openstack/ansible-role-systemd_service
Code Issues Proposed changes
f3d18ca244
ansible-role-systemd_service/defaults/main.yml
Kevin Carter c93accc06d
Set private sandbox options to false by default 
The private sandbox options are emitting odd behaviour in newer kernels.
This change sets the sandbox options to false by default so that we're
not creating unexpected issues.

Change-Id: I670ae94525f80e70f03327591cba0e27c2ac0f2b
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-08-14 15:22:39 -05:00

144 lines
5.6 KiB
YAML
Raw Blame History

---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
systemd_user_name: root
systemd_group_name: root
systemd_slice_name: system
# Restart services when a change occurs
systemd_service_restart_changed: yes
# This is the prefix used for all temp files of a given type.
systemd_tempd_prefix: tempd
# Give a reasonable amount of time for the server to start up/shut down
systemd_TimeoutSec: 120
systemd_Restart: on-failure
systemd_RestartSec: 2
# Accounting options
systemd_CPUAccounting: true
systemd_BlockIOAccounting: true
systemd_MemoryAccounting: true
systemd_TasksAccounting: true
# Sandboxing options
systemd_PrivateTmp: false
systemd_PrivateDevices: false
systemd_PrivateNetwork: false
systemd_PrivateUsers: false
# Start service after a given target. This is here because we want to define common
# after targets used on most services. This can be overridden or agumented using
# the "systemd_services" dictionary option "config_overrides".
systemd_after_targets:
- syslog.target
- network.target
# List of documentation information that will be presented in the unit. This
# option is a list of documentation items which can be local or online.
# Usage: https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Documentation=
systemd_unit_docs: []
# Set the service enabled state. Valid options are: [yes, no]
systemd_service_enabled: yes
# Set global service overrides used within the service unit file.
systemd_service_config_overrides: {}
# Systemd service type. Options include simple, forking, oneshot, etc.
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=
systemd_default_service_type: simple
# The systemd services dictionary is a set of services that will be created. The dictionary
# can contain the following options:
# `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.
# `service_type` -- (optional) Set the service type, default is "simple".
# `execstarts` -- (required) Set the program to start, when the service is simple the list has a max length of 1.
# `execstops` -- (optional) Set the program to stop, when the service is simple the list has a max length of 1.
# `config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.
# `program_sandboxing` -- (optional) Case sensitive Key=Value pairs for service Sandboxing
# `program_accounting` -- (optional) Case sensitive Key=Value pairs for service Accounting
# `enabled` -- (optional) Set the enabled state of the service.
# `state` -- (optional) Set the running state of the service.
# Under the service dictionary the "timer" key can be added which will enable a given service
# as a timer (Legacy cron job).
# `options` -- (optional) This allows any section or key=value pair to be set within the systemd timer file.
# `cron_minute` -- (optional) This allows for "on calendar configuration" (AKA CRON) for the minute segment.
# `cron_hour` -- (optional) This allows for "on calendar configuration" (AKA CRON) for the hour segment.
# `cron_day` -- (optional) This allows for "on calendar configuration" (AKA CRON) for the day segment.
# `cron_weekday` -- (optional) This allows for "on calendar configuration" (AKA CRON) for the weekday segment.
# `cron_month` -- (optional) This allows for "on calendar configuration" (AKA CRON) for the month segment.
# Examples:
# systemd_services:
# - service_name: ServiceW
# config_overrides: {} # This is used to add in arbitratry unit file options
# execstarts:
# - ServiceW
#
# - service_name: ServiceX
# config_overrides: {} # This is used to add in arbitratry unit file options
# execstarts:
# - ServiceX
# program_sandboxing:
# PrivateTmp: true
# program_accounting:
# CPUAccounting: true
#
# - service_name: ServiceY
# config_overrides: {} # This is used to add in arbitratry unit file options
# execstarts:
# - '/usr/bin/ServiceY'
# execstarts:
# - '/usr/bin/stopcmd'
# restart_changed: no
#
# - service_name: ServiceZ
# config_overrides: {} # This is used to add in arbitratry unit file options
# enabled: no
# state: stopped
# service_type: oneshot
# execstarts:
# - /usr/bin/startcmd1
# - /usr/bin/startcmd2
# execstops
# - /usr/bin/stopcmd1
# - /usr/bin/stopcmd2
#
# - service_name: TimerServiceW
# config_overrides: {} # This is used to add in arbitratry unit file options
# execstarts:
# - '/usr/bin/ServiceY'
# restart_changed: no
# timer:
# state: "started"
# options:
# OnBootSec: 30min
# OnUnitActiveSec: 1h
# Persistent: true
#
# - service_name: TimerServiceX
# config_overrides: {} # This is used to add in arbitratry unit file options
# execstarts:
# - '/usr/bin/ServiceY'
# restart_changed: no
# timer:
# state: "started"
# cron_minute: 30
# cron_hour: 1
systemd_services: []
View Git Blame Copy Permalink