[WFCORE-6935] Improve systemd service units #6179
Conversation
yersan
added
Feature
yersan
force-pushed
the
WFCORE-6935
branch
3 times, most recently
from
0af8db3
to
5e7a85b
Compare
This comment was marked as off-topic.
This comment was marked as off-topic.
| # unzip -d /opt wildfly-34.0.0.Final.zip | ||
| # ln -s /opt/wildfly-34.0.0.Final /opt/wildfly |
There was a problem hiding this comment.
What we might want to do here is use ${project.version} and allow processing of this resource to replace the properties. We could probably do something for wildfly too so it's generic.
There was a problem hiding this comment.
I need to check but not sure if that would be fine taking into account that this file contains some other linux commands, I don't want to make them be replaced by maven applying environment properties across this file
There was a problem hiding this comment.
That is a good point. I don't see any others with the pattern ${property.name}, but it's definitely something to consider since that is the linux way.
I was mostly trying to think of a way where we don't have to keep updating the version, but maybe it doesn't matter.
core-feature-pack/common/src/main/resources/content/bin/systemd/generate_systemd_unit.sh
Outdated
Show resolved
Hide resolved
core-feature-pack/common/src/main/resources/content/bin/systemd/wildfly-domain.service
Show resolved
Hide resolved
core-feature-pack/common/src/main/resources/content/bin/systemd/generate_systemd_unit.sh
Outdated
Show resolved
Hide resolved
core-feature-pack/common/src/main/resources/content/bin/systemd/wildfly-domain.service
Show resolved
Hide resolved
| # unzip -d /opt wildfly-34.0.0.Final.zip | ||
| # ln -s /opt/wildfly-34.0.0.Final /opt/wildfly |
There was a problem hiding this comment.
I need to check but not sure if that would be fine taking into account that this file contains some other linux commands, I don't want to make them be replaced by maven applying environment properties across this file
| # unzip -d /opt wildfly-34.0.0.Final.zip | ||
| # ln -s /opt/wildfly-34.0.0.Final /opt/wildfly |
There was a problem hiding this comment.
That is a good point. I don't see any others with the pattern ${property.name}, but it's definitely something to consider since that is the linux way.
I was mostly trying to think of a way where we don't have to keep updating the version, but maybe it doesn't matter.
core-feature-pack/common/src/main/resources/content/bin/systemd/wildfly-domain.service
Show resolved
Hide resolved
|
|
||
| == Start and enable WildFly | ||
|
|
||
| # systemctl start wildfly-$MODE.service |
There was a problem hiding this comment.
To respect Bash's best practises:
# systemctl start "wildfly-${MODE}.service"
|
|
||
| == Configure systemd | ||
|
|
||
| # cd /opt/wildfly/bin/systemd |
There was a problem hiding this comment.
To avoid hard coding /opt/wildfly everywhere, I would suggest defining a WILDFLY_HOME=/opt/wildfly at the beginning.
|
|
||
| # cd /opt/wildfly/bin/systemd | ||
| # cp wildfly-$MODE.conf /etc/sysconfig/ | ||
| # cp wildfly-$MODE.service $(pkg-config systemd --variable=systemdsystemunitdir) |
There was a problem hiding this comment.
To follow bash's best practices:
# cp "wildfly-${MODE}.conf" /etc/sysconfig/
# cp "wildfly-${MODE}.service" $(pkg-config systemd --variable=systemdsystemunitdir)
|
|
||
| == Remove WildFly systemd service | ||
|
|
||
| # rm -f $(pkg-config systemd --variable=systemdsystemunitdir)/wildfly-$MODE.service |
There was a problem hiding this comment.
rm -f "$(pkg-config systemd --variable=systemdsystemunitdir)/wildfly-${MODE}.service"
|
|
||
| # rm -f $(pkg-config systemd --variable=systemdsystemunitdir)/wildfly-$MODE.service | ||
| # rm -f /etc/sysconfig/wildfly-$MODE.conf | ||
| # systemctl daemon-reload |
There was a problem hiding this comment.
Should we not add systemctl status wildfy and systemctl start wildfly with an example of the output?
There was a problem hiding this comment.
At this point, this is the section that describes how to remove the service.
