In the previous blog post I talked about Unix domain socket enablement in Aptly, a very popular deb repository management solution. In addition to adding socket support, I’ve also added support for systemd socket activation.
Systemd’s socket activation is an inordinately fancy feature of systemd where it will take over socket creation and management before the actual service is running. It ensures that incoming requests aren’t lost if the service crashes or isn’t started yet. When one has the opportunity to use systemd, letting it do socket activation for Aptly is super handy as it also gives easy access to chown capabilities.
Using socket activation requires you to create two systemd units. A service unit, describing the aptly service itself, and a socket unit, for listening for traffic. Examples files may look like this:
# aptly.service [Unit] Description=Aptly archive service [Service] ExecStart=/home/archive/bin/aptly api serve WorkingDirectory=/home/archive Restart=always
# aptly.socket [Unit] Description=Aptly archive service socket [Socket] ListenStream=/home/archive/aptly.sock SocketMode=0660 SocketUser=archive SocketGroup=archivesocket [Install] WantedBy=sockets.target
Enabling and starting the socket unit will create the socket file at /home/archive/aptly.sock and start the service upon incoming traffic, which you could cause, for example, using curl --unix-socket /home/archive/aptly.sock http:/api/version.
Fairly exciting already. But if you’ve previously been listening on a TCP port you may wish to establish a smoother migration path without having to change your entire infrastructure to work with sockets all at once. Aptly however only supports listening on one socket, so you can’t just have it listen on both a TCP socket and a unix socket. Fortunately, systemd also has a neat solution for this, called systemd-socket-proxyd. Using the socket activation systemd itself can proxy traffic from a TCP socket to our new aptly socket file.
Again example units for illustration:
# aptly-proxy.service [Unit] Description=Aptly Socket (Proxy Listener) [Service] ExecStart=/lib/systemd/systemd-socket-proxyd /home/archive/aptly.sock PrivateTmp=yes
# aptly-proxy.socket [Unit] Description=Aptly Socket (Proxy Listener) After=aptly.socket [Socket] ListenStream=127.0.0.1:8080 [Install] WantedBy=sockets.target
When enabling and starting this socket unit systemd will listen on 127.0.0.1:8080 for traffic and proxy it through systemd-socket-proxyd to our actual Aptly socket file. At this point Aptly will be able to receive traffic from both the unix socket and the TCP socket (although of course effectively Aptly is only listening on the unix socket).
Now if only systemd could play audio it’d be quite the bundle of usefulness 😉
💺 Blog 