pdfC1TTlawaxB

8/11/2019 pdfC1TTlawaxB

1/43

RED HAT | Ingo Brnig1

RHEL 7 Update

systemd

July 2!"


2/43


#$ER$IE%

RHEL 7.0 will ship with systemd, a new init system that replacesupstart.

But systemd is more then a SysVinitupstart replacement

!t is a system and ser"ice mana#er $or Linu%.

!t can wor& as a drop'in replacement $or sys"init. !t replaces inetd and %inetd $or most scenarios

# ps --pid 1 PID TTY TIME CMD 1 ? 00:00:01 systemd


3/43

RED HAT | Ingo Brnig(

&ey 'on(epts

)*!+S Ser"ices, Soc&ets,

-e"ices, ounts, /utomounts, Swaps

+imers, aths,

+ar#ets, Snapshots Slices

)nitSer"ice -ependency +rac&in#

rocess trac&in# with Ser"ice in$ormation


4/43RED HAT | Ingo Brnig

Bene)its

-ependency trac&in# $or units and processes *o more sleep 304 do somethin#5 loops

roperly &ill daemons

inimal 6oot times

-e6u#in# no early 6oot messa#es are lost

Easy to learn and 6ac&wards compati6le.

/utospawn and Respawn $or Ser"ices

+i#ht inte#ration with c#roups, the de$ault inter$ace in the $uture


5/43RED HAT | Ingo Brnig8

*ystemd + Units

*amin# con"ention is name.type httpd.ser"ice, sshd.soc&et, or de"'hu#epa#es.mount

Ser"ice -escri6e a daemon9s type, e%ecution, en"ironment,and how it9s monitored.

Soc&et Endpoint $or interprocess communication. :ile,networ&, or )ni% soc&ets.

+ar#et Lo#ical #roupin# o$ units. Replacement $or runle"els.

-e"ice /utomatically created 6y the &ernel. ;an 6e pro"idedto ser"ices as dependents.

ounts, automounts, swap onitor the mountin#unmountin#o$ $ile systems.


6/43


*ystemd + Units

Snapshots sa"e the state o$ units use$ul $or testin# +imers +imer'6ased acti"ation

aths )ses inoti$y to monitor a path

Slices c#roup hierarchy $or resource mana#ement.

Scopes


7/43


*ystemd , Dependen(y Resolution

E%ample >ait $or 6loc& de"ice

;hec& $le system $or de"ice

ount $le system

n$s'loc&.ser"ice [email protected]"ice networ&.tar#et

/$ter@networ&.tar#et named.ser"ice rpc6ind.ser"ice

Be$ore@remote'$s'pre.tar#et


8/43

RED HAT | Ingo BrnigA

%-at a.out my *ystem+$ init s(ripts/

systemd maintains C 6ac&wards compati6ility with initscriptsand the e%ceptions are well documented.

>hile we do encoura#e e"eryone to con"ert le#acy scripts toser"ice unit $iles, it9s not a re?uirement.

Hint we9ll show you how to do this in a $ew minutes.

!ncompati6ilities are listed herehttpwww.$reedes&top.or#wi&iSo$twaresystemd!ncompati6ilities

;on"ertin# SysV !nit Scriptshttp0pointer.de6lo#proDectssystemd'$or'admins'(.html


9/43

RED HAT | Ingo Brnig

0aster Boot times

Lennart oetterin# says that :ast 6ootin# isn9t the #oal o$systemd, it9s a result o$ a well desi#ned system.F

/s "irtcloud demand continues, the desire $or li#ht'wei#ht,relia6leresilient, and $ast ima#es #rows.

/ stripped down ima#e can 6oot in G2 seconds.

Less ;) cycles 6urned durin# the 6oot process

!mportant $or hi#hly dense and dynamic en"ironments.

E"en more important $or containers.


10/43


T-e Basi(s1 anaging *er3i(es


11/43


anaging *er3i(es + Unit 0iles

Via !nit !nit scripts are stored in etcinit.d called $rom etcrcI

Via systemd

aintainer $iles usrli6systemdsystem

)ser modi$cations etcsystemdsystem *ote unit $iles under etc will ta&e precedence o"er usr


12/43


anaging *er3i(es + *tart4*top

Via !nit J ser"ice httpd Kstart,stop,restart,reload

Via systemctl

J systemctl Kstart,stop,restart,reload httpd.ser"ice

*otes systemctl places the actionF 6e$ore the ser"ice name.

