runit Cookbook
Installs runit and provides the runit_service service resource for managing processes (services) under runit.
This cookbook does not use runit to replace system init, nor are there plans to do so.
For more information about runit:
NOTE: The 5.0 release of this cookbook requires the ChefSpec which shipped in the later versions of ChefDK 3. If you use this cookbook along with ChefSpec in your environment then you will need to upgrade to the latest version of ChefDK / Workstation to prevent spec failures.
Requirements
Platforms
- Debian/Ubuntu
- RHEL and derivatives
Chef
- Chef 14.0+
Cookbooks
- packagecloud (for RHEL)
- yum-epel (for RHEL)
Attributes
node['runit']['prefer_local_yum']- Iftrue, assumes that arunitpackage is available on an already configured local yum repository. By default, the recipe installs therunitpackage from a Package Cloud repository (see below). This is set to the value ofnode['runit']['use_package_from_yum']for backwards compatibility, but otherwise defaults tofalse.
Recipes
default
The default recipe installs runit and starts runsvdir to supervise the services in runit's service directory (e.g., /etc/service).
On RHEL-family systems, it will install the runit RPM using Ian Meyer's Package Cloud repository for runit. This replaces the previous functionality where the RPM was build using his runit RPM SPEC. However, if the attribute node['runit']['prefer_local_yum'] is set to true, the packagecloud repository creation will be skipped and it is assumed that a runit package is available on an otherwise configured (outside this cookbook) local repository.
On Debian family systems, the runit packages are maintained by the runit author, Gerrit Pape, and the recipe will use that for installation.
Resource
This cookbook has a resource, runit_service, for managing services under runit.
Actions
- enable - enables the service, creating the required run scripts and symlinks. This is the default action.
- start - starts the service with
sv start - stop - stops the service with
sv stop - disable - stops the service with
sv downand removes the service symlink - create - create the service directory, but don't enable the service with symlink
- restart - restarts the service with
sv restart - reload - reloads the service with
sv force-reload - reload_log - reloads the service's log service
- once - starts the service with
sv once. - hup - sends the
HUPsignal to the service withsv hup - cont - sends the
CONTsignal to the service - term - sends the
TERMsignal to the service - kill - sends the
KILLsignal to the service - up - starts the service with
sv up - down - downs the service with
sv down - usr1 - sends the
USR1signal to the service withsv 1 - usr2 - sends the
USR2signal to the service withsv 2
Service management actions are taken with runit's "sv" program.
Read the sv(8) man page for more information on the sv program.
Properties
The first three properties, sv_dir, service_dir, and sv_bin will attempt to use the legacy node attributes, and fall back to hardcoded default values that match the settings used on Debian platform systems.
Many of these properties are only used in the :enable action.
- sv_dir - The base "service directory" for the services managed by the resource. By default, this will attempt to use the
node['runit']['sv_dir']attribute, and falls back to/etc/sv. - service_dir - The directory where services are symlinked to be supervised by
runsvdir. By default, this will attempt to use thenode['runit']['service_dir']attribute, and falls back to/etc/service. - lsb_init_dir - The directory where an LSB-compliant init script interface will be created. By default, this will attempt to use the
node['runit']['lsb_init_dir']attribute, and falls back to/etc/init.d. - sv_bin - The path to the
svprogram binary. This will attempt to use thenode['runit']['sv_bin']attribute, and falls back to/usr/bin/sv. - service_name - Name attribute. The name of the service. This will be used in the directory of the managed service in the
sv_dirandservice_dir. - sv_timeout - Override the default
svtimeout of 7 seconds. - sv_verbose - Whether to enable
svverbose mode. Default isfalse. - sv_templates - If true, the
:enableaction will create the service directory with the appropriate templates. Default istrue. Set this tofalseif the service has a package that provides its own service directory. See Usage examples. - options - DEPRECATED - Options passed as variables to templates, for compatibility with legacy runit service definition. Default is an empty hash.
- env - A hash of environment variables with their values as content used in the service's
envdirectory. Default is an empty hash. When this hash is non-empty, the contents of the runit service'senvdirectory will be managed by Chef in order to conform to the declared state. - log - Whether to start the service's logger with svlogd, requires a template
sv-service_name-log-run.erbto configure the log's run script. Default is true. - default_logger - Whether a default
log/runscript should be set up. If true, the default content of the run script will usesvlogdto write logs to/var/log/service_name. Default is false. - log_dir - The directory where the
svlogdlog service will run. Used whendefault_loggeristrue. Default is/var/log/service_name - log_flags - The flags to pass to the
svlogdcommand. Used whendefault_loggeristrue. Default is-tt - log_size - The maximum size a log file can grow to before it is automatically rotated. See svlogd(8) for the default value.
