Changeset View
Standalone View
documentation/content/en/articles/rc-scripting/_index.adoc
| Context not available. | |||||
| The bug stems from `$*` misuse. | The bug stems from `$*` misuse. | ||||
| ==== | ==== | ||||
| [[rcng-service-jails]] | |||||
| == Making a script ready for Service Jails | |||||
| Any script which in the start command only changes a runtime setting for programs or the kernel, or tries to mount something, or finds and deletes files, is not suitable for a service jail and needs to prevent the use within service jails. | |||||
pauamma_gundo.com: s/the use/use/
Also, if you want to point to the service jails section of the jails chapter… | |||||
Done Inline ActionsThis does not work for me in a make run. It gives a 404 because the final link points to http://localhost:1313/en/articles/rc-scripting/handbook/jails/#service-jails instead of http://localhost:1313/en/books/handbook/jails/#service-jails fernape: This does not work for me in a `make run`. It gives a 404 because the final link points to http… | |||||
Done Inline ActionsI hope this works better. See my comment about what I need to install to test this myself. netchild: I hope this works better. See my comment about what I need to install to test this myself. | |||||
Done Inline ActionsIf you're using hugo that's all you need: # The run target uses hugo's built-in webserver to make the documentation site # available for local browsing. The documentation should have been built prior # to attempting to use the `run` target. By default, hugo will start its # webserver on port 1313. fernape: If you're using `hugo` that's all you need:
```
# The run target uses hugo's built-in… | |||||
| Scripts which start a long running service are suitable for service jails, and should come with a suitable service jail configuration. | |||||
| A script with a long running service which needs to do something before the start or after the stop which is listed as not suitable above, can either be split-up into two scripts with dependencies, or use the precommand and postcommand parts of the script to perform this action. | |||||
| By default, only the start and stop parts of a script are run within a service jail, the rest is run outside the jail. | |||||
| As such any setting used in the start/stop parts of the script can not be set from e.g. a precommand. | |||||
| To make a script ready for use with extref:../../books/handbook/jails/#service-jails[Service Jails], only one more config line needs to be inserted: | |||||
| [.programlisting] | |||||
| .... | |||||
| #!/bin/sh | |||||
Done Inline ActionsThis second point (the <.>) is never referenced in the text below the code snippet. fernape: This second point (the `<.>`) is never referenced in the text below the code snippet.
The first… | |||||
Done Inline ActionsFirst numbered bullet is not needed. The text is for the second. netchild: First numbered bullet is not needed. The text is for the second. | |||||
| . /etc/rc.subr | |||||
| name="dummy" | |||||
| start_cmd="${name}_start" | |||||
| stop_cmd=":" | |||||
| : ${dummy_svcj_options:=""} <.> | |||||
| dummy_start() | |||||
| { | |||||
| echo "Nothing started." | |||||
Done Inline ActionsInstead of raw Unicode, use one of the admonition types in https://docs.asciidoctor.org/asciidoc/latest/syntax-quick-reference/#admonitions . s/log running/long-running/ Also, it's not clear from that sentence as written whether "tries to mount..." and "finds and deletes..." are meant as list items at the same level as "make a config change...". If they are indeed, I'd change the verbs to infinitives ("try", "find", and "delete"). pauamma_gundo.com: Instead of raw Unicode, use one of the admonition types in https://docs.asciidoctor. | |||||
Done Inline ActionsI used the raw unicode stuff like in other parts of the document. I tried to adhere to the existing style. In the URL you provided, I haven't seen how I can write an (1)-symbol or similar on my keyboard... For the rest: changed locally and waiting for a clarification for the above part. netchild: I used the raw unicode stuff like in other parts of the document. I tried to adhere to the… | |||||
Done Inline Actions
Ah, missed that it was a callout target. Never mind. pauamma_gundo.com: > I used the raw unicode stuff like in other parts of the document. I tried to adhere to the… | |||||
Done Inline ActionsI feel this sentence is a bit long/complex. I don't know how to simplify it though. What is the conveying idea? fernape: I feel this sentence is a bit long/complex. I don't know how to simplify it though. What is the… | |||||
Done Inline ActionsWhat it shall tell is: netchild: What it shall tell is:
If it is starting a potentially long-running service -> needs an… | |||||
Done Inline ActionsProbably Service -> service. This applies to all the article and the modification in the handbook. fernape: Probably //Service// -> //service//. This applies to all the article and the modification in… | |||||
| } | |||||
Done Inline ActionsI think there is a word missing around the "empty config like" part (line, file?). bcr: I think there is a word missing around the "empty config like" part (line, file?). | |||||
Done Inline ActionsIs s/empty config like displayed/empty config like above/ better? netchild: Is s/empty config like displayed/empty config like above/ better? | |||||
| load_rc_config $name | |||||
| run_rc_command "$1" | |||||
| .... | |||||
Done Inline ActionsThe most common options to use... --> The most common option to use... Also typo explicitely --> explicitly fernape: //The most common options to use...// --> //The most common option to use...//
Also typo… | |||||
| ➊ If it makes sense that the script runs in a jail, it must have an overridable service jails configuration. | |||||
| If it does not need network access or access to any other resource which is restricted in jails, an empty config like displayed is enough. | |||||
Done Inline Actionss/shall/should/g bcr: s/shall/should/g | |||||
Done Inline ActionsIn this context: I want to express "do not do that" and "make sure this is included". netchild: In this context:
I understand "shall" like "do not run it" (and "you have to use").