The start / enable / status commands are described in the previous section. There is no sample of status output, though
| JBOSS_HOME="$(realpath "$SCRIPT_DIR/../..")" | ||
| JBOSS_SYSTEMD_MODE="${1}" | ||
|
|
||
| if [ -z "$JBOSS_SYSTEMD_MODE" ]; then |
There was a problem hiding this comment.
if [ -z "${JBOSS_SYSTEMD_MODE}" ]; then
for consistency on top of best practice
| exit 0; | ||
| fi | ||
|
|
||
| SYSTEMD_FILE="$SCRIPT_DIR/wildfly-${JBOSS_SYSTEMD_MODE}.service" |
There was a problem hiding this comment.
SYSTEMD_FILE="${SCRIPT_DIR}/wildfly-${JBOSS_SYSTEMD_MODE}.service"
|
|
||
| SYSTEMD_FILE="$SCRIPT_DIR/wildfly-${JBOSS_SYSTEMD_MODE}.service" | ||
| JBOSS_SYSTEMD_USER="${2:-wildfly}" | ||
| JBOSS_SYSTEMD_GROUP="${3:-wildfly}" |
There was a problem hiding this comment.
My preference is to add single quote around literals to make it clear to the reader that it's supposed to be fixed characters strings:
JBOSS_SYSTEMD_GROUP="${3:-'wildfly'}"
There was a problem hiding this comment.
That would move the quotes to the Systemd unit file as well, is that still valid?
| JBOSS_SYSTEMD_GROUP="${3:-wildfly}" | ||
|
|
||
| echo "INFO: Systemd Unit File to generate: ${SYSTEMD_FILE}" | ||
| echo "INFO: Using JBOSS_HOME: $JBOSS_HOME" |
There was a problem hiding this comment.
As we have JBOSS_HOME here, we should use it at the beginning, to not repeat /opt/wildfly all the time.
Also:
echo "INFO: Using JBOSS_HOME: ${JBOSS_HOME}"
There was a problem hiding this comment.
As we have JBOSS_HOME here, we should use it at the beginning, to not repeat /opt/wildfly all the time.
JBOSS_HOME is initialized at the beginning of the script and there is no "/opt/wildfly" path hardcoded in this script, so I don't follow you here.
Also:
echo "INFO: Using JBOSS_HOME: ${JBOSS_HOME}"
Done
| echo "INFO: User: ${JBOSS_SYSTEMD_USER}" | ||
| echo "INFO: Group: ${JBOSS_SYSTEMD_GROUP}" | ||
|
|
||
| while true; do |
There was a problem hiding this comment.
Interactive shell is a bad idea. I would suggest using opts so that the user can pass a parameters if he wants to generate the systemd file.
We should also aimed at making this script idempotent. (I'll do another review in this regard, after this one)
There was a problem hiding this comment.
Interactive shell is a bad idea.
It is not expected this file be invoked by a third-party tool, this is just a utility that is expected to be used by a user to make his life easier when he needs to replace the JBOSS_HOME, user:group in the systemd unit files. Asking interactively for confirmation here allows the user to review what he is going to configure, so I think it is useful here.
Would that convince you to leave it as it is?
There was a problem hiding this comment.
No :) I really think it's a bad idea.
Bear in mind that this will be used by Ops (or DevOps), they won't expect an interactive shell and will be quite annoyed with it. Also, they are most likely going to automate around this (I've done so in the past, at customers). They may want to automate the deployment of Wildfly based and this and have script (or a tool like Ansible) automatically generate the file on the target system....
And right now, it's impossible to because the script is interactive by default. So if you really want to keep it, at least you should provide a mecanism around it.
IMHO, the best approach, that would match what people do in this kind of script, would be to test if the var is defined and act according to it:
if [ -z ${SYSTEMD_FILE} ]; then
echo "No systemd file provided, not generating one."
exit 0
fi
(last point if somehow you really, really want to keep this interaction thing, I would move into a function, because it's big chunk of code)
There was a problem hiding this comment.
@rpelisse Ok, you bring more experience to this from Ansible automation, so I'll remove the interactive question or add a confirm flag for skipping it
There was a problem hiding this comment.
