Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Jan. 1, 2014, 1:41 a.m., Matt Jordan wrote: /trunk/contrib/asterisk.service, lines 11-14 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line11 Similarly to the ExecStopPost, it'd be nice - if not necessary - to have a pre-start script that checks the file descriptor/core file limits and set them to the system max/unlimited. Checking them seems like a poor choice. Asterisk should just use what it have. The unit file should require resources, if necessary. On Jan. 1, 2014, 1:41 a.m., Matt Jordan wrote: /trunk/contrib/asterisk.service, line 18 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line18 I think this patch should consider providing a basic stop post script that does what safe_asterisk performs with respect to core files at the very least. One of the most widely used and useful features is safe_asterisk's management of core files in the event of an Asterisk crash; it'd be nice to have that here as well. Added a script, but did not install it. I took the actions safe_asterisk does. I'm not really happy with the result (though it is usable as an example). - Tzafrir --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10499 --- On Dec. 24, 2013, 4:49 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 4:49 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Jan. 1, 2014, 4:43 p.m., George Joseph wrote: /trunk/contrib/asterisk.service, line 20 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line20 I use the following which mimic some of the safe_asterisk settings... Nice=0 UMask=0002 LimitCORE=infinity LimitNOFILE=4096 Restart=always RestartSec=4 jcollie wrote: I don't think that these are appropriate for the default service file. If you look at the Fedora service file, they are included as comments and can be enabled as needed by the administrator. of those, Restart = always seems like a good idea. I think it is a sane default. I also reduce RestartSec to 1 (in case Asterisk exists due to e.g. a bad module in the modules directory). I set the working directory to the varlibdir (normally: /var/lib/asterisk) and thus enable core files (-g) - Asterisk explicitly disables them in the code, which is odd. I still don't touch the limits by default. - Tzafrir --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10503 --- On Feb. 10, 2014, 5:16 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Feb. 10, 2014, 5:16 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/scripts/live_ast 407855 /trunk/contrib/scripts/asterisk_cleanup PRE-CREATION /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 407855 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Feb. 10, 2014, 5:16 p.m.) Review request for Asterisk Developers. Changes --- I realised that the main reason I needed a wrapper script was for running a different instance of Asterisk with live_ast. This requires editing a number of pathes, which is sub-optimal. I ended up having live_ast provide its own systemd unit under live/asterisk-live.service . The user will need to copy that file to /etc/systemd/system if the user wants to add asterisk-live as a separate service (stop asterisk, start asterisk-live). I set the working directory to /var/lib/asterisk . As the working directory is writable, there is no reason to actively disable core files and thus adding -g to the command line looks like a good idea. I also added example cleanup script that should do the same job as the cleanup code in safe_asterisk (though it does not report failures). I decided that /var/spool/asterisk/cores is a good storage for core files. This script is an example only and is not installed by default. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs (updated) - /trunk/contrib/scripts/live_ast 407855 /trunk/contrib/scripts/asterisk_cleanup PRE-CREATION /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 407855 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10846 --- /trunk/contrib/asterisk.service https://reviewboard.asterisk.org/r/3062/#comment20439 If -n is not used, the journal considers the line as [181B blob data] (at least with the version of systemd in Debian Wheezy). Should we default to -n? Any better alteernative? - Tzafrir Cohen On Feb. 10, 2014, 5:16 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Feb. 10, 2014, 5:16 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/scripts/live_ast 407855 /trunk/contrib/scripts/asterisk_cleanup PRE-CREATION /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 407855 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10847 --- /trunk/contrib/asterisk.service https://reviewboard.asterisk.org/r/3062/#comment20440 Even setting this to 1 seems pointless (the default is 100ms). If you want to test it, you can use the following wrapper to asterisk: #!