socket-proxyd: Add --listener option for listener/destination pairs.
authorDavid Strauss <david@davidstrauss.net>
Mon, 25 Nov 2013 00:44:48 +0000 (10:44 +1000)
committerDavid Strauss <david@davidstrauss.net>
Mon, 25 Nov 2013 00:46:48 +0000 (10:46 +1000)
TODO
man/systemd-socket-proxyd.xml
src/socket-proxy/socket-proxyd.c

diff --git a/TODO b/TODO
index f79f7b1..9b898bb 100644 (file)
--- a/TODO
+++ b/TODO
@@ -105,7 +105,6 @@ Features:
 * remove NSS usage from PID 1 (notably the specifiers)
 
 * socket-proxyd:
-  - Support multiple inherited sockets mapped to different remote hosts
   - Use a nonblocking alternative to getaddrinfo
   - Until we can start daemons directly, find a less ugly, less racy alternative than shell scripts for the second man page example.
   - Support starting daemons directly without requiring a shell script; update man pages
index 4eb13e4..d57a59c 100644 (file)
                                 <surname>Strauss</surname>
                                 <email>david@davidstrauss.net</email>
                         </author>
+                        <author>
+                                <contrib>Developer</contrib>
+                                <firstname>Lennart</firstname>
+                                <surname>Poettering</surname>
+                                <email>lennart@poettering.net</email>
+                        </author>
                 </authorgroup>
         </refentryinfo>
         <refmeta>
                 <para>The following options are understood:</para>
                 <variablelist>
                         <varlistentry>
+                                <term><option>-l</option></term>
+                                <term><option>--listener</option></term>
+                                <listitem>
+                                        <para>Restricts listening to a
+                                        single inherited socket, specified
+                                        as a file descriptor. By default,
+                                        the proxy listens on all inherited
+                                        sockets.</para>
+                                </listitem>
+                        </varlistentry>
+                        <varlistentry>
                                 <term><option>-h</option></term>
                                 <term><option>--help</option></term>
                                 <listitem>
@@ -196,8 +213,12 @@ while [ ! -f /tmp/nginx.pid ]
   do
      /usr/bin/inotifywait /tmp/nginx.pid
   done
-exec /usr/bin/systemd-socket-proxyd localhost 8080]]>
+exec /usr/bin/systemd-socket-proxyd localhost:8080]]>
 </programlisting>
+                                <para>Make it executable:</para>
+                                <programlisting>
+<![CDATA[chmod 755 /usr/bin/socket-proxyd-nginx.sh]]>
+                                </programlisting>
                         </example>
                         <example label="nginx configuration">
                                 <title>
@@ -218,6 +239,63 @@ $ curl http://localhost:80/]]>
 </programlisting>
                         </example>
                 </refsect2>
+
+                <refsect2>
+                        <title>Multiple Listeners with Multiple Destinations</title>
+                        <para>When using namespaces, it may be useful to
+                        have multiple listeners with each going to a unique
+                        destination. systemd always passes sockets into
+                        services in the order specified in the socket
+                        unit, beginning with file descriptor 3.</para>
+                        <para>In this example, port <literal>80</literal>
+                        will proxy to <literal>localhost:8080</literal>,
+                        and port <literal>443</literal> will proxy to
+                        <literal>localhost:8443</literal>.</para>
+                        <example label="proxy socket unit">
+                                <title>/etc/systemd/system/multi-destination.socket</title>
+                                <programlisting>
+<![CDATA[[Socket]
+ListenStream=80
+ListenStream=443
+
+[Install]
+WantedBy=sockets.target]]>
+</programlisting>
+                        </example>
+                        <example label="proxy service unit">
+                                <title>/etc/systemd/system/multi-destination.service</title>
+                                <programlisting>
+<![CDATA[[Service]
+ExecStart=/usr/bin/socket-proxyd-multi-destination.sh
+PrivateTmp=true
+PrivateNetwork=true]]>
+</programlisting>
+                        </example>
+
+                        <example label="shell script">
+                                <title>
+                                /usr/bin/socket-proxyd-multi-destination.sh</title>
+                                <programlisting>
+<![CDATA[#!/bin/sh
+/usr/bin/systemd-socket-proxyd --listener=3 localhost:8080 &
+/usr/bin/systemd-socket-proxyd --listener=4 localhost:8443 &
+wait]]>
+</programlisting>
+                                <para>Make it executable:</para>
+                                <programlisting>
+<![CDATA[chmod 755 /usr/bin/socket-proxyd-multi-destination.sh]]>
+                                </programlisting>
+                        </example>
+
+                        <example label="commands">
+                                <programlisting>
+<![CDATA[# systemctl enable multi-destination.socket
+# systemctl start multi-destination.socket
+$ curl http://localhost/
+$ curl https://localhost/]]>
+</programlisting>
+                        </example>
+                </refsect2>
         </refsect1>
         <refsect1>
                 <title>See Also</title>
index 432558d..362e8aa 100644 (file)
@@ -66,6 +66,7 @@ typedef struct Connection {
 } Connection;
 