@rpelisse I've added a new argument c,--confirm to avoid the interactive mode.
| esac | ||
| done | ||
|
|
||
| sed -e "s|@@@JBOSS_SYSTEMD_SERVER_HOME@@@|$JBOSS_HOME|g" \ |
There was a problem hiding this comment.
sed -e "s|@@@JBOSS_SYSTEMD_SERVER_HOME@@@|${JBOSS_HOME}|g" \
-e "s|@@@JBOSS_SYSTEMD_USER@@@|${JBOSS_SYSTEMD_USER}|g" \
-e "s|@@@JBOSS_SYSTEMD_GROUP@@@|${JBOSS_SYSTEMD_GROUP}|g" \
"${SYSTEMD_FILE}.template" > "${SYSTEMD_FILE}"
| -e "s|@@@JBOSS_SYSTEMD_GROUP@@@|$JBOSS_SYSTEMD_GROUP|g" \ | ||
| "${SYSTEMD_FILE}.template" > "$SYSTEMD_FILE" | ||
|
|
||
| systemd-analyze verify --recursive-errors=no "$SYSTEMD_FILE" |
There was a problem hiding this comment.
systemd-analyze verify --recursive-errors=no "${SYSTEMD_FILE}"
| echo "" | ||
| echo "INFO: Systemd Unit File generated." | ||
| echo "INFO: The ${JBOSS_SYSTEMD_USER}:${JBOSS_SYSTEMD_GROUP} are the user:group configured to launch the server. You have to ensure this user and group exist and have the necessary permissions to read and launch the server." | ||
| echo "INFO: Use $JBOSS_HOME/bin/systemd/wildfly-${JBOSS_SYSTEMD_MODE}.conf to configure the server environment." |
There was a problem hiding this comment.
echo "INFO: Use ${JBOSS_HOME}/bin/systemd/wildfly-${JBOSS_SYSTEMD_MODE}.conf to configure the server environment."
| echo "sudo systemctl start $(basename $SYSTEMD_FILE)" | ||
| echo "" | ||
| echo "INFO: In case of issues, you can check the service logs with:" | ||
| echo "sudo journalctl -u $(basename $SYSTEMD_FILE)" |
There was a problem hiding this comment.
Be mindful of where to use quote:
echo sudo journalctl -u $(basename "${SYSTEMD_FILE}")
This approach will yield a more comprehensible error message if, somehow, a space has been inserted in the variable.
| @@ -0,0 +1,26 @@ | |||
| #!/bin/sh | |||
There was a problem hiding this comment.
I would suggest /bin/bash so that we can use bash specific mechanism. It also better because with /bin/sh we should test the script with all sort of shell interpreter.
There was a problem hiding this comment.
We use /sh to maximize the portability now and in the future, it is the same shell used by the launch scripts. Using bash opens the door to not be compatible in the future.
There was a problem hiding this comment.
Yeah, but do you ensure that CI test the script with different flavor of shell? Unlikely... By using /sh you are opening the door to people filling issue because it does not work with "not Bash". It's generally consider best practises to use explicit /bin/bash for this very reason. As this is a new script, I would take the chance to reduce the scope of incoming issue. That being said, it's not a big deal.
This comment was marked as outdated.
This comment was marked as outdated.
Jira issue: https://issues.redhat.com/browse/WFCORE-6935 [WFCORE-6935] Minor fix for README
…s and allow specify areguments in any order
This comment was marked as outdated.
This comment was marked as outdated.
|
Hello @rpelisse could you review this again? |
| Environment="WILDFLY_CONSOLE_LOG=/opt/wildfly/standalone/log/systemd-console.log" | ||
| Environment="WILDFLY_BIND=0.0.0.0" | ||
| EnvironmentFile=-/etc/sysconfig/wildfly-standalone.conf | ||
|
|
There was a problem hiding this comment.
Comparing to the service configuration we use for the Ansible collection for Wildfly, there is a few options you might to consider adding:
- Creating a PIDFile and giving it to systemd will sensibly enhance its ability to manage the server:
PIDFile=/opt/wildfly/standalone/wildfly.pid
- Adding the sucessful exit statuses will prevent Systemd to misinterpret when the server is successfully stopping:
SuccessExitStatus = 0 143
- As Java services tends to start significantly slower than native ones, configuring a timeout will prevent a scenario where apps deployment on the service boot causes Wildfly to be tagged as "fail to start":
TimeoutSec=600
- That more of a nice to have, but you could configure to automatically restart the service in case of failure:
RestartSec = 120
Restart = on-failure
| Environment="WILDFLY_SERVER_CONFIG=standalone.xml" | ||
| Environment="WILDFLY_CONSOLE_LOG=@@@JBOSS_SYSTEMD_SERVER_HOME@@@/standalone/log/systemd-console.log" | ||
| Environment="WILDFLY_BIND=0.0.0.0" | ||
| EnvironmentFile=-/etc/sysconfig/wildfly-standalone.conf |
There was a problem hiding this comment.
