Post on 13-Apr-2017
transcript
Getting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemd
Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto
FLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceMarch 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016
whoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto
• Sysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.eu
• FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004• systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010
I EEEEEEEEEEEEEEEEExherbo Linux
• DevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believer• @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie on irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/github
inuits.eu
systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd
• AAAAAAAAAAAAAAAAAn init system• IIIIIIIIIIIIIIIIImprove the Linux init process• SSSSSSSSSSSSSSSSStarting more in parallel• MMMMMMMMMMMMMMMMMaking better decisions• TTTTTTTTTTTTTTTTTakes advantages of Linux features
systemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoption
• 22222222222222222011: Fedora, Exherbo• 22222222222222222012: Mageia, openSUSE, Arch Linux• 22222222222222222013: CoreOS• 22222222222222222014: RHEL, CentOS• 22222222222222222015: Ubuntu, Debian
AlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternatives
• SSSSSSSSSSSSSSSSSystem V: legacy• UUUUUUUUUUUUUUUUUpstart: Ubuntu < 2015 and EL6• OOOOOOOOOOOOOOOOOpenRC: mainly Gentoo
Talk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibility
• CCCCCCCCCCCCCCCCContent of this talk runs on CentOS 7.2• sssssssssssssssssystemd 219• SSSSSSSSSSSSSSSSShould work on any other distro
UnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsLicensed under a Creative Commons Attribution 2.0 Licensehttps://www.flickr.com/photos/dbackmansfo/10939296845
systemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd units
• BBBBBBBBBBBBBBBBBase bricks of systemd systems• OOOOOOOOOOOOOOOOOne unit = one resource• mmmmmmmmmmmmmmmmmountpoint, service, device, timer, socket, …
• nnnnnnnnnnnnnnnnnetwork.target• mmmmmmmmmmmmmmmmmariadb.service• ssssssssssssssssshaarli.socket• pppppppppppppppppuppet-run.timer• hhhhhhhhhhhhhhhhhome.mount• sssssssssssssssssession-1.scope
Unit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configuration
• IIIIIIIIIIIIIIIIIni-style text files• LLLLLLLLLLLLLLLLList: systemctl list-units --all• RRRRRRRRRRRRRRRRRead: systemctl cat
Unit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit example
[Unit]Description=nscd
[Service]Type=forkingPIDFile=/run/nscd/nscd.pidExecStart=/usr/host/bin/nscdExecStop=/usr/host/bin/nscd −−shutdown
[Install]WantedBy=multi−user.target
Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?
• /////////////////etc/systemd/system/*• /////////////////run/systemd/system/*• /////////////////usr/lib/systemd/system/*
Here is the rule:Packaged files go in /usr/lib.
Humans (or Config managementtools) override in /etc.
Overriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsLicensed under a Creative Commons Attribution 2.0 License
https://www.flickr.com/photos/alovesdc/3468924493
Overriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: why
• AAAAAAAAAAAAAAAAAdd/Remove/Change parameters• AAAAAAAAAAAAAAAAAdapt them to your needs• SSSSSSSSSSSSSSSSSet ulimits, user, …• FFFFFFFFFFFFFFFFFix bugs
Changing services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemd
• RRRRRRRRRRRRRRRRReplace /etc/init.d scripts• /////////////////etc/default, /etc/sysconfig• SSSSSSSSSSSSSSSSSpaghetti code
Overriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemd
• OOOOOOOOOOOOOOOOOverride completely a unit• JJJJJJJJJJJJJJJJJust add/change one parameter• """""""""""""""""Patch" vendor units
Complete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete override
# /etc/systemd/system/openvpn.service[Unit]Description=OpenVPNAfter=syslog.target
[Service]ExecStart=/usr/host/bin/openvpn −−syslog −−writepid /run
/openvpn.pid −−cd /etc/openvpn −−config /etc/openvpn/openvpn.conf
[Install]WantedBy=multi−user.target
Advantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overrides
• IIIIIIIIIIIIIIIIIn /etc/systemd/system• DDDDDDDDDDDDDDDDDo not conflict with packages• OOOOOOOOOOOOOOOOOverride everything, even dependencies• NNNNNNNNNNNNNNNNNot only for overrides: if you haveunpackaged units, put them there
Partial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial override
# /etc/systemd/system/mariadb.service.d/niceness.conf[service]Nice=5
Advantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overrides
• IIIIIIIIIIIIIIIIIn /etc/systemd/system/$Unitname.d/*.conf
