[asterisk-dev] JIRA 25988: Systemd unit file for Asterisk: Submission

Tzafrir Cohen tzafrir.cohen at xorcom.com
Wed May 18 05:49:29 CDT 2016 

On Tue, May 17, 2016 at 08:14:24PM +0000, Sean Brady wrote:
> Not sure of the best way to do proposed updates here. I have a couple
> different things that I might suggest here. I’ve found that the
> AssertDirectory and AssertFile directives are nice so should these
> directories be empty or file(s) not exist etc you get a big fat failure
> from systemd on startup. This is handy for production systems.
> 
> I’ve also found that setting the user and group using systemd behaves more
> consistently from the systemd unit file then the from the command args or
> config file, although I generally also set the asterisk user and group in
> asterisk.conf as well.
> 
> This is actually the unit file that I am using in production now:
> [Unit]
> Description="Asterisk PBX And Telephony Server"
> Documentation="http://wiki.asterisk.org"
> After=network.target
> AssertDirectoryNotEmpty=/etc/asterisk
> AssertDirectoryNotEmpty=/usr/lib/asterisk
> AssertDirectoryNotEmpty=/usr/lib/asterisk/modules
> AssertFileNotEmpty=/etc/asterisk/asterisk.conf
> AssertFileIsExecutable=/usr/sbin/asterisk
> 
> [Service]
> User=asterisk
> Group=asterisk

If Asterisk downgrades itself to the user, it can give itself a number
of extra permissions in the process. Not sure if systemd can give all of
those permissions.

> Environment=HOME=/var/lib/asterisk
> WorkingDirectory=/var/lib/asterisk
> RuntimeDirectory=/var/run/asterisk
> RuntimeDirectoryMode=0750
> PermissionsStartOnly=true

> ExecStartPre=/bin/rm -rf /var/run/asterisk
> ExecStartPre=/bin/mkdir /var/run/asterisk
> ExecStartPre=/bin/chown -R asterisk:asterisk /var/run/asterisk

This should be handled by tmpfiles.

I guess we should include a tmpfiles file as well.

> ExecStart=/usr/sbin/asterisk -f -C /etc/asterisk/asterisk.conf
> ExecStop=/usr/sbin/asterisk -rx 'core stop now'
> ExecReload=/usr/sbin/asterisk -rx 'core reload'
> Restart=always

Check how this interacts with "asterisk -rx 'core stop now'"

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com

More information about the asterisk-dev mailing list