diff --git a/cli/daemon.go b/cli/daemon.go index 2c50e3f6..f312d49e 100644 --- a/cli/daemon.go +++ b/cli/daemon.go @@ -18,6 +18,7 @@ import ( "miniflux.app/service/httpd" "miniflux.app/service/scheduler" "miniflux.app/storage" + "miniflux.app/systemd" "miniflux.app/worker" ) @@ -44,9 +45,35 @@ func startDaemon(store *storage.Storage) { go collector.GatherStorageMetrics() } - // Notify systemd that we are ready. - if err := sdNotify(sdNotifyReady); err != nil { - logger.Error("Unable to send readiness notification to systemd: %v", err) + if systemd.HasNotifySocket() { + logger.Info("Sending readiness notification to Systemd") + + if err := systemd.SdNotify(systemd.SdNotifyReady); err != nil { + logger.Error("Unable to send readiness notification to systemd: %v", err) + } + + if systemd.HasSystemdWatchdog() { + logger.Info("Activating Systemd watchdog") + + go func() { + interval, err := systemd.WatchdogInterval() + if err != nil { + logger.Error("Unable to parse watchdog interval from systemd: %v", err) + return + } + + for { + err := store.Ping() + if err != nil { + logger.Error(`Systemd Watchdog: %v`, err) + } else { + systemd.SdNotify(systemd.SdNotifyWatchdog) + } + + time.Sleep(interval / 2) + } + }() + } } <-stop diff --git a/cli/sd_notify.go b/cli/sd_notify.go deleted file mode 100644 index 60c354a4..00000000 --- a/cli/sd_notify.go +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright 2021 Frédéric Guillot. All rights reserved. -// Use of this source code is governed by the Apache 2.0 -// license that can be found in the LICENSE file. - -package cli // import "miniflux.app/cli" - -import ( - "net" - "os" -) - -const ( - // sdNotifyReady tells the service manager that service startup is - // finished, or the service finished loading its configuration. - sdNotifyReady = "READY=1" -) - -// sdNotify sends a message to systemd using the sd_notify protocol. -// See https://www.freedesktop.org/software/systemd/man/sd_notify.html. -func sdNotify(state string) error { - addr := &net.UnixAddr{ - Net: "unixgram", - Name: os.Getenv("NOTIFY_SOCKET"), - } - - if addr.Name == "" { - // We're not running under systemd (NOTIFY_SOCKET has not set). - return nil - } - - conn, err := net.DialUnix(addr.Net, nil, addr) - if err != nil { - return err - } - defer conn.Close() - - if _, err = conn.Write([]byte(state)); err != nil { - return err - } - - return nil -} diff --git a/packaging/systemd/miniflux.service b/packaging/systemd/miniflux.service index 440096f2..1f36f5c9 100644 --- a/packaging/systemd/miniflux.service +++ b/packaging/systemd/miniflux.service @@ -5,17 +5,27 @@ # See https://wiki.archlinux.org/index.php/Systemd#Editing_provided_units. [Unit] -Description=Miniflux Feed Reader +Description=Miniflux After=network.target postgresql.service [Service] -Type=notify ExecStart=/usr/bin/miniflux -Restart=always - EnvironmentFile=/etc/miniflux.conf User=miniflux +# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type= +Type=notify + +# https://www.freedesktop.org/software/systemd/man/systemd.service.html#WatchdogSec= +WatchdogSec=30s +WatchdogSignal=SIGKILL + +# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart= +Restart=always + +# https://www.freedesktop.org/software/systemd/man/systemd.service.html#RestartSec= +RestartSec=5 + # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#NoNewPrivileges= NoNewPrivileges=true @@ -45,13 +55,9 @@ RestrictRealtime=true # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths= ReadWritePaths=/run -# Allow miniflux to bind to <1024 ports +# Allow miniflux to bind to privileged ports # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities= AmbientCapabilities=CAP_NET_BIND_SERVICE -# Provide a private /tmp -# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp= -PrivateTmp=true - [Install] WantedBy=multi-user.target diff --git a/systemd/systemd.go b/systemd/systemd.go new file mode 100644 index 00000000..d4415a0c --- /dev/null +++ b/systemd/systemd.go @@ -0,0 +1,74 @@ +// Copyright 2021 Frédéric Guillot. All rights reserved. +// Use of this source code is governed by the Apache 2.0 +// license that can be found in the LICENSE file. + +package systemd // import "miniflux.app/systemd" + +import ( + "fmt" + "net" + "os" + "strconv" + "time" +) + +const ( + // SdNotifyReady tells the service manager that service startup is + // finished, or the service finished loading its configuration. + // https://www.freedesktop.org/software/systemd/man/sd_notify.html#READY=1 + SdNotifyReady = "READY=1" + + // SdNotifyWatchdog the service manager to update the watchdog timestamp. + // https://www.freedesktop.org/software/systemd/man/sd_notify.html#WATCHDOG=1 + SdNotifyWatchdog = "WATCHDOG=1" +) + +// HasNotifySocket checks if the process is supervised by Systemd and has the notify socket. +func HasNotifySocket() bool { + return os.Getenv("NOTIFY_SOCKET") != "" +} + +// HasSystemdWatchdog checks if the watchdog is configured in Systemd unit file. +func HasSystemdWatchdog() bool { + return os.Getenv("WATCHDOG_USEC") != "" +} + +// WatchdogInterval returns the watchdog interval configured in systemd unit file. +func WatchdogInterval() (time.Duration, error) { + s, err := strconv.Atoi(os.Getenv("WATCHDOG_USEC")) + if err != nil { + return 0, fmt.Errorf(`systemd: error converting WATCHDOG_USEC: %v`, err) + } + + if s <= 0 { + return 0, fmt.Errorf(`systemd: error WATCHDOG_USEC must be a positive number`) + } + + return time.Duration(s) * time.Microsecond, nil +} + +// SdNotify sends a message to systemd using the sd_notify protocol. +// See https://www.freedesktop.org/software/systemd/man/sd_notify.html. +func SdNotify(state string) error { + addr := &net.UnixAddr{ + Net: "unixgram", + Name: os.Getenv("NOTIFY_SOCKET"), + } + + if addr.Name == "" { + // We're not running under systemd (NOTIFY_SOCKET is not set). + return nil + } + + conn, err := net.DialUnix(addr.Net, nil, addr) + if err != nil { + return err + } + defer conn.Close() + + if _, err = conn.Write([]byte(state)); err != nil { + return err + } + + return nil +}