From adcf4c81c58511b67644e17fa743d1729d3c9ccf Mon Sep 17 00:00:00 2001 From: David Strauss Date: Mon, 25 Nov 2013 10:44:48 +1000 Subject: [PATCH] socket-proxyd: Add --listener option for listener/destination pairs. --- TODO | 1 - man/systemd-socket-proxyd.xml | 80 +++++++++++++++++++++++++++++++- src/socket-proxy/socket-proxyd.c | 63 ++++++++++++++++--------- 3 files changed, 121 insertions(+), 23 deletions(-) diff --git a/TODO b/TODO index f79f7b10158..9b898bb57db 100644 --- a/TODO +++ b/TODO @@ -105,7 +105,6 @@ Features: * remove NSS usage from PID 1 (notably the specifiers) * socket-proxyd: - - Support multiple inherited sockets mapped to different remote hosts - Use a nonblocking alternative to getaddrinfo - Until we can start daemons directly, find a less ugly, less racy alternative than shell scripts for the second man page example. - Support starting daemons directly without requiring a shell script; update man pages diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml index 4eb13e4d252..d57a59cf799 100644 --- a/man/systemd-socket-proxyd.xml +++ b/man/systemd-socket-proxyd.xml @@ -31,6 +31,12 @@ Strauss david@davidstrauss.net + + Developer + Lennart + Poettering + lennart@poettering.net + @@ -83,6 +89,17 @@ Options The following options are understood: + + + + + Restricts listening to a + single inherited socket, specified + as a file descriptor. By default, + the proxy listens on all inherited + sockets. + + @@ -196,8 +213,12 @@ while [ ! -f /tmp/nginx.pid ] do /usr/bin/inotifywait /tmp/nginx.pid done -exec /usr/bin/systemd-socket-proxyd localhost 8080]]> +exec /usr/bin/systemd-socket-proxyd localhost:8080]]> + Make it executable: + + + @@ -215,6 +236,63 @@ server { <![CDATA[# systemctl enable proxy-with-nginx.socket # systemctl start proxy-with-nginx.socket $ curl http://localhost:80/]]> +</programlisting> + </example> + </refsect2> + + <refsect2> + <title>Multiple Listeners with Multiple Destinations + When using namespaces, it may be useful to + have multiple listeners with each going to a unique + destination. systemd always passes sockets into + services in the order specified in the socket + unit, beginning with file descriptor 3. + In this example, port 80 + will proxy to localhost:8080, + and port 443 will proxy to + localhost:8443. + + /etc/systemd/system/multi-destination.socket + + + + + + /etc/systemd/system/multi-destination.service + + + + + + + + /usr/bin/socket-proxyd-multi-destination.sh + + + + Make it executable: + + + + + + + + diff --git a/src/socket-proxy/socket-proxyd.c b/src/socket-proxy/socket-proxyd.c index 432558d1903..362e8aae9f3 100644 --- a/src/socket-proxy/socket-proxyd.c +++ b/src/socket-proxy/socket-proxyd.c @@ -66,6 +66,7 @@ typedef struct Connection { } Connection; static const char *arg_remote_host = NULL; +static int arg_listener = -1; static void connection_free(Connection *c) { assert(c); @@ -554,8 +555,9 @@ static int help(void) { printf("%s [HOST:PORT]\n" "%s [SOCKET]\n\n" "Bidirectionally proxy local sockets to another (possibly remote) socket.\n\n" - " -h --help Show this help\n" - " --version Show package version\n", + " -l --listener=FD Listen on a specific, single file descriptor.\n" + " -h --help Show this help\n" + " --version Show package version\n", program_invocation_short_name, program_invocation_short_name); @@ -565,22 +567,22 @@ static int help(void) { static int parse_argv(int argc, char *argv[]) { enum { - ARG_VERSION = 0x100, - ARG_IGNORE_ENV + ARG_VERSION = 0x100 }; static const struct option options[] = { - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, ARG_VERSION }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, ARG_VERSION }, + { "listener", required_argument, NULL, 'l' }, {} }; - int c; + int c, fd; assert(argc >= 0); assert(argv); - while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) { + while ((c = getopt_long(argc, argv, "hl:", options, NULL)) >= 0) { switch (c) { @@ -592,6 +594,18 @@ static int parse_argv(int argc, char *argv[]) { puts(SYSTEMD_FEATURES); return 0; + case 'l': + if (safe_atoi(optarg, &fd) < 0) { + log_error("Failed to parse listener file descriptor: %s", optarg); + return -EINVAL; + } + if (fd < SD_LISTEN_FDS_START) { + log_error("Listener file descriptor must be at least %d.", SD_LISTEN_FDS_START); + return -EINVAL; + } + arg_listener = fd; + break; + case '?': return -EINVAL; @@ -632,19 +646,26 @@ int main(int argc, char *argv[]) { goto finish; } - n = sd_listen_fds(1); - if (n < 0) { - log_error("Failed to receive sockets from parent."); - r = n; - goto finish; - } else if (n == 0) { - log_error("Didn't get any sockets passed in."); - r = -EINVAL; - goto finish; - } - - for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) { - r = add_listen_socket(&context, event, fd); + if (arg_listener == -1) { + n = sd_listen_fds(1); + if (n < 0) { + log_error("Failed to receive sockets from parent."); + r = n; + goto finish; + } else if (n == 0) { + log_error("Didn't get any sockets passed in."); + r = -EINVAL; + goto finish; + } + log_info("Listening on %d inherited socket(s), starting with fd=%d.", n, SD_LISTEN_FDS_START); + for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) { + r = add_listen_socket(&context, event, fd); + if (r < 0) + goto finish; + } + } else { + log_info("Listening on single inherited socket fd=%d.", arg_listener); + r = add_listen_socket(&context, event, arg_listener); if (r < 0) goto finish; }