Systemd kasutamine
Sissejuhatus
systemd http://freedesktop.org/wiki/Software/systemd/ ...
Tundub, et 2014 aasta lõpus on Debian v. 8 Jessie koosseisus vaikimisi systemd
# ls -ld /sbin/init lrwxrwxrwx 1 root root 20 Sep 28 22:33 /sbin/init -> /lib/systemd/systemd
Tööpõhimõte
- Turvalisus ja tegevuste isoleerimine failisüsteemi ja võrgu tasemel, http://0pointer.de/blog/projects/security.html
- SysV käivitusskripti on imperatiivsed, st shell skriptid praktiliselt, systemd nö käivitusskriptid on deklaratiivsed, st nn .ini failidele sarnase sisuga
Paigaldamine
Tundub, et minimaalsele keskkonnale (nt debootstrap abil moodustatud) tuleb juurde lisada dbus ja polkit tugi, vastasel korral nt systemd-cgls programm ei tööta)
# apt-get install dbus libpolkit-agent-1-0
Kasutamine
Teenuse oleku küsimiseks sobib öelda
# systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
Active: active (running) since Tue 2014-11-04 02:43:10 EET; 18h ago
Main PID: 1956 (sshd)
CGroup: /system.slice/ssh.service
└─1956 /usr/sbin/sshd -D
kus
# cat /lib/systemd/system/ssh.service [Unit] Description=OpenBSD Secure Shell server After=network.target auditd.service ConditionPathExists=!/etc/ssh/sshd_not_to_be_run [Service] EnvironmentFile=-/etc/default/ssh ExecStart=/usr/sbin/sshd -D $SSHD_OPTS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target Alias=sshd.service
Teenuste nimekirja esitamiseks
# systemctl list-units --type=service | head -n 5 UNIT LOAD ACTIVE SUB DESCRIPTION accounts-daemon.service loaded active running Accounts Service acpid.service loaded active exited LSB: Start the Advanced Configuration and Power Interface daemon amavis-mc.service loaded active exited LSB: Startup script for amavis master supervisor amavis.service loaded active running LSB: Starts amavisd-new mailfilter
Tundub, et teenus saab olla mitmes olekus, üks variant teenuseid on sellised, mis arvuti käivitamisel nö korraks töötavad midagi sisse lülitades ja siis teevad exit, nt
# systemctl list-units --type=service --state=exited UNIT LOAD ACTIVE SUB DESCRIPTION getty-static.service loaded active exited getty on tty2-tty6 if dbus and logind are not available kbd.service loaded active exited LSB: Prepare console keymap.service loaded active exited LSB: Set keymap modules_dep.service loaded active exited LSB: modules.dep creation. netfilter-persistent.service loaded active exited netfilter persistent configuration networking.service loaded active exited LSB: Raise network interfaces. quota.service loaded active exited Check And Enable File System Quotas rc-local.service loaded active exited /etc/rc.local Compatibility systemd-random-seed.service loaded active exited Load/Save Random Seed
systemd-timedated
timedatectl programmiga saab seadistada ajavööndit jms
# timedatectl list-timezones # timedatectl set-timezone Europe/Tallinn
systemd-timedated on ntp klient, mis tuleb kasutamiseks sisse lülitada
# timedatectl set-ntp true
Tundub, et samaväärne on öelda
# systemctl enable systemd-timesyncd # systemctl start systemd-timesyncd
Töötamissel annab timedatactl saranase vastuse
# timedatectl status
Local time: Fri 2015-07-31 01:21:26 EEST
Universal time: Thu 2015-07-30 22:21:26 UTC
RTC time: Thu 2015-07-30 22:21:26
Time zone: Europe/Tallinn (EEST, +0300)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2015-03-29 02:59:59 EET
Sun 2015-03-29 04:00:00 EEST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2015-10-25 03:59:59 EEST
Sun 2015-10-25 03:00:00 EET
kus
- valitud ajavööndi Daylight Saving Time algus ja lõpp
- kas NTP teenust töötab (systemd-timesyncd)
Spetsiifilise NTP serveri kasutamiseks sobib näidata ta seadistusfailis /etc/systemd/timesyncd.conf
# cat /etc/systemd/timesyncd.conf [Time] Servers=10.192.0.53
ja muudatuse kehtestamiseks öelda
# systemctl restart systemd-timesyncd
Tulemusena
# systemctl status systemd-timesyncd
● systemd-timesyncd.service - Network Time Synchronization
Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled)
Active: active (running) since Fri 2015-07-31 09:13:18 EEST; 1min 43s ago
Docs: man:systemd-timesyncd.service(8)
Main PID: 1179 (systemd-timesyn)
Status: "Using Time Server 10.192.0.53:123 (10.192.0.53)."
