [
      {
        'key' => 'SUBSYSTEM',
        'operator' => '==',
        'value' => 'block'
      },
      {
        'key' => 'ENV{DM_NAME}',
        'operator' => '==',
        'value' => 'docker-*'
      },
      {
        'key' => 'ENV{UDISKS_PRESENTATION_HIDE}',
        'operator' => '=',
        'value' => 1
      },
      {
        'key' => 'ENV{UDISKS_IGNORE}',
        'operator' => '=',
        'value' => 1
      }
    ],
    [
      {
        'key' => 'SUBSYSTEM',
        'operator' => '==',
        'value' => 'block'
      },
      {
        'key' => 'DEVPATH',
        'operator' => '==',
        'value' => '/devices/virtual/block/loop*'
      },
      {
        'key' => 'ATTR{loop/backing_file}',
        'operator' => '==',
        'value' => '/var/lib/docker/*'
      },
      {
        'key' => 'ENV{UDISKS_PRESENTATION_HIDE}',
        'operator' => '=',
        'value' => 1
      },
      {
        'key' => 'ENV{UDISKS_IGNORE}',
        'operator' => '=',
        'value' => 1
      }
    ]
  ]
  action [:create]
end
Attribute Description Default
rules array of arrays of hashes (see docs & example below) []

Common Resource Attributes

Organization

special no-op attributes that yield a block for the purpose of being able to group attributes of a resource similar to their rendered grouping.

Attribute Description Default
install no-op block yielder nil
$unit_type no-op block yielder nil

By way of explanation:

systemd_automount 'vagrant-home' do
  description 'Test Automount'
  install do
    wanted_by 'local-fs.target'
  end
  automount do
    where '/home/vagrant'
  end
end

is the same as...

systemd_automount 'vagrant-home' do
  description 'Test Automount'
  wanted_by 'local-fs.target'
  where '/home/vagrant'
end

--

Exec

Execution environment configuration. Documentation

Attribute Description Default
app_armor_profile see docs nil
capabilities see docs nil
capability_bounding_set see docs nil
cpu_affinity see docs nil
cpu_scheduling_policy see docs nil
cpu_scheduling_priority see docs nil
cpu_scheduling_reset_on_fork see docs nil
environment see docs nil
environment_file see docs nil
group see docs nil
ignore_sigpipe see docs nil
inaccessible_directories see docs nil
io_scheduling_class see docs nil
io_scheduling_priority see docs nil
limit_as see docs nil
limit_core see docs nil
limit_cpu see docs nil
limit_data see docs nil
limit_fsize see docs nil
limit_locks see docs nil
limit_memlock see docs nil
limit_msgqueue see docs nil
limit_nice see docs nil
limit_nofile see docs nil
limit_nproc see docs nil
limit_rss see docs nil
limit_rtprio see docs nil
limit_rttime see docs nil
limit_sigpending see docs nil
limit_stack see docs nil
mount_flags see docs nil
nice see docs nil
no_new_privileges see docs nil
oom_score_adjust see docs nil
pam_name see docs nil
personality see docs nil
private_devices see docs nil
private_network see docs nil
private_tmp see docs nil
protect_home see docs nil
protect_system see docs nil
read_only_directories see docs nil
read_write_directories see docs nil
restrict_address_families see docs nil
root_directory see docs nil
runtime_directory see docs nil
runtime_directory_mode see docs nil
se_linux_context see docs nil
secure_bits see docs nil
smack_process_label see docs nil
standard_error see docs nil
standard_input see docs nil
standard_output see docs nil
supplementary_groups see docs nil
syslog_facility see docs nil
syslog_identifier see docs nil
syslog_level see docs nil
syslog_level_prefix see docs nil
system_call_architectures see docs nil
system_call_error_number see docs nil
system_call_filter see docs nil
timer_slack_n_sec see docs nil
tty_path see docs nil
tty_reset see docs nil
ttyv_hangup see docs nil
ttyvt_disallocate see docs nil
u_mask see docs nil
user see docs nil
utmp_identifier see docs nil
working_directory see docs nil