- log_num - The maximum number of log files that will be retained after rotation. See svlogd(8) for the default value.
- log_min - The minimum number of log files that will be retained after rotation (if svlogd cannot create a new file and the minimum has not been reached, it will block). Default is no minimum.
- log_timeout - The maximum age a log file can get to before it is automatically rotated, whether it has reached
log_sizeor not. Default is no timeout. - log_processor - A string containing a path to a program that rotated log files will be fed through. See the PROCESSOR section of svlogd(8) for details. Default is no processor.
- log_socket - An string containing an IP:port pair identifying a UDP socket that log lines will be copied to. Default is none.
- log_prefix - A string that will be prepended to each line as it is logged. Default is no prefix.
- log_config_append - A string containing optional additional lines to add to the log service configuration. See svlogd(8) for more details.
- cookbook - A cookbook where templates are located instead of where the resource is used. Applies for all the templates in the
enableaction. - check - whether the service has a check script, requires a template
sv-service_name-check.erb - finish - whether the service has a finish script, requires a template
sv-service_name-finish.erb - control - An array of signals to customize control of the service, see runsv man page on how to use this. This requires that each template be created with the name
sv-service_name-signal.erb. - supervisor_owner - the user that should be allowed to control this service, see runsv faq
- supervisor_group - the group that should be allowed to control this service, see runsv faq
- owner - user that should own the templates created to enable the service
- group - group that should own the templates created to enable the service
- run_template_name - alternate filename of the run run script to use replacing
service_name. - log_template_name - alternate filename of the log run script to use replacing
service_name. - check_script_template_name - alternate filename of the check script to use, replacing
service_name. - finish_script_template_name - alternate filename of the finish script to use, replacing
service_name. - control_template_names - a hash of control signals (see control above) and their alternate template name(s) replacing
service_name. - status_command - The command used to check the status of the service to see if it is enabled/running (if it's running, it's enabled). This hardcodes the location of the sv program to
/usr/bin/svdue to the aforementioned cookbook load order. - restart_on_update - Whether the service should be restarted when the run script is updated. Defaults to
true. Set tofalseif the service shouldn't be restarted when the run script is updated. - start_down - Set the default state of the runit service to 'down' by creating
<sv_dir>/downfile. Defaults tofalse. Services usingstart_downwill not be notified to restart when their run script is updated. - delete_downfile - Delete previously created
<sv_dir>/downfile
Unlike previous versions of the cookbook using the runit_service definition, the runit_service resource can be notified. See Usage examples below.
Usage
To get runit installed on supported platforms, use recipe[runit]. Once it is installed, use the runit_service resource to set up services to be managed by runit.
In order to use the runit_service resource in your cookbook(s), each service managed will also need to have sv-service_name-run.erb and sv-service_name-log-run.erb templates created. If the log property is false, the log run script isn't created. If the log property is true, and default_logger is also true, the log run script will be created with the default content:
#!/bin/sh
exec svlogd -tt /var/log/service_nameExamples
These are example use cases of the runit_service resource described above. There are others in the runit_test cookbook that is included in the git repository.
Default Example
This example uses all the defaults in the :enable action to set up the service.
We'll set up chef-client to run as a service under runit, such as is done in the chef-client cookbook. This example will be more simple than in that cookbook. First, create the required run template, chef-client/templates/default/sv-chef-client-run.erb.
#!/bin/sh
exec 2>&1
exec /usr/bin/env chef-client -i 1800 -s 30Then create the required log/run template, chef-client/templates/default/sv-chef-client-log-run.erb.
#!/bin/sh
exec svlogd -tt ./mainNote This will cause output of the running process to go to /etc/sv/chef-client/log/main/current. Some people may not like this, see the following example. This is preserved for compatibility reasons.
Finally, set up the service in the recipe with:
runit_service "chef-client"Default Logger Example
To use a default logger with svlogd which will log to /var/log/chef-client/current, instead, use the default_logger option.
runit_service "chef-client" do
default_logger true
endNo Log Service
If there isn't an appendant log service, set log to false, and the log/run script won't be created.
runit_service "no-svlog" do
log false
endCheck Script
To create a service that has a check script in its service directory, set the check property to true, and create a sv-checker-check.erb template.
runit_service "checker" do
check true
endThis will create /etc/sv/checker/check.