If you the configuration suggested above to the service conf, you should probably update the template accordingly.
| Environment="JAVA_HOME=/usr/lib/jvm/jre" | ||
|
|
||
| Environment="WILDFLY_SH=@@@JBOSS_SYSTEMD_SERVER_HOME@@@/bin/domain.sh" | ||
| Environment="WILDFLY_SERVER_CONFIG=domain.xml" |
There was a problem hiding this comment.
AFAICS the ony difference between domain and standlone is this variable. I would suggest to avoid duplication, and use some bash savyness to avoid duplicating the files (and this have only one template and one file):
Environment="WILDFLY_SERVER_CONFIG=${CONFIG_FILE:-'standalone.xml'}" # Then we just need to ensure that CONFIG_FILE defaults to domain.xml in the launch script.
There was a problem hiding this comment.
OK, looking at the next file I reallized, we might simply be able to WILDFLY_SERVER_CONFIG which defaults to 'standalone.xml'.
| exit 1 | ||
| } | ||
|
|
||
| SCRIPT_NAME=$(basename "$0") |
There was a problem hiding this comment.
SCRIPT_NAME=$(basename "$0") to SCRIPT_NAME=$(basename "${0}")
| } | ||
|
|
||
| SCRIPT_NAME=$(basename "$0") | ||
| SCRIPT_DIR="$(dirname "$(realpath "$0")")" |
There was a problem hiding this comment.
SCRIPT_DIR="$(dirname "$(realpath "$0")")" to SCRIPT_DIR="$(dirname "$(realpath "${0}")")"
| esac | ||
| done | ||
|
|
||
| if [ "${JBOSS_SYSTEMD_MODE}" != "standalone" ] && [ "${JBOSS_SYSTEMD_MODE}" != "domain" ]; then |
There was a problem hiding this comment.
Getting into super nickpicking zone :)
Technically by using "" you are telling the script interpreter to look for cmd substitution or variable to be replaced by their content into the string. So it would be better to have 'standalone' and 'domain' instead of "standalone" and "domain".
I did say it was nickpicking, right? ;)
| echo "INFO: Using JBOSS_HOME: ${JBOSS_HOME}" | ||
| echo "INFO: User: ${JBOSS_SYSTEMD_USER}" | ||
| echo "INFO: Group: ${JBOSS_SYSTEMD_GROUP}" | ||
| echo "INFO: Confirm: ${JBOSS_CONFIRM}" |
There was a problem hiding this comment.
I would not echo this variable, as it will only be used for interactive mode. Having this value in logfile of automated install will be ... strange, and might confused ops ("Wait, why my JBOSS is not confirmed? What does it means???".
If you intend to echo the value for debugging purpose, remember that simply running the script with the -x option will echo all the variable values.
| -e "s|@@@JBOSS_SYSTEMD_GROUP@@@|${JBOSS_SYSTEMD_GROUP}|g" \ | ||
| "${SYSTEMD_FILE}.template" > "${SYSTEMD_FILE}" | ||
|
|
||
| systemd-analyze verify --recursive-errors=no "${SYSTEMD_FILE}" |
There was a problem hiding this comment.
Oh cool! I'm so going to steal that for the Ansible collection for Wildfly! :)
| if [ 'y' != "${JBOSS_CONFIRM}" ] && [ 'Y' != "${JBOSS_CONFIRM}" ];then | ||
| while true; do | ||
| read -p "Do you want to generate ${SYSTEMD_FILE}? (y/n): " choice | ||
| case "$choice" in |
There was a problem hiding this comment.
case "$choice" in to case "${choice}" in
Also, as I suspect choice will not change value after the script starts, I would suggest to go uppercase to cleary display that (so rename it to CHOICE).
Ideally, I would prefix any vars declaration by readonly, but I'm not sure if this supported across all interpreter or just a bash feature. It's a good practise to use readonly, because it prevent some already defined variable in the shell to override a value in the script.
| echo "sudo systemctl start $(basename "${SYSTEMD_FILE}")" | ||
| echo "" | ||
| echo "INFO: In case of issues, you can check the service logs with:" | ||
| echo "sudo journalctl -u $(basename "${SYSTEMD_FILE}")" |
There was a problem hiding this comment.
I'm not sure most ops are going to be thrilled by this output. You may want to consider displaying it only if JBOSS_CONFIRM is set to true? (the more I think about it, the more I think a less confusing name would be better for this variable).
Also, you might want to move this to a separate file and a do a sort of template as you did for the configuratiion file. It might be easier to maintain on the long run.
Jira issue: https://issues.redhat.com/browse/WFCORE-6935