--

Kill

Process killing procedure configuration. Documentation

Attribute Description Default
kill_mode see docs nil
kill_signal see docs nil
send_sighup see docs nil
send_sigkill see docs nil

--

Resource Control

Resource control unit settings. Documentation

Attribute Description Default
block_io_accounting see docs nil
block_io_device_weight see docs nil
block_io_read_bandwidth see docs nil
block_io_weight see docs nil
block_io_write_bandwidth see docs nil
cpu_accounting see docs nil
cpu_quota see docs nil
cpu_shares see docs nil
delegate see docs nil
device_allow see docs nil
device_policy see docs nil
memory_accounting see docs nil
memory_limit see docs nil
tasks_accounting see docs nil
tasks_limit see docs nil
slice see docs nil
net_class see docs nil
startup_block_io_weight see docs nil
startup_cpu_shares see docs nil

--

Unit

Common configuration options of all the unit types. Documentation

Attribute Description Default
after see docs nil
allow_isolate see docs nil
assert_ac_power see docs nil
assert_architecture see docs nil
assert_capability see docs nil
assert_directory_not_empty see docs nil
assert_file_is_executable see docs nil
assert_file_not_empty see docs nil
assert_first_boot see docs nil
assert_host see docs nil
assert_kernel_command_line see docs nil
assert_needs_update see docs nil
assert_path_exists see docs nil
assert_path_exists_glob see docs nil
assert_path_is_directory see docs nil
assert_path_is_mount_point see docs nil
assert_path_is_read_write see docs nil
assert_path_is_symbolic_link see docs nil
assert_security see docs nil
assert_virtualization see docs nil
auto_reload whether to execute daemon-reload on unit change true
before see docs nil
binds_to see docs nil
condition_ac_power see docs nil
condition_architecture see docs nil
condition_capability see docs nil
condition_directory_not_empty see docs nil
condition_file_is_executable see docs nil
condition_file_not_empty see docs nil
condition_first_boot see docs nil
condition_host see docs nil
condition_kernel_command_line see docs nil
condition_needs_update see docs nil
condition_path_exists see docs nil
condition_path_exists_glob see docs nil
condition_path_is_directory see docs nil
condition_path_is_mount_point see docs nil
condition_path_is_read_write see docs nil
condition_path_is_symbolic_link see docs nil
condition_security see docs nil
condition_virtualization see docs nil
conflicts see docs nil
default_dependencies see docs nil
description see docs nil
documentation see docs nil
ignore_on_isolate see docs nil
ignore_on_snapshot see docs nil
job_timeout_action see docs nil
job_timeout_reboot_argument see docs nil
job_timeout_sec see docs nil
joins_namespace_of see docs nil
mode systemd mode, either :user or :system :system
on_failure see docs nil
on_failure_job_mode see docs nil
part_of see docs nil
propagates_reload_to see docs nil
refuse_manual_start see docs nil
refuse_manual_stop see docs nil
reload_propagated_from see docs nil
requires see docs nil
requires_mounts_for see docs nil
requires_overridable see docs nil
requisite see docs nil
requisite_overridable see docs nil
source_path see docs nil
stop_when_unneeded see docs nil
wants see docs nil

--

Install

Carries installation information for units. Used exclusively by enable/disable commands of systemctl. Documentation

Attribute Description Default
aliases array of aliases []
also see docs nil
default_instance see docs nil
required_by see docs nil
wanted_by see docs nil

--

Drop-In

Cookbook-specific attributes that activate and control drop-in mode for units.

Attribute Description Default
drop_in boolean which sets if resource is a drop-in unit true for daemons & utils; false for units
override which unit to target, prefix only. suffix determined by parent resource unit type (e.g. "ssh" on a systemd_service -> "ssh.service" as target unit) nil
overrides drop-in unit options that require a reset (e.g. "ExecStart" -> "ExecStart=" at top of section) []

--

About

resource-driven chef cookbook for managing linux systems via systemd

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Ruby 100.0%