Finish Script
To create a service that has a finish script in its service directory, set the finish property to true, and create a sv-finisher-finish.erb template.
runit_service "finisher" do
finish true
endThis will create /etc/sv/finisher/finish.
Alternate service directory
If the service directory for the managed service isn't the sv_dir (/etc/sv), then specify it:
runit_service "custom_service" do
sv_dir "/etc/custom_service/runit"
endNo Service Directory
If the service to manage has a package that provides its service directory, such as git-daemon on Debian systems, set sv_templates to false.
package "git-daemon-run"
runit_service "git-daemon" do
sv_templates false
endThis will create the service symlink in /etc/service, but it will not manage any templates in the service directory.
User Controlled Services
To set up services controlled by a non-privileged user, we follow the recommended configuration in the runit documentation (Is it possible to allow a user other than root to control a service?).
Suppose the user's name is floyd, and floyd wants to run floyds-app. Assuming that the floyd user and group are already managed with Chef, create a runsvdir-floyd runit_service.
runit_service "runsvdir-floyd"Create the sv-runsvdir-floyd-log-run.erb template, or add log false. Also create the sv-runsvdir-floyd-run.erb with the following content:
#!/bin/sh
exec 2>&1
exec chpst -ufloyd runsvdir /home/floyd/serviceNext, create the runit_service resource for floyd's app:
runit_service "floyds-app" do
sv_dir "/home/floyd/sv"
service_dir "/home/floyd/service"
owner "floyd"
group "floyd"
endAnd now floyd can manage the service with sv:
$ id
uid=1000(floyd) gid=1001(floyd) groups=1001(floyd)
$ sv stop /home/floyd/service/floyds-app/
ok: down: /home/floyd/service/floyds-app/: 0s, normally up
$ sv start /home/floyd/service/floyds-app/
ok: run: /home/floyd/service/floyds-app/: (pid 5287) 0s
$ sv status /home/floyd/service/floyds-app/
run: /home/floyd/service/floyds-app/: (pid 5287) 13s; run: log: (pid 4691) 726sOptions
Next, let's set up memcached under runit with some additional options using the options property. First, the memcached/templates/default/sv-memcached-run.erb template:
#!/bin/sh
exec 2>&1
exec chpst -u <%= @options[:user] %> /usr/bin/memcached -v -m <%= @options[:memory] %> -p <%= @options[:port] %>Note that the script uses chpst (which comes with runit) to set the user option, then starts memcached on the specified memory and port (see below).
The log/run template, memcached/templates/default/sv-memcached-log-run.erb:
#!/bin/sh
exec svlogd -tt ./mainFinally, the runit_service in our recipe:
runit_service "memcached" do
options({
:memory => node[:memcached][:memory],
:port => node[:memcached][:port],
:user => node[:memcached][:user]
}.merge(params))
endThis is where the user, port and memory options used in the run template are used.
Notifying Runit Services
In previous versions of this cookbook where the definition was used, it created a service resource that could be notified. With the runit_service resource, recipes need to use the full resource name.
For example:
runit_service "my-service"
template "/etc/my-service.conf" do
notifies :restart, "runit_service[my-service]"
endBecause the resource implements actions for various commands that sv can send to the service, any of those actions could be used for notification. For example, chef-client supports triggering a Chef run with a USR1 signal.
template "/tmp/chef-notifier" do
notifies :usr1, "runit_service[chef-client]"
endFor older implementations of services that used runit_service as a definition, but may support alternate service styles, use a conditional, such as based on an attribute:
service_to_notify = case node['nginx']['init_style']
when "runit"
"runit_service[nginx]"
else
"service[nginx]"
end
template "/etc/nginx/nginx.conf" do
notifies :restart, service_to_notify
endMore Examples
For more examples, see the runit_test cookbook's service recipe in the git repository.
Development
You may use test kitchen with either the vagrant or docker drivers to run integration tests.
Note: When using the docker driver please ensure that the container you are using has a working init system, as runit expects to be started by init. In some cases, systemd may need to be run in privileged mode.
For instance, for ubuntu with upstart:
driver_config:
image: ubuntu-upstart:14.04
run_command: /sbin/initFor redhat derivatives:
driver_config:
image: dockerhub/image-with-systemd
run_command: /usr/sbin/init
privileged: trueLicense & Authors
- Author:: Adam Jacob adam@chef.io
- Author:: Joshua Timberman joshua@chef.io
- Author:: Sean OMeara sean@sean.io
Copyright:: 2008-2019, Chef Software, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.