From 023b92a4beb21dd5e37ad5e8be5497cea2e28b08 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 17 Jul 2016 13:35:06 +0200
Subject: [PATCH] update documentation to explain systemd socket-activation
 configuration

---
 doc/kresd.8.in          |  4 ++++
 scripts/kresd.service   | 12 ------------
 scripts/kresd.sysconfig | 14 --------------
 systemd/README.md       | 23 +++++++++++++++++++++++
 4 files changed, 27 insertions(+), 26 deletions(-)
 delete mode 100644 scripts/kresd.service
 delete mode 100644 scripts/kresd.sysconfig
 create mode 100644 systemd/README.md

diff --git a/doc/kresd.8.in b/doc/kresd.8.in
index bd9e27afe..2fac89190 100644
--- a/doc/kresd.8.in
+++ b/doc/kresd.8.in
@@ -111,6 +111,10 @@ With this option, the daemon is started in non-interactive mode and instead crea
 UNIX socket in \fIrundir\fR that the operator can connect to for interactive session.
 A number greater than 1 forks the daemon N times, all forks will bind to same addresses
 and the kernel will load-balance between them on Linux with \fISO_REUSEPORT\fR support.
+
+When socket-activated and supervised by systemd or the equivalent, kresd defaults to
+--forks=1, and must not be set to any other value.  If you want multiple concurrent
+processes supervised in this way, they should be supervised independently.
 .TP
 .B \-q\fR, \fB\-\-quiet
 Daemon will refrain from printing any informative messages, not even a prompt.
diff --git a/scripts/kresd.service b/scripts/kresd.service
deleted file mode 100644
index c28adaa76..000000000
--- a/scripts/kresd.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=Knot DNS Resolver daemon
-After=network.target
-
-[Service]
-Type=simple
-EnvironmentFile=-/etc/sysconfig/kresd
-ExecStart=/usr/sbin/kresd -c /etc/kresd/config -f $KRESD_WORKERS $KRESD_OPTIONS /var/lib/kresd/
-Restart=on-abort
-
-[Install]
-WantedBy=multi-user.target
diff --git a/scripts/kresd.sysconfig b/scripts/kresd.sysconfig
deleted file mode 100644
index ceb5e3068..000000000
--- a/scripts/kresd.sysconfig
+++ /dev/null
@@ -1,14 +0,0 @@
-## Path:        System/DNS
-## Description: Number of worker processes to spawn
-## Type:        integer
-## Default:     1
-## ServiceRestart:      kresd
-##
-#
-# Number of workers to spawn for kresd.
-# If you get start up failures with "already in use" your libuv is too
-# old and you have to stick to 1.
-#
-KRESD_WORKERS=1
-# Additional options
-KRESD_OPTIONS=
diff --git a/systemd/README.md b/systemd/README.md
new file mode 100644
index 000000000..8ddbdc17d
--- /dev/null
+++ b/systemd/README.md
@@ -0,0 +1,23 @@
+Running Knot Resolver under systemd (or equivalent) socket activation
+=====================================================================
+
+You can use the files in this directory to run kresd under supervision
+by systemd (or any supervisor that provides equivalent file descriptor
+initialization via the interface supported by
+sd_listen_fds_with_names(3)).
+
+When run in this configuration:
+
+ * it will be run under a non-privileged user, which means it will not
+   be able to open any new non-privileged ports.
+
+ * it will use a single process (implicitly uses --forks=1, and will
+   fail if that configuration variable is set to a different value).
+   If you want multiple daemons to listen on these ports publicly
+   concurrently, you'll need the supervisor to manage them
+   differently, for example via a systemd generator:
+
+     https://www.freedesktop.org/software/systemd/man/systemd.generator.html
+
+   If you have a useful systemd generator for multiple concurrent
+   processes, please contribute it upstream!
-- 
GitLab