I… | |||||
Done Inline ActionsSuggestion: "If the script is not run in a service jail, e.g. because that's not possible or does not make sense, use the following:" pauamma_gundo.com: Suggestion: "If the script is not run in a service jail, e.g. because that's not possible or… | |||||
Done Inline ActionsWhat about this?
netchild: What about this?
> If a script can not be run within a Service jail, e.g. because it is not… | |||||
Done Inline ActionsI think this is complex because there are two e.g. subsentences, one in parenthesis the other not. This should be simplified. How about fernape: I think this is complex because there are two `e.g.` subsentences, one in parenthesis the other… | |||||
Done Inline ActionsThere is a difference between not intended to be run and not suitable to be run. netchild: There is a difference between not intended to be run and not suitable to be run.
"I do not… | |||||
Done Inline ActionsThe original line expresses two ideas:
Then maybe if the service is not going to be run in a jail... fernape: The original line expresses two ideas:
* it can not be executed in a jail
* doesn't make… | |||||
| Strictly speaking an empty config is not needed, but it explicitly describes that the script is service jails ready, and that it does not need additional jail permissions. | |||||
| As such it is highly recommended to add such an empty config in such a case. | |||||
| The most common option to use is "net_basic", which enables the use of the hosts IPv4 and IPv6 addresses. | |||||
| All possible options are explained in man:rc.conf[5]. | |||||
| If a setting for the start/stop depends on variables from the rc-framework (e.g. set inside man:rc.conf[5]), this needs to be handled load_rc_config and run_rc_command instead of inside a precommand. | |||||
Done Inline ActionsI think we don't need that numbered bullet. fernape: I think we don't need that numbered bullet. | |||||
| If a script can not be run within a service jail, e.g. because it is not possible to run or it does not make sense to run it in a jail, use the following: | |||||
| [.programlisting] | |||||
| .... | |||||
| #!/bin/sh | |||||
Done Inline ActionsMissing }? pauamma_gundo.com: Missing }? | |||||
| . /etc/rc.subr | |||||
| name="dummy" | |||||
| start_cmd="${name}_start" | |||||
| stop_cmd=":" | |||||
| dummy_start() | |||||
Done Inline ActionsUse a suitable admonition type here too. pauamma_gundo.com: Use a suitable admonition type here too. | |||||
| { | |||||
| echo "Nothing started." | |||||
| } | |||||
| load_rc_config $name | |||||
| dummy_svcj="NO" # does not make sense to run in a svcj <.> | |||||
| run_rc_command "$1" | |||||
| .... | |||||
| ➊ The disabling needs to happen after the ``load_rc_config`` call, else a man:rc.conf[5] setting may override it. | |||||
| [[rcng-furthur]] | [[rcng-furthur]] | ||||
| == Further reading | == Further reading | ||||
| Context not available. | |||||
s/the use/use/
Also, if you want to point to the service jails section of the jails chapter specifically, s|handbook|handbook/jails/#service-jails| (I think).