cookbook 'systemd', '= 2.1.3', :supermarket
systemd
(28) Versions
2.1.3
-
Follow19
chef cookbook for managing linux systems via systemd
cookbook 'systemd', '= 2.1.3'
knife cookbook site install systemd
knife cookbook site download systemd
Systemd Chef Cookbook
A resource-driven Chef cookbook for managing GNU/Linux systems via systemd.
<a name="toc">Table of Contents</a>
- Recommended Reading
- Usage Tips
- Attributes
- Recipes
- Resources
<a name="recommended-reading">Recommended Reading</a>
- This README
- Overview of systemd for RHEL 7
- systemd docs
- Lennart's blog series
- libraries in
libraries/*.rb - test cookbook in
test/fixtures/cookbooks/setup
<a name="usage-tips">Usage Tips</a>
Drop Ins
Systemd provides support for "drop-in" units that work really well for config- mgmt systems; rather than taking over an entire unit definition, you can apply custom configuration (e.g. resource limits) that will be merged into the vendor- provided unit. It's recommended to use these when modifying units installed via the package manager. See drop-in docs for more info.
Daemon Reloads
By default, changes to unit resources will be applied to the system immediately
via calls to systemctl daemon-reload. However, on systems with large numbers
of units, daemon-reload can be problematic. For users encountering
problems (hangs, slowness) with systemctl daemon-reload calls, this cookbook
allows users to disable daemon-reloads by setting the auto_reload attribute
to false.
In some cases, it may be possible to avoid daemon-reload entirely by using the
set_properties action. However, only a subset of unit properties are supported
by systemctl set-property, so, unfortunately, in some cases a daemon-reload
may be unavoidable. For these cases, it's possible run a daemon-reload once
at the end of a converge.
This cookbook provides the daemon_reload recipe to help with this. It removes
the need to have every resource send a notification, and triggers a reload at
the end of a converge if any auto_reload false units have been updated.
<a name="attributes">Attributes</a>
too many to describe in detail ;). in general, the attributes correspond to the related resource attributes.
<a name="recipes">Recipes</a>
- default: no-op recipe
<a name="daemon-recipes">Daemon Recipes</a>
- journald: configure, manage systemd-journald
- journal_gatewayd: configure, manage systemd-journal-gatewayd
- logind: configure, manage systemd-logind
- machined: manage systemd-machined service
- networkd: manage systemd-networkd service
- resolved: configure, manage systemd-resolved
- timesyncd: configure, manage systemd-timesyncd
- udevd: configure, manage systemd-udevd
<a name="utility-recipes">Utility Recipes</a>
- binfmt: manage systemd-binfmt one-shot boot-up unit
- bootchart: configure systemd-bootchart
- coredump: configure systemd-coredump
- hostname: configure, manage hostname with systemd-hostnamed
- locale: configure, manage locale with systemd-localed
- real_time_clock: configure system clock mode (UTC,local) with timedatectl
- sleep: configure system sleep, suspend, hibernate behavior with systemd-sleep
- sysctl: manage systemd-sysctl one-shot boot-up unit (apply sysctl at boot)
- system: configure systemd manager system-mode defaults
- sysusers: manage systemd-sysusers one-shot boot-up unit (set up system users at boot)
- timedated: manage systemd-timedated one-shot boot-up unit (set time/date at boot)
- timezone: configure, manage timezone with timedatectl
- user: configure systemd manager user-mode defaults
- vconsole: configure, manage virtual console font and keymap with systemd-vconsole
<a name="helper-recipes">Helper Recipes</a>
- daemon_reload: run delayed daemon-reload (for use with auto_reload false)
<a name="resources"></a>Resources
<a name="unit-resources"></a>Unit Resources
All unit resources support the following actions:
| Action | Description |
|---|---|
| :create | render unit configuration file from attributes |
| :delete | delete unit configuration file |
| :enable | enable the unit at boot, unless static (lacks Install section) |
| :disable | disables the unit at boot, unless static |
| :start | starts the unit |
| :stop | stops the unit |
| :restart | restarts the unit |
| :reload | reloads the unit |
| :set_properties | runs systemctl --runtime set-property for unit configuration |
Important: The notable exception is when the unit is a drop-in unit,
in which case it supports only the :create, :delete, and :set_properties actions.
