SUSE Linux Enterprise 12

Innovations in System Boot andFull System Roll-back

Gábor NyersSales Engineer @SUSEgnyers@suse.com

2

Agenda

● Quick overview of SLE 12

● Full-system rollback►Demo: Full-system rollback, Integratie snapper and grub2

● System initialization with systemd►Feature overview, compatibility, demo

● System initialization with systemd►Feature overview, compatibility, from traditional init scripts to unit files; demo's

Quick Overview of SUSE Linux Enterprise 12

4

SUSE Linux Enterprise 12

Life Cycle

5

SUSE® Linux Enterprise Server 12

Lifecyle Model

10 years lifecycle + 3 years Extended Support

General Support Extended Support

Year 1 Year 2 Year 3 Year 4 Year 5 Year 6 Year 7 Year 8 Year 9 Year 10 Year 11 Year 12 Year 13

GA LTSS

SP1 LTSS

SP2 LTSS

SP3 LTSS

SP4 LTSS

• 13-year lifecycle (10 years general support, 3 years extended support)• Long Term Service Pack Support (LTSS) available for all versions, including GA

6

SUSE® Linux Enterprise

Lifecycle & Code Streams

2011 2012 2013 2014 2015 2016

SLE10

SLE 11

SLE 12

SP4

SP2 SP3 SP4

SP1

13-year lifecycleFor SLES 11 and SLES 12,10 years general support,+3 years Long Term Support

Tentative – Dates subject to change

SUSE Linux Enterprise 12Long Term Service Pack Support for every Service Pack

GA

7

SUSE Linux Enterprise

Modules

Web Scripting

Legacy

Toolchain

Public Cloud

Advanced Systems Mgmt.

php, python3

sendmail, syslog-ng, ksh, old versions of: Java, cups,

libstdc++

gcc

cloud-init; google-, aws-, openstack- tools; lots of Python

modules,

cfengine, puppet, machinery

3yrs

3yrs

1y

CI

CI

Module name Content Release schedule

8

Full system roll-back

10

Components

Grub2: boot loader integration for full system rollback

Snapper: GUI and CLI tool for easy snapshot/rollback

Btrfs: default filesystem with fault tolerance, repair, and easy management features

11

Full system roll-back

Btrfs

● Btrfs features● Concepts

►Subvolume►Snapshot

● Filesystem recommendations

12

Btrfs feature overview

Supported by SUSE

● Copy-on-Write● Snapshots● Subvolumes● Data integrity● Metadata integrity● On-line scrubbing● Manual de-duplication● Quota Groups

Work in progress

● Inode Cache● Auto Defrag● RAID● Transparent compression● Send / Receive● Hot add / remove● Seeding devices

13

Btrfs Concepts:

Subvolumes

Subvolume(s)...:… appear to be a directory

… start as an independent but empty root node

… are independently mountable

… are independently snapshotable

… are “equals” amongst each other, but there is a designated “default subvolume”Subvol

(B-Tree)

/

Subvol(B-Tree)

/home

/var/log

Subvolume Root node

SubvolumeRoot node

DefaultSubvolumeRoot node

Storage block

14

Btrfs Concepts:

Snapshots

Snapshot(s)...:… are an independent clone of the state of a subvolume

… share all raw data with its ancestor after creation

… may be (practically) unlimited in number

… are either RO or RW

… may be “nested”, that is“snapshot of a snapshot”

Subvol(B-Tree)

/

/home

CloneB-Tree

CloneB-Tree

data blocks

When a snapshot is created, the parent and child sub-trees point to the same data blocks

15

Btrfs integration in YaST Partitioner

16

Filesystem Recommendations

Type?

New Filesystem?

Purpose?