CGroup: /system.slice/systemd-timesyncd.service
└─1179 /lib/systemd/systemd-timesyncd
Jul 31 09:13:17 postkast systemd-timesyncd[1179]: Using NTP server 10.192.0.53:123 (10.192.0.53).
Jul 31 09:13:18 postkast systemd-timesyncd[1179]: interval/delta/delay/jitter/drift 32s/+0.621s/0.000s/0.000s/+0ppm
Jul 31 09:13:50 postkast systemd-timesyncd[1179]: interval/delta/delay/jitter/drift 64s/+0.000s/0.000s/0.000s/+0ppm
Jul 31 09:14:54 postkast systemd-timesyncd[1179]: interval/delta/delay/jitter/drift 128s/-0.000s/0.000s/0.000s/+0ppm
Taustal tegutseb lisaks systemd-timedated deemon, mis on static, st teda kutsutakse automaatselt vajadusel välja, st käivitatakse
# systemctl status systemd-timedated
● systemd-timedated.service - Time & Date Service
Loaded: loaded (/lib/systemd/system/systemd-timedated.service; static)
Active: inactive (dead)
Docs: man:systemd-timedated.service(8)
man:localtime(5)
http://www.freedesktop.org/wiki/Software/systemd/timedated
Rakenduste kasutamine systemd keskkonnas
PostgreSQL kasutamine
Mitme PostgreSQL protsesside komplekti kasutamiseks sobib esmalt järgmise eksemplari osa failisüsteemis ettevalmistada nö tavalisel viisil
# pg_createcluster 9.4 test
ning käivitada
# systemctl start postgresql@9.4-test
Mitme PostgreSQL protsesside komplekti kasutamine paistab sedasi
# ps -U postgres -o pid,user,cgroup:150,args PID USER CGROUP COMMAND 10064 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-main.service /usr/lib/postgresql/9.4/bin/postgres -D /va ... 10070 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-main.service postgres: checkpointer process 10072 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-main.service postgres: writer process 10074 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-main.service postgres: wal writer process 10076 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-main.service postgres: autovacuum launcher process 10078 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-main.service postgres: stats collector process 10331 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-test.service /usr/lib/postgresql/9.4/bin/postgres -D /var ... 10333 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-test.service postgres: checkpointer process 10334 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-test.service postgres: writer process 10335 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-test.service postgres: wal writer process 10336 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-test.service postgres: autovacuum launcher process 10337 postgres 8:devices:/system.slice/system-postgresql.slice ... /postgresql@9.4-test.service postgres: stats collector process
kus
- erinevate PostgreSQL protsessi kompilektide protsessid on sama süsteemi kasutaja postgres omad, aga kuuluvad erinevatesse kerneli CGROUP'idesse
Tapmiseks nö -9 signaaliga
# systemctl kill -s SIGKILL postgresql@9.4-test.service
Samba
Teenuste seiskamine
# systemctl stop smbd # systemctl stop nmbd
kontrolliks
# ps aux | grep mb
AD kasutamiseks
# systemctl start samba-ad-dc
OpenVPN
Kui OpenVPN kliendi seadisus asub failis /etc/openvpn/client.conf, siis käivitamiseks sobib öelda
# systemctl start openvpn@client.service
Serial konsool
Serial konsooli käivitamiseks sobib öelda
# systemctl enable serial-getty@ttyS0.service Created symlink from /etc/systemd/system/getty.target.wants/serial-getty@ttyS0.service \ to /lib/systemd/system/serial-getty@.service. # systemctl start serial-getty@ttyS0.service
Tulemusena saab ipmitool, cu, minicom jt programmide abil pöörduda serial konsooli poole.