<a name="systemd-automount"></a>systemd_automount
Unit which describes a file system automount point controlled by systemd. Documentation
Example usage (always paired with a mount unit):
systemd_mount 'proc-sys-fs-binfmt_misc' do
description 'Arbitrary Executable File Formats File System'
default_dependencies false
mount do
what 'binfmt_misc'
where '/proc/sys/fs/binfmt_misc'
type 'binfmt_misc'
end
end
systemd_automount 'proc-sys-fs-binfmt_misc' do
description 'Arbitrary Executable File Formats File System Automount Point'
default_dependencies false
before 'sysinit.target'
condition_path_exists '/proc/sys/fs/binfmt_misc/'
condition_path_is_read_write '/proc/sys/'
automount do
where '/proc/sys/fs/binfmt_misc'
end
end
| Attribute | Description | Default |
|---|---|---|
| where | see docs | nil |
| directory_mode | see docs | nil |
| timeout_idle_sec | see docs | nil |
Also supports:
--
<a name="systemd-mount"></a>systemd_mount
Unit which describes a file system mount point controlled by systemd. Documentation
Example usage:
systemd_mount 'tmp' do
description 'Temporary Directory'
condition_path_is_symbolic_link '!/tmp'
default_dependencies false
conflicts 'umount.target'
before %w( local-fs.target umount.target )
mount do
what 'tmpfs'
where '/tmp'
type 'tmpfs'
options 'mode=1777,strictatime,noexec,nosuid'
end
end
| Attribute | Description | Default |
|---|---|---|
| directory_mode | see docs | nil |
| kill_mode | see docs | nil |
| kill_signal | see docs | nil |
| options | see docs | nil |
| send_sighup | see docs | nil |
| send_sigkill | see docs | nil |
| sloppy_options | see docs | nil |
| timeout_sec | see docs | nil |
| type | see docs | nil |
| what | see docs | nil |
| where | see docs | nil |
Also supports:
--
<a name="systemd-path"></a>systemd_path
Unit which describes information about a path monitored by systemd for path-based activities. Documentation
Example usage (showing cups service activation when work is available):
systemd_path 'cups' do
description 'CUPS Scheduler'
install do
wanted_by 'multi-user.target'
end
path do
path_exists_glob '/var/spool/cups/d*'
end
action [:create, :enable, :start]
end
systemd_service 'cups' do
description 'CUPS Scheduler'
after 'network.target'
install do
wanted_by 'printer.target'
also %w( cups.socket cups.path )
end
service do
type 'notify'
exec_start '/usr/sbin/cupsd -l'
end
end
| Attribute | Description | Default |
|---|---|---|
| directory_mode | see docs | nil |
| directory_not_empty | see docs | nil |
| make_directory | see docs | nil |
| path_changed | see docs | nil |
| path_exists | see docs | nil |
| path_exists_glob | see docs | nil |
| path_modified | see docs | nil |
| unit | see docs | nil |
Also supports:
--
<a name="systemd-service"></a>systemd_service
Unit which describes information about a process controlled and supervised by systemd. Documentation.
While there is some overlap with the service resource in Chef-core,
this resource is more narrowly focused on service unit config/management on
systemd-based platforms, whereas the Chef-core service resource works
across multiple service-management frameworks.
As such, while it is possible to perform lifecycle management of services
on systemd platforms using the systemd_service resource, the systemd cookbook
authors do not recommend doing so. Instead, it is recommended to pair
systemd_service instances with platform-agnostic service resources,
as demonstrated below.
Example usage:
cookbook_file '/etc/init/httpd.conf' do
source 'httpd.conf'
only_if { ::File.executable?('/sbin/initctl') } # Upstart
end
systemd_service 'httpd' do
description 'Apache HTTP Server'
after %w( network.target remote-fs.target nss-lookup.target )
install do
wanted_by 'multi-user.target'
end
service do
environment 'LANG' => 'C'
exec_start '/usr/sbin/httpd $OPTIONS -DFOREGROUND'
exec_reload '/usr/sbin/httpd $OPTIONS -k graceful'
kill_signal 'SIGWINCH'
kill_mode 'mixed'
private_tmp true
end
only_if { ::File.open('/proc/1/comm').gets.chomp == 'systemd' } # systemd
end
service 'httpd' do
action [:enable, :start]
end
| Attribute | Description | Default |
|---|---|---|
| bus_name | see docs | nil |
| bus_policy | see docs | nil |
| exec_reload | see docs | nil |
| exec_start | see docs | nil |
| exec_start_post | see docs | nil |
| exec_start_pre | see docs | nil |
| exec_stop | see docs | nil |
| exec_stop_post | see docs | nil |
| failure_action | see docs | nil |
| file_descriptor_store_max | see docs | nil |
| guess_main_pid | see docs | nil |
| non_blocking | see docs | nil |
| notify_access | see docs | nil |
| permissions_start_only | see docs | nil |
| pid_file | see docs | nil |
| reboot_argument | see docs | nil |
| remain_after_exit | see docs | nil |
| restart | see docs | nil |
| restart_force_exit_status | see docs | nil |
| restart_prevent_exit_status | see docs | nil |
| restart_sec | see docs | nil |
| root_directory_start_only | see docs | nil |
| sockets | see docs | nil |
| start_limit_action | see docs | nil |
| start_limit_burst | see docs | nil |
| start_limit_interval | see docs | nil |
| success_exit_status | see docs | nil |
| timeout_sec | see docs | nil |
| timeout_start_sec | see docs | nil |
| timeout_stop_sec | see docs | nil |
| type | see docs | nil |
| watchdog_sec | see docs | nil |
Also supports:
--
<a name="systemd-slice"></a>systemd_slice
Unit which describes a "slice" of the system; useful for managing resources for of a group of processes. Documentation
This resource has no specific options.
