| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Let systemd give ejabberd the capability to bind to ports below 1024.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support systemd's watchdog feature and enable it by default in the unit
file, so that ejabberd is auto-restarted if the VM becomes unresponsive.
Also, set the systemd startup type to 'notify', so that startup of
followup units is delayed until ejabberd signals readiness. While at
it, also notify systemd of configuration reload and shutdown states.
Note: "NotifyAccess=all" is required as long as "ejabberdctl foreground"
runs the VM as a new child process, rather than "exec"ing it. This way,
systemd views the ejabberdctl process itself as the main service
process, and would discard notifications from other processes by
default.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Daemons started by systemd shouldn't fork into the background if
possible, because if multiple forked processes exist, systemd has
a hard time determining the main process ID.
In a memory constrained environment, the OOM killer may cause
ejabberd to exit without any trace. Because epmd keeps running,
systemd wouldn't notice the error condition, and as a result it
won't restart the server.
With ejabberd running in foreground, systemd is able to obtain the
correct exit code (137 in this case, instead of 0) and schedules a
restart. The administrator can then see what happend by looking at
systemctl status ejabberd.
|
| |
|
|
|
| |
On slow systems, it can take quite a while for "ejabberdctl started"
and/or "ejabberdctl stopped" to return.
|
| |
|
|
|
|
|
| |
With "ProtectSystem", /usr is mounted read-only, so things will fail
when e.g. /usr/local is used as the installation prefix. Whether such
options make sense depends on the environment, so they should rather be
set by package maintainers and/or admins.
|
| |
|
|
|
| |
Now that "ejabberdctl reload_config" works the way most admins would
expect, expose the command via systemd.
|
| |
|
|
|
|
|
|
|
|
| |
Make sure the "ExecStop" command line blocks until ejabberd is actually
stopped. This prevents systemd from killing the ejabberd process(es)
immediately.
Also, let the "ExecStart" command line block until ejabberd's startup is
completed. This makes sure that services which depend on ejabberd
aren't started up too early.
|
| |
|
|
| |
16,000 file descriptors will only suffice for small setups.
|
| |
|
|
|
|
| |
The "reload_config" command doesn't work the way admins would typically
expect, so it shouldn't be exposed via systemd. Those who understand
the behavior can execute the command using ejabberdctl.
|
| |
|
|
|
| |
The "RestartSec=5" setting has no effect if "Restart" is not also
specified.
|
| |
|
|
| |
ejabberd is not a "oneshot" process.
|
| |
|
|
|
|
| |
The "NoNewPrivileges" setting breaks some PAM and extauth setups.
Fixes #1281.
|
| |
|
|
|
|
|
|
|
| |
Admins might expect ejabberd to be able to access data below /home or
/tmp. For example, they might use those locations to dump/restore
Mnesia backups, or as a document root for mod_http_fileserver or
mod_http_upload.
Fixes #1297.
|
| |
|
| |
Restrict capabilities, have a private tmp directory, private /dev, and don't accessing file system locations that really shouldn't be accessed.
|
| | |
|
| |
|
