[gssproxy] Change daemon to Type=notify with systemd

This avoids the need for daemonization, pid files, etc and also provides nicer output from systemctl. The notify integration is already prepared to work with Type=notify-reload (which is a bit too recent to make the default at the moment, requires systemd 253+). With this patch applied: root@qtest1:~# systemctl status gssproxy ● gssproxy.service - GSSAPI Proxy Daemon Loaded: loaded (/lib/systemd/system/gssproxy.service; enabled; preset: enabled) Active: active (running) since Fri 2023-10-20 12:59:32 CEST; 4s ago Main PID: 58516 (gssproxy) Status: "Running, 1 service(s) configured" ... root@qtest1:~# ls -1 /etc/gssproxy/ 24-nfs-server.conf gssproxy.conf root@qtest1:~# vi /etc/gssproxy/50-nfs-client.conf root@qtest1:~# ls -1 /etc/gssproxy/ 24-nfs-server.conf 50-nfs-client.conf gssproxy.conf root@qtest1:~# systemctl reload gssproxy root@qtest1:~# systemctl status gssproxy ● gssproxy.service - GSSAPI Proxy Daemon Loaded: loaded (/lib/systemd/system/gssproxy.service; enabled; preset: enabled) Active: active (running) since Fri 2023-10-20 12:59:32 CEST; 1min 39s ago Process: 58576 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Main PID: 58516 (gssproxy) Status: "Running, 2 service(s) configured" ... Signed-off-by: David Härdeman <david@hardeman.nu>
gssapi · Oct 25, 2023 · 92e8787 · 92e8787
1 parent b700431
commit 92e8787
Show file tree

Hide file tree

Showing 7 changed files with 67 additions and 8 deletions.
diff --git a/contrib/gssproxy.spec.in b/contrib/gssproxy.spec.in
@@ -44,6 +44,7 @@ BuildRequires: libcap-devel
 BuildRequires: popt-devel
 BuildRequires: findutils
 BuildRequires: systemd-units
+BuildRequires: systemd-devel
 
 
 %description

diff --git a/src/gp_common.h b/src/gp_common.h
@@ -46,6 +46,16 @@
 /* max out at 1MB for now */
 #define MAX_RPC_SIZE 1024*1024
 
+#ifdef HAVE_SYSTEMD_DAEMON
+#include <systemd/sd-daemon.h>
+#else
+__inline__ int sd_notifyf(int unset_environment UNUSED, const char *format UNUSED, ...)
+{
+    return 0;
+}
+#endif
+
+uint64_t time_now_usec(void);
 bool gp_same(const char *a, const char *b);
 bool gp_boolean_is_true(const char *s);
 char *gp_getenv(const char *name);

diff --git a/src/gp_init.c b/src/gp_init.c
@@ -14,6 +14,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
+#include <inttypes.h>
 
 #ifdef HAVE_CAP
 
@@ -260,10 +261,19 @@ static void hup_handler(verto_ctx *vctx UNUSED, verto_ev *ev)
 
     gpctx = verto_get_private(ev);
 
+    sd_notifyf(0, "RELOADING=1\n"
+               "MONOTONIC_USEC=%" PRIu64 "\n"
+               "STATUS=Reloading configuration\n",
+               time_now_usec());
+
     GPDEBUG("Received SIGHUP; re-reading config.\n");
     new_config = read_config(gpctx->config_file, gpctx->config_dir,
                              gpctx->config_socket, gpctx->daemonize);
     if (!new_config) {
+        sd_notifyf(0, "READY=1\n"
+                   "STATUS=Running, %i service(s) configured"
+                   " (failed to re-read config)\n",
+                   gpctx->config->num_svcs);
         GPERROR("Error reading new configuration on SIGHUP; keeping old "
                 "configuration instead!\n");
         return;
@@ -281,12 +291,16 @@ static void hup_handler(verto_ctx *vctx UNUSED, verto_ev *ev)
 
     free_config(&old_config);
 