Snapshots?Snapshots?

ext3|4xfs

btrfs

OS Data

No

Yes Yes

Convert

No

ext2/3/4

xfs reiserfs

Yes No

17

Full system roll-back

Snapper

● Snapshot management tool

● Features● Metadata● Compare snapshots

18

Snapper feature overview

● btrfs, ext4 and LVM● Plug-in support● Grub2 integration● Stores metadata with

snapshot►free text for humans►key = value pairs for

computers

● Management of multiple btrfs filesystems and subvolumes►Automatic snapshot creation►Configurable clean-up

algorithms►Creates RO snapshots by

default►Snapshots for non-root users►Show difference between

snapshots►Mount snapshots

19

sles1201:~ # snapper listType | # | Pre # | Date | User | Cleanup | Description | Userdata -------+----+-------+---------------------------------+------+----------+-------------------------------------------------------+--------------------------------single | 0 | | | root | | current | single | 1 | | Mon 27 Oct 2014 09:52:24 PM CET | root | timeline | This is a free-text description for human consumption | changeID=Demo001, myvar1=value1single | 2 | | Mon 27 Oct 2014 10:00:19 PM CET | root | home-tux | 1st snapshot for user tux | single | 3 | | Mon 27 Oct 2014 10:01:10 PM CET | root | home-tux | 1st snapshot for user tux | single | 8 | | Mon 27 Oct 2014 11:18:19 PM CET | root | | Recovery point 2014-10-27 | single | 9 | | Tue 28 Oct 2014 12:41:46 AM CET | root | | Rolling back to snapshot 8 | single | 10 | | Tue 28 Oct 2014 12:41:46 AM CET | root | | Rolling back to snapshot 8 | single | 11 | | Tue 28 Oct 2014 01:17:01 AM CET | root | | Recovery point 2 | important=yes single | 12 | | Tue 28 Oct 2014 05:47:39 AM CET | root | | Rolling back disabled state to Recovery point 2 | single | 13 | | Tue 28 Oct 2014 05:47:40 AM CET | root | | Rolling back disabled state to Recovery point 2 | pre | 18 | | Tue 28 Oct 2014 11:16:22 PM CET | root | number | yast apparmor | post | 19 | 18 | Tue 28 Oct 2014 11:16:41 PM CET | root | number | | pre | 20 | | Mon 19 Jan 2015 09:25:19 PM CET | root | number | zypp(zypper) | important=yes post | 21 | 20 | Mon 19 Jan 2015 09:34:32 PM CET | root | number | | important=yes pre | 22 | | Mon 19 Jan 2015 09:55:14 PM CET | root | number | zypp(zypper) | important=no post | 23 | 22 | Mon 19 Jan 2015 09:55:26 PM CET | root | number | | important=no pre | 24 | | Mon 19 Jan 2015 10:52:22 PM CET | root | number | zypp(zypper) | important=no post | 25 | 24 | Mon 19 Jan 2015 10:52:24 PM CET | root | number | | important=no pre | 26 | | Thu 22 Jan 2015 12:37:27 AM CET | root | number | yast sw_single | post | 27 | 26 | Thu 22 Jan 2015 12:38:35 AM CET | root | number | | pre | 28 | | Thu 22 Jan 2015 12:50:23 AM CET | root | number | yast repositories | post | 29 | 28 | Thu 22 Jan 2015 01:00:49 AM CET | root | number | | sles1201:~ #

Snapper – snapshot management

20

Snapper – Metadata

Meta information stored with each snapshot:►Type : [ Pre | Post | Single ]►# : Nr of snapshot►Pre # : Matching “Pre” number, if type is “Post”►Date : Timestamp►User : User who created the snapshot►Cleanup : Cleanup algorithm for this snapshot►Description : A fitting description of the snapshot (free text)►Userdata : key=value pairs to record all sorts of useful

information about the snapshot in an (e.g.: easily parsing from scripts)

21

Snapshot management with Snapper

22

Snapper DBus support

dbus daemon

snapperd

Unprivileged user

Unprivileged user Privileged userPrivileged user

Privileged user

agent (snapper)

agent (yast)

agent (e.g.: custom script)

● Snapper:►snapper (client)►snapperd (server)

● Authorized users submit request through DBus

● snapperd performs actions on behalf of users

● Authorization scheme►Users►Agents

23

Full system roll-back

Grub2

● the Grand Unified Boot Loader v2

24

Grub2 Features

● Scripting support● Dynamic modules● Custom menus● Boot LiveCD ISO images directly from hard drive

25

Full System Roll-back 1/2

● Rollback to a good state with one click for faster recovery from planned or unplanned downtime

● Support for service pack rollback

● Support for kernel upgrade

● Based on btrfs and Snapper, bootloader integration

26

Full System Roll-back 2/2

Goal:

Reduce operational downtime by quickly restoring the system to a well-known working state.