!$ a unit isn9t speci$ed, .ser"ice is assumed.

systemctl start httpd @@ systemctl start httpd.ser"ice

+a6 completion wor&s #reat with systemctl, install 6ash'completion

systemctl can connect to remote hosts o"er SSH usin# 'HF


13/43

RED HAT | Ingo Brnig1(

anaging *er3i(es + *tatus

Via !nit J ser"ice httpd status

Via systemctl

J systemctl status httpd.ser"ice

List loaded ser"ices systemctl 't ser"ice

List installed ser"ices

systemctl list'unit'$iles 't ser"ice similar to ch&con$# ''list5

View state

systemctl ''state $ailed


14/43


anaging *er3i(es + Ena.le4Disa.le

Via !nit J ch&con$# httpd Kon,o$$

Via systemctl

J systemctl Kena6le, disa6le, mas&, unmas& httpd.ser"ice

mas& +his will lin& these units to de"null, ma&in# itimpossi6le to start them. +his is a stron#er "ersion o$ disa6le,since it prohi6its all &inds o$ acti"ation o$ the unit, includin#manual acti"ation. )se this option with care.F


15/43


16/43


%-at Runle3els/

Runle"els @@ +ar#ets

Runle"elsF are e%posed "ia tar#et units

etcinitta6 is no lon#er used

+ar#et names are more rele"ant

multi'user.tar#et "s. runle"el( #raphical.tar#et "s. runle"el8

Set the de$ault "ia Msystemctl ena6le #raphical.tar#et ''$orceM

;han#e at run'time "ia Msystemctl isolate Ntar#etOM


17/43


Runle3el 6ames

Runle3el *ystemd Target Des(ription

0 powero$$.tar#et, runle"el0.tar#et System halt

1 rescue.tar#et, runle"el1.tar#et Sin#le user mode

( 2,5 multi'user.tar#et, runle"el(.tar#et ulti'user, non #raphical

8 #raphical.tar#et, runle"el8.tar#et ulti'user, #raphical

3 re6oot.tar#et, runle"el3.tar#et System re6oot

ls /lib/systemd/system/runlevel*target -l

lrwxrwxrwx. 1 root root 15 Jul 3 21:37 /lib/systemd/system/runlevel0.target -> poweroff.target

lrwxrwxrwx. 1 root root 13 Jul 3 21:37 /lib/systemd/system/runlevel1.target -> rescue.target

lrwxrwxrwx. 1 root root 17 Jul 3 21:37 /lib/systemd/system/runlevel2.target -> multi-user.target

lrwxrwxrwx. 1 root root 17 Jul 3 21:37 /lib/systemd/system/runlevel3.target -> multi-user.target

lrwxrwxrwx. 1 root root 17 Jul 3 21:37 /lib/systemd/system/runlevel4.target -> multi-user.targetlrwxrwxrwx. 1 root root 16 Jul 3 21:37 /lib/systemd/system/runlevel5.target -> graphical.target

lrwxrwxrwx. 1 root root 13 Jul 3 21:37 /lib/systemd/system/runlevel6.target -> reboot.target


18/43

RED HAT | Ingo Brnig1A

'ustomiing *er3i(e Unit 0iles


19/43



)nit $iles can 6e altered or e%tended 6y placin# drop'insF underetcsystemdsystem$oo6ar.ser"ice.dI.con$

;han#es are applied on top o$ maintainer unit $iles.

# cat /etc/systemd/system/httpd.service.d/50-httpd.conf[Service]

Restart=alwaysStartLimitInterval=10StartLimitBurst=5StartLimitAction=rebootCPUShares=2048

Nice=-10OOMScoreAdjust=-1000


20/43



Run Msystemctl daemon'reloadM a$ter ma&in# chan#es to noti$ysystemd

-rop'ins will 6e shown $rom Msystemctl statusM

# systemctl status httpd.servicehttpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service;enabled)Drop-In: /etc/systemd/system/httpd.service.d50-httpd.conf


21/43


'ustomiing *er3i(e Unit 0iles + Tips8

;han#es to unit $iles under usrli6systemdsystem could 6eo"erwritten 6y updates. -


22/43


Resour(e anagement


23/43

RED HAT | Ingo Brnig2(

a9ing 'groups Easier

View c#roup hierarchy "ia systemd'c#ls

View usa#e stats "ia systemd'c#top use $or tunin#5

-e$ault hierarchy

system.slice contains system ser"ices

user.slice contains user sessions machine.slice contains "irtual machines and containers

Ser"ices can 6e promoted to their own slice i$ necessary.