Example usage:
systemd_slice 'user' do
description 'User and Session Slice'
documentation 'man:systemd.special(7)'
before 'slices.target'
end
Also supports:
--
<a name="systemd-socket"></a>systemd_socket
Unit which describes an IPC, network socket, or file-system FIFO controlled and supervised by systemd for socket-based service activation. Documentation
Example usage:
# Set up OpenSSH Server socket-activation
systemd_socket 'sshd' do
description 'OpenSSH Server Socket'
documentation 'man:sshd(8) man:sshd_config(5)'
conflicts 'sshd.service'
install do
wanted_by 'sockets.target'
end
socket do
listen_stream 22
accept true
end
action [:create, :enable, :start]
end
# No need to enable/start the service, the socket-activation will
systemd_service 'sshd' do
description 'OpenSSH Server Daemon'
documentation 'man:sshd(8) man:sshd_config(5)'
after %w( network.target sshd-keygen.service )
wants %w( sshd-keygen.service )
service do
environment_file '/etc/sysconfig/sshd'
exec_start '/usr/sbin/sshd -D $OPTIONS'
exec_reload '/bin/kill -HUP $MAINPID'
kill_mode 'process'
restart 'on-failure'
restart_sec '42s'
end
install do
wanted_by 'multi-user.target'
end
end
| Attribute | Description | Default |
|---|---|---|
| accept | see docs | nil |
| backlog | see docs | nil |
| bind_i_pv6_only | see docs | nil |
| bind_to_device | see docs | nil |
| broadcast | see docs | nil |
| defer_accept_sec | see docs | nil |
| directory_mode | see docs | nil |
| exec_start_post | see docs | nil |
| exec_start_pre | see docs | nil |
| exec_stop_post | see docs | nil |
| exec_stop_pre | see docs | nil |
| free_bind | see docs | nil |
| iptos | see docs | nil |
| ipttl | see docs | nil |
| keep_alive | see docs | nil |
| keep_alive_interval_sec | see docs | nil |
| keep_alive_probes | see docs | nil |
| keep_alive_time_sec | see docs | nil |
| listen_datagram | see docs | nil |
| listen_fifo | see docs | nil |
| listen_message_queue | see docs | nil |
| listen_netlink | see docs | nil |
| listen_sequential_packet | see docs | nil |
| listen_special | see docs | nil |
| listen_stream | see docs | nil |
| mark | see docs | nil |
| max_connections | see docs | nil |
| message_queue_max_messages | see docs | nil |
| message_queue_message_size | see docs | nil |
| no_delay | see docs | nil |
| pass_credentials | see docs | nil |
| pass_security | see docs | nil |
| pipe_size | see docs | nil |
| priority | see docs | nil |
| receive_buffer | see docs | nil |
| remove_on_stop | see docs | nil |
| reuse_port | see docs | nil |
| se_linux_context_from_net | see docs | nil |
| send_buffer | see docs | nil |
| service | see docs | nil |
| smack_label | see docs | nil |
| smack_label_ip_in | see docs | nil |
| smack_label_ip_out | see docs | nil |
| socket_group | see docs | nil |
| socket_mode | see docs | nil |
| socket_user | see docs | nil |
| symlinks | see docs | nil |
| tcp_congestion | see docs | nil |
| timeout_sec | see docs | nil |
| transparent | see docs | nil |
Also supports:
--
<a name="systemd-swap"></a>systemd_swap
Unit which describes a swap device or file for memory paging. Documentation
Example usage:
systemd_swap 'dev-vdb' do
install do
wanted_by 'swap.target'
end
swap do
what '/dev/vdb'
end
end
| Attribute | Description | Default |
|---|---|---|
| options | see docs | nil |
| priority | see docs | nil |
| timeout_sec | see docs | nil |
| what | see docs | nil |
Also supports:
--
<a name="systemd-target"></a>systemd_target
Unit which describes a systemd target, used for grouping units and synchronization points during system start-up. Documentation
This unit has no specific options.
Example usage:
systemd_target 'plague' do
description 'Never fear, I is here.'
documentation 'man:systemd.special(7)'
end
Also supports:
--
<a name="systemd-timer"></a>systemd_timer
Unit which describes a timer managed by systemd, for timer-based unit activation (typically a service of the same name). Documentation
Example usage:
# Given this example service
systemd_service 'mlocate-updatedb' do
description 'Update a database for mlocate'
service do
type 'oneshot'
exec_start '/usr/libexec/mlocate-run-updatedb'
nice 19
io_scheduling_class 2
io_scheduling_priority 7
private_tmp true
private_devices true
private_network true
protect_system true
end
end
# Set up a corresponding timer unit
systemd_timer 'mlocate-updatedb' do
description 'Updates mlocate database every day'
install do
wanted_by 'timers.target'
end
timer do
on_calendar 'daily'
accuracy_sec '24h'
persistent true
end
action [:create, :enable, :start]
end
| Attribute | Description | Default |
|---|---|---|
| accuracy_sec | see docs | nil |
| on_active_sec | see docs | nil |
| on_boot_sec | see docs | nil |
| on_calendar | see docs | nil |
| on_startup_sec | see docs | nil |
| on_unit_active_sec | see docs | nil |
| on_unit_inactive_sec | see docs | nil |
| persistent | see docs | nil |
| randomized_delay_sec | see docs | nil |
| unit | see docs | nil |
| wake_system | see docs | nil |
Also supports:
<a name="daemon-resources"></a>Daemon Resources
Resources for managing configuration of common systemd daemons.
