Aptly Systemd Socket Activation

In the previous blog post I talked about Unix domain socket enablement in Aptly, a very popular deb repository management solution. In addition to adding socket support, I’ve also added support for systemd socket activation.

Systemd’s socket activation is an inordinately fancy feature of systemd where it will take over socket creation and management before the actual service is running. It ensures that incoming requests aren’t lost if the service crashes or isn’t started yet. When one has the opportunity to use systemd, letting it do socket activation for Aptly is super handy as it also gives easy access to chown capabilities.

Using socket activation requires you to create two systemd units. A service unit, describing the aptly service itself, and a socket unit, for listening for traffic. Examples files may look like this:

# aptly.service
[Unit]
Description=Aptly archive service

[Service]
ExecStart=/home/archive/bin/aptly api serve
WorkingDirectory=/home/archive
Restart=always
# aptly.socket
[Unit]
Description=Aptly archive service socket

[Socket]
ListenStream=/home/archive/aptly.sock
SocketMode=0660
SocketUser=archive
SocketGroup=archivesocket

[Install]
WantedBy=sockets.target

Enabling and starting the socket unit will create the socket file at /home/archive/aptly.sock and start the service upon incoming traffic, which you could cause, for example, using curl --unix-socket /home/archive/aptly.sock http:/api/version.

Fairly exciting already. But if you’ve previously been listening on a TCP port you may wish to establish a smoother migration path without having to change your entire infrastructure to work with sockets all at once. Aptly however only supports listening on one socket, so you can’t just have it listen on both a TCP socket and a unix socket. Fortunately, systemd also has a neat solution for this, called systemd-socket-proxyd. Using the socket activation systemd itself can proxy traffic from a TCP socket to our new aptly socket file.

Again example units for illustration:

# aptly-proxy.service
[Unit]
Description=Aptly Socket (Proxy Listener)

[Service]
ExecStart=/lib/systemd/systemd-socket-proxyd /home/archive/aptly.sock
PrivateTmp=yes
# aptly-proxy.socket
[Unit]
Description=Aptly Socket (Proxy Listener)
After=aptly.socket

[Socket]
ListenStream=127.0.0.1:8080

[Install]
WantedBy=sockets.target

When enabling and starting this socket unit systemd will listen on 127.0.0.1:8080 for traffic and proxy it through systemd-socket-proxyd to our actual Aptly socket file. At this point Aptly will be able to receive traffic from both the unix socket and the TCP socket (although of course effectively Aptly is only listening on the unix socket).

Now if only systemd could play audio it’d be quite the bundle of usefulness 😉

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s