27

Demo: Full system roll-back

● Create recovery point● Wreck havoc● Boot system → fail!● Boot system to recovery point → read-only!● Roll-back system using snapper

System initialization with systemd

29

The boot process in general

http://en.wikipedia.org/wiki/Linux_startup_process

BIOS

Boot loader

Kernel

Init

Login Prompt

Find and load boot loader from disk

Enumerate disksHardware init

(RAM, PCI bus, USB, video, keyboard, disks, etc..)

Load and run OS(Linux: kernel+initrd)

User interaction (optional)

Enumerate bootable OS's

Decompress initrd and run init

Kernel initHardware init(Remaining HW)

Start getty & display manager

Start system and network services

Mount root and other filesystems

Setup sessionAuthorize user

30

The Init Process

Init Start getty & display manager

Start servicesMount root and other filesystems

A few Linux init system implementations:● sysvinit (SysV style)● Upstart (Ubuntu)● OpenRC● systemd● etc...

A few problems with traditional init systems:● rely heavily on shell

scripting:► slow,► fragile,►redundancy, hard to read:

100s of shell script lines vs. 10-20 Unit File

● weak parallelism

31

systemd ● What is systemd?● Adoption

32

What is systemd? 1/3

● a system- and session manager for Linux,

● provides aggressive parallelization capabilities,(no shell during boot!)

● uses socket and D-Bus activation for starting services,

● offers on-demand starting of services,

● keeps track of processes using Linux cgroups,

33

What is systemd? 2/3

● supports restoring the system's state to a predefined state,

● maintains mount and auto-mount points,

● provides dependency based service control logic,

● provides replacement for a nr. of well-known tools, e.g.: udev, automount, inetd, consolekit and syslog,

● a drop-in replacement for sysvinit

34

What is systemd? 3/3

There is a lot of criticism and opinions as well...

● “It's not the UNIX way”referring to the “do one thing and do it well” maxim

● “It's monolithic”● “It introduces too many dependencies”● (and worse)

... but we won't be addressing these today :-)

35

“If I had asked people

what they wanted, they

would have said faster

horses”

Henry Ford

36

systemd adoption

Distribution Added to repositories

Enabled by default? Released as default

SUSE Linux Enterprise

v12 Yes Yes

openSUSE v11.4 Yes v12.2 (2012)

Fedora v15 (2011) Yes v15 (2011)

Red Hat Linux Enterprise

v7 (2014) Yes v7 (2014)

Debian in 2012 No, planned for Debian Jessie

Not yet released

Arch Linux in 2012 Yes 2012

see also: http://en.wikipedia.org/wiki/Systemd#Adoption_and_reception

37

Compatibility with SysV Init Scripts

● systemd-sysvinit pkg provides compatible versions of halt, init, poweroff, reboot, runlevel, shutdown, telinit

● init scripts may be augmented with systemd mechanisms, e.g. dependencies

● There are also incompatibilities: see [1] for comprehensive list

[1]: http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities/

sles1201:~ # systemctl status nfsnfs.service - LSB: NFS client services Loaded: loaded (/etc/init.d/nfs) Drop-In: /run/systemd/generator/nfs.service.d └─50-insserv.conf-$remote_fs.conf Active: inactive (dead)

# sles1201:~ # cat /run/systemd/generator/nfs.service.d/50-insserv.conf-\$remote_fs.conf # Automatically generated by systemd-insserv-generator

[Unit]Wants=remote-fs-pre.targetBefore=remote-fs-pre.targetsles1201:~ #

38

systemd

Related Concepts

● Kernel cgroups (independent of systemd)