+    sd_notifyf(0, "READY=1\n"
+               "STATUS=Running, %i service(s) configured\n",
+               gpctx->config->num_svcs);
     GPDEBUG("New config loaded successfully.\n");
     return;
 }
 
 static void break_loop(verto_ctx *vctx, verto_ev *ev UNUSED)
 {
+    sd_notifyf(0, "STOPPING=1\nSTATUS=Signal received, stopping\n");
     GPDEBUG("Exiting after receiving a signal\n");
     verto_break(vctx);
 }
@@ -354,11 +368,14 @@ void init_event_loop(struct gssproxy_ctx *gpctx)
  * is done. */
 static void delayed_init(verto_ctx *vctx UNUSED, verto_ev *ev)
 {
-    struct gssproxy_ctx *gpctx;
+    struct gssproxy_ctx *gpctx = verto_get_private(ev);
+
+    sd_notifyf(0, "READY=1\n"
+	       "STATUS=Running, %i service(s) configured\n",
+	       gpctx->config->num_svcs);
 
     GPDEBUG("Initialization complete.\n");
 
-    gpctx = verto_get_private(ev);
     idle_handler(gpctx);
 }
 

diff --git a/src/gp_mgmt.c b/src/gp_mgmt.c
@@ -18,6 +18,9 @@ static void idle_terminate(verto_ctx *vctx, verto_ev *ev)
 {
     struct gssproxy_ctx *gpctx = verto_get_private(ev);
 
+    sd_notifyf(0, "STOPPING=1\nSTATUS=Idle for %ld seconds, stopping\n",
+               (long)gpctx->term_timeout/1000);
+
     GPDEBUG("Terminating, after idling for %ld seconds!\n",
             (long)gpctx->term_timeout/1000);
     verto_break(vctx);

diff --git a/src/gp_util.c b/src/gp_util.c
@@ -7,9 +7,38 @@
 #include <stdio.h>
 #include <errno.h>
 #include <unistd.h>
+#include <stdint.h>
+#include <time.h>
 
 #include "gp_common.h"
 
+#define USEC_INFINITY ((uint64_t)UINT64_MAX)
+#define NSEC_PER_USEC ((uint64_t)1000ULL)
+#define USEC_PER_SEC  ((uint64_t)1000000ULL)
+uint64_t time_now_usec(void)
+{
+    struct timespec ts;
+
+    if (clock_gettime(CLOCK_MONOTONIC, &ts) < 0) {
+        goto out;
+    }
+
+    if (ts.tv_sec < 0 || ts.tv_nsec < 0) {
+        goto out;
+    }
+
+    if ((uint64_t)ts.tv_sec >
+        (UINT64_MAX - (ts.tv_nsec / NSEC_PER_USEC)) / USEC_PER_SEC) {
+        goto out;
+    }
+
+    return (uint64_t)ts.tv_sec * USEC_PER_SEC +
+           (uint64_t)ts.tv_nsec / NSEC_PER_USEC;
+
+out:
+    return USEC_INFINITY;
+}
+
 bool gp_same(const char *a, const char *b)
 {
     if (a == b || (a && b && strcmp(a, b) == 0)) {

diff --git a/systemd/gssproxy.service.in b/systemd/gssproxy.service.in
@@ -7,11 +7,10 @@ Before=rpc-gssd.service
 [Service]
 StateDirectory=gssproxy/clients gssproxy/rcache
 Environment=KRB5RCACHEDIR=/var/lib/gssproxy/rcache
-ExecStart=@sbindir@/gssproxy -D
-# These two should be used with traditional UNIX forking daemons
-# consult systemd.service(5) for more details
-Type=forking
-PIDFile=/run/gssproxy.pid
+ExecStart=@sbindir@/gssproxy -i
+# This can be changed to notify-reload and ExecReload= can be removed once
+#   systemd 253 is common enough
+Type=notify
 ExecReload=/bin/kill -HUP $MAINPID
 
 ProtectSystem=full

diff --git a/systemd/gssuserproxy.service.in b/systemd/gssuserproxy.service.in
@@ -3,7 +3,7 @@ Description=GSS User Proxy
 Documentation=man:gssproxy(8)
 
 [Service]
-Type=exec
+Type=notify
 StandardError=journal
 ExecStart=@sbindir@/gssproxy -i -u
 Restart=on-failure