From 3fef9d2d71eaae0b862f114fafc756b1706f0e6d Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Fri, 8 May 2020 14:58:06 +0200 Subject: dhcp-server: T2438: change systemd service type, validate config file The default of systemd services Type=simple isn't suitable for dhcpd and other daemons. - change service type to forking - add RuntimeDirectory - set paths to files in Environment - set PIDFile - validate config and lease file in ExecStartPre - add -q to make dhcpd quiet and only log to syslog - set Restart=always --- src/systemd/isc-dhcp-server.service | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'src/systemd') diff --git a/src/systemd/isc-dhcp-server.service b/src/systemd/isc-dhcp-server.service index d848e3df1..e13c66dc6 100644 --- a/src/systemd/isc-dhcp-server.service +++ b/src/systemd/isc-dhcp-server.service @@ -6,14 +6,19 @@ ConditionPathExists=/run/dhcp-server/dhcpd.conf After=vyos-router.service [Service] +Type=forking WorkingDirectory=/run/dhcp-server -# The leases files need to be root:vyattacfg even when dropping privileges -ExecStart=/bin/sh -ec '\ - CONFIG_FILE=/run/dhcp-server/dhcpd.conf; \ - [ -e /config/dhcpd.leases ] || touch /config/dhcpd.leases; \ - chown root:vyattacfg /config/dhcpd.leases; \ - chmod 664 /config/dhcpd.leases; \ - exec /usr/sbin/dhcpd -user nobody -group nogroup -f -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE -lf /config/dhcpd.leases' +RuntimeDirectory=dhcp-server +RuntimeDirectoryPreserve=yes +Environment=PID_FILE=/run/dhcp-server/dhcpd.pid CONFIG_FILE=/run/dhcp-server/dhcpd.conf LEASE_FILE=/config/dhcpd.leases +PIDFile=/run/dhcp-server/dhcpd.pid +ExecStartPre=/bin/sh -ec '\ +touch ${LEASE_FILE}; \ +chown nobody:nogroup ${LEASE_FILE}* ; \ +chmod 664 ${LEASE_FILE}* ; \ +/usr/sbin/dhcpd -4 -t -T -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} ' +ExecStart=/usr/sbin/dhcpd -4 -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} +Restart=always [Install] WantedBy=multi-user.target -- cgit v1.2.3