commit d4fec8c11c4713b2115aab731f9a0a75b43377a2 parent 329de36a94d2c478c1482f4a66748815ec72e262 Author: Florian Dold <florian@dold.me> Date: Tue, 20 Jan 2026 16:23:08 +0100 ensure runtime dirs are created for challenger services Additionally, use /run consistently, as /var/run is just a symlink to /run these days. Fixes https://bugs.taler.net/n/10877 Diffstat:
10 files changed, 12 insertions(+), 30 deletions(-)
diff --git a/roles/challenger/files/etc/systemd/system/email-challenger-httpd.service b/roles/challenger/files/etc/systemd/system/email-challenger-httpd.service @@ -12,6 +12,8 @@ RestartPreventExitStatus=9 RuntimeMaxSec=3600s ExecStart=/usr/bin/challenger-httpd -c /etc/challenger/challenger-email.conf -L INFO +RuntimeDirectory=challenger-email + StandardOutput=journal StandardError=journal diff --git a/roles/challenger/files/etc/systemd/system/postal-challenger-httpd.service b/roles/challenger/files/etc/systemd/system/postal-challenger-httpd.service @@ -14,6 +14,8 @@ ExecStart=/usr/bin/challenger-httpd -c /etc/challenger/challenger-postal.conf -L # Used to set the credentials for the challenger-send-post.sh script. EnvironmentFile=/etc/challenger/postal-challenger.env +RuntimeDirectory=challenger-postal + StandardOutput=journal StandardError=journal diff --git a/roles/challenger/files/etc/systemd/system/sms-challenger-httpd.service b/roles/challenger/files/etc/systemd/system/sms-challenger-httpd.service @@ -14,6 +14,8 @@ ExecStart=/usr/bin/challenger-httpd -c /etc/challenger/challenger-sms.conf -L IN # Used to set the AUTH_TOKEN for the challenger-send-sms.sh script. EnvironmentFile=/etc/challenger/sms-challenger.env +RuntimeDirectory=challenger-sms + StandardOutput=journal StandardError=journal diff --git a/roles/challenger/tasks/pre-exchange.yml b/roles/challenger/tasks/pre-exchange.yml @@ -71,30 +71,6 @@ system: true state: present -- name: Ensure /var/run/challenger-email/ directory exists - ansible.builtin.file: - path: "/var/run/challenger-email/" - state: directory - owner: challenger-email - group: www-data - mode: "0755" - -- name: Ensure /var/run/challenger-sms/ directory exists - ansible.builtin.file: - path: "/var/run/challenger-sms/" - state: directory - owner: challenger-sms - group: www-data - mode: "0755" - -- name: Ensure /var/run/challenger-postal/ directory exists - ansible.builtin.file: - path: "/var/run/challenger-postal/" - state: directory - owner: challenger-postal - group: www-data - mode: "0755" - - name: Ensure Ansible facts directory exists ansible.builtin.file: path: "/etc/ansible/facts.d/" diff --git a/roles/challenger/templates/etc/challenger/challenger-email.conf.j2 b/roles/challenger/templates/etc/challenger/challenger-email.conf.j2 @@ -5,7 +5,7 @@ SERVE = UNIX # Which unix domain path should we bind to? Only used if "SERVE" is 'unix'. -UNIXPATH = /var/run/challenger-email/challenger-http.sock +UNIXPATH = /run/challenger-email/challenger-http.sock # What should be the file access permissions (see chmod) for "UNIXPATH"? UNIXPATH_MODE = 666 diff --git a/roles/challenger/templates/etc/challenger/challenger-postal.conf.j2 b/roles/challenger/templates/etc/challenger/challenger-postal.conf.j2 @@ -5,7 +5,7 @@ SERVE = UNIX # Which unix domain path should we bind to? Only used if "SERVE" is 'unix'. -UNIXPATH = /var/run/challenger-postal/challenger-http.sock +UNIXPATH = /run/challenger-postal/challenger-http.sock # What should be the file access permissions (see chmod) for "UNIXPATH"? UNIXPATH_MODE = 666 diff --git a/roles/challenger/templates/etc/challenger/challenger-sms.conf.j2 b/roles/challenger/templates/etc/challenger/challenger-sms.conf.j2 @@ -5,7 +5,7 @@ SERVE = UNIX # Which unix domain path should we bind to? Only used if "SERVE" is 'unix'. -UNIXPATH = /var/run/challenger-sms/challenger-http.sock +UNIXPATH = /run/challenger-sms/challenger-http.sock # What should be the file access permissions (see chmod) for "UNIXPATH"? UNIXPATH_MODE = 666 diff --git a/roles/challenger/templates/etc/nginx/sites-available/email-challenger-nginx.conf.j2 b/roles/challenger/templates/etc/nginx/sites-available/email-challenger-nginx.conf.j2 @@ -22,6 +22,6 @@ server { access_log /var/log/nginx/email.challenger.{{ domain_name }}.tal taler if=$log_perf; location / { - proxy_pass http://unix:/var/run/challenger-email/challenger-http.sock; + proxy_pass http://unix:/run/challenger-email/challenger-http.sock; } } diff --git a/roles/challenger/templates/etc/nginx/sites-available/postal-challenger-nginx.conf.j2 b/roles/challenger/templates/etc/nginx/sites-available/postal-challenger-nginx.conf.j2 @@ -22,6 +22,6 @@ server { access_log /var/log/nginx/postal.challenger.{{ domain_name }}.tal taler if=$log_perf; location / { - proxy_pass http://unix:/var/run/challenger-postal/challenger-http.sock; + proxy_pass http://unix:/run/challenger-postal/challenger-http.sock; } } diff --git a/roles/challenger/templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2 b/roles/challenger/templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2 @@ -22,6 +22,6 @@ server { access_log /var/log/nginx/sms.challenger.{{ domain_name }}.tal taler if=$log_perf; location / { - proxy_pass http://unix:/var/run/challenger-sms/challenger-http.sock; + proxy_pass http://unix:/run/challenger-sms/challenger-http.sock; } }