24/43


Resour(e anagement , 'on)iguration

systemctl can con$i#ure and persist c#roup attri6utes

systemctl set'property httpd.ser"ice ;)Shares@20A

/dd ''runtime to not persist the settin#s

systemctl set'property ''runtime httpd.ser"ice Q ;)Shares@20A

/lternati"ely settin#s can 6e placed in unit $iles NSer"iceO

;)Shares@20A


25/43


'on3erting Init *(ripts


26/43


Remem.er :-at an init+)ile loo9s li9e/

#!/bin/bash## httpd Startup script for the Apache HTTP Server## chkconfig: - 85 15# description: The Apache HTTP Server is an efficient and extensible \# server implementing the current HTTP standards.# processname: httpd# config: /etc/httpd/conf/httpd.conf# config: /etc/sysconfig/httpd# pidfile: /var/run/httpd/httpd.pid#### BEGIN INIT INFO# Provides: httpd# Required-Start: $local_fs $remote_fs $network $named# Required-Stop: $local_fs $remote_fs $network# Should-Start: distcache

# Short-Description: start and stop Apache HTTP Server# Description: The Apache HTTP Server is an extensible server# implementing the current HTTP standards.### END INIT INFO

# Source function library.. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then . /etc/sysconfig/httpdfi

# Start httpd in the C locale by default.HTTPD_LANG=${HTTPD_LANG-"C"}

# This will prevent initlog from swallowing up a pass-phrase prompt if# mod_ssl needs a pass-phrase from the user.INITLOG_ARGS=""

# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server# with the thread-based "worker" MPM; BE WARNED that some modules may not# work correctly with a thread-based MPM; notably PHP will refuse to start.


27/43


# Path to the apachectl script, server binary, and short-form for messages.apachectl=/usr/sbin/apachectlhttpd=${HTTPD-/usr/sbin/httpd}

prog=httpdpidfile=${PIDFILE-/var/run/httpd/httpd.pid}lockfile=${LOCKFILE-/var/lock/subsys/httpd}RETVAL=0STOP_TIMEOUT=${STOP_TIMEOUT-10}

# check for 1.3 configurationcheck13 () { CONFFILE=/etc/httpd/conf/httpd.conf GONE="(ServerType|BindAddress|Port|AddModule|ClearModuleList|" GONE="${GONE}AgentLog|RefererLog|RefererIgnore|FancyIndexing|" GONE="${GONE}AccessConfig|ResourceConfig)" if LANG=C grep -Eiq "^[[:space:]]*($GONE)" $CONFFILE; then echo

echo 1>&2 " Apache 1.3 configuration directives found" echo 1>&2 " please read /usr/share/doc/httpd-2.2.22/migration.html" failure "Apache 1.3 config directives test" echo exit 1 fi}

# The semantics of these two functions differ from the way apachectl does# things -- attempting to start while running is a failure, and shutdown# when not running is also a failure. So we just do it the way init scripts# are expected to behave here.start() { echo -n $"Starting $prog: " check13 || exit 1

LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS RETVAL=$? echo [ $RETVAL = 0 ] && touch ${lockfile} return $RETVAL}


28/43

RED HAT | Ingo Brnig2A

# When stopping httpd, a delay (of default 10 second) is required# before SIGKILLing the httpd parent; this gives enough time for the# httpd parent to SIGKILL any errant children.

stop() { echo -n $"Stopping $prog: " killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd RETVAL=$? echo [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}}reload() { echo -n $"Reloading $prog: " if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then RETVAL=6 echo $"not reloading due to configuration syntax error" failure $"not reloading $httpd due to configuration syntax error" else

# Force LSB behaviour from killproc LSB=1 killproc -p ${pidfile} $httpd -HUP RETVAL=$? if [ $RETVAL -eq 7 ]; then failure $"httpd shutdown" fi fi echo}

# See how we were called.case "$1" in start) start ;;

stop) stop ;; status) status -p ${pidfile} $httpd RETVAL=$? ;; restart) stop start ;;


29/43


condrestart|try-restart) if status -p ${pidfile} $httpd >&/dev/null; then stop

start fi 44 $orce'reloadreload5 reload 44 #race$ulhelpcon$i#test$ullstatus5 Japachectl J RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}" RETVAL=2esac

exit $RETVAL


30/43

RED HAT | Ingo Brnig(0

'ontrast t-at :it- a systemd unit )ile synta;

