Moved systemd service management to own bundle

nickanderson · nickanderson · commit 92bc19d72b5f · 2020-07-15T17:26:39.000-05:00
This change moves the systemd service management promises to their own bundle. There should be no change in behavior as using standard_services when systemd is present will still result in the use of the same promises. This change makes it easier to maintain the policy as it is logically separate and allows explicit management of systemd services. Ticket: CFE-3381 Changelog: Title
diff --git a/lib/services.cf b/lib/services.cf
@@ -76,7 +76,20 @@ body service_method standard_services
         service_bundle => default:standard_services( $(this.promiser), $(this.service_policy) );
 }
 
-##
+body service_method systemd_services
+# @brief systemd service method
+#
+# **Example:**
+#
+# ```cf3
+# services:
+#     "ssh"
+#       service_policy => "enabled",
+#       service_method => systemd_services;
+# ```
+{
+        service_bundle => default:systemd_services( $(this.promiser), $(this.service_policy) );
+}
 
 bundle agent standard_services(service,state)
 # @brief Standard services bundle, used by CFEngine by default
@@ -94,7 +107,7 @@ bundle agent standard_services(service,state)
 # This bundle receives the service name and the desired service state,
 # then does the needful to reach the desired state.
 #
-# If you're running systemd, systemctl will be used.
+# If you're running systemd, systemctl will be used via `systemd_services`.
 #
 # Else, if chkconfig is present, it will be used.
 #
@@ -118,10 +131,16 @@ bundle agent standard_services(service,state)
 # methods:
 #     "" usebundle => standard_services("sshd", "start"); # direct
 # ```
+#
+# Alternatively, since services promises are an abstraction around bundles, the service state can be promised via a methods type promise.
+#
+# ```cf3
+#
+# methods:
+#     "SSHD should be running" usebundle => standard_services("sshd", "start");
+# ```
 {
   vars:
-      "call_systemctl" string => "$(paths.systemctl) --no-ask-password --global --system";
-      "systemd_properties" string => "-pLoadState,CanStop,UnitFileState,ActiveState,LoadState,CanStart,CanReload";
       "c_service" string => canonify("$(service)");
 
     freebsd::
@@ -140,9 +159,6 @@ bundle agent standard_services(service,state)
       "chkconfig_mode" string => "off";
       "svcadm_mode" string => "disable";
 
-    systemd::
-      "systemd_service_info" slist => string_split(execresult("$(call_systemctl) $(systemd_properties) show $(service)", "noshell"), "\n", "10");
-
   classes:
       # define a class named after the desired state
       "$(state)" expression => "any";
@@ -179,86 +195,7 @@ bundle agent standard_services(service,state)
                     service is not registered it must be added.  Note we do not
                     automatically try to add the service at this time.";
 
