summaryrefslogtreecommitdiff
path: root/lib/chef/resource/launchd.rb
blob: 938244d097bfbc71590c911dfb60ad840d972807 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
#
# Author:: Mike Dodge (<mikedodge04@gmail.com>)
# Copyright:: Copyright (c) 2015 Facebook, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require_relative "../resource"

class Chef
  class Resource
    class Launchd < Chef::Resource
      resource_name :launchd
      provides :launchd

      description "Use the launchd resource to manage system-wide services (daemons) and per-user services (agents) on the macOS platform."
      introduced "12.8"

      default_action :create
      allowed_actions :create, :create_if_missing, :delete, :enable, :disable, :restart

      property :label, String,
        identity: true, name_property: true,
        description: "The unique identifier for the job."

      property :backup, [Integer, FalseClass],
        desired_state: false,
        description: "The number of backups to be kept in /var/chef/backup. Set to false to prevent backups from being kept."

      property :cookbook, String,
        desired_state: false,
        description: "The name of the cookbook in which the source files are located."

      property :group, [String, Integer],
        description: "When launchd is run as the root user, the group to run the job as. If the username property is specified and this property is not, this value is set to the default group for the user."

      property :plist_hash, Hash,
        introduced: "12.19",
        description: "A Hash of key value pairs used to create the launchd property list."

      property :mode, [String, Integer],
        description: "A quoted 3-5 character string that defines the octal mode. For example: '755', '0755', or 00755."

      property :owner, [String, Integer],
        description: "A string or ID that identifies the group owner by user name, including fully qualified user names such as domain_user or user@domain. If this value is not specified, existing owners remain unchanged and new owner assignments use the current user (when necessary)."

      property :path, String,
        description: "The path to the directory. Using a fully qualified path is recommended, but is not always required."

      property :source, String,
        description: "The path to the launchd property list."

      property :session_type, String,
        description: "The type of launchd plist to be created. Possible values: system (default) or user."

      # StartCalendarInterval has some gotchas so we coerce it to help sanity
      # check.  According to `man 5 launchd.plist`:
      #   StartCalendarInterval <dictionary of integers or array of dictionaries of integers>
      #     ... Missing arguments are considered to be wildcard.
      # What the man page doesn't state, but what was observed (OSX 10.11.5, launchctrl v3.4.0)
      # Is that keys that are specified, but invalid, will also be treated as a wildcard
      # this means that an entry like:
      #   { "Hour"=>0, "Weekday"=>"6-7"}
      # will not just run on midnight of Sat and Sun, rather it will run _every_ midnight.
      property :start_calendar_interval, [Hash, Array],
        description: "A Hash (similar to crontab) that defines the calendar frequency at which a job is started or an Array.",
        coerce: proc { |type|
          # Coerce into an array of hashes to make validation easier
          array = if type.is_a?(Array)
                    type
                  else
                    [type]
                  end

          # Check to make sure that our array only has hashes
          unless array.all? { |obj| obj.is_a?(Hash) }
            error_msg = "start_calendar_interval must be a single hash or an array of hashes!"
            raise Chef::Exceptions::ValidationFailed, error_msg
          end

          # Make sure the hashes don't have any incorrect keys/values
          array.each do |entry|
            allowed_keys = %w{Minute Hour Day Weekday Month}
            unless entry.keys.all? { |key| allowed_keys.include?(key) }
              failed_keys = entry.keys.reject { |k| allowed_keys.include?(k) }.join(", ")
              error_msg = "The following key(s): #{failed_keys} are invalid for start_calendar_interval, must be one of: #{allowed_keys.join(", ")}"
              raise Chef::Exceptions::ValidationFailed, error_msg
            end

            unless entry.values.all? { |val| val.is_a?(Integer) }
              failed_values = entry.values.reject { |val| val.is_a?(Integer) }.join(", ")
              error_msg = "Invalid value(s) (#{failed_values}) for start_calendar_interval item.  Values must be integers!"
              raise Chef::Exceptions::ValidationFailed, error_msg
            end
          end

          # Don't return array if we only have one entry
          if array.size == 1
            array.first
          else
            array
          end
        }

      property :type, String,
        description: "The type of resource. Possible values: daemon (default), agent.",
        default: "daemon", coerce: proc { |type|
          type = type ? type.downcase : "daemon"
          types = %w{daemon agent}

          unless types.include?(type)
            error_msg = "type must be daemon or agent"
            raise Chef::Exceptions::ValidationFailed, error_msg
          end
          type
        }

      # Apple LaunchD Keys
      property :abandon_process_group, [ TrueClass, FalseClass ],
        description: "If a job dies, all remaining processes with the same process ID may be kept running. Set to true to kill all remaining processes."