/bin/sh # if you put here 'sleep 1' instead of 'sleep 2', systemd will only restart # asterisk twice or so and then give up. (sleep 2; killall -9 asterisk) exec /usr/sbin/asterisk $@ - Tzafrir Cohen On Feb. 10, 2014, 5:16 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Feb. 10, 2014, 5:16 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/scripts/live_ast 407855 /trunk/contrib/scripts/asterisk_cleanup PRE-CREATION /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 407855 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Thu, Jan 02, 2014 at 01:31:26AM +0200, Oron Peled wrote: On Wednesday 01 January 2014 10:23:01 Tzafrir Cohen wrote: I looked into running Asterisk as non-root. But I can't find a way to get systemd to generate /var/run/asterisk as a writable directory to the service. I think systemd canonical answer to this is systemd-tmpfiles(8) and tmpfiles.d(5). I don't remember at which systemd version they were introduced... Not for this case. Asterisk uses the AST_RUN_DIR (/var/run/asterisk or whatever) for: * asterisk.pid * alt.asterisk.canary.tweet.tweet.tweet * asterisk.ctl alt.asterisk.canary.tweet.tweet.tweet is intended for communicating with a subprocess of asterisk, and thus can reside in aprivate directory. The pid file (if anyone else relies on it) and asterisk.ctl (the socket used by asterisk -rx) are published. asterisk -r is a different instance of asterisk. It's still a surprise for me, as generating a private run directory seems like a relatively common case. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Wed, Jan 01, 2014 at 05:16:42PM -0700, George Joseph wrote: On Wed, Jan 1, 2014 at 4:31 PM, Oron Peled oron.pe...@xorcom.com wrote: On Wednesday 01 January 2014 10:23:01 Tzafrir Cohen wrote: I looked into running Asterisk as non-root. But I can't find a way to get systemd to generate /var/run/asterisk as a writable directory to the service. I think systemd canonical answer to this is systemd-tmpfiles(8) and tmpfiles.d(5). I don't remember at which systemd version they were introduced... I forget when but it's as simple as creating /etc/tmpfiles.d/asterisk.conf with one line in it... d /run/asterisk 0755 asterisk asterisk OK. Ignore my other reply there. I misunderstood tmpfiles, I guess. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Jan. 1, 2014, 1:41 a.m., Matt Jordan wrote: /trunk/contrib/asterisk.service, line 12 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line12 Looking at how safe_asterisk spawns Asterisk, I'm not sure specifying an explicit run user is appropriate here. There's no guarantee that there's a user named Asterisk on the system. Tzafrir Cohen wrote: Two answers here: 1. I guess that the stock systemd answer would be: run asterisk as the user asterisk. That way, the username and/or group name could be overiden in /etc/systemd/system/asterisk.service. I remember we have some good reasons to let Asterisk drop privileges on its own. But let's try to reconsider them? 2. So, maybe we should have asterisk_wrapper (any better name?) that will * Test for the requirements (perhaps as a subcommand for a Pre script?) * Set up system-dependent setting * Start asterisk a single time. * Handle failures. I also considered this previously because safe_asterisk makes it very simple to override the asterisk binary to a local live_ast copy by dropping a single file in /etc/asterisk/startup.d (with a single line that may, or may not, be remmed-out). Tzafrir Cohen wrote: I looked into running Asterisk as non-root. But I can't find a way to get systemd to generate /var/run/asterisk as a writable directory to the service. It can be done by a Pre script. But the Pre script has to be configured with the username. So I think that a single wrapper script is the best option. As others pointed out, this can be handled by tmpfiles. BTW: safe_asterisk still creates the AST_RUN_DIR, which is, by now, pointless. So, what other things asterisk needs root for? * Setting a high scheduling priority * prctl(PR_SET_KEEPCAPS, 1 - Tzafrir --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10499 --- On Dec. 24, 2013, 4:49 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 4:49 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10506 --- I'm not sure this belongs in Asterisk itself, personally. In any case, Fedora has had a systemd unit for Asterisk for quite some time. For reference, you can view it here: http://pkgs.fedoraproject.org/cgit/asterisk.git/tree/asterisk.service - Russell Bryant On Dec. 24, 2013, 4:49 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 4:49 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Jan. 1, 2014, 4:43 p.m., George Joseph wrote: /trunk/contrib/asterisk.service, line 20 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line20 I use the following which mimic some of the safe_asterisk settings... Nice=0 UMask=0002 LimitCORE=infinity LimitNOFILE=4096 Restart=always RestartSec=4 I don't think that these are appropriate for the default service file. If you look at the Fedora service file, they are included as comments and can be enabled as needed by the administrator. - jcollie --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10503 --- On Dec. 24, 2013, 4:49 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 4:49 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Jan. 2, 2014, 2:42 p.m., Russell Bryant wrote: I'm not sure this belongs in Asterisk itself, personally. In any case, Fedora has had a systemd unit for Asterisk for quite some time. For reference, you can view it here: http://pkgs.fedoraproject.org/cgit/asterisk.git/tree/asterisk.service Actually, having the service file upstream makes a lot of sense so that all the distributions that use systemd can benefit, as long as we don't end up with a separate service file for each distribution in the upstream sources. - jcollie --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10506 --- On Dec. 24, 2013, 4:49 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 4:49 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Jan. 1, 2014, 1:41 a.m., Matt Jordan wrote: /trunk/Makefile, lines 786-787 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49946#file49946line786 Would explicitly specifying /lib/ run afoul of the lib64 problem? Would it be better to specify $(libdir) instead? AFAIK it's /lib even on systems that use lib64. Also note that $(libdir) would probably become /usr/lib/arch-triplet on recent Debian and Ubuntu. On Jan. 1, 2014, 1:41 a.m., Matt Jordan wrote: /trunk/contrib/asterisk.service, lines 1-7 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line1 Should we specify PIDFile= here? Something like: PIDFile=${ASTVARRUNDIR}/asterisk.pid Although I imagine we would want the installation of the systemd service to do something along the lines of safe_asterisk, where ASTVARRUNDIR is replaced with the actual value of the run directory. I think that the whole point here is to not rely on a PID file. BTW: is anybody using Asterisk to directly start other programs that should out-live Asterisk? In this case, they should be removed of the cgroup, or revert to using the PID file (see the unit of sshd). On Jan. 1, 2014, 1:41 a.m., Matt Jordan wrote: /trunk/contrib/asterisk.service, line 12 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line12 Looking at how safe_asterisk spawns Asterisk, I'm not sure specifying an explicit run user is appropriate here. There's no guarantee that there's a user named Asterisk on the system. Two answers here: 1. I guess that the stock systemd answer would be: run asterisk as the user asterisk. That way, the username and/or group name could be overiden in /etc/systemd/system/asterisk.service. I remember we have some good reasons to let Asterisk drop privileges on its own. But let's try to reconsider them? 2. So, maybe we should have asterisk_wrapper (any better name?) that will * Test for the requirements (perhaps as a subcommand for a Pre script?) * Set up system-dependent setting * Start asterisk a single time. * Handle failures. I also considered this previously because safe_asterisk makes it very simple to override the asterisk binary to a local live_ast copy by dropping a single file in /etc/asterisk/startup.d (with a single line that may, or may not, be remmed-out). - Tzafrir --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10499 --- On Dec. 24, 2013, 4:49 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 4:49 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Jan. 1, 2014, 1:41 a.m., Matt Jordan wrote: /trunk/contrib/asterisk.service, lines 1-7 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line1 Should we specify PIDFile= here? Something like: PIDFile=${ASTVARRUNDIR}/asterisk.pid Although I imagine we would want the installation of the systemd service to do something along the lines of safe_asterisk, where ASTVARRUNDIR is replaced with the actual value of the run directory. Tzafrir Cohen wrote: I think that the whole point here is to not rely on a PID file. BTW: is anybody using Asterisk to directly start other programs that should out-live Asterisk? In this case, they should be removed of the cgroup, or revert to using the PID file (see the unit of sshd). The above is an answer to the wrong question. PIDFile is used by systemd to identify the main pid when the service is a forking one. But I used 'asterisk -f' to avoid having a forking service. So no, I don't think PIDFile is needed here. On Jan. 1, 2014, 1:41 a.m., Matt Jordan wrote: /trunk/contrib/asterisk.service, line 12 https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line12 Looking at how safe_asterisk spawns Asterisk, I'm not sure specifying an explicit run user is appropriate here. There's no guarantee that there's a user named Asterisk on the system. Tzafrir Cohen wrote: Two answers here: 1. I guess that the stock systemd answer would be: run asterisk as the user asterisk. That way, the username and/or group name could be overiden in /etc/systemd/system/asterisk.service. I remember we have some good reasons to let Asterisk drop privileges on its own. But let's try to reconsider them? 2. So, maybe we should have asterisk_wrapper (any better name?) that will * Test for the requirements (perhaps as a subcommand for a Pre script?) * Set up system-dependent setting * Start asterisk a single time. * Handle failures. I also considered this previously because safe_asterisk makes it very simple to override the asterisk binary to a local live_ast copy by dropping a single file in /etc/asterisk/startup.d (with a single line that may, or may not, be remmed-out). I looked into running Asterisk as non-root. But I can't find a way to get systemd to generate /var/run/asterisk as a writable directory to the service. It can be done by a Pre script. But the Pre script has to be configured with the username. So I think that a single wrapper script is the best option. - Tzafrir --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10499 --- On Dec. 24, 2013, 4:49 p.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 4:49 p.