Date post: | 02-Jun-2018 |
Category: |
Documents |
Upload: | susant-sahani |
View: | 213 times |
Download: | 0 times |
of 43
8/11/2019 pdfC1TTlawaxB
1/43
RED HAT | Ingo Brnig1
RHEL 7 Update
systemd
July 2!"
8/11/2019 pdfC1TTlawaxB
2/43
RED HAT | Ingo Brnig2
#$ER$IE%
RHEL 7.0 will ship with systemd, a new init system that replacesupstart.
But systemd is more then a SysVinitupstart replacement
!t is a system and ser"ice mana#er $or Linu%.
!t can wor& as a drop'in replacement $or sys"init. !t replaces inetd and %inetd $or most scenarios
# ps --pid 1 PID TTY TIME CMD 1 ? 00:00:01 systemd
8/11/2019 pdfC1TTlawaxB
3/43
RED HAT | Ingo Brnig(
&ey 'on(epts
)*!+S Ser"ices, Soc&ets,
-e"ices, ounts, /utomounts, Swaps
+imers, aths,
+ar#ets, Snapshots Slices
)nitSer"ice -ependency +rac&in#
rocess trac&in# with Ser"ice in$ormation
8/11/2019 pdfC1TTlawaxB
4/43RED HAT | Ingo Brnig
Bene)its
-ependency trac&in# $or units and processes *o more sleep 304 do somethin#5 loops
roperly &ill daemons
inimal 6oot times
-e6u#in# no early 6oot messa#es are lost
Easy to learn and 6ac&wards compati6le.
/utospawn and Respawn $or Ser"ices
+i#ht inte#ration with c#roups, the de$ault inter$ace in the $uture
8/11/2019 pdfC1TTlawaxB
5/43RED HAT | Ingo Brnig8
*ystemd + Units
*amin# con"ention is name.type httpd.ser"ice, sshd.soc&et, or de"'hu#epa#es.mount
Ser"ice -escri6e a daemon9s type, e%ecution, en"ironment,and how it9s monitored.
Soc&et Endpoint $or interprocess communication. :ile,networ&, or )ni% soc&ets.
+ar#et Lo#ical #roupin# o$ units. Replacement $or runle"els.
-e"ice /utomatically created 6y the &ernel. ;an 6e pro"idedto ser"ices as dependents.
ounts, automounts, swap onitor the mountin#unmountin#o$ $ile systems.
8/11/2019 pdfC1TTlawaxB
6/43
RED HAT | Ingo Brnig3
*ystemd + Units
Snapshots sa"e the state o$ units use$ul $or testin# +imers +imer'6ased acti"ation
aths )ses inoti$y to monitor a path
Slices c#roup hierarchy $or resource mana#ement.
Scopes
8/11/2019 pdfC1TTlawaxB
7/43
RED HAT | Ingo Brnig7
*ystemd , Dependen(y Resolution
E%ample >ait $or 6loc& de"ice
;hec& $le system $or de"ice
ount $le system
n$s'loc&.ser"ice [email protected]"ice networ&.tar#et
/$ter@networ&.tar#et named.ser"ice rpc6ind.ser"ice
Be$ore@remote'$s'pre.tar#et
8/11/2019 pdfC1TTlawaxB
8/43
RED HAT | Ingo BrnigA
%-at a.out my *ystem+$ init s(ripts/
systemd maintains C 6ac&wards compati6ility with initscriptsand the e%ceptions are well documented.
>hile we do encoura#e e"eryone to con"ert le#acy scripts toser"ice unit $iles, it9s not a re?uirement.
Hint we9ll show you how to do this in a $ew minutes.
!ncompati6ilities are listed herehttpwww.$reedes&top.or#wi&iSo$twaresystemd!ncompati6ilities
;on"ertin# SysV !nit Scriptshttp0pointer.de6lo#proDectssystemd'$or'admins'(.html
8/11/2019 pdfC1TTlawaxB
9/43
RED HAT | Ingo Brnig
0aster Boot times
Lennart oetterin# says that :ast 6ootin# isn9t the #oal o$systemd, it9s a result o$ a well desi#ned system.F
/s "irtcloud demand continues, the desire $or li#ht'wei#ht,relia6leresilient, and $ast ima#es #rows.