● socket based activation● Unit Files● Generators

39

Kernel Cgroups (Control Groups)

● Linux Kernel facility allowing the grouping of processes (and their “children”) into a tree-structure hierarchy

● Each group can be assigned a quota for these system resources:►CPU►RAM►Disk I/O►Network I/O

Control groups hierarchy created by systemd

├─machine.slice│ └─machine-qemu\x2dsles1201.scope │ └─20958 /usr/bin/qemu-system-x86_64 -m...├─user.slice│ ├─user-0.slice│ │ └─user@0.service│ │ ├─4322 /usr/lib/systemd/systemd --us...│ │ └─4323 (sd-pam)│ ├─user-1000.slice│ │ ├─session-560.scope│ │ │ ├─ 2810 /usr/bin/claws-mail│ │ │ ├─ 3035 /usr/lib64/firefox/firefox│ │ │ ├─ 3086 /usr/lib/mozilla/kmozillahel...│ │ │ ├─ 5459 /bin/bash│ │ │ ├─ 7854 /usr/bin/kwalletmanager --kw...│ │ ├─session-1.scope│ │ │ ├─4179 /bin/bash ./bridge start│ │ │ └─4182 dnsmasq --conf-file=mydnsmasq...│ │ └─user@1000.service│ │ ├─1891 /usr/lib/systemd/systemd --us...│ │ └─1892 (sd-pam)│ └─user-489.slice│ └─user@489.service│ ├─1703 /usr/lib/systemd/systemd --us...│ └─1704 (sd-pam)└─system.slice ├─libvirtd.service │ └─4008 /usr/sbin/libvirtd --listen ├─rsyslog.service │ └─985 /usr/sbin/rsyslogd -n ├─apache2.service │ ├─1254 /usr/sbin/httpd2-prefork -f /et... │ └─1840 /usr/sbin/httpd2-prefork -f /et...

See also: SLES 12 Tunining Guide, Ch8: “Kernel Control Groups” and Kernel documentation on cgroups

40

Demo: Kernel Cgroups

Managing cgroups

►How to find cgroup configuration?►List currently running cgroups

with lscgroup (pkg libcgroups-tools)with systemd-cgls (pkg systemd)→ nicely shows the cgroup hiearchy created by systemd

►Limit resources

►See also:►cgexec - run the task in given control groups►cgclassify - move running task(s) to given cgroups

41

Socket-based activation

►Using sockets systemd can monitor the availability of the connected service

►When the service crashes, the messages to the socket will be buffered (~ MBs)

►Especially well suited for services that mostly receive through the socket, e.g. syslog

►Temporarily stand-in for the service►example: during boot kmsg is active but at some point syslog takes over

See also: http://0pointer.de/blog/projects/socket-activation.html

sles1201:~ # systemctl list-sockets LISTEN UNIT ACTIVATES/dev/initctl systemd-initctl.socket systemd-initctl.service/dev/log systemd-journald.socket systemd-journald.service/run/dmeventd-client dm-event.socket dm-event.service/run/dmeventd-server dm-event.socket dm-event.service/run/systemd/journal/socket systemd-journald.socket systemd-journald.service/run/systemd/journal/stdout systemd-journald.socket systemd-journald.service/run/systemd/journal/syslog syslog.socket rsyslog.service/run/systemd/shutdownd systemd-shutdownd.socket systemd-shutdownd.service/run/udev/control systemd-udevd-control.socket systemd-udevd.service/var/run/dbus/system_bus_socket dbus.socket dbus.service/var/run/pcscd/pcscd.comm pcscd.socket pcscd.service[...]