-### BEGIN ###
-# @brief probe the state of a systemd service
-# @author Bryan Burke
-#
-# A collection of classes to determine the capabilities of a given systemd
-# service, then start, stop, etc. the service. Also supports a custom action
-# for anything not supported
-#
-    systemd::
-      "service_enabled" expression => reglist(@(systemd_service_info), "UnitFileState=enabled");
-      "service_enabled" -> { "CFE-2923" }
-        expression => returnszero( "$(call_systemctl) is-enabled $(service) > /dev/null 2>&1", useshell);
-      "service_active" -> { "CFE-3238" }
-        expression => reglist(@(systemd_service_info), "ActiveState=(active|activating)");
-      "service_loaded"  expression => reglist(@(systemd_service_info), "LoadState=loaded");
-      "service_notfound" expression => reglist(@(systemd_service_info), "LoadState=not-found");
-
-      "can_stop_service"   expression => reglist(@(systemd_service_info), "CanStop=yes");
-      "can_start_service"  expression => reglist(@(systemd_service_info), "CanStart=yes");
-      "can_reload_service" expression => reglist(@(systemd_service_info), "CanReload=yes");
-
-      "request_start"    expression => strcmp("start", "$(state)");
-      "request_stop"     expression => strcmp("stop", "$(state)");
-      "request_reload"   expression => strcmp("reload", "$(state)");
-      "request_restart"  expression => strcmp("restart", "$(state)");
-      "request_disable"  expression => strcmp("disable", "$(state)");
-      "request_disabled" expression => strcmp("disabled", "$(state)");
-      "request_enable"   expression => strcmp("enable", "$(state)");
-      "request_enabled"  expression => strcmp("enabled", "$(state)");
-      "request_active"   expression => strcmp("active", "$(state)");
-      "request_inactive" expression => strcmp("inactive", "$(state)");
-
-      "action_custom"  expression => "!(request_start|request_stop|request_reload|request_restart|request_disable|request_disabled|request_enable|request_enabled|request_active|request_inactive)";
-      "action_start"   expression => "(request_start|request_active).!service_active.can_start_service";
-      "action_stop"    expression => "(request_stop|request_inactive).service_active.can_stop_service";
-      "action_reload"  expression => "request_reload.service_active.can_reload_service";
-      "action_restart"         or => {
-                                      "request_restart",
-
-                                      # Possibly undesirable... if a reload is
-                                      # requested, and the service "can't" be
-                                      # reloaded, then we restart it instead.
-                                      "request_reload.!can_reload_service.service_active",
-                                     };
-
-      # Starting a service implicitly enables it
-      "action_enable"  expression => "(request_start|request_enable|request_enabled).!service_enabled";
-
-      # Respectively, stopping it implicitly disables it
-      "action_disable" expression => "(request_disable|request_disabled|request_stop).service_enabled";
-
   commands:
-    systemd.service_loaded:: # note this class is defined in `inventory/linux.cf`
-      # conveniently, systemd states map to `services` states, except
-      # for `enable`
-
-      "$(call_systemctl) -q start $(service)"
-        ifvarclass => "action_start";
-
-      "$(call_systemctl) -q stop $(service)"
-        ifvarclass => "action_stop";
-
-      "$(call_systemctl) -q reload $(service)"
-        ifvarclass => "action_reload";
-
-      "$(call_systemctl) -q restart $(service)"
-        ifvarclass => "action_restart";
-
-      "$(call_systemctl) -q enable $(service)"
-        ifvarclass => "action_enable";
-
-      "$(call_systemctl) -q disable $(service)"
-        ifvarclass => "action_disable";
-
-      # Custom action for any of the non-standard systemd actions such a
-      # status, try-restart, isolate, et al.
-      "$(call_systemctl) $(state) $(service)"
-        ifvarclass => "action_custom";
-
-### END systemd section ###
 
     chkconfig.stop.onboot::
       # Only chkconfig disable if it's currently set to start on boot
@@ -322,6 +259,10 @@ bundle agent standard_services(service,state)
     fallback::
       "classic" usebundle => classic_services($(service), $(state));
 
+    systemd::
+      "systemd"
+        usebundle => systemd_services( $(service), $(state) );
+
   reports:
     verbose_mode.systemd::
       "$(this.bundle): using systemd layer to $(state) $(service)";
@@ -340,8 +281,134 @@ bundle agent standard_services(service,state)
     verbose_mode.fallback::
       "$(this.bundle): falling back to classic_services to $(state) $(service)";
 
