Merge pull request #1805 from nickanderson/CFE-3381/master

nickanderson · web-flow · commit e59b7d49f927 · 2020-07-16T13:18:53.000-05:00
CFE-3381/master: Moved systemd service management to own bundle
diff --git a/lib/services.cf b/lib/services.cf
@@ -76,7 +76,20 @@ body service_method standard_services
         service_bundle => default:standard_services( $(this.promiser), $(this.service_policy) );
 }
 
-##
+body service_method systemd_services
+# @brief systemd service method
+#
+# **Example:**
+#
+# ```cf3
+# services:
+#     "ssh"
+#       service_policy => "enabled",
+#       service_method => systemd_services;
+# ```
+{
+        service_bundle => default:systemd_services( $(this.promiser), $(this.service_policy) );
+}
 
 bundle agent standard_services(service,state)
 # @brief Standard services bundle, used by CFEngine by default
@@ -94,7 +107,7 @@ bundle agent standard_services(service,state)
 # This bundle receives the service name and the desired service state,
 # then does the needful to reach the desired state.
 #
-# If you're running systemd, systemctl will be used.
+# If you're running systemd, systemctl will be used via `systemd_services`.
 #
 # Else, if chkconfig is present, it will be used.
 #
@@ -118,10 +131,16 @@ bundle agent standard_services(service,state)
 # methods:
 #     "" usebundle => standard_services("sshd", "start"); # direct
 # ```
+#
+# Alternatively, since services promises are an abstraction around bundles, the service state can be promised via a methods type promise.
+#
+# ```cf3
+#
+# methods:
+#     "SSHD should be running" usebundle => standard_services("sshd", "start");
+# ```
 {
   vars:
-      "call_systemctl" string => "$(paths.systemctl) --no-ask-password --global --system";
-      "systemd_properties" string => "-pLoadState,CanStop,UnitFileState,ActiveState,LoadState,CanStart,CanReload";
       "c_service" string => canonify("$(service)");
 
     freebsd::
@@ -140,9 +159,6 @@ bundle agent standard_services(service,state)
       "chkconfig_mode" string => "off";
       "svcadm_mode" string => "disable";
 
-    systemd::
-      "systemd_service_info" slist => string_split(execresult("$(call_systemctl) $(systemd_properties) show $(service)", "noshell"), "\n", "10");
-
   classes:
       # define a class named after the desired state
       "$(state)" expression => "any";
@@ -179,86 +195,7 @@ bundle agent standard_services(service,state)
                     service is not registered it must be added.  Note we do not
                     automatically try to add the service at this time.";
 
