linux - systemd support

2021-08-16 15:21:44 +02:00 · 2021-08-16 15:21:44 +02:00 · 2b3b4a5c3f
parent 57e4247eab
commit 2b3b4a5c3f
8 changed files with 64 additions and 19 deletions
--- a/.github/workflows/linux-bunkerized-nginx.yml
+++ b/.github/workflows/linux-bunkerized-nginx.yml
@ -12,11 +12,17 @@ jobs:
    steps:
      - name: Checkout source code
        uses: actions/checkout@v2
+      - name: Build Debian with systemd
+        run: docker build -t debian-systemd -f tests/Dockerfile-debian .
+      - name: Build Ubuntu with systemd
+        run: docker build -t ubuntu-systemd -f tests/Dockerfile-ubuntu .
+      - name: Build Fedora with systemd
+        run: docker build -t fedora-systemd -f tests/Dockerfile-fedora .
      - name: Debian test
-        run: ./tests/linux-run.sh debian:buster-slim test-debian
+        run: ./tests/linux-run.sh debian-systemd test-debian
      - name: Ubuntu test
-        run: ./tests/linux-run.sh ubuntu:focal test-ubuntu
+        run: ./tests/linux-run.sh ubuntu-systemd test-ubuntu
      - name: CentOS test
        run: ./tests/linux-run.sh centos:7 test-centos
      - name: Fedora test
-        run: ./tests/linux-run.sh fedora:34 test-fedora
+        run: ./tests/linux-run.sh fedora-systemd test-fedora
--- a/helpers/bunkerized-nginx
+++ b/helpers/bunkerized-nginx
@ -40,13 +40,14 @@ echo "[*] Run jobs"
 do_and_check_cmd "/opt/bunkerized-nginx/entrypoint/jobs.sh"

 # Reload nginx if it's running
-if [ -f "/tmp/nginx.pid" ] ; then
+status="$(systemctl status nginx 2>&1)"
+if [ $? -eq 0 ] ; then
 	echo "[*] Reload nginx"
-	AS_ROOT="yes" do_and_check_cmd nginx -s reload
+	AS_ROOT="yes" do_and_check_cmd systemctl reload nginx
 # Otherwise start it
 else
 	echo "[*] Start nginx"
-	AS_ROOT="yes" do_and_check_cmd nginx -g 'daemon on; user nginx;'
+	AS_ROOT="yes" do_and_check_cmd systemctl start nginx
 fi

 # Done
--- a/helpers/install.sh
+++ b/helpers/install.sh
@ -360,6 +360,15 @@ if [ "$NGINX_VERSION" != "1.20.1" ] ; then
 	echo "/!\\ Warning : we recommend you to use nginx v1.20.1, you should uninstall your nginx version and run this script again ! /!\\"
 fi

+# Stop nginx on Linux
+if [ "$OS" != "alpine" ] ; then
+	echo "[*] Stop nginx service"
+	systemctl status nginx > /dev/null 2>&1
+	if [ $? -eq 0 ] ; then
+		do_and_check_cmd systemctl stop nginx
+	fi
+fi
+
 # Install dependencies
 echo "[*] Update packet list"
 if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
@ -724,13 +733,19 @@ do_and_check_cmd cp /tmp/bunkerized-nginx/misc/variables.env /opt/bunkerized-ngi
 if [ "$OS" != "alpine" ] ; then
 	echo "[*] Copy UI"
 	do_and_check_cmd cp -r /tmp/bunkerized-nginx/ui /opt/bunkerized-nginx
-	do_and_check_cmd cp /tmp/bunkerized-nginx/ui/bunkerized-nginx-ui.service /etc/systemd/system
+	do_and_check_cmd cp /tmp/bunkerized-nginx/ui/bunkerized-nginx-ui.service /lib/systemd/system
 fi

 # Copy bunkerized-nginx
 echo "[*] Copy bunkerized-nginx"
 do_and_check_cmd cp /tmp/bunkerized-nginx/helpers/bunkerized-nginx /usr/local/bin

+# Replace old nginx.service file
+if [ "$OS" != "alpine" ] ; then
+	do_and_check_cmd mv /lib/systemd/system/nginx.service /lib/systemd/system/nginx.service.bak
+	do_and_check_cmd cp /tmp/bunkerized-nginx/misc/nginx.service /lib/systemd/system/
+fi
+
 # Create nginx user
 if [ "$(grep "nginx:" /etc/passwd)" = "" ] ; then
 	echo "[*] Add nginx user"
@ -811,10 +826,13 @@ do_and_check_cmd chmod u+rx /opt
 do_and_check_cmd chown -R nginx:nginx /etc/nginx
 do_and_check_cmd find /etc/nginx -type f -exec chmod 0774 {} \;
 do_and_check_cmd find /etc/nginx -type d -exec chmod 0775 {} \;
-# Set permissions for /etc/systemd/system/bunkerized-nginx-ui.service
+# Set permissions for systemd files and reload config
 if [ "$OS" != "alpine" ] ; then
-	do_and_check_cmd chown root:root /etc/systemd/system/bunkerized-nginx-ui.service
-	do_and_check_cmd chmod 744 /etc/systemd/system/bunkerized-nginx-ui.service
+	do_and_check_cmd chown root:root /lib/systemd/system/bunkerized-nginx-ui.service
+	do_and_check_cmd chmod 744 /lib/systemd/system/bunkerized-nginx-ui.service
+	do_and_check_cmd chown root:root /lib/systemd/system/nginx.service
+	do_and_check_cmd chmod 744 /lib/systemd/system/nginx.service
+	do_and_check_cmd systemctl daemon-reload
 fi

 # Prepare log files and folders
--- a/helpers/uninstall.sh
+++ b/helpers/uninstall.sh
@ -30,14 +30,23 @@ elif [ "$(grep Ubuntu /etc/os-release)" != "" ] ; then
 	OS="ubuntu"
 elif [ "$(grep CentOS /etc/os-release)" != "" ] ; then
 	OS="centos"
-elif [ "$(grep Alpine /etc/os-release)" != "" ] ; then
-	OS="alpine"
 fi
 if [ "$OS" = "" ] ; then
 	echo "[!] Unsupported Operating System"
 	exit 1
 fi

+# Stop nginx
+systemctl status nginx > /dev/null 2>&1
+if [ $? -eq 0 ] ; then
+	echo "[*] Stop nginx service"
+	do_and_check_cmd systemctl stop nginx
+fi
+
+# Reload old nginx.service file
+do_and_check_cmd mv /lib/systemd/system/nginx.service.bak /lib/systemd/system/nginx.service
+do_and_check_cmd systemctl daemon-reload
+
 # Remove /opt/bunkerized-nginx
 if [ -e "/opt/bunkerized-nginx" ] ; then
 	echo "[*] Remove /opt/bunkerized-nginx"
@ -45,14 +54,16 @@ if [ -e "/opt/bunkerized-nginx" ] ; then
 fi

 # Remove UI service
-if [ -e "/etc/systemd/system/bunkerized-nginx-ui.service" ] ; then
-	echo "[*] Remove bunkerized-nginx-ui service"
+systemctl status bunkerized-nginx-ui > /dev/null 2>&1
+if [ $? -eq 0 ] ; then
+	echo "[*] Stop bunkerized-nginx-ui service"
+	systemctl status nginx > /dev/null 2>&1
 	do_and_check_cmd systemctl stop bunkerized-nginx-ui
-	do_and_check_cmd systemctl disable bunkerized-nginx-ui
-	do_and_check_cmd rm -f /etc/systemd/system/bunkerized-nginx-ui.service
-	do_and_check_cmd systemctl daemon-reload
-	do_and_check_cmd systemctl reset-failed
 fi
+do_and_check_cmd systemctl disable bunkerized-nginx-ui
+do_and_check_cmd rm -f /lib/systemd/system/bunkerized-nginx-ui.service
+do_and_check_cmd systemctl daemon-reload
+do_and_check_cmd systemctl reset-failed

 # Remove cron
 echo "[*] Remove cron"
--- a/tests/Dockerfile-debian
+++ b/tests/Dockerfile-debian
@ -0,0 +1,3 @@
+FROM debian:buster-slim
+
+RUN apt update && apt install -y systemd
--- a/tests/Dockerfile-fedora
+++ b/tests/Dockerfile-fedora
@ -0,0 +1,3 @@
+FROM fedora:34
+
+RUN dnf install -y systemd
--- a/tests/Dockerfile-ubuntu
+++ b/tests/Dockerfile-ubuntu
@ -0,0 +1,3 @@
+FROM ubuntu:focal
+
+RUN apt update && apt install -y systemd
--- a/tests/linux-run.sh
+++ b/tests/linux-run.sh
@ -12,7 +12,7 @@ if [ "$3" == "no" ] ; then
 fi

 echo "[*] Run $image"
-id="$(docker run --rm -d -it -p 80:80 -p 443:443 --name "$name" "$image")"
+id="$(docker run --rm -d -p 80:80 -p 443:443 --privileged=true --name "$name" "$image" /sbin/init)"
 if [ $? -ne 0 ] ; then
 	echo "[!] docker run failed"
 	cleanup "$name"