• DDDDDDDDDDDDDDDDDo not conflict with packages• OOOOOOOOOOOOOOOOOverride only what is needed• AAAAAAAAAAAAAAAAAdapt while still accept upstream work• NNNNNNNNNNNNNNNNNo need to adapt at each upgrade• WWWWWWWWWWWWWWWWWorks for everything (not only services)
The price of that flexibility:systemctl daemon-reload
Verify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitsystemctl cat mariadb.service
# /usr/x86_64−pc−linux−gnu/lib/systemd/system/mariadb.service
[Unit]Description=MySQL database serverAfter=syslog.targetAfter=network.target
[Service]User=mysqlGroup=mysqlExecStart=/usr/sbin/mysqld −−defaults−file=/etc/mysql/my
.cnf −−basedir=/usr −−datadir=/var/lib/mysql
# /etc/systemd/system/mariadb.service.d/nice.conf[service]Nice=5
Instantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated units
• UUUUUUUUUUUUUUUUUnits cat take @ in the name• ooooooooooooooooopenvpn@inuits.service• OOOOOOOOOOOOOOOOOn-disk: openvpn@.service• IIIIIIIIIIIIIIIIIn the file: %i will be "inuits"• %%%%%%%%%%%%%%%%%p will be "openvpn"
Instantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit example
[Unit]Description=OpenVPN daemon %iAfter=syslog.target
[Service]ExecStart=/usr/host/bin/openvpn −−writepid /run/openvpn
.%i.pid −−cd /etc/openvpn −−config /etc/openvpn/%i.conf
PIDFile=/run/openvpn.%i.pid
Controlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling units
• sssssssssssssssssystemctl start mariadb.service• sssssssssssssssssystemctl status /dev/sda• sssssssssssssssssystemctl stop openvpn@*.service• sssssssssssssssssystemctl kill openvpn• sssssssssssssssssystemctl kill -s SIGKILL openvpn.service• sssssssssssssssssystemctl is-active runlevel1.target• sssssssssssssssssystemctl is-failed puppet-run.service• sssssssssssssssssystemctl is-failed puppet-run.service• sssssssssssssssssystemctl help mariadb.service
Enabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a service
• sssssssssssssssssystemctl disable mariadb.service• WWWWWWWWWWWWWWWWWill disable the service• PPPPPPPPPPPPPPPPPrevent it to start automatically
MaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMasking
• sssssssssssssssssystemctl mask mariadb.service• sssssssssssssssssystemctl mask --force mariadb.service• llllllllllllllllln -s /dev/null/etc/systemd/system/mariadb.service
• PPPPPPPPPPPPPPPPPrevents a unit to start• BBBBBBBBBBBBBBBBBetter than "disabling"• PPPPPPPPPPPPPPPPPrevent units to be launched by hand orsystemd
ServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesLicensed under a Creative Commons Attribution ShareAlike 2.0 License
https://www.flickr.com/photos/nojhan/754257252
ServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceService
• AAAAAAAAAAAAAAAAAn important part of the units• UUUUUUUUUUUUUUUUUses cgroups to track processes• [[[[[[[[[[[[[[[[[Service] section inside units
What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?
• TTTTTTTTTTTTTTTTThe command(s) to run• MMMMMMMMMMMMMMMMMost of them can fork or stay in foreground• sssssssssssssssssystemd can manage both
Type=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simple
• UUUUUUUUUUUUUUUUUsecase: the service stays in foreground• sssssssssssssssssystemd will track the process• IIIIIIIIIIIIIIIIIt will take care of running it "in thebackground"
Type=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forking
• UUUUUUUUUUUUUUUUUsecase: the service forks when ready• sssssssssssssssssystemd will track process and its forks
Type=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshot
• UUUUUUUUUUUUUUUUUsecase: A command to run• eeeeeeeeeeeeeeeee.g: puppet agent --test• IIIIIIIIIIIIIIIIInteresting options: RemainAfterExit=,SuccessExitStatus=
• RRRRRRRRRRRRRRRRReliable way to run commands• CCCCCCCCCCCCCCCCCan have all the services properties
Other propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther properties
• EEEEEEEEEEEEEEEEExecStart= ExecStop=• EEEEEEEEEEEEEEEEExecStartPre= ExecStartPost=• EEEEEEEEEEEEEEEEExecReload=• TTTTTTTTTTTTTTTTTimeoutStartSec= TimeoutSec=• RRRRRRRRRRRRRRRRRuntimeMaxSec=• RRRRRRRRRRRRRRRRRestart=on-failure
ExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsLicensed under a Creative Commons Attribution 2.0 License
https://www.flickr.com/photos/daveynin/3657852579/
execsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecs
• AAAAAAAAAAAAAAAAA set of properties to configure an execenvironment
• UUUUUUUUUUUUUUUUUsed in services, mounts, swap, socketunits
• DDDDDDDDDDDDDDDDDeterministic environment for processes
Classic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic properties
• UUUUUUUUUUUUUUUUUser= Group=• NNNNNNNNNNNNNNNNNice=• OOOOOOOOOOOOOOOOOOMScoreAdjust=• LLLLLLLLLLLLLLLLLimitNOFILE=• EEEEEEEEEEEEEEEEEnvironment= EnvironmentFile=
Isolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/Security
