[Pki-devel] Progress on systemd on f-16

Hey guys, So - with Rich's help - I'm made a lot of progress getting dogtag to come up under systemd. I've pretty much got it working - and now just need to confirm with knoxy that this is the way we want to do it - and then package it up. Here is the basic setup: /lib/systemd/system/pki-cad.target -- is the native systemd init file for pki-cad used to manage all instances -- will not change -- to be delivered by pki-ca -- file attached /lib/systemd/system/pki-cad@.service -- is a template file for each individual instance -- systemd will substitute the relevant instance name for each %i when invoked -- will not change -- delivered by pki-ca -- file attached /etc/systemd/system/pki-cad.target.wants -- directory created by pki-ca rpm install -- contains symlinks that will be created for each instance that is created by pkicreate. For example, if pkicreate is used to create an instance pki-ca, then the following symbolic link needs to be created by pkicreate under the /etc/systemd/system/pki-cad.target.wants directory -- ln -s /lib/systemd/system/pki-cad@.service pki-cad(a)pki-ca.service Thats it! With the above setup, we can do the following: systemctl start pki-cad(a)pki-ca.service (or stop, restart, status) -- for an individual instance systemctl start pki-cad.target (or stop, restart, status) -- for all instances in a single command ****************************************************** The new files are attached and the devil is in the details. Basically, I modified the tomcat systemd files proposed by the systemd guys in https://bugzilla.redhat.com/show_bug.cgi?id=719283 and substituted my own config file to read environment variables. (/etc/sysconfig/pki/ca/pki-ca.systemd). This file - which cannot be like a bash script like environment file because systemd does not use bash to parse the file as noted here -- http://patrakov.blogspot.com/2011/01/writing-systemd-service-files.html also will need to be created by pkicreate when the instance is created. Right now, the file contains all the parameters that were set in the registry before -- some may no longer be necessary - plus some parameters that would have been set in the system V tomcat6 init script. This is the part that needs co-ordination with knoxy - as I am unsure how he plans to change his scripts to do the systemd stuff. The other part that has not even been addressed here at all yet is selinux. Right now all this is working in permissive mode - and the resulting java process is unconfined_java_t. I suspect I may need to add an intermediate script to runcon to the correct context. And we may need to consider how to get back all that useful information we used to report in service pki-cad status. My guess is this can go in that intermediate script. ******************************************** Anyways, I'll be out for a couple days - so I'll pick this up when I get back. Ade