/ stripped down ima#e can 6oot in G2 seconds.
Less ;) cycles 6urned durin# the 6oot process
!mportant $or hi#hly dense and dynamic en"ironments.
E"en more important $or containers.
8/11/2019 pdfC1TTlawaxB
10/43
RED HAT | Ingo Brnig10
T-e Basi(s1 anaging *er3i(es
8/11/2019 pdfC1TTlawaxB
11/43
RED HAT | Ingo Brnig11
anaging *er3i(es + Unit 0iles
Via !nit !nit scripts are stored in etcinit.d called $rom etcrcI
Via systemd
aintainer $iles usrli6systemdsystem
)ser modi$cations etcsystemdsystem *ote unit $iles under etc will ta&e precedence o"er usr
8/11/2019 pdfC1TTlawaxB
12/43
RED HAT | Ingo Brnig12
anaging *er3i(es + *tart4*top
Via !nit J ser"ice httpd Kstart,stop,restart,reload
Via systemctl
J systemctl Kstart,stop,restart,reload httpd.ser"ice
*otes systemctl places the actionF 6e$ore the ser"ice name.
!$ a unit isn9t speci$ed, .ser"ice is assumed.
systemctl start httpd @@ systemctl start httpd.ser"ice
+a6 completion wor&s #reat with systemctl, install 6ash'completion
systemctl can connect to remote hosts o"er SSH usin# 'HF
8/11/2019 pdfC1TTlawaxB
13/43
RED HAT | Ingo Brnig1(
anaging *er3i(es + *tatus
Via !nit J ser"ice httpd status
Via systemctl
J systemctl status httpd.ser"ice
List loaded ser"ices systemctl 't ser"ice
List installed ser"ices
systemctl list'unit'$iles 't ser"ice similar to ch&con$# ''list5
View state
systemctl ''state $ailed
8/11/2019 pdfC1TTlawaxB
14/43
RED HAT | Ingo Brnig1
anaging *er3i(es + Ena.le4Disa.le
Via !nit J ch&con$# httpd Kon,o$$
Via systemctl
J systemctl Kena6le, disa6le, mas&, unmas& httpd.ser"ice
mas& +his will lin& these units to de"null, ma&in# itimpossi6le to start them. +his is a stron#er "ersion o$ disa6le,since it prohi6its all &inds o$ acti"ation o$ the unit, includin#manual acti"ation. )se this option with care.F
8/11/2019 pdfC1TTlawaxB
15/43
8/11/2019 pdfC1TTlawaxB
16/43
RED HAT | Ingo Brnig13
%-at Runle3els/
Runle"els @@ +ar#ets
Runle"elsF are e%posed "ia tar#et units
etcinitta6 is no lon#er used
+ar#et names are more rele"ant
multi'user.tar#et "s. runle"el( #raphical.tar#et "s. runle"el8
Set the de$ault "ia Msystemctl ena6le #raphical.tar#et ''$orceM
;han#e at run'time "ia Msystemctl isolate Ntar#etOM
8/11/2019 pdfC1TTlawaxB
17/43
RED HAT | Ingo Brnig17
Runle3el 6ames
Runle3el *ystemd Target Des(ription
0 powero$$.tar#et, runle"el0.tar#et System halt
1 rescue.tar#et, runle"el1.tar#et Sin#le user mode
( 2,5 multi'user.tar#et, runle"el(.tar#et ulti'user, non #raphical
8 #raphical.tar#et, runle"el8.tar#et ulti'user, #raphical
3 re6oot.tar#et, runle"el3.tar#et System re6oot
ls /lib/systemd/system/runlevel*target -l
lrwxrwxrwx. 1 root root 15 Jul 3 21:37 /lib/systemd/system/runlevel0.target -> poweroff.target
lrwxrwxrwx. 1 root root 13 Jul 3 21:37 /lib/systemd/system/runlevel1.target -> rescue.target
lrwxrwxrwx. 1 root root 17 Jul 3 21:37 /lib/systemd/system/runlevel2.target -> multi-user.target
lrwxrwxrwx. 1 root root 17 Jul 3 21:37 /lib/systemd/system/runlevel3.target -> multi-user.target
lrwxrwxrwx. 1 root root 17 Jul 3 21:37 /lib/systemd/system/runlevel4.target -> multi-user.targetlrwxrwxrwx. 1 root root 16 Jul 3 21:37 /lib/systemd/system/runlevel5.target -> graphical.target
lrwxrwxrwx. 1 root root 13 Jul 3 21:37 /lib/systemd/system/runlevel6.target -> reboot.target
8/11/2019 pdfC1TTlawaxB
18/43
RED HAT | Ingo Brnig1A
'ustomiing *er3i(e Unit 0iles
8/11/2019 pdfC1TTlawaxB
19/43
RED HAT | Ingo Brnig1
'ustomiing *er3i(e Unit 0iles
)nit $iles can 6e altered or e%tended 6y placin# drop'insF underetcsystemdsystem$oo6ar.ser"ice.dI.con$
;han#es are applied on top o$ maintainer unit $iles.