-    systemd.service_notfound.(start|restart|reload).(inform_mode|verbose_mode)::
-        "$(this.bundle): Could not find service: $(service)";
+}
+
+bundle agent systemd_services(service,state)
+# @brief Manage systemd service state
+# @author Bryan Burke
+# @param service specific service to control
+# @param state The desired state for that service: "active", "inactive", "restart", "reload", "enabled", "disabled", "start", and "stop" are specifically understood states. Any other custom state will be passed through to systemctl.
+#
+# **State descriptions:**
+#
+# * active - Service should be running, no promise about state on boot made.
+# * inactive - Service should not be running, no promise about state on boot made.
+# * restart - Service should be restarted, no promise about state on boot made.
+# * reload - Service should be reloaded, no promise about state on boot made.
+# * enabled - Service should be enabled, no promise about state on boot made.
+# * disabled - Service should be reloaded, no promise about state on boot made.
+# * start - Service should be running, service should be started on boot (active + enabled).
+# * stop - Service should not be running, service should not be started on boot (inactive + disabled).
+#
+# **Example:**
+#
+# ```cf3
+# services:
+#     # Uses `standard_services`, dynamic decision about init subsystem
+#     "sshd"
+#       service_policy => "enabled";
+#
+#     # Explicitly use `systemd_services`
+#     "sshd"
+#       service_policy => "running",
+#       service_policy => "systemd_services";
+# ```
+#
+# Alternatively, since services promises are an abstraction around bundles, the service state can be promised via a methods type promise.
+#
+# ```cf3
+#
+# methods:
+#     "SSHD should be running" usebundle => systemd_services("sshd", "enabled");
+# ```
+{
+  vars:
+    systemd::
+      "call_systemctl"
+        string => "$(paths.systemctl) --no-ask-password --global --system";
+
+      "systemd_properties"
+        string => "-pLoadState,CanStop,UnitFileState,ActiveState,LoadState,CanStart,CanReload";
+
+      "systemd_service_info"
+        slist => string_split(execresult("$(call_systemctl) $(systemd_properties) show $(service)",
+                                         "noshell"), "\n", "10");
+
+  classes:
+    systemd::
+      "service_enabled" expression => reglist(@(systemd_service_info), "UnitFileState=enabled");
+      "service_enabled" -> { "CFE-2923" }
+        expression => returnszero( "$(call_systemctl) is-enabled $(service) > /dev/null 2>&1", useshell);
+      "service_active" -> { "CFE-3238" }
+        expression => reglist(@(systemd_service_info), "ActiveState=(active|activating)");
+      "service_loaded"  expression => reglist(@(systemd_service_info), "LoadState=loaded");
+      "service_notfound" expression => reglist(@(systemd_service_info), "LoadState=not-found");
+
+      "can_stop_service"   expression => reglist(@(systemd_service_info), "CanStop=yes");
+      "can_start_service"  expression => reglist(@(systemd_service_info), "CanStart=yes");
+      "can_reload_service" expression => reglist(@(systemd_service_info), "CanReload=yes");
+
+      "request_start"    expression => strcmp("start", "$(state)");
+      "request_stop"     expression => strcmp("stop", "$(state)");
+      "request_reload"   expression => strcmp("reload", "$(state)");
+      "request_restart"  expression => strcmp("restart", "$(state)");
+      "request_disable"  expression => strcmp("disable", "$(state)");
+      "request_disabled" expression => strcmp("disabled", "$(state)");
+      "request_enable"   expression => strcmp("enable", "$(state)");
+      "request_enabled"  expression => strcmp("enabled", "$(state)");
+      "request_active"   expression => strcmp("active", "$(state)");
+      "request_inactive" expression => strcmp("inactive", "$(state)");
+
+      "action_custom"  expression => "!(request_start|request_stop|request_reload|request_restart|request_disable|request_disabled|request_enable|request_enabled|request_active|request_inactive)";
+      "action_start"   expression => "(request_start|request_active).!service_active.can_start_service";
+      "action_stop"    expression => "(request_stop|request_inactive).service_active.can_stop_service";
+      "action_reload"  expression => "request_reload.service_active.can_reload_service";
+      "action_restart"         or => {
+                                      "request_restart",
+
+                                      # Possibly undesirable... if a reload is
+                                      # requested, and the service "can't" be
+                                      # reloaded, then we restart it instead.
+                                      "request_reload.!can_reload_service.service_active",
+                                     };
+
+      # Starting a service implicitly enables it
+      "action_enable"  expression => "(request_start|request_enable|request_enabled).!service_enabled";
+
+      # Respectively, stopping it implicitly disables it
+      "action_disable" expression => "(request_disable|request_disabled|request_stop).service_enabled";
+
+  commands:
+    systemd.service_loaded:: # note this class is defined in `inventory/linux.cf`
+      # conveniently, systemd states map to `services` states, except
+      # for `enable`
+
+      "$(call_systemctl) -q start $(service)"
+        ifvarclass => "action_start";
+
+      "$(call_systemctl) -q stop $(service)"
+        ifvarclass => "action_stop";
+
+      "$(call_systemctl) -q reload $(service)"
+        ifvarclass => "action_reload";
+
+      "$(call_systemctl) -q restart $(service)"
+        ifvarclass => "action_restart";
+
+      "$(call_systemctl) -q enable $(service)"
+        ifvarclass => "action_enable";
+
+      "$(call_systemctl) -q disable $(service)"
+        ifvarclass => "action_disable";
+
+      # Custom action for any of the non-standard systemd actions such a
+      # status, try-restart, isolate, et al.
+      "$(call_systemctl) $(state) $(service)"
+        ifvarclass => "action_custom";
+
+  reports:
+    systemd.service_notfound.(inform_mode|verbose_mode)::
+      "$(this.bundle): Could not find service: $(service)";
 }
 
 bundle agent classic_services(service,state)