All daemon resources support the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file |
| :delete | delete the configuration file |
<a name="systemd-journald"></a>systemd_journald
Resource for configuring systemd-journald
Example use:
systemd_journald 'forward-to-syslog' do
forward_to_syslog true
end
| Attribute | Description | Default |
|---|---|---|
| storage | see docs | nil |
| compress | see docs | nil |
| seal | see docs | nil |
| split_mode | see docs | nil |
| rate_limit_interval | see docs | nil |
| rate_limit_burst | see docs | nil |
| system_max_use | see docs | nil |
| system_max_files | see docs | nil |
| system_keep_free | see docs | nil |
| system_max_file_size | see docs | nil |
| runtime_max_use | see docs | nil |
| runtime_max_files | see docs | nil |
| runtime_keep_free | see docs | nil |
| runtime_max_file_size | see docs | nil |
| max_file_sec | see docs | nil |
| max_retention_sec | see docs | nil |
| sync_interval_sec | see docs | nil |
| forward_to_syslog | see docs | nil |
| forward_to_k_msg | see docs | nil |
| forward_to_console | see docs | nil |
| forward_to_wall | see docs | nil |
| max_level_store | see docs | nil |
| max_level_syslog | see docs | nil |
| max_level_k_msg | see docs | nil |
| max_level_console | see docs | nil |
| max_level_wall | see docs | nil |
| tty_path | see docs | nil |
Also supports:
--
<a name="systemd-logind"></a>systemd_logind
Resource for configuring systemd-logind
Example use:
systemd_logind 'power-down-when-idle' do
idle_action 'hibernate'
idle_action_sec 3_600
end
| Attribute | Description | Default |
|---|---|---|
| n_auto_v_ts | see docs | nil |
| reserve_vt | see docs | nil |
| kill_user_processes | see docs | nil |
| kill_only_users | see docs | nil |
| kill_exclude_users | see docs | nil |
| idle_action | see docs | nil |
| idle_action_sec | see docs | nil |
| inhibit_delay_max_sec | see docs | nil |
| handle_power_key | see docs | nil |
| handle_suspend_key | see docs | nil |
| handle_hibernate_key | see docs | nil |
| handle_lid_switch | see docs | nil |
| handle_lid_switch_docked | see docs | nil |
| power_key_ignore_inhibited | see docs | nil |
| suspend_key_ignore_inhibited | see docs | nil |
| hibernate_key_ignore_inhibited | see docs | nil |
| lid_switch_ignore_inhibited | see docs | nil |
| holdoff_timeout_sec | see docs | nil |
| runtime_directory_size | see docs | nil |
| remove_ipc | see docs | nil |
Also supports:
--
<a name="systemd-resolved"></a>systemd_resolved
Resource for configuring systemd-resolved
| Attribute | Description | Default |
|---|---|---|
| dns | see docs | nil |
| fallback_dns | see docs | nil |
| llmnr | see docs | nil |
Example usage:
systemd_resolved 'enable-llmnr' do
llmnr true
end
Also supports:
--
<a name="systemd-timesyncd"></a>systemd_timesyncd
Resource for configuring systemd-timesyncd
Example usage:
systemd_timesyncd 'my-resolver' do
ntp %w( 1.2.3.4 2.3.4.5 )
fallback_ntp %w( 8.8.8.8 8.8.4.4 )
end
| Attribute | Description | Default |
|---|---|---|
| ntp | see docs | nil |
| fallback_ntp | see docs | nil |
Also supports:
<a name="utility-resources"></a>Utility Resources
Resources for configuring common systemd utilities.
All utility resources support the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file |
| :delete | delete the configuration file |
<a name="systemd-bootchart"></a>systemd_bootchart
Resource for configuring systemd-bootchart
Example usage:
systemd_bootchart 'include-cgroup-info' do
control_group true
end
| Attribute | Description | Default |
|---|---|---|
| samples | see docs | nil |
| frequency | see docs | nil |
| relative | see docs | nil |
| filter | see docs | nil |
| output | see docs | nil |
| init | see docs | nil |
| plot_memory_usage | see docs | nil |
| plot_entropy_graph | see docs | nil |
| scale_x | see docs | nil |
| scale_y | see docs | nil |
| control_group | see docs | nil |
Also supports:
--
<a name="systemd-coredump"></a>systemd_coredump
Resource for configuring systemd-coredump
Example usage:
systemd_coredump 'compress-coredumps' do
compress true
end
| Attribute | Description | Default |
|---|---|---|
| storage | see docs | nil |
| compress | see docs | nil |
| process_size_max | see docs | nil |
| external_size_max | see docs | nil |
| journal_size_max | see docs | nil |
| max_use | see docs | nil |
| keep_free | see docs | nil |
Also supports:
--
<a name="systemd-sleep"></a>systemd_sleep
Resource for configuring systemd-sleep
Example usage:
systemd_sleep 'freeze-suspend' do
suspend_state 'freeze'
end
| Attribute | Description | Default |
|---|---|---|
| suspend_mode | see docs | nil |
| hibernate_mode | see docs | nil |
| hybrid_sleep_mode | see docs | nil |
| suspend_state | see docs | nil |
| hibernate_state | see docs | nil |
| hybrid_sleep_state | see docs | nil |
Also supports:
<a name="systemd-run"></a>systemd_run
Resource for running (optionally) resource-constrained transient units with systemd-run. Think of it like an "execute" resource with cgroups.
Example usage:
systemd_run 'sshd-2222.service' do
command ''/usr/sbin/sshd -D -o Port=2222'
cpu_shares 1_024
nice 19
service_type 'simple'
kill_mode 'mixed'
end
| Attribute | Description |
|---|---|
| unit | name of transient unit |
| command | the command to run |
| service_type | same as service unit Type directive |
| setenv |
Hash of env vars |
| timer_property |
Hash of timer properties |
| delegate | see docs |
| cpu_accounting | see docs |
| cpu_quota | see docs |