# cat /etc/systemd/system/httpd.service.d/50-httpd.conf[Service]
Restart=alwaysStartLimitInterval=10StartLimitBurst=5StartLimitAction=rebootCPUShares=2048
Nice=-10OOMScoreAdjust=-1000
8/11/2019 pdfC1TTlawaxB
20/43
RED HAT | Ingo Brnig20
'ustomiing *er3i(e Unit 0iles
Run Msystemctl daemon'reloadM a$ter ma&in# chan#es to noti$ysystemd
-rop'ins will 6e shown $rom Msystemctl statusM
# systemctl status httpd.servicehttpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service;enabled)Drop-In: /etc/systemd/system/httpd.service.d50-httpd.conf
8/11/2019 pdfC1TTlawaxB
21/43
RED HAT | Ingo Brnig21
'ustomiing *er3i(e Unit 0iles + Tips8
;han#es to unit $iles under usrli6systemdsystem could 6eo"erwritten 6y updates. -
8/11/2019 pdfC1TTlawaxB
22/43
RED HAT | Ingo Brnig22
Resour(e anagement
8/11/2019 pdfC1TTlawaxB
23/43
RED HAT | Ingo Brnig2(
a9ing 'groups Easier
View c#roup hierarchy "ia systemd'c#ls
View usa#e stats "ia systemd'c#top use $or tunin#5
-e$ault hierarchy
system.slice contains system ser"ices
user.slice contains user sessions machine.slice contains "irtual machines and containers
Ser"ices can 6e promoted to their own slice i$ necessary.
8/11/2019 pdfC1TTlawaxB
24/43
RED HAT | Ingo Brnig2
Resour(e anagement , 'on)iguration
systemctl can con$i#ure and persist c#roup attri6utes
systemctl set'property httpd.ser"ice ;)Shares@20A
/dd ''runtime to not persist the settin#s
systemctl set'property ''runtime httpd.ser"ice Q ;)Shares@20A
/lternati"ely settin#s can 6e placed in unit $iles NSer"iceO
;)Shares@20A
8/11/2019 pdfC1TTlawaxB
25/43
RED HAT | Ingo Brnig28
'on3erting Init *(ripts
8/11/2019 pdfC1TTlawaxB
26/43
RED HAT | Ingo Brnig23
Remem.er :-at an init+)ile loo9s li9e/
#!/bin/bash## httpd Startup script for the Apache HTTP Server## chkconfig: - 85 15# description: The Apache HTTP Server is an efficient and extensible \# server implementing the current HTTP standards.# processname: httpd# config: /etc/httpd/conf/httpd.conf# config: /etc/sysconfig/httpd# pidfile: /var/run/httpd/httpd.pid#### BEGIN INIT INFO# Provides: httpd# Required-Start: $local_fs $remote_fs $network $named# Required-Stop: $local_fs $remote_fs $network# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server# Description: The Apache HTTP Server is an extensible server# implementing the current HTTP standards.### END INIT INFO
# Source function library.. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/httpd ]; then . /etc/sysconfig/httpdfi
# Start httpd in the C locale by default.HTTPD_LANG=${HTTPD_LANG-"C"}
# This will prevent initlog from swallowing up a pass-phrase prompt if# mod_ssl needs a pass-phrase from the user.INITLOG_ARGS=""
# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server# with the thread-based "worker" MPM; BE WARNED that some modules may not# work correctly with a thread-based MPM; notably PHP will refuse to start.