• PPPPPPPPPPPPPPPPPrivateTmp=• PPPPPPPPPPPPPPPPPrivateNetwork= PrivateDevices=• PPPPPPPPPPPPPPPPProtectSystem=• PPPPPPPPPPPPPPPPProtectHome=• RRRRRRRRRRRRRRRRReadWriteDirectories=ReadOnlyDirectories=
• IIIIIIIIIIIIIIIIInaccessibleDirectories=
DependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependencies
• RRRRRRRRRRRRRRRRRequires=• WWWWWWWWWWWWWWWWWants=• AAAAAAAAAAAAAAAAAfter= Before=• AAAAAAAAAAAAAAAAAny unit can depent on any unit• AAAAAAAAAAAAAAAAA service can require a mountpoint• AAAAAAAAAAAAAAAAA moutpoint can require a target
Problems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solved
• RRRRRRRRRRRRRRRRRun service as a different user• JJJJJJJJJJJJJJJJJava Service Wrapper• GGGGGGGGGGGGGGGGGo Service Wrapper• YYYYYYYYYYYYYYYYYou can still use custom scripts
tmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilesLicensed under a Creative Commons Attribution 2.0 License
https://www.flickr.com/photos/english106/4357529719
temp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp files
• /////////////////etc/tmpfiles.d/*.conf• /////////////////run/tmpfiles.d/*.conf• /////////////////usr/lib/tmpfiles.d/*.conf
temp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp files
• sssssssssssssssssystemd will create, and cleanup temporaryfiles
• YYYYYYYYYYYYYYYYYou can assign files, directories to specificusers
• IIIIIIIIIIIIIIIIIt will decide when to delete them• WWWWWWWWWWWWWWWWWhen you change the files, runsystemd-tmpfiles --create
MountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsLicensed under a Creative Commons Attribution ShareAlike 2.0 License
https://www.flickr.com/photos/manchesterlibrary/5425248883/
mountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmount
• mmmmmmmmmmmmmmmmmounts are units• sssssssssssssssssystemd parses /etc/fstab• sssssssssssssssssystemd creates dependencies
systemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab options
• xxxxxxxxxxxxxxxxx-systemd.automount• nnnnnnnnnnnnnnnnnofail• aaaaaaaaaaaaaaaaauto noauto
/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab
//host1/share /net/share cifs noauto ,nofail ,x−systemd.automount ,x−systemd.requires=network.target 0 0
journaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldLicensed under a Creative Commons Attribution 2.0 License
https://www.flickr.com/photos/gregloby/3763720734
systemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journald
• AAAAAAAAAAAAAAAAA daemon that captures and stores the logs• sssssssssssssssssyslog• kkkkkkkkkkkkkkkkkernel logs• bbbbbbbbbbbbbbbbboot messages• ssssssssssssssssstdout/stderr of services
systemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integration
• sssssssssssssssssystemctl status shows the latest logs• sssssssssssssssssystemctl status -n 100• sssssssssssssssssystemctl status -l
Enabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journald
• BBBBBBBBBBBBBBBBBy default (el7), hybrid mode (notpersistent)
• MMMMMMMMMMMMMMMMMake it persistent: mkdir -p /var/log/journal
Reading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logs
• fffffffffffffffffollow: journalctl -f• lllllllllllllllllast lines: journalctl -n 100• fffffffffffffffffrom a unit: journalctl -u puppet-run.service• ooooooooooooooooonly this boot: journalctl -b• ooooooooooooooooonly this process: journalctl/opt/puppetlabs/puppet/bin/ruby
Logs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs example− Logs begin at Mon 2016−03−14 18:30:28 CET, end at Tue
2016Mar 14 18:30:28 fqdn systemd−journal[137]: Runtime journMar 14 18:30:28 fqdn systemd−journal[137]: Runtime journMar 14 18:30:28 fqdn kernel: Initializing cgroup subsysMar 14 18:30:28 fqdn kernel: Initializing cgroup subsysMar 14 18:30:28 fqdn kernel: Initializing cgroup subsysMar 14 18:30:28 fqdn kernel: Linux version 3.10.0−327.10Mar 14 18:30:28 fqdn kernel: Command line: BOOT_IMAGE=/bMar 14 18:30:28 fqdn kernel: e820: BIOS−provided physicaMar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000bMar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000fMar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000fMar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000010
timerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimersLicensed under a Creative Commons Attribution 2.0 License
https://www.flickr.com/photos/modomatic/2538687135
Traditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cron
AMQP_BROKER_HOST=10.1.40.19MAILTO="sysadmin@example.com"ORACLE_HOME="/opt/example/part/python−oracle"PG_HOSTNAME="10.1.30.10"PG_NAME="example"WS_URL=https://prod.example.com/ws/inputLD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/example/lib"CUPS_HOSTNAME="10.1.40.1"LOGGING_HOST="10.0.50.16"LOGGING_PORT="5544"0 * * * * /opt/example/bin/cron−hourly
30 times.