-### BEGIN ###
-# @brief probe the state of a systemd service
-# @author Bryan Burke
-#
-# A collection of classes to determine the capabilities of a given systemd
-# service, then start, stop, etc. the service. Also supports a custom action
-# for anything not supported
-#
-    systemd::
-      "service_enabled" expression => reglist(@(systemd_service_info), "UnitFileState=enabled");
-      "service_enabled" -> { "CFE-2923" }
-        expression => returnszero( "$(call_systemctl) is-enabled $(service) > /dev/null 2>&1", useshell);
-      "service_active" -> { "CFE-3238" }
-        expression => reglist(@(systemd_service_info), "ActiveState=(active|activating)");
-      "service_loaded"  expression => reglist(@(systemd_service_info), "LoadState=loaded");
-      "service_notfound" expression => reglist(@(systemd_service_info), "LoadState=not-found");
-
-      "can_stop_service"   expression => reglist(@(systemd_service_info), "CanStop=yes");
-      "can_start_service"  expression => reglist(@(systemd_service_info), "CanStart=yes");
-      "can_reload_service" expression => reglist(@(systemd_service_info), "CanReload=yes");
-
-      "request_start"    expression => strcmp("start", "$(state)");
-      "request_stop"     expression => strcmp("stop", "$(state)");
-      "request_reload"   expression => strcmp("reload", "$(state)");
-      "request_restart"  expression => strcmp("restart", "$(state)");
-      "request_disable"  expression => strcmp("disable", "$(state)");
-      "request_disabled" expression => strcmp("disabled", "$(state)");
-      "request_enable"   expression => strcmp("enable", "$(state)");
-      "request_enabled"  expression => strcmp("enabled", "$(state)");
-      "request_active"   expression => strcmp("active", "$(state)");
-      "request_inactive" expression => strcmp("inactive", "$(state)");
-
-      "action_custom"  expression => "!(request_start|request_stop|request_reload|request_restart|request_disable|request_disabled|request_enable|request_enabled|request_active|request_inactive)";
-      "action_start"   expression => "(request_start|request_active).!service_active.can_start_service";
-      "action_stop"    expression => "(request_stop|request_inactive).service_active.can_stop_service";
-      "action_reload"  expression => "request_reload.service_active.can_reload_service";
-      "action_restart"         or => {
-                                      "request_restart",
-
-                                      # Possibly undesirable... if a reload is
-                                      # requested, and the service "can't" be
-                                      # reloaded, then we restart it instead.
-                                      "request_reload.!can_reload_service.service_active",
-                                     };
-
-      # Starting a service implicitly enables it
-      "action_enable"  expression => "(request_start|request_enable|request_enabled).!service_enabled";
-
-      # Respectively, stopping it implicitly disables it
-      "action_disable" expression => "(request_disable|request_disabled|request_stop).service_enabled";
-
   commands:
-    systemd.service_loaded:: # note this class is defined in `inventory/linux.cf`
-      # conveniently, systemd states map to `services` states, except
-      # for `enable`
-
-      "$(call_systemctl) -q start $(service)"
-        ifvarclass => "action_start";
-
-      "$(call_systemctl) -q stop $(service)"
-        ifvarclass => "action_stop";
-
-      "$(call_systemctl) -q reload $(service)"
-        ifvarclass => "action_reload";
-
-      "$(call_systemctl) -q restart $(service)"
-        ifvarclass => "action_restart";
-
-      "$(call_systemctl) -q enable $(service)"
-        ifvarclass => "action_enable";
-
-      "$(call_systemctl) -q disable $(service)"
-        ifvarclass => "action_disable";
-
-      # Custom action for any of the non-standard systemd actions such a
-      # status, try-restart, isolate, et al.
-      "$(call_systemctl) $(state) $(service)"
-        ifvarclass => "action_custom";
-
-### END systemd section ###
 
     chkconfig.stop.onboot::
       # Only chkconfig disable if it's currently set to start on boot
@@ -322,6 +259,10 @@ bundle agent standard_services(service,state)
     fallback::
       "classic" usebundle => classic_services($(service), $(state));
 
+    systemd::
+      "systemd"
+        usebundle => systemd_services( $(service), $(state) );
+
   reports:
     verbose_mode.systemd::
       "$(this.bundle): using systemd layer to $(state) $(service)";
@@ -340,8 +281,134 @@ bundle agent standard_services(service,state)
     verbose_mode.fallback::
       "$(this.bundle): falling back to classic_services to $(state) $(service)";
 