8/11/2019 pdfC1TTlawaxB
27/43
RED HAT | Ingo Brnig27
# Path to the apachectl script, server binary, and short-form for messages.apachectl=/usr/sbin/apachectlhttpd=${HTTPD-/usr/sbin/httpd}
prog=httpdpidfile=${PIDFILE-/var/run/httpd/httpd.pid}lockfile=${LOCKFILE-/var/lock/subsys/httpd}RETVAL=0STOP_TIMEOUT=${STOP_TIMEOUT-10}
# check for 1.3 configurationcheck13 () { CONFFILE=/etc/httpd/conf/httpd.conf GONE="(ServerType|BindAddress|Port|AddModule|ClearModuleList|" GONE="${GONE}AgentLog|RefererLog|RefererIgnore|FancyIndexing|" GONE="${GONE}AccessConfig|ResourceConfig)" if LANG=C grep -Eiq "^[[:space:]]*($GONE)" $CONFFILE; then echo
echo 1>&2 " Apache 1.3 configuration directives found" echo 1>&2 " please read /usr/share/doc/httpd-2.2.22/migration.html" failure "Apache 1.3 config directives test" echo exit 1 fi}
# The semantics of these two functions differ from the way apachectl does# things -- attempting to start while running is a failure, and shutdown# when not running is also a failure. So we just do it the way init scripts# are expected to behave here.start() { echo -n $"Starting $prog: " check13 || exit 1
LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS RETVAL=$? echo [ $RETVAL = 0 ] && touch ${lockfile} return $RETVAL}
8/11/2019 pdfC1TTlawaxB
28/43
RED HAT | Ingo Brnig2A
# When stopping httpd, a delay (of default 10 second) is required# before SIGKILLing the httpd parent; this gives enough time for the# httpd parent to SIGKILL any errant children.
stop() { echo -n $"Stopping $prog: " killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd RETVAL=$? echo [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}}reload() { echo -n $"Reloading $prog: " if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then RETVAL=6 echo $"not reloading due to configuration syntax error" failure $"not reloading $httpd due to configuration syntax error" else
# Force LSB behaviour from killproc LSB=1 killproc -p ${pidfile} $httpd -HUP RETVAL=$? if [ $RETVAL -eq 7 ]; then failure $"httpd shutdown" fi fi echo}
# See how we were called.case "$1" in start) start ;;
stop) stop ;; status) status -p ${pidfile} $httpd RETVAL=$? ;; restart) stop start ;;
8/11/2019 pdfC1TTlawaxB
29/43
RED HAT | Ingo Brnig2
condrestart|try-restart) if status -p ${pidfile} $httpd >&/dev/null; then stop
start fi 44 $orce'reloadreload5 reload 44 #race$ulhelpcon$i#test$ullstatus5 Japachectl J RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}" RETVAL=2esac
exit $RETVAL
8/11/2019 pdfC1TTlawaxB
30/43
RED HAT | Ingo Brnig(0
'ontrast t-at :it- a systemd unit )ile synta;
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
ExecStop=/usr/sbin/httpd $OPTIONS -k graceful-stop
KillSignal=SIGCONTPrivateTmp=true
[Install]
WantedBy=multi-user.target
8/11/2019 pdfC1TTlawaxB
31/43
RED HAT | Ingo Brnig(1
Test Unit 0ile
;opy the unit $ile
cp NmyappO.ser"ice etcsystemdsystem
/lert systemd o$ the chan#es
systemctl daemon'reload
Start ser"ice systemctl start NmyappO.ser"ice
View status
systemctl status NmyappO.ser"ice
8/11/2019 pdfC1TTlawaxB
32/43
RED HAT | Ingo Brnig(2
T-e Journal
8/11/2019 pdfC1TTlawaxB
33/43
RED HAT | Ingo Brnig((
T-e Journal + Logging :it- systemd
+he Dournal is a component o$ systemd, that captures Syslo#
messa#es, Ternel lo# messa#es, initial R/ dis& and early 6ootmessa#es as well as messa#es written to S+-arnin#s in 6old
Security
Relia6ility
!ntelli#ently rotated
8/11/2019 pdfC1TTlawaxB
34/43
RED HAT | Ingo Brnig(
Journal
-oes not replace rsyslo# in RHEL 7
rsyslo# is ena6led 6y de$ault
)se rsyslo# $or traditional lo##in# w enterprise $eatures
+he Dournal is not persistent 6y de$ault at the moment 6ut arin#'6u$$er in runlo#Dournal.