| cpu_shares | see docs |
| block_io_accounting | see docs |
| block_io_weight | see docs |
| block_io_read_bandwidth | see docs |
| block_io_write_bandwidth | see docs |
| block_io_device_weight | see docs |
| memory_accounting | see docs |
| memory_limit | see docs |
| device_policy | see docs |
| device_allow | see docs |
| tasks_accounting | see docs |
| tasks_max | see docs |
| user | see docs |
| group | see docs |
| syslog_identifier | see docs |
| syslog_facility | see docs |
| syslog_level | see docs |
| nice | see docs |
| tty_path | see docs |
| working_directory | see docs |
| root_directory | see docs |
| standard_input | see docs |
| standard_output | see docs |
| standard_error | see docs |
| ignore_sigpipe | see docs |
| ttyv_hangup | see docs |
| tty_reset | see docs |
| private_tmp | see docs |
| private_devices | see docs |
| private_network | see docs |
| no_new_privileges | see docs |
| syslog_level_prefix | see docs |
| utmp_identifier | see docs |
| utmp_mode | see docs |
| pam_name | see docs |
| environment | see docs |
| environment_file | see docs |
| timer_slack_n_sec | see docs |
| oom_score_adjust | see docs |
| pass_environment | see docs |
| read_write_directories | see docs |
| read_only_directories | see docs |
| inaccessible_directories | see docs |
| protect_system | see docs |
| protect_home | see docs |
| runtime_directory | see docs |
| limit_cpu | see docs |
| limit_fsize | see docs |
| limit_data | see docs |
| limit_stack | see docs |
| limit_core | see docs |
| limit_rss | see docs |
| limit_nofile | see docs |
| limit_as | see docs |
| limit_nproc | see docs |
| limit_memlock | see docs |
| limit_locks | see docs |
| limit_sigpending | see docs |
| limit_msgqueue | see docs |
| limit_nice | see docs |
| limit_rtprio | see docs |
| limit_rttime | see docs |
| kill_mode | see docs |
| kill_signal | see docs |
| send_sigkill | see docs |
| what | see docs |
| type | see docs |
| options | see docs |
| exec_start | see docs |
| on_active_sec | see docs |
| on_boot_sec | see docs |
| on_startup_sec | see docs |
| on_unit_active_sec | see docs |
| on_unit_inactive_sec | see docs |
| on_calendar | see docs |
| accuracy_sec | see docs |
| wake_system | see docs |
| remain_after_elapse | see docs |
| random_sec | see docs |
| default_dependencies | see docs |
| requires | see docs |
| requires_overridable | see docs |
| requisite | see docs |
| requisite_overridable | see docs |
| wants | see docs |
| binds_to | see docs |
| part_of | see docs |
| conflicts | see docs |
| before | see docs |
| after | see docs |
| on_failure | see docs |
| propagates_reload_to | see docs |
| reload_propagated_from | see docs |
| description | see docs |
| slice | see docs |
| uid | see docs |
| gid | see docs |
| host | see docs |
| machine | see docs |
| scope | see docs |
| remain_after_exit | see docs |
| send_sighup | see docs |
| no_block | see docs |
| on_active | see docs |
| on_boot | see docs |
| on_startup | see docs |
| on_unit_active | see docs |
| on_unit_inactive | see docs |
<a name="misc-resources"></a>Miscellaneous Resources
<a name="systemd-system"></a>systemd_system
Resource for configuring systemd system service manager:
systemd_system supports the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file to disk |
| :delete | delete the configuration file |
Example usage:
systemd_system 'reboot-on-crash' do
crash_reboot true
end
| Attribute | Description | Default |
|---|---|---|
| log_level | see docs | nil |
| log_target | see docs | nil |
| log_color | see docs | nil |
| log_location | see docs | nil |
| dump_core | see docs | nil |
| crash_shell | see docs | nil |
| crash_reboot | see docs | nil |
| show_status | see docs | nil |
| crash_ch_vt | see docs | nil |
| crash_change_vt | see docs | nil |
| default_standard_output | see docs | nil |
| default_standard_error | see docs | nil |
| cpu_affinity | see docs | nil |
| join_controllers | see docs | nil |
| runtime_watchdog_sec | see docs | nil |
| shutdown_watchdog_sec | see docs | nil |
| capability_bounding_set | see docs | nil |
| system_call_architectures | see docs | nil |
| timer_slack_n_sec | see docs | nil |
| default_timer_accuracy_sec | see docs | nil |
| default_timeout_start_sec | see docs | nil |
| default_timeout_stop_sec | see docs | nil |
| default_restart_sec | see docs | nil |
| default_start_limit_interval | see docs | nil |
| default_start_limit_burst | see docs | nil |
| default_environment | see docs | nil |
| default_cpu_accounting | see docs | nil |
| default_block_io_accounting | see docs | nil |
| default_tasks_accounting | see docs | nil |
| default_memory_accounting | see docs | nil |
| default_limit_cpu | see docs | nil |
| default_limit_fsize | see docs | nil |
| default_limit_data | see docs | nil |
| default_limit_stack | see docs | nil |
| default_limit_core | see docs | nil |
| default_limit_rss | see docs | nil |
| default_limit_nofile | see docs | nil |
| default_limit_as | see docs | nil |
| default_limit_nproc | see docs | nil |
| default_limit_memlock | see docs | nil |
| default_limit_locks | see docs | nil |
| default_limit_sigpending | see docs | nil |
| default_limit_msgqueue | see docs | nil |
| default_limit_nice | see docs | nil |
| default_limit_rtprio | see docs | nil |
| default_limit_rttime | see docs | nil |
Also supports:
--
<a name="systemd-user"></a>systemd_user
Supports same options as the systemd_system resource.