42

Unit File Types

● service● target● socket● path● device● timer

● mount● automount● snapshot● slice● swap● scope

43

Generators

►Generators are located in /usr/lib/systemd/system-generators/

►Templates are located in directory /usr/lib/systemd/system-generators/

►Based on templates systemd generators creates one or more unit instances for example for: getty,lvm; or mount units based on /etc/fstab

See also: http://www.freedesktop.org/wiki/Software/systemd/Generators/

sles1201:/etc/systemd # cat /usr/lib/systemd/system/user@.service

[Unit]Description=User Manager for UID %iAfter=systemd-user-sessions.service

[Service]User=%iPAMName=systemd-userType=notifyExecStart=-/usr/lib/systemd/systemd --userSlice=user-%i.sliceKillMode=mixed

44

systemd

Unit files

● Unit file locations● Unit file strcuture● A few Unit file types:

►service►socket►target►slice, scope►timer

45

Unit File Locations(in order of precedence)

In system mode(systemd --system)

►Runtime units:/run/systemd/system/

►Local configuration:/etc/systemd/system/

►Units of installed packages:/usr/lib/systemd/system

In user mode(systemd --user)

►User configuration:$HOME/.config/systemd/user/

►Local configuration:/etc/systemd/user/

►Runtime units:/run/systemd/user/

►Units of installed packages:/usr/lib/systemd/user/

46

[Section]

Unit File Syntax(*)

● Generic sections:►[Unit]: Dependencies, etc..►[Install]: What to do to install or

remove● Other

►empty lines and prefixed with “#” or “;” will be ignored

►“\” at line end will wrap long lines● Options

►Pre-defined►User defined, prefixed with “X-”

● Values►Bolean: 1, “true”, “yes”,”on” or

0, “false”, “no”, “off”►Time: “50”, “4min 140ms”

[Unit]

Option = ValueOption = Value# This line will be ignored; As well as this

[Install]

BoleanOption = trueOption = ValueOption = Value

[Specific Section]

Option = ValueOption = ValueX-MyOption = “User defined option”

See also man(5) system.unit

(*) Conform “XDG Desktop Entry Specification”

47

[Unit]# will include all settings from # bar.service.include bar.service

Description = foo serviceWanted = Value; As well as this

Unit File Logic 1/2

● Directory “foo.service.d” may contain “*.conf” files to alter or add configuration

● Directory “foo.service.wants/” can contain symlinks to dependencies of “foo.service”

● Unit file templates:►getty@tty3.service will be

generated from:►getty@.service

foo.service

48

Unit File Logic 2/2

[Unit] Directives►Description, Documentation:

Make live easy

►Wants, Requires, ConflictsExpress dependencies between units

►WantedBy, RequiredBy: Reverse dependencies; Will result in symlink to this unit in mentioned services' $unit.wants/ or $unit.requires/ directory

►Before, AfterSpecify order when starting and stopping units

►Alias: when enabled, unit will also be registered under these names

49

Unit files: service

service units start and control daemons and the processes they consist of

sles1201:~ # cat /usr/lib/systemd/system/ntpd.service[Unit]Description=NTP Server DaemonDocumentation=man:ntpd(1)After=nss-lookup.target

Wants=network.targetAfter=network.target

[Service]Type=forkingPIDFile=/var/run/ntp/ntpd.pidExecStart=/usr/sbin/start-ntpd startRestartSec=11minRestart=always

[Install]WantedBy=multi-user.target

See also: man systemd.service(5)

50

Unit files: socket

socket units create local unix or network sockets, useful for socket based activation

sles1201:~ # systemctl -t socketUNIT LOAD ACTIVE SUB DESCRIPTIONdbus.socket loaded active running D-Bus System Message Bus Socketdm-event.socket loaded active running Device-mapper event daemon FIFOsiscsid.socket loaded active listening Open-iSCSI iscsid Socketpcscd.socket loaded active listening PC/SC Smart Card Daemon Activation Socketsyslog.socket loaded active running Syslog Socketsystemd-initctl.socket loaded active listening /dev/initctl Compatibility Named Pipesystemd-journald.socket loaded active running Journal Socketsystemd-shutdownd.socket loaded active listening Delayed Shutdown Socketsystemd-udevd-control.socket loaded active running udev Control Socketsystemd-udevd-kernel.socket loaded active running udev Kernel Socket

sles1201:~ # systemctl status dbus.socketdbus.socket - D-Bus System Message Bus Socket Loaded: loaded (/usr/lib/systemd/system/dbus.socket; static) Active: active (running) since Wed 2015-01-28 14:37:31 CET; 7h ago Listen: /var/run/dbus/system_bus_socket (Stream)

sles1201:~ # cat /usr/lib/systemd/system/dbus.socket [Unit]Description=D-Bus System Message Bus Socket