;ollects e"ent metadata
Stored in &ey'"alue pairs
man pa#e systemd.Dournal'$elds75
Dournalctl ' utility $or to "iewin# the Dournal. Simple or comple%5 $lterin#
!nterlea"e units, 6inaries, etc
8/11/2019 pdfC1TTlawaxB
35/43
RED HAT | Ingo Brnig(8
Using t-e Journal
Ena6le persistence Mm&dir "arlo#DournalM
View $rom 6oot MDournalctl '6M
+ail '$ and 'n wor& as e%pected
Dournalctl '$ 4 Dournalctl 'n 80
:ilter 6y priority MDournalctl 'p Nle"elOM0 emer#
1 alert
2 crit
( err
warnin#8 notice
3 de6u#
8/11/2019 pdfC1TTlawaxB
36/43
RED HAT | Ingo Brnig(3
Using t-e Journal
8/11/2019 pdfC1TTlawaxB
37/43
RED HAT | Ingo Brnig(7
Trou.les-ooting t-e Boot
8/11/2019 pdfC1TTlawaxB
38/43
RED HAT | Ingo Brnig(A
Booting
Boot process is too $ast, interacti"e 6oot append
systemd.con$irmWspawn@1
"arlo#6oot.lo# still wor&s the same
Ena6le de6u##in# $rom #ru6 6y appendin#
systemd.lo#Wle"el@de6u# systemd.lo#Wtar#et@&ms#
lo#W6u$Wlen@1
8/11/2019 pdfC1TTlawaxB
39/43
'ontrol =ro ps ade *imple
8/11/2019 pdfC1TTlawaxB
40/43
RED HAT | Ingo Brnig0
'ontrol =roups ade *imple
Resource ana#ement with c#roups can reduce application or V
contention and impro"e throu#hput and predicta6ility
*li(es *(opes *er3i(es
8/11/2019 pdfC1TTlawaxB
41/43
RED HAT | Ingo Brnig1
*li(es> *(opes> *er3i(es
!n RHEL7 systemd mana#es c#roups, new concept o$
ScopesSlices Slice )nit type $or creatin# the c#roup hierarchy $or resource
mana#ement.
Scope
8/11/2019 pdfC1TTlawaxB
42/43
RED HAT | Ingo Brnig2
'ontrol =roups + Usa.ility Impro3ements1 *(opes
Systemd puts all related wor&er !-s into c#roup called a XscopeY.
Ser"ices
/pache processes in same ser"icesapache scope
ys?l processes in same ser"icesys?l scope
/pacheys?l #et an e?ual sliceF o$ the system
)sers accounts
/ll users #et an e?ual sliceF
achines
/ll containersVs #et an e?ual sliceF *o ser"iceusermachine can dominate system
'ontrol =roups Usa.ility Impro3ements1 *li(es
8/11/2019 pdfC1TTlawaxB
43/43
RED HAT | Ingo Brnig(
'ontrol =roups + Usa.ility Impro3ements1 *li(es
Special unit $ile $or assi#nin# resource constraints
Slices #et assi#ned to scopes
Systemd automatically assi#ns ser"ices to system.slice
Uou can o"erride resource with )nit $ile con$i#uration
emoryLimit@1# ;ommand Line
Z[ systemctl set'property httpd.ser"ice ;)Shares@82emoryLimit@800
Systemd will assi#n ;ontainers to machine.slice Uou can o"erride 6y editin#
etcsystemdsystem6i#'machine.slice