-    systemd.service_notfound.(start|restart|reload).(inform_mode|verbose_mode)::
-        "$(this.bundle): Could not find service: $(service)";
+}
+
+bundle agent systemd_services(service,state)
+# @brief Manage systemd service state
+# @author Bryan Burke
+# @param service specific service to control
+# @param state The desired state for that service: "active", "inactive", "restart", "reload", "enabled", "disabled", "start", and "stop" are specifically understood states. Any other custom state will be passed through to systemctl.
+#
+# **State descriptions:**
+#
+# * active - Service should be running, no promise about state on boot made.
+# * inactive - Service should not be running, no promise about state on boot made.
+# * restart - Service should be restarted, no promise about state on boot made.
+# * reload - Service should be reloaded, no promise about state on boot made.
+# * enabled - Service should be enabled, no promise about state on boot made.
+# * disabled - Service should be reloaded, no promise about state on boot made.
+# * start - Service should be running, service should be started on boot (active + enabled).
+# * stop - Service should not be running, service should not be started on boot (inactive + disabled).
+#
+# **Example:**
+#
+# ```cf3
+# services:
+#     # Uses `standard_services`, dynamic decision about init subsystem
+#     "sshd"
+#       service_policy => "enabled";
+#
+#     # Explicitly use `systemd_services`
+#     "sshd"
+#       service_policy => "running",
+#       service_policy => "systemd_services";
+# ```
+#
+# Alternatively, since services promises are an abstraction around bundles, the service state can be promised via a methods type promise.
+#
+# ```cf3
+#
+# methods:
+#     "SSHD should be running" usebundle => systemd_services("sshd", "enabled");
+# ```
+{
+  vars:
+    systemd::
+      "call_systemctl"
+        string => "$(paths.systemctl) --no-ask-password --global --system";
+
+      "systemd_properties"
+        string => "-pLoadState,CanStop,UnitFileState,ActiveState,LoadState,CanStart,CanReload";
+
+      "systemd_service_info"
+        slist => string_split(execresult("$(call_systemctl) $(systemd_properties) show $(service)",
+                                         "noshell"), "\n", "10");
+
+  classes:
+    systemd::
+      "service_enabled" expression => reglist(@(systemd_service_info), "UnitFileState=enabled");
+      "service_enabled" -> { "CFE-2923" }
+        expression => returnszero( "$(call_systemctl) is-enabled $(service) > /dev/null 2>&1", useshell);
+      "service_active" -> { "CFE-3238" }
+        expression => reglist(@(systemd_service_info), "ActiveState=(active|activating)");
+      "service_loaded"  expression => reglist(@(systemd_service_info), "LoadState=loaded");
+      "service_notfound" expression => reglist(@(systemd_service_info), "LoadState=not-found");
+
+      "can_stop_service"   expression => reglist(@(systemd_service_info), "CanStop=yes");
+      "can_start_service"  expression => reglist(@(systemd_service_info), "CanStart=yes");
+      "can_reload_service" expression => reglist(@(systemd_service_info), "CanReload=yes");
+
+      "request_start"    expression => strcmp("start", "$(state)");
+      "request_stop"     expression => strcmp("stop", "$(state)");
+      "request_reload"   expression => strcmp("reload", "$(state)");
+      "request_restart"  expression => strcmp("restart", "$(state)");
+      "request_disable"  expression => strcmp("disable", "$(state)");
+      "request_disabled" expression => strcmp("disabled", "$(state)");
+      "request_enable"   expression => strcmp("enable", "$(state)");
+      "request_enabled"  expression => strcmp("enabled", "$(state)");
+      "request_active"   expression => strcmp("active", "$(state)");
+      "request_inactive" expression => strcmp("inactive", "$(state)");
+
+      "action_custom"  expression => "!(request_start|request_stop|request_reload|request_restart|request_disable|request_disabled|request_enable|request_enabled|request_active|request_inactive)";
+      "action_start"   expression => "(request_start|request_active).!service_active.can_start_service";
+      "action_stop"    expression => "(request_stop|request_inactive).service_active.can_stop_service";
+      "action_reload"  expression => "request_reload.service_active.can_reload_service";
+      "action_restart"         or => {
+                                      "request_restart",
+
+                                      # Possibly undesirable... if a reload is
+                                      # requested, and the service "can't" be
+                                      # reloaded, then we restart it instead.
+                                      "request_reload.!can_reload_service.service_active",
+                                     };
+
+      # Starting a service implicitly enables it
+      "action_enable"  expression => "(request_start|request_enable|request_enabled).!service_enabled";
+
+      # Respectively, stopping it implicitly disables it
+      "action_disable" expression => "(request_disable|request_disabled|request_stop).service_enabled";
+
+  commands:
+    systemd.service_loaded:: # note this class is defined in `inventory/linux.cf`
+      # conveniently, systemd states map to `services` states, except
+      # for `enable`
+
+      "$(call_systemctl) -q start $(service)"
+        ifvarclass => "action_start";
+
+      "$(call_systemctl) -q stop $(service)"
+        ifvarclass => "action_stop";
+
+      "$(call_systemctl) -q reload $(service)"
+        ifvarclass => "action_reload";
+
+      "$(call_systemctl) -q restart $(service)"
+        ifvarclass => "action_restart";
+
+      "$(call_systemctl) -q enable $(service)"
+        ifvarclass => "action_enable";
+
+      "$(call_systemctl) -q disable $(service)"
+        ifvarclass => "action_disable";
+
+      # Custom action for any of the non-standard systemd actions such a
+      # status, try-restart, isolate, et al.
+      "$(call_systemctl) $(state) $(service)"
+        ifvarclass => "action_custom";
+
+  reports:
+    systemd.service_notfound.(inform_mode|verbose_mode)::
+      "$(this.bundle): Could not find service: $(service)";
 }
 
 bundle agent classic_services(service,state)