[Socket]ListenStream=/var/run/dbus/system_bus_socketsles1201:~ #

51

Unit files: target

● target units:►are useful to group units, or►provide well-known

synchronization points during boot-up

sles1201:~ # systemctl get-defaultmulti-user.target

sles1201:~ # systemctl -t target UNIT LOAD ACTIVE SUB DESCRIPTIONbasic.target loaded active active Basic Systemcryptsetup.target loaded active active Encrypted Volumesgetty.target loaded active active Login Promptslocal-fs-pre.target loaded active active Local File Systems (Pre)local-fs.target loaded active active Local File Systemsmulti-user.target loaded active active Multi-User Systemnetwork.target loaded active active Networknss-lookup.target loaded active active Host and Network Name Lookupsnss-user-lookup.target loaded active active User and Group Name Lookupspaths.target loaded active active Pathsremote-fs-pre.target loaded active active Remote File Systems (Pre)remote-fs.target loaded active active Remote File Systems[...]

►are equivalent to “runlevel”:►`init 5` is equivalent to►`systemctl isolate runlevel5.target`

►/etc/inittab is deprecated►see also: systemd.target(5)

52

Unit files: slice and scope

A standard hierarchy of processes, sessions for resource control● slices:

►automatically created slices: ►“-” (root), ►machine►user: parent for user-* slices►system: parent for services►see also: man systemd.slice(5)

● scopes: ►each session (on tty or

graphical) is an individual scope

►see also: man systemd.scope(5)

-.slice├─machine.slice│ └─machine-qemu\x2dsles1201.scope│ └─3721 /usr/bin/qemu-system-x86_64 | -name sles1201 -machine │ accel=kvm [...]├─user.slice│ ├─user-0.slice│ │ └─user@0.service│ │ └─4519 /usr/lib/systemd/systemd --user . .│ └─user-1000.slice│ ├─session-1.scope. .│└─system.slice ├─1 /sbin/init showopts ├─systemd-machined.service │ └─3722 /usr/lib/systemd/systemd-machined ├─libvirtd.service │ └─3514 /usr/sbin/libvirtd --listen ├─rsyslog.service │ └─968 /usr/sbin/rsyslogd -n .

53

Unit files: timer

►Timer units trigger matching unit files on the defined moments, ie: “foo.timer” has to have a foo.<unit type>

►Timers are monotonic, independent of wall-clock time and timezones.

sles1201:~ # cat /usr/lib/systemd/system/systemd-tmpfiles-clean.timer[Unit]Description=Daily Cleanup of Temporary DirectoriesDocumentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)[Timer]OnBootSec=15minOnUnitActiveSec=1d

sles1201:~ # ls -1 /usr/lib/systemd/system/systemd-tmpfiles-clean*systemd-tmpfiles-clean.servicesystemd-tmpfiles-clean.timer

sles1201:~ # systemctl --all list-timers NEXT LEFT UNIT ACTIVATESThu 2015-01-29 14:52:19 CET 13h left systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.servicen/a n/a systemd-readahead-done.timer systemd-readahead-done.service

►If system is suspended, the monotonic clock stops too.

►see also: man systemd.timer(5)

54

Using unmodified SysV/LSB scripts with systemd

►Compatibility mode with symlinks to /usr/lib/systemd/systemd:halt, init, poweroff, reboot, runlevel, shutdown, telinit

►Requests to above utilities will be forwarded to systemd

►The correct invocation of an init script is through /sbin/service

►systemd understands and respects the LSB headers

►Be sure to check the list of incompatibilities with SysV, see [1], e.g.:►The concept of runlevels is different

than with sysvinit►Interactive scripts should use

`systemd-ask-password`

[1] http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities/

55

From SysV/LSB Script to systemd Unit File

►Read and understand what the script does!