--
<a name="systemd-binfmt"></a>systemd_binfmt
Resource for managing binfmt_misc files (configure binary formats for executables at boot)
systemd_binfmt supports the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file to disk |
| :delete | delete the configuration file |
Example usage:
systemd_binfmt 'DOSWin' do
magic 'MZ'
interpreter '/usr/bin/wine'
end
| Attribute | Description | Default |
|---|---|---|
| name | see docs | nil |
| type | see docs | M |
| offset | see docs | nil |
| magic | see docs | nil |
| mask | see docs | nil |
| interpreter | see docs | nil |
| flags | see docs | nil |
--
<a name="systemd-modules"></a>systemd_modules
Resource for managing modules
systemd_modules supports the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file to disk |
| :delete | delete the configuration file |
| :load | load the module via modprobe
|
| :unload | remove the module via modprobe -r
|
Example usage:
systemd_modules 'die-beep-die' do
blacklist true
modules %w( pcspkr )
action [:create, :unload]
end
systemd_modules 'zlib' do
modules %w( zlib )
action [:create, :load]
end
| Attribute | Description | Default |
|---|---|---|
| blacklist | boolean, controls whether to blacklist or load | false |
| modules | Array, list of modules to act on | [] |
--
<a name="systemd-networkd-link"></a>systemd_networkd_link
Resource for managing network devices
systemd_networkd_link supports the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file to disk |
| :delete | delete the configuration file |
Example usage:
systemd_networkd_link 'wireless' do
match do
match_mac_addr '12:34:56:78:9a:bc'
driver 'brcmsmac'
path 'pci-0000:02:00.0-*'
type 'wlan'
virtualization false
host 'my-laptop'
architecture 'x86-64'
end
link do
name 'wireless0'
mtu_bytes 1_450
bits_per_second '10M'
wake_on_lan 'magic'
link_mac_addr 'cb:a9:87:65:43:21'
end
end
| Attribute | Description | Default |
|---|---|---|
| original_name | see docs | nil |
| path | see docs | nil |
| driver | see docs | nil |
| type | see docs | nil |
| host | see docs | nil |
| virtualization | see docs | nil |
| kernel_command_line | see docs | nil |
| architecture | see docs | nil |
| description | see docs | nil |
| mac_address_policy | see docs | nil |
| name_policy | see docs | nil |
| name | see docs | nil |
| mtu_bytes | see docs | nil |
| bits_per_second | see docs | nil |
| duplex | see docs | nil |
| wake_on_lan | see docs | nil |
| match_mac_addr | MacAddr setting for match section | nil |
| link_mac_addr | MacAddr setting for link section | nil |
| link_alias | Alias setting for link section | nil |
--
<a name="systemd-sysctl"></a>systemd_sysctl
Resource for managing sysctls with systemd-sysctl
systemd_sysctl supports the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file to disk |
| :delete | delete the configuration file |
| :apply | apply the sysctl setting |
Example usage:
systemd_sysctl 'vm.swappiness' do
value 10
action [:create, :apply] # next boot, immediately
end
| Attribute | Description | Default |
|---|---|---|
| name | resource name is sysctl name | resource name |
| value | sysctl value | nil |
--
<a name="systemd-sysuser"></a>systemd_sysuser
Resource for managing system users with systemd-sysusers
systemd_sysuser supports the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file to disk |
| :delete | delete the configuration file |
Example usage:
systemd_sysuser '_testuser' do
id 65_530
gecos 'my test user'
home '/var/lib/test'
end
| Attribute | Description | Default |
|---|---|---|
| name | resource name is username | resource name |
| type | see docs | u |
| id | see docs | nil |
| gecos | see docs | - |
| home | see docs | - |
--
<a name="systemd-tmpfile"></a>systemd_tmpfile
Resource for managing tmp files with systemd-tmpfiles
systemd_tmpfile supports the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file to disk |
| :delete | delete the configuration file |
Example usage:
systemd_tmpfile 'my-app' do
path '/tmp/my-app'
age '10d'
type 'f'
end
| Attribute | Description | Default |
|---|---|---|
| path | see docs | nil |
| mode | see docs | - |
| uid | see docs | - |
| gid | see docs | - |
| age | see docs | - |
| argument | see docs | - |
| type | see docs | f |
--
<a name="systemd-udev-rules"></a>systemd_udev_rules
Resource for managing udev rules files
systemd_udev_rules supports the following actions:
| Action | Description |
|---|---|
| :create | render the configuration file to disk |
| :delete | delete the configuration file |
| :disable | disables a udev rule |
Example usage:
# hide docker's loopback devices from udisks, and thus from user desktops
systemd_udev_rules 'udev-test' do
rules [
[
{
'key' => 'SUBSYSTEM',
'operator' => '==',
'value' => 'block'
},
{
'key' => 'ENV{DM_NAME}',
'operator' => '==',
'value' => 'docker-*'
},
{
'key' => 'ENV{UDISKS_PRESENTATION_HIDE}',
'operator' => '=',
'value' => 1
},
{
'key' => 'ENV{UDISKS_IGNORE}',
'operator' => '=',
'value' => 1
}
],
[
{
'key' => 'SUBSYSTEM',
'operator' => '==',
'value' => 'block'
},
{
'key' => 'DEVPATH',
'operator' => '==',
'value' => '/devices/virtual/block/loop*'
},
{
'key' => 'ATTR{loop/backing_file}',
'operator' => '==',
'value' => '/var/lib/docker/*'
},
{
'key' => 'ENV{UDISKS_PRESENTATION_HIDE}',
'operator' => '=',
'value' => 1
},
{
'key' => 'ENV{UDISKS_IGNORE}',
'operator' => '=',
'value' => 1
}
]
]
action [:create]
end
| Attribute | Description | Default |
|---|---|---|
| rules | array of arrays of hashes (see docs & example below) | [] |
<a name="common-resource-attributes"></a>Common Resource Attributes
<a name="common-organization"></a>Organization
special no-op attributes that yield a block for the purpose of being able to group attributes of a resource similar to their rendered grouping.
| Attribute | Description | Default |
|---|---|---|
| install | no-op block yielder | nil |
| $unit_type | no-op block yielder | nil |
By way of explanation:
systemd_automount 'vagrant-home' do
description 'Test Automount'
install do
wanted_by 'local-fs.target'
end
automount do
where '/home/vagrant'
end
end
is the same as...