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10503 --- /trunk/contrib/asterisk.service https://reviewboard.asterisk.org/r/3062/#comment19965 I think network-online.target would be better. It should actually delay startup until the network is actually running. network.target doesn't. /trunk/contrib/asterisk.service https://reviewboard.asterisk.org/r/3062/#comment19966 I use the following which mimic some of the safe_asterisk settings... Nice=0 UMask=0002 LimitCORE=infinity LimitNOFILE=4096 Restart=always RestartSec=4 - George Joseph On Dec. 24, 2013, 9:49 a.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 9:49 a.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Jan. 1, 2014, 9:43 a.m., George Joseph wrote: One other thing to consider... Unless /etc/asterisk is the working directory (which it shouldn't be), the LUA_PATH is going to need to be set or asterisk won't resolve lua script locations correctly. I handle this like so... EnvironmentFile=/etc/asterisk/asterisk.env WorkingDirectory=/var/lib/asterisk ExecStart=/usr/sbin/asterisk -U asterisk -G asterisk -C /etc/asterisk/asterisk.conf where asterisk.env contains... LUA_PATH=?;?.lua;/etc/asterisk/?;/etc/asterisk/?.lua - George --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10503 --- On Dec. 24, 2013, 9:49 a.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 9:49 a.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Wednesday 01 January 2014 10:23:01 Tzafrir Cohen wrote: I looked into running Asterisk as non-root. But I can't find a way to get systemd to generate /var/run/asterisk as a writable directory to the service. I think systemd canonical answer to this is systemd-tmpfiles(8) and tmpfiles.d(5). I don't remember at which systemd version they were introduced... -- Oron Peled Voice: +972-4-8228492 o...@actcom.co.il http://users.actcom.co.il/~oron write your own operating system. It has worked every time for me -- Linus Thorvalds -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
On Wed, Jan 1, 2014 at 4:31 PM, Oron Peled oron.pe...@xorcom.com wrote: On Wednesday 01 January 2014 10:23:01 Tzafrir Cohen wrote: I looked into running Asterisk as non-root. But I can't find a way to get systemd to generate /var/run/asterisk as a writable directory to the service. I think systemd canonical answer to this is systemd-tmpfiles(8) and tmpfiles.d(5). I don't remember at which systemd version they were introduced... I forget when but it's as simple as creating /etc/tmpfiles.d/asterisk.conf with one line in it... d /run/asterisk 0755 asterisk asterisk -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10499 --- /trunk/Makefile https://reviewboard.asterisk.org/r/3062/#comment19952 Would explicitly specifying /lib/ run afoul of the lib64 problem? Would it be better to specify $(libdir) instead? /trunk/contrib/asterisk.service https://reviewboard.asterisk.org/r/3062/#comment19953 Should we specify PIDFile= here? Something like: PIDFile=${ASTVARRUNDIR}/asterisk.pid Although I imagine we would want the installation of the systemd service to do something along the lines of safe_asterisk, where ASTVARRUNDIR is replaced with the actual value of the run directory. /trunk/contrib/asterisk.service https://reviewboard.asterisk.org/r/3062/#comment19956 Similarly to the ExecStopPost, it'd be nice - if not necessary - to have a pre-start script that checks the file descriptor/core file limits and set them to the system max/unlimited. /trunk/contrib/asterisk.service https://reviewboard.asterisk.org/r/3062/#comment19954 Looking at how safe_asterisk spawns Asterisk, I'm not sure specifying an explicit run user is appropriate here. There's no guarantee that there's a user named Asterisk on the system. /trunk/contrib/asterisk.service https://reviewboard.asterisk.org/r/3062/#comment19955 I think this patch should consider providing a basic stop post script that does what safe_asterisk performs with respect to core files at the very least. One of the most widely used and useful features is safe_asterisk's management of core files in the event of an Asterisk crash; it'd be nice to have that here as well. - Matt Jordan On Dec. 24, 2013, 10:49 a.m., Tzafrir Cohen wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 10:49 a.m.) Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] [Code Review] 3062: a systemd service
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- (Updated Dec. 24, 2013, 4:49 p.m.) Review request for Asterisk Developers. Changes --- Now the unit itself is included. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs (updated) - /trunk/contrib/asterisk.service PRE-CREATION /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
[asterisk-dev] [Code Review] 3062: a systemd service
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/ --- Review request for Asterisk Developers. Repository: Asterisk Description --- Installs a systemd service file for Asterisk. Systeemd is the new one daemon to rule them all for Linux: http://www.freedesktop.org/wiki/Software/systemd/ On systems without systemd this should be just a harmless (though maybe annoying) text file. This is aimed at replacing safe_asterisk with a more reliable main loop. It almost does that. Is still fails to handle failures, as it seems that systemd's ExecPostStop command does not get the exist status of the stopped command. Diffs - /trunk/Makefile 404563 Diff: https://reviewboard.asterisk.org/r/3062/diff/ Testing --- Thanks, Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev