Skip to content

Commit 81b810d

Browse files
M0Rf30M0Rf30
committed
feat: add legacy sidecar service and PKGBUILD distro split
Legacy distros (rocky_8, ubuntu_jammy) get the sidecar with consul connect envoy directly and WantedBy=multi-user.target. Modern distros use service-discover-wrapper.sh with Type=notify and PartOf=service-discover.target. Refs: CO-3422
1 parent 4d41533 commit 81b810d

File tree

2 files changed

+59
-2
lines changed

2 files changed

+59
-2
lines changed

package/PKGBUILD

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ source=(
2323
"carbonio-ws-collaboration-db.hcl"
2424
"carbonio-ws-collaboration-db-bootstrap"
2525
"carbonio-ws-collaboration-db-sidecar.service"
26+
"carbonio-ws-collaboration-db-sidecar-legacy.service"
2627
"intentions.json"
2728
"policies.json"
2829
"service-protocol.json"
@@ -33,23 +34,37 @@ sha256sums=(
3334
'59a74fcfbbfaf4628271bfa4d4e76c46d508f7b21d3a79d46ad51f96b8083695'
3435
'cbcdea3b53ed934a0e4280be9ab3434118a8c096c81a9cc68f007ff59f68520f'
3536
'6ed3ab14e72e4de771b13eee2971c57c15df97882b3a1926b333b3c357510869'
37+
'd1fc1d459676c52bf147204fcc9145143a9d79937dad407d22fe666b6d3ca1d3'
3638
'87b5d43d577bd805a74aa5f38ded4cc5a755ba35ab8266c8f3b60f3a091a07c3'
3739
'9bedfb38742c72034f015aee3f1e7bdb734cd5d6e0003b109a8d6fead4962a8c'
3840
'd0f4019f14ff13fe5d394e9945c6679c1098f532c8bffd41b129e1a804947ac1'
3941
)
4042

41-
package() {
43+
_package_common() {
4244
cd "${srcdir}"
4345
install -Dm 644 111-carbonio-ws-collaboration-db-setup.sh "${pkgdir}/etc/zextras/pending-setups.d/111-carbonio-ws-collaboration-db-setup.sh"
4446
install -Dm 755 carbonio-ws-collaboration-db "${pkgdir}/usr/bin/carbonio-ws-collaboration-db"
45-
install -Dm 644 carbonio-ws-collaboration-db-sidecar.service "${pkgdir}/lib/systemd/system/carbonio-ws-collaboration-db-sidecar.service"
4647
install -Dm 644 carbonio-ws-collaboration-db.hcl "${pkgdir}/etc/zextras/service-discover/carbonio-ws-collaboration-db.hcl"
4748
install -Dm 755 carbonio-ws-collaboration-db-bootstrap "${pkgdir}/usr/bin/carbonio-ws-collaboration-db-bootstrap"
4849
install -Dm 644 intentions.json "${pkgdir}/etc/carbonio/ws-collaboration-db/service-discover/intentions.json"
4950
install -Dm 644 policies.json "${pkgdir}/etc/carbonio/ws-collaboration-db/service-discover/policies.json"
5051
install -Dm 644 service-protocol.json "${pkgdir}/etc/carbonio/ws-collaboration-db/service-discover/service-protocol.json"
5152
}
5253

54+
_package_systemd() {
55+
_package_common
56+
install -Dm 644 carbonio-ws-collaboration-db-sidecar.service "${pkgdir}/lib/systemd/system/carbonio-ws-collaboration-db-sidecar.service"
57+
}
58+
59+
_package_legacy() {
60+
_package_common
61+
install -Dm 644 carbonio-ws-collaboration-db-sidecar-legacy.service "${pkgdir}/lib/systemd/system/carbonio-ws-collaboration-db-sidecar.service"
62+
}
63+
64+
package() { _package_systemd; }
65+
package__rocky_8() { _package_legacy; }
66+
package__ubuntu_jammy() { _package_legacy; }
67+
5368
postinst() {
5469
getent group 'carbonio-ws-collaboration-db' >/dev/null ||
5570
groupadd -r 'carbonio-ws-collaboration-db'
@@ -59,6 +74,7 @@ postinst() {
5974
if [ -d /run/systemd/system ]; then
6075
systemctl daemon-reload >/dev/null 2>&1 || :
6176
systemctl enable carbonio-ws-collaboration-db-sidecar.service >/dev/null 2>&1 || :
77+
"carbonio-ws-collaboration-db-sidecar-legacy.service"
6278
fi
6379

6480
echo "============================================================"
@@ -70,7 +86,9 @@ postinst() {
7086
prerm() {
7187
if [ -d /run/systemd/system ]; then
7288
systemctl --no-reload disable carbonio-ws-collaboration-db-sidecar.service >/dev/null 2>&1 || :
89+
"carbonio-ws-collaboration-db-sidecar-legacy.service"
7390
systemctl stop carbonio-ws-collaboration-db-sidecar.service >/dev/null 2>&1 || :
91+
"carbonio-ws-collaboration-db-sidecar-legacy.service"
7492
fi
7593
}
7694

package/carbonio-ws-collaboration-db-sidecar-legacy.service

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
[Unit]
2+
Description=Carbonio WS Collaboration DB Sidecar
3+
Documentation=https://docs.zextras.com/
4+
Requires=network-online.target
5+
After=network-online.target
6+
7+
[Service]
8+
User=carbonio-ws-collaboration-db
9+
ExecStart=/usr/bin/consul connect envoy \
10+
-token-file /etc/carbonio/ws-collaboration-db/service-discover/token \
11+
-admin-bind localhost:0 \
12+
-sidecar-for carbonio-ws-collaboration-db
13+
ExecReload=/usr/bin/kill -HUP $MAINPID
14+
Restart=on-failure
15+
RestartSec=15s
16+
KillSignal=SIGINT
17+
LimitNOFILE=65536
18+
19+
# Hardening
20+
PrivateTmp=yes
21+
ProtectSystem=strict
22+
NoNewPrivileges=yes
23+
PrivateDevices=yes
24+
ProtectHome=yes
25+
ProtectKernelModules=yes
26+
ProtectKernelLogs=yes
27+
ProtectKernelTunables=yes
28+
ProtectControlGroups=yes
29+
RestrictRealtime=yes
30+
RestrictNamespaces=yes
31+
RestrictSUIDSGID=yes
32+
LockPersonality=yes
33+
ProtectHostname=yes
34+
ProtectClock=yes
35+
MemoryDenyWriteExecute=yes
36+
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
37+
38+
[Install]
39+
WantedBy=multi-user.target

0 commit comments

Comments
 (0)