      property :debug, [ TrueClass, FalseClass ],
        description: "Sets the log mask to LOG_DEBUG for this job."

      property :disabled, [ TrueClass, FalseClass ], default: false,
               description: "Hints to launchctl to not submit this job to launchd."

      property :enable_globbing, [ TrueClass, FalseClass ],
        description: "Update program arguments before invocation."

      property :enable_transactions, [ TrueClass, FalseClass ],
        description: "Track in-progress transactions; if none, then send the SIGKILL signal."

      property :environment_variables, Hash,
        description: "Additional environment variables to set before running a job."

      property :exit_timeout, Integer,
        description: "The amount of time (in seconds) launchd waits before sending a SIGKILL signal."

      property :hard_resource_limits, Hash,
        description: "A Hash of resource limits to be imposed on a job."

      property :inetd_compatibility, Hash,
        description: "Specifies if a daemon expects to be run as if it were launched from inetd. Set to wait => true to pass standard input, output, and error file descriptors. Set to wait => false to call the accept system call on behalf of the job, and then pass standard input, output, and error file descriptors."

      property :init_groups, [ TrueClass, FalseClass ],
        description: "Specify if initgroups is called before running a job."

      property :keep_alive, [ TrueClass, FalseClass, Hash ],
        introduced: "12.14",
        description: "Keep a job running continuously (true) or allow demand and conditions on the node to determine if the job keeps running (false)."

      property :launch_events, [ Hash ],
        introduced: "15.1",
        description: "Specify higher-level event types to be used as launch-on-demand event sources."

      property :launch_only_once, [ TrueClass, FalseClass ],
        description: "Specify if a job can be run only one time. Set this value to true if a job cannot be restarted without a full machine reboot."

      property :ld_group, String,
        description: "The group name."

      property :limit_load_from_hosts, Array,
        description: "An array of hosts to which this configuration file does not apply, i.e. 'apply this configuration file to all hosts not specified in this array'."

      property :limit_load_to_hosts, Array,
        description: "An array of hosts to which this configuration file applies."

      property :limit_load_to_session_type, [ Array, String ],
        description: "The session type(s) to which this configuration file applies."

      property :low_priority_io, [ TrueClass, FalseClass ],
        description: "Specify if the kernel on the node should consider this daemon to be low priority during file system I/O."

      property :mach_services, Hash,
        description: "Specify services to be registered with the bootstrap subsystem."

      property :nice, Integer,
        description: "The program scheduling priority value in the range -20 to 20."

      property :on_demand, [ TrueClass, FalseClass ],
        description: "Keep a job alive. Only applies to macOS version 10.4 (and earlier); use keep_alive instead for newer versions."

      property :process_type, String,
        description: "The intended purpose of the job: Adaptive, Background, Interactive, or Standard."

      property :program, String,
        description: "The first argument of execvp, typically the file name associated with the file to be executed. This value must be specified if program_arguments is not specified, and vice-versa."

      property :program_arguments, Array,
        description: "The second argument of execvp. If program is not specified, this property must be specified and will be handled as if it were the first argument."

      property :queue_directories, Array,
        description: "An array of non-empty directories which, if any are modified, will cause a job to be started."

      property :root_directory, String,
        description: "chroot to this directory, and then run the job."

      property :run_at_load, [ TrueClass, FalseClass ],
        description: "Launch a job once (at the time it is loaded)."

      property :sockets, Hash,
        description: "A Hash of on-demand sockets that notify launchd when a job should be run."

      property :soft_resource_limits, Array,
        description: "A Hash of resource limits to be imposed on a job."

      property :standard_error_path, String,
        description: "The file to which standard error (stderr) is sent."

      property :standard_in_path, String,
        description: "The file to which standard input (stdin) is sent."

      property :standard_out_path, String,
        description: "The file to which standard output (stdout) is sent."

      property :start_interval, Integer,
        description: "The frequency (in seconds) at which a job is started."

      property :start_on_mount, [ TrueClass, FalseClass ],
        description: "Start a job every time a file system is mounted."

      property :throttle_interval, Integer,
        description: "The frequency (in seconds) at which jobs are allowed to spawn."

      property :time_out, Integer,
        description: "The amount of time (in seconds) a job may be idle before it times out. If no value is specified, the default timeout value for launchd will be used."

      property :umask, Integer,
        description: "A decimal value to pass to umask before running a job."

      property :username, String,
        description: "When launchd is run as the root user, the user to run the job as."

      property :wait_for_debugger, [ TrueClass, FalseClass ],
        description: "Specify if launchd has a job wait for a debugger to attach before executing code."

      property :watch_paths, Array,
        description: "An array of paths which, if any are modified, will cause a job to be started."

      property :working_directory, String,
        description: "Chdir to this directory, and then run the job."
    end
  end
end