►Section [Unit]Description and DocumentationDependencies: based on LSB headers “Required-Start”, “Required-Stop”Ordering: “Before” or “After”

►Section [Service]ExecStart: the full path to the services binary/scriptType: How to monitor the daemon? Possible values: simple, forking, oneshot, dbus, notify, idlePIDFile: the file containing a forked daemon's PID

►Section [Install]Runlevel to corresponding target, e.g.:WantedBy=multi-user.target

►See also:►man systemd.unit(5)►man systemd.service(5)►Lennart Poettering's blog article [1]

[1] “systemd for Administrators, Part III”, http://0pointer.de/blog/projects/systemd-for-admins-3.html

56

A few select systemd

Use Cases

57

List Available Unit Files

sles1201:~ # systemctl list-unit-filesUNIT FILE STATE proc-sys-fs-binfmt_misc.automount static org.freedesktop.hostname1.busname static org.freedesktop.locale1.busname static org.freedesktop.login1.busname static org.freedesktop.machine1.busname static org.freedesktop.timedate1.busname static dev-hugepages.mount static dev-mqueue.mount static proc-sys-fs-binfmt_misc.mount static...cleanup.service static clock.service maskedrsyslog.service enabled...system-update.target static time-sync.target static timers.target static umount.target static fstrim.timer disabledmdadm-last-resort@.timer static systemd-readahead-done.timer static systemd-tmpfiles-clean.timer static

287 unit files listed.sles1201:~ #

● systemctl► list-timers► list-sockets► list-units► list-unit-files

58

Start / Stop / Restart / Enable / Disable

● Multiple services at the same time

● Completion(requires the “bash-completion” pkg)

sles1201:~ # systemctl status a<TAB><TAB>after-local.service auditd.serviceamavis.service autofs.serviceapparmor.service autovt@.serviceatd.servicesles1201:~ # systemctl status a

sles1201:~ # systemctl -t <TAB><TAB>automount device mount path service snapshot socket swap target timersles1201:~ # systemctl -t <TAB><TAB>

sles1201:~ # systemctl restart ntpd apache2

sles1201:~ # systemctl status ntpd apache2

sles1201:~ # systemctl disable apache2

sles1201:~ # systemctl status apache2apache2.service - The Apache Webserver Loaded: loaded (/usr/lib/systemd/system... Active: active (running) since Thu 2015... Main PID: 12391 (httpd2-prefork) Status: "Total requests: 0; Current req... CGroup: /system.slice/apache2.service ├─12391 /usr/sbin/httpd2-prefor... ├─12408 /usr/sbin/httpd2-prefor... ├─12410 /usr/sbin/httpd2-prefor... ├─12411 /usr/sbin/httpd2-prefor... ├─12412 /usr/sbin/httpd2-prefor... └─12413 /usr/sbin/httpd2-prefor...

59

More informative service status

sles1201:~ # systemctl status postfix postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled) Active: active (running) since Sun 2015-01-25 17:15:02 CET; 2 days ago Process: 1182 ExecStartPost=/etc/postfix/system/cond_slp register (code=exited, status=0/SUCCESS) Process: 1177 ExecStartPost=/etc/postfix/system/wait_qmgr 60 (code=exited, status=0/SUCCESS) Process: 1072 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS) Process: 1061 ExecStartPre=/etc/postfix/system/update_postmaps (code=exited, status=0/SUCCESS) Process: 1051 ExecStartPre=/etc/postfix/system/update_chroot (code=exited, status=0/SUCCESS) Process: 1007 ExecStartPre=/etc/postfix/system/config_postfix (code=exited, status=0/SUCCESS) Process: 992 ExecStartPre=/bin/echo Starting mail service (Postfix) (code=exited, status=0/SUCCESS) Main PID: 1175 (master) CGroup: /system.slice/postfix.service ├─ 1175 /usr/lib/postfix/master -w ├─ 1178 qmgr -l -t fifo -u └─25344 pickup -l -t fifo -u