 static const char *arg_remote_host = NULL;
+static int arg_listener = -1;
 
 static void connection_free(Connection *c) {
         assert(c);
@@ -554,8 +555,9 @@ static int help(void) {
         printf("%s [HOST:PORT]\n"
                "%s [SOCKET]\n\n"
                "Bidirectionally proxy local sockets to another (possibly remote) socket.\n\n"
-               "  -h --help              Show this help\n"
-               "     --version           Show package version\n",
+               "  -l --listener=FD  Listen on a specific, single file descriptor.\n"
+               "  -h --help         Show this help\n"
+               "     --version      Show package version\n",
                program_invocation_short_name,
                program_invocation_short_name);
 
@@ -565,22 +567,22 @@ static int help(void) {
 static int parse_argv(int argc, char *argv[]) {
 
         enum {
-                ARG_VERSION = 0x100,
-                ARG_IGNORE_ENV
+                ARG_VERSION = 0x100
         };
 
         static const struct option options[] = {
-                { "help",       no_argument, NULL, 'h'           },
-                { "version",    no_argument, NULL, ARG_VERSION   },
+                { "help",     no_argument,       NULL, 'h'         },
+                { "version",  no_argument,       NULL, ARG_VERSION },
+                { "listener", required_argument, NULL, 'l'         },
                 {}
         };
 
-        int c;
+        int c, fd;
 
         assert(argc >= 0);
         assert(argv);
 
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
+        while ((c = getopt_long(argc, argv, "hl:", options, NULL)) >= 0) {
 
                 switch (c) {
 
@@ -592,6 +594,18 @@ static int parse_argv(int argc, char *argv[]) {
                         puts(SYSTEMD_FEATURES);
                         return 0;
 
+                case 'l':
+                        if (safe_atoi(optarg, &fd) < 0) {
+                                log_error("Failed to parse listener file descriptor: %s", optarg);
+                                return -EINVAL;
+                        }
+                        if (fd < SD_LISTEN_FDS_START) {
+                                log_error("Listener file descriptor must be at least %d.", SD_LISTEN_FDS_START);
+                                return -EINVAL;
+                        }
+                        arg_listener = fd;
+                        break;
+
                 case '?':
                         return -EINVAL;
 
@@ -632,19 +646,26 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
-        n = sd_listen_fds(1);
-        if (n < 0) {
-                log_error("Failed to receive sockets from parent.");
-                r = n;
-                goto finish;
-        } else if (n == 0) {
-                log_error("Didn't get any sockets passed in.");
-                r = -EINVAL;
-                goto finish;
-        }
-
-        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
-                r = add_listen_socket(&context, event, fd);
+        if (arg_listener == -1) {
+                n = sd_listen_fds(1);
+                if (n < 0) {
+                        log_error("Failed to receive sockets from parent.");
+                        r = n;
+                        goto finish;
+                } else if (n == 0) {
+                        log_error("Didn't get any sockets passed in.");
+                        r = -EINVAL;
+                        goto finish;
+                }
+                log_info("Listening on %d inherited socket(s), starting with fd=%d.", n, SD_LISTEN_FDS_START);
+                for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
+                        r = add_listen_socket(&context, event, fd);
+                        if (r < 0)
+                                goto finish;
+                }
+        } else {
+                log_info("Listening on single inherited socket fd=%d.", arg_listener);
+                r = add_listen_socket(&context, event, arg_listener);
                 if (r < 0)
                         goto finish;
         }