<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 18, 2016 at 4:49 AM, Tzafrir Cohen <span dir="ltr"><<a href="mailto:tzafrir.cohen@xorcom.com" target="_blank">tzafrir.cohen@xorcom.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span class="">On Tue, May 17, 2016 at 08:14:24PM +0000, Sean Brady wrote:<br>
> Not sure of the best way to do proposed updates here. I have a couple<br>
> different things that I might suggest here. I’ve found that the<br>
> AssertDirectory and AssertFile directives are nice so should these<br>
> directories be empty or file(s) not exist etc you get a big fat failure<br>
> from systemd on startup. This is handy for production systems.<br>
><br>
> I’ve also found that setting the user and group using systemd behaves more<br>
> consistently from the systemd unit file then the from the command args or<br>
> config file, although I generally also set the asterisk user and group in<br>
> asterisk.conf as well.<br>
><br>
> This is actually the unit file that I am using in production now:<br>
> [Unit]<br>
> Description="Asterisk PBX And Telephony Server"<br>
> Documentation="<a href="http://wiki.asterisk.org" rel="noreferrer" target="_blank">http://wiki.asterisk.org</a>"<br>
> After=network.target<br>
> AssertDirectoryNotEmpty=/etc/asterisk<br>
> AssertDirectoryNotEmpty=/usr/lib/asterisk<br>
> AssertDirectoryNotEmpty=/usr/lib/asterisk/modules<br>
> AssertFileNotEmpty=/etc/asterisk/asterisk.conf<br>
> AssertFileIsExecutable=/usr/sbin/asterisk<br>
><br>
> [Service]<br>
> User=asterisk<br>
> Group=asterisk<br>
<br>
</span>If Asterisk downgrades itself to the user, it can give itself a number<br>
of extra permissions in the process. Not sure if systemd can give all of<br>
those permissions.<br>
<span class=""><br>
> Environment=HOME=/var/lib/asterisk<br>
> WorkingDirectory=/var/lib/asterisk<br>
> RuntimeDirectory=/var/run/asterisk<br>
> RuntimeDirectoryMode=0750<br>
> PermissionsStartOnly=true<br>
<br>
> ExecStartPre=/bin/rm -rf /var/run/asterisk<br>
> ExecStartPre=/bin/mkdir /var/run/asterisk<br>
> ExecStartPre=/bin/chown -R asterisk:asterisk /var/run/asterisk<br>
<br>
</span>This should be handled by tmpfiles.<br>
<br>
I guess we should include a tmpfiles file as well.<br></blockquote><div><br></div><div>There's an asterisk.tmpfiles and an asterisk-logrotate in the Fedora/RHEL</div><div>repository as well.</div><div><br></div><div><a href="http://pkgs.fedoraproject.org/cgit/rpms/asterisk.git/tree/">http://pkgs.fedoraproject.org/cgit/rpms/asterisk.git/tree/</a><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<span class=""><br>
> ExecStart=/usr/sbin/asterisk -f -C /etc/asterisk/asterisk.conf<br>
> ExecStop=/usr/sbin/asterisk -rx 'core stop now'<br>
> ExecReload=/usr/sbin/asterisk -rx 'core reload'<br>
> Restart=always<br>
<br>
</span>Check how this interacts with "asterisk -rx 'core stop now'"<br>
<div class=""><div class="h5"><br>
--<br>
Tzafrir Cohen<br>
icq#16849755 <a href="mailto:jabber%3Atzafrir.cohen@xorcom.com">jabber:tzafrir.cohen@xorcom.com</a><br>
+972-50-7952406 mailto:<a href="mailto:tzafrir.cohen@xorcom.com">tzafrir.cohen@xorcom.com</a><br>
<a href="http://www.xorcom.com" rel="noreferrer" target="_blank">http://www.xorcom.com</a><br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" rel="noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><span style="font-size:12.8px">George Joseph</span><br style="font-size:12.8px"><span style="font-size:12.8px">Digium, Inc. | Software Developer</span><span style="font-size:12.8px"><br>445 Jan Davis Drive NW - Huntsville, AL 35806 - US<br></span><span style="font-size:12.8px">Check us out at: </span><a href="http://www.digium.com/" rel="noreferrer" style="color:rgb(17,85,204);font-size:12.8px" target="_blank">www.digium.com</a><span style="font-size:12.8px"> & </span><a href="http://www.asterisk.org/" rel="noreferrer" style="color:rgb(17,85,204);font-size:12.8px" target="_blank">www.asterisk.org</a><br><div><br></div></div></div>
</div></div>