What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?
• NNNNNNNNNNNNNNNNNo one reads those mails• DDDDDDDDDDDDDDDDDo not keep track of exit code• HHHHHHHHHHHHHHHHHard to read that crontab• HHHHHHHHHHHHHHHHHow to reproduce the script?
timerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimers
• UUUUUUUUUUUUUUUUUnits that are used to launch a service unit• SSSSSSSSSSSSSSSSSupports some cron features and anacron• AAAAAAAAAAAAAAAAAllows you to launch commands in acontrolled environment
timers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs cron
• NNNNNNNNNNNNNNNNNo built-in emails function• CCCCCCCCCCCCCCCCCron is more simple (one line to one file vs 2units)
• TTTTTTTTTTTTTTTTTimers uses services, so predictible env• YYYYYYYYYYYYYYYYYou can run independently the service unit• TTTTTTTTTTTTTTTTTimers logs are in systemd
Timers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers example
# /etc/systemd/system/puppet−run.timer[Unit]Description=Systemd Timer for Puppet Agent
[Timer]OnCalendar=*−*−* *:0,30:00Persistent=true
[Install]WantedBy=timers.target
What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?
• sssssssssssssssssystemctl list-timers• LLLLLLLLLLLLLLLLLast run time• NNNNNNNNNNNNNNNNNext run time• SSSSSSSSSSSSSSSSService unit
Socket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationLicensed under a Creative Commons Attribution 2.0 License
https://www.flickr.com/photos/alikai/1376760481
Socket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activation
• GGGGGGGGGGGGGGGGGoal: start a service when needed• sssssssssssssssssystemd will open a socket• SSSSSSSSSSSSSSSSStart the service at first connection• pppppppppppppppppass the socket to the service
socket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unit
# /etc/systemd/system/proxy−to−shaarli.socket[Unit]Description=Shaarli Proxy
[Socket]ListenStream=127.0.0.1:43000
[Install]WantedBy=default.target
systemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unit
[Unit]Requires=shaarli.serviceAfter=shaarli.serviceJoinsNamespaceOf=shaarli.service
[Service]ExecStart=/usr/lib/systemd/systemd−socket−proxyd
127.0.0.1:43001
Actual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unit
[Unit]Description=Shaarli
[Service]WorkingDirectory=/opt/Shaarli/devExecStart=/usr/bin/php −S 127.0.0.1:43001ExecStartPost=/bin/sleep 0.1User=shaarliGroup=shaarli
[Install]WantedBy=default.target
Side commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsLicensed under a Creative Commons Attribution ShareAlike 2.0 License
https://www.flickr.com/photos/archer10/3029638204/
systemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commands
• sssssssssssssssssystemd-cgls: Show the cgroups hierarchy• sssssssssssssssssystemd-analyze blame: Shows the startuptime
• sssssssssssssssssystemd-nspawn: Containers• sssssssssssssssssystemd-run: run a command like if it was aservice unit
systemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-run
systemd−run −t −p PrivateTmp=true −p PrivateNetwork=yes−p ProtectHome=true bash
system settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settings
• tttttttttttttttttimedatectl: manage/show currentdatetime, timezome, DST change
• lllllllllllllllllocatectl: locale/keyboard changes• mmmmmmmmmmmmmmmmmachinectl: containers/vms management• hhhhhhhhhhhhhhhhhostnamectl: change/view systemhostname and os info
ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionLicensed under a Creative Commons Attribution 2.0 License
https://www.flickr.com/photos/drainrat/14090130452
systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd
• AAAAAAAAAAAAAAAAAvailable in all modern distros• BBBBBBBBBBBBBBBBBy default in almost all of them• MMMMMMMMMMMMMMMMMakes a lot for standardization• RRRRRRRRRRRRRRRRRemoves "Distro" lock-in, Adds "Linux"lock-in
• IIIIIIIIIIIIIIIIIt did more for standardization than LFS
systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd
• PPPPPPPPPPPPPPPPPowerful tools, easily configured• RRRRRRRRRRRRRRRRReadable configuration• TTTTTTTTTTTTTTTTTakes advantage of Linux-specificmechanisms
• RRRRRRRRRRRRRRRRRemoves the need for a lot of workarounds
ContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContact
Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivottojulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eu@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie
inuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitshttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.eu
info@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.eu+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636