[Unit]

Description=The Apache HTTP Server

After=network.target remote-fs.target nss-lookup.target

[Service]

Type=notify

EnvironmentFile=/etc/sysconfig/httpd

ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND

ExecReload=/usr/sbin/httpd $OPTIONS -k graceful

ExecStop=/usr/sbin/httpd $OPTIONS -k graceful-stop

KillSignal=SIGCONTPrivateTmp=true

[Install]

WantedBy=multi-user.target


31/43


Test Unit 0ile

;opy the unit $ile

cp NmyappO.ser"ice etcsystemdsystem

/lert systemd o$ the chan#es

systemctl daemon'reload

Start ser"ice systemctl start NmyappO.ser"ice

View status

systemctl status NmyappO.ser"ice


32/43


T-e Journal


33/43

RED HAT | Ingo Brnig((

T-e Journal + Logging :it- systemd

+he Dournal is a component o$ systemd, that captures Syslo#

messa#es, Ternel lo# messa#es, initial R/ dis& and early 6ootmessa#es as well as messa#es written to S+-arnin#s in 6old

Security

Relia6ility

!ntelli#ently rotated


34/43


Journal

-oes not replace rsyslo# in RHEL 7

rsyslo# is ena6led 6y de$ault

)se rsyslo# $or traditional lo##in# w enterprise $eatures

+he Dournal is not persistent 6y de$ault at the moment 6ut arin#'6u$$er in runlo#Dournal.

;ollects e"ent metadata

Stored in &ey'"alue pairs

man pa#e systemd.Dournal'$elds75

Dournalctl ' utility $or to "iewin# the Dournal. Simple or comple%5 $lterin#

!nterlea"e units, 6inaries, etc


35/43


Using t-e Journal

Ena6le persistence Mm&dir "arlo#DournalM

View $rom 6oot MDournalctl '6M

+ail '$ and 'n wor& as e%pected

Dournalctl '$ 4 Dournalctl 'n 80

:ilter 6y priority MDournalctl 'p Nle"elOM0 emer#

1 alert

2 crit

( err

warnin#8 notice

3 de6u#


36/43


Using t-e Journal


37/43


Trou.les-ooting t-e Boot


38/43

RED HAT | Ingo Brnig(A

Booting

Boot process is too $ast, interacti"e 6oot append

systemd.con$irmWspawn@1

"arlo#6oot.lo# still wor&s the same

Ena6le de6u##in# $rom #ru6 6y appendin#

systemd.lo#Wle"el@de6u# systemd.lo#Wtar#et@&ms#

lo#W6u$Wlen@1


39/43

'ontrol =ro ps ade *imple


40/43


'ontrol =roups ade *imple

Resource ana#ement with c#roups can reduce application or V

contention and impro"e throu#hput and predicta6ility

*li(es *(opes *er3i(es


41/43


*li(es> *(opes> *er3i(es

!n RHEL7 systemd mana#es c#roups, new concept o$

ScopesSlices Slice )nit type $or creatin# the c#roup hierarchy $or resource

mana#ement.

Scope


42/43


'ontrol =roups + Usa.ility Impro3ements1 *(opes

Systemd puts all related wor&er !-s into c#roup called a XscopeY.

Ser"ices

/pache processes in same ser"icesapache scope

ys?l processes in same ser"icesys?l scope

/pacheys?l #et an e?ual sliceF o$ the system

)sers accounts

/ll users #et an e?ual sliceF

achines

/ll containersVs #et an e?ual sliceF *o ser"iceusermachine can dominate system

'ontrol =roups Usa.ility Impro3ements1 *li(es


43/43


'ontrol =roups + Usa.ility Impro3ements1 *li(es

Special unit $ile $or assi#nin# resource constraints

Slices #et assi#ned to scopes

Systemd automatically assi#ns ser"ices to system.slice

Uou can o"erride resource with )nit $ile con$i#uration

emoryLimit@1# ;ommand Line

Z[ systemctl set'property httpd.ser"ice ;)Shares@82emoryLimit@800

Systemd will assi#n ;ontainers to machine.slice Uou can o"erride 6y editin#

etcsystemdsystem6i#'machine.slice

Date post:	02-Jun-2018
Category:	Documents
Upload:	susant-sahani
View:	213 times
Download:	0 times

pdfC1TTlawaxB

Documents