Jan 25 17:15:01 sles1201 echo[992]: Starting mail service (Postfix)Jan 25 17:15:02 sles1201 postfix/postfix-script[1156]: warning: not owned by group maildrop: /usr/sbin/postqueueJan 25 17:15:02 sles1201 postfix/postfix-script[1158]: warning: not owned by group maildrop: /usr/sbin/postdropJan 25 17:15:02 sles1201 postfix/postfix-script[1161]: warning: not set-gid or not owner+group+world executable: /usr/sbin/postdropJan 25 17:15:02 sles1201 postfix/postfix-script[1173]: starting the Postfix mail systemJan 25 17:15:02 sles1201 postfix/master[1175]: daemon started -- version 2.11.0, configuration /etc/postfixsles1201:~ #

60

Managing remote machines

$ systemctl -H root@sles1201 status postfix.serviceHost key fingerprint is bc:87:d7:c9:06:5f:16:1c:b2:e5:88:0f:8f:d7:f6:9d+--[ECDSA 256]---+| . o || w - B . || o o + || a . = . . || S o + = || o * = .o|| o P * Eo|| o . || |+-----------------+

postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled) Active: active (running) since Wed 2015-01-28 14:37:51 CET; 12h ago Main PID: 1340 CGroup: /system.slice/postfix.service

61

Resource Control

Limit Apache service ►default CPUShares = 1024►temporarily:

systemctl set-property apache2.service CPUShares=612 MemoryLimit=500M

►permanently:systemctl set-property --runtime apache2.service CPUShares=612 MemoryLimit=500Mor“CPUShares = 612” in Unit File

See also ►man systemd.resource-control(5)►man systemd-cgtop►“systemd's Resource Control Concepts” [1]

[1] http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/

62

Boot process analysis

sles1201:~ # systemd-analyze blame 16.029s wicked.service 2.852s systemd-udev-settle.service 1.684s SuSEfirewall2_init.service 1.596s postfix.service 1.420s SuSEfirewall2.service 1.235s apparmor.service 1.132s systemd-remount-fs.service 1.057s systemd-udev-root-symlink.service 1.056s sys-kernel-debug.mount 1.055s dev-mqueue.mount 1.054s dev-hugepages.mount 911ms systemd-udev-trigger.service 888ms btrfsmaintenance-refresh.service 854ms sshd.service 831ms rsyslog.service

sles1201:~ # systemd-analyze plot > \ sles1201-boot.svg

63

Containers with systemd-nspawn

Similar to chroot, but:►RO access to /sys, /proc/sys,

/sys/fs/selinux,►No device files may be

created and►No changes to network and

clock

... from within the container

Demo:►Bootstrap a new filesystem►Add repositories►Install a few packages►Start container

systemd-nspawn may be used to run a command or OS in a light-weight namespace container. (man systemd-nspawn)

64

systemd-nspawnDemo: bootstrap a new container

Bootstrap a new filesystemzypper --root /vmstore/containers/os131/ addrepo \ http://download.opensuse.org/distribution/13.1/repo/non-oss/ repo-osszypper --root /vmstore/containers/os131/ addrepo \ http://download.opensuse.org/distribution/13.1/repo/non-oss/ repo-non-osszypper --root /vmstore/containers/os131/ refresh

Install a few packageszypper --root /vmstore/containers/os131/ install \ openSUSE-release-13.1-1.10.x86_64 bash iproute2 coreutils

Container size <60MB!du -sm /vmstore/containers/os131/56 /vmstore/containers/os131/

Start container systemd-nspawn -D /vmstore/containers/os131/ /bin/bashSpawning namespace container on /vmstore/containers/opensuse13.1 (console is /dev/pts/8).Init process in the container running as PID 26205.Timezone Europe/Amsterdam does not exist in container, not updating container timezone.bash-4.2#

65

Summary

● systemd introduces radical changes in the Linux boot process

● Because of the richness of unit file vocabulary and tools it can be overwhelming at first

● Transitioning to systemd is made easier by the “compatibility” features

● by making clear choices and enforcing its standards --for good or ill-- systemd will simplify things

● The adoption of systemd is already large and growing

Thank you.

66

Questions?

Unpublished Work of SUSE. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.