systemd_automount 'vagrant-home' do
description 'Test Automount'
wanted_by 'local-fs.target'
where '/home/vagrant'
end
--
<a name="common-exec"></a>Exec
Execution environment configuration. Documentation
| Attribute | Description | Default |
|---|---|---|
| app_armor_profile | see docs | nil |
| capabilities | see docs | nil |
| capability_bounding_set | see docs | nil |
| cpu_affinity | see docs | nil |
| cpu_scheduling_policy | see docs | nil |
| cpu_scheduling_priority | see docs | nil |
| cpu_scheduling_reset_on_fork | see docs | nil |
| environment | see docs | nil |
| environment_file | see docs | nil |
| group | see docs | nil |
| ignore_sigpipe | see docs | nil |
| inaccessible_directories | see docs | nil |
| io_scheduling_class | see docs | nil |
| io_scheduling_priority | see docs | nil |
| limit_as | see docs | nil |
| limit_core | see docs | nil |
| limit_cpu | see docs | nil |
| limit_data | see docs | nil |
| limit_fsize | see docs | nil |
| limit_locks | see docs | nil |
| limit_memlock | see docs | nil |
| limit_msgqueue | see docs | nil |
| limit_nice | see docs | nil |
| limit_nofile | see docs | nil |
| limit_nproc | see docs | nil |
| limit_rss | see docs | nil |
| limit_rtprio | see docs | nil |
| limit_rttime | see docs | nil |
| limit_sigpending | see docs | nil |
| limit_stack | see docs | nil |
| mount_flags | see docs | nil |
| nice | see docs | nil |
| no_new_privileges | see docs | nil |
| oom_score_adjust | see docs | nil |
| pam_name | see docs | nil |
| personality | see docs | nil |
| private_devices | see docs | nil |
| private_network | see docs | nil |
| private_tmp | see docs | nil |
| protect_home | see docs | nil |
| protect_system | see docs | nil |
| read_only_directories | see docs | nil |
| read_write_directories | see docs | nil |
| restrict_address_families | see docs | nil |
| root_directory | see docs | nil |
| runtime_directory | see docs | nil |
| runtime_directory_mode | see docs | nil |
| se_linux_context | see docs | nil |
| secure_bits | see docs | nil |
| smack_process_label | see docs | nil |
| standard_error | see docs | nil |
| standard_input | see docs | nil |
| standard_output | see docs | nil |
| supplementary_groups | see docs | nil |
| syslog_facility | see docs | nil |
| syslog_identifier | see docs | nil |
| syslog_level | see docs | nil |
| syslog_level_prefix | see docs | nil |
| system_call_architectures | see docs | nil |
| system_call_error_number | see docs | nil |
| system_call_filter | see docs | nil |
| timer_slack_n_sec | see docs | nil |
| tty_path | see docs | nil |
| tty_reset | see docs | nil |
| ttyv_hangup | see docs | nil |
| ttyvt_disallocate | see docs | nil |
| u_mask | see docs | nil |
| user | see docs | nil |
| utmp_identifier | see docs | nil |
| working_directory | see docs | nil |
--
<a name="common-kill"></a>Kill
Process killing procedure configuration. Documentation
| Attribute | Description | Default |
|---|---|---|
| kill_mode | see docs | nil |
| kill_signal | see docs | nil |
| send_sighup | see docs | nil |
| send_sigkill | see docs | nil |
--
<a name="common-resource-control"></a>Resource Control
Resource control unit settings. Documentation
| Attribute | Description | Default |
|---|---|---|
| block_io_accounting | see docs | nil |
| block_io_device_weight | see docs | nil |
| block_io_read_bandwidth | see docs | nil |
| block_io_weight | see docs | nil |
| block_io_write_bandwidth | see docs | nil |
| cpu_accounting | see docs | nil |
| cpu_quota | see docs | nil |
| cpu_shares | see docs | nil |
| delegate | see docs | nil |
| device_allow | see docs | nil |
| device_policy | see docs | nil |
| memory_accounting | see docs | nil |
| memory_limit | see docs | nil |
| tasks_accounting | see docs | nil |
| tasks_limit | see docs | nil |
| slice | see docs | nil |
| net_class | see docs | nil |
| startup_block_io_weight | see docs | nil |
| startup_cpu_shares | see docs | nil |
--
<a name="common-unit"></a>Unit
Common configuration options of all the unit types. Documentation
| Attribute | Description | Default |
|---|---|---|
| after | see docs | nil |
| allow_isolate | see docs | nil |
| assert_ac_power | see docs | nil |
| assert_architecture | see docs | nil |
| assert_capability | see docs | nil |
| assert_directory_not_empty | see docs | nil |
| assert_file_is_executable | see docs | nil |
| assert_file_not_empty | see docs | nil |
| assert_first_boot | see docs | nil |
| assert_host | see docs | nil |
| assert_kernel_command_line | see docs | nil |
| assert_needs_update | see docs | nil |
| assert_path_exists | see docs | nil |
| assert_path_exists_glob | see docs | nil |
| assert_path_is_directory | see docs | nil |
| assert_path_is_mount_point | see docs | nil |
| assert_path_is_read_write | see docs | nil |
| assert_path_is_symbolic_link | see docs | nil |
| assert_security | see docs | nil |
| assert_virtualization | see docs | nil |
| auto_reload | whether to execute daemon-reload on unit change | true |
| before | see docs | nil |
| binds_to | see docs | nil |
| condition_ac_power | see docs | nil |
| condition_architecture | see docs | nil |
| condition_capability | see docs | nil |
| condition_directory_not_empty | see docs | nil |
| condition_file_is_executable | see docs | nil |
| condition_file_not_empty | see docs | nil |
| condition_first_boot | see docs | nil |
| condition_host | see docs | nil |
| condition_kernel_command_line | see docs | nil |
| condition_needs_update | see docs | nil |
| condition_path_exists | see docs | nil |
| condition_path_exists_glob | see docs | nil |
| condition_path_is_directory | see docs | nil |
| condition_path_is_mount_point | see docs | nil |
| condition_path_is_read_write | see docs | nil |
| condition_path_is_symbolic_link | see docs | nil |
| condition_security | see docs | nil |
| condition_virtualization | see docs | nil |
| conflicts | see docs | nil |
| default_dependencies | see docs | nil |
| description | see docs | nil |
| documentation | see docs | nil |
| ignore_on_isolate | see docs | nil |
| ignore_on_snapshot | see docs | nil |
| job_timeout_action | see docs | nil |
| job_timeout_reboot_argument | see docs | nil |
| job_timeout_sec | see docs | nil |
| joins_namespace_of | see docs | nil |
| mode | systemd mode, either :user or :system
|
:system |
| on_failure | see docs | nil |
| on_failure_job_mode | see docs | nil |
| part_of | see docs | nil |
| propagates_reload_to | see docs | nil |
| refuse_manual_start | see docs | nil |
| refuse_manual_stop | see docs | nil |
| reload_propagated_from | see docs | nil |
| requires | see docs | nil |
| requires_mounts_for | see docs | nil |
| requires_overridable | see docs | nil |
| requisite | see docs | nil |
| requisite_overridable | see docs | nil |
| source_path | see docs | nil |
| stop_when_unneeded | see docs | nil |
| wants | see docs | nil |
--
<a name="common-install"></a>Install
Carries installation information for units. Used exclusively by
enable/disable commands of systemctl. Documentation
| Attribute | Description | Default |
|---|---|---|
| aliases | array of aliases | [] |
| also | see docs | nil |
| default_instance | see docs | nil |
| required_by | see docs | nil |
| wanted_by | see docs | nil |
--
<a name="common-drop-in"></a>Drop-In
Cookbook-specific attributes that activate and control drop-in mode for units.
| Attribute | Description | Default |
|---|---|---|
| drop_in | boolean which sets if resource is a drop-in unit | true for daemons & utils; false for units |
| override | which unit to target, prefix only. suffix determined by parent resource unit type (e.g. "ssh" on a systemd_service -> "ssh.service" as target unit) | nil |
| overrides | drop-in unit options that require a reset (e.g. "ExecStart" -> "ExecStart=" at top of section) | [] |
--
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
2.1.3 / 2016-11-22
-
add RandomizedDelaySec (thanks @szymonpk!)
2.1.2 / 2016-09-22
add apply action for systemd_sysctl chefspec matcher (thanks @tylermarshall!)
2.1.1 / 2016-09-08
- fix incorrect blocking of netdev, network, device unit dependencies (thanks @mfischer-zd!)
2.1.0 / 2016-05-18
- indicate Arch Linux(arch) supported
2.0.0 / 2016-03-24
- move namespaces
1.2.0 / 2016-03-11
- adds systemd_run resource
- documentation fixes
1.1.2 / 2015-11-20
- add missing timer attributes
- more Chef 11 compat fixes
1.1.1 / 2015-11-19
- fix Chef 11 compatibility issues
1.1.0 / 2015-11-11
- fix testing with dnf-based platforms (fedora)
- add NetClass directive
- add TasksAccounting directives
- add CrashChangeVT directive
- add Writable directive for sockets
- add support for journald vacuum directives ({System,Runtime}MaxFiles)
- add auto_reload unit attribute
- add set_properties unit action
- add daemon_reload recipe
- documentation improvements (new "usage tips" section)
1.0.0 / 2015-10-22
- improved docs
- improved matchers
- remove device resource
- support array args to sysctl resource value attribute
- fix udev recipe to support split-usr
- 1.0, whoo!
0.4.0 / 2015-10-16
- add binfmt resource
- add udev resource
- add sysuser resource
- reorganize libraries
- reorganize and expand docs
0.3.0 / 2015-09-18
- enhanced resource attributes (type, value appropriate)
- add init helpers
- add reload action for service resources
0.2.0 / 2015-08-15
- add non-unit resources/providers
- add recipes
- expanded testing
- expanded documentation
0.1.2 / 2015-07-29
- hotfix provider
0.1.1 / 2015-07-10
- initial release
Collaborator Number Metric
2.1.3 passed this metric
Contributing File Metric
2.1.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
2.1.3 failed this metric
FC008: Generated cookbook metadata needs updating: systemd/metadata.rb:2
FC066: Ensure chef_version is set in metadata: systemd/metadata.rb:1
FC069: Ensure standardized license defined in metadata: systemd/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
2.1.3 failed this metric
systemd does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.
No Binaries Metric
2.1.3 passed this metric
Publish Metric
2.1.3 passed this metric
Supported Platforms Metric
2.1.3 passed this metric
Testing File Metric
2.1.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.1.3 passed this metric
2.1.3 passed this metric
2.1.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
2.1.3 failed this metric
FC008: Generated cookbook metadata needs updating: systemd/metadata.rb:2
FC066: Ensure chef_version is set in metadata: systemd/metadata.rb:1
FC069: Ensure standardized license defined in metadata: systemd/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
2.1.3 failed this metric
systemd does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.
No Binaries Metric
2.1.3 passed this metric
Publish Metric
2.1.3 passed this metric
Supported Platforms Metric
2.1.3 passed this metric
Testing File Metric
2.1.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.1.3 passed this metric
2.1.3 failed this metric
FC066: Ensure chef_version is set in metadata: systemd/metadata.rb:1
FC069: Ensure standardized license defined in metadata: systemd/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
2.1.3 failed this metric
systemd does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.
No Binaries Metric
2.1.3 passed this metric
Publish Metric
2.1.3 passed this metric
Supported Platforms Metric
2.1.3 passed this metric
Testing File Metric
2.1.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.1.3 passed this metric
2.1.3 passed this metric
2.1.3 passed this metric
Supported Platforms Metric
2.1.3 passed this metric
Testing File Metric
2.1.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.1.3 passed this metric
2.1.3 passed this metric
2.1.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.1.3 passed this metric
2.1.3 passed this metric