NUT
Tundub, et töötab, nt
# systemctl status nut-server # systemctl status nut-client
iptables
Kasulikud lisamaterjalid
rsyslog
Peatamiseks
# systemctl stop syslog.socket rsyslog.service
vastasel korral tuleb sõnum sisse ja rsyslog teenus käivitatakse automaatselt.
Varnish
Kuulava pordi muutmine failis
# grep ^ExecS /lib/systemd/system/varnish.service ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
Logimisel X-Forwarded-For kasutamiseks
# grep ^ExecS /lib/systemd/system/varnishncsa.service
ExecStart=/usr/bin/varnishncsa -F '%%{X-Forwarded-For}i %%l %%u %%t \"%%r\" %%s %%b \"%%{Referer}i\" \"%%{User-agent}i\"' -a -w /var/log/varnish/varnishncsa.log
Muudatuste kehtestamiseks
# systemctl daemon-reload # /etc/init.d/varnishncsa restart # /etc/init.d/varnish restart
Logis on näha X-Forwarded-For päisest tulnud aadress ning tcp ühenduse teise otspunkti aadress
# tail -f /var/log/varnish/varnishncsa.log 10.204.62.115, 10.184.39.42 - - [02/Oct/2017:17:20:24 +0300] "GET http://www.moraal.ee/ HTTP/1.1" 200 612 "-" "Wget/1.17.1 (linux-gnu)" 10.204.62.115, 10.184.39.42 - - [02/Oct/2017:17:20:24 +0300] "GET http://www.moraal.ee/ HTTP/1.1" 200 612 "-" "Wget/1.17.1 (linux-gnu)" 10.204.62.115, 10.184.39.42 - - [02/Oct/2017:17:20:24 +0300] "GET http://www.moraal.ee/ HTTP/1.1" 200 612 "-" "Wget/1.17.1 (linux-gnu)" ...
Logimine
Systemd sisaldab logimise komponenti journald.
Süsteemi alglaadimine
Logimise haldusutiliit näitab vaikimisi kogu kogutud logi alates viimasest alglaadimisest, vanemad sissekanded eespool
# journalctl -- Logs begin at Mon 2015-07-27 23:03:45 EEST, end at Tue 2015-07-28 08:41:14 EEST. -- Jul 27 23:03:45 systemd systemd-journal[171]: Runtime journal is using 4.0M (max allowed 9.3M, trying to leave 14.0M free of 89.7M available → current limit 9.3M). Jul 27 23:03:45 systemd systemd-journal[171]: Runtime journal is using 4.0M (max allowed 9.3M, trying to leave 14.0M free of 89.7M available → current limit 9.3M). Jul 27 23:03:45 systemd kernel: Initializing cgroup subsys cpuset Jul 27 23:03:45 systemd kernel: Initializing cgroup subsys cpu Jul 27 23:03:45 systemd kernel: Initializing cgroup subsys cpuacct Jul 27 23:03:45 systemd kernel: Linux version 4.0.0-2-amd64 (debian-kernel@lists.debian.org) (gcc version 4.9.3 (Debian 4.9.3-2) ) #1 SMP Debian 4.0.8-2 (2015-07-22) Jul 27 23:03:45 systemd kernel: Command line: BOOT_IMAGE=/vmlinuz-4.0.0-2-amd64 root=/dev/mapper/systemd-root ro console=ttyS0,9600 ...
journald töötamisest annab tunnistust protsess
# ps aux | grep journald .. root 172 0.1 1.0 35112 5208 ? Ss 08:55 0:00 /lib/systemd/systemd-journald
Märkused
Tundub, et vahel võib The Journal seisma jääda (nt saab failisüsteem täis vms), see paistab sedasi ja midagi ei logita (nt logger protsessiga)
Mar 28 03:37:01 keskus systemd-journal[29787]: Journal stopped -- Subject: The Journal has been stopped -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Käivitamiseks
# systemctl start systemd-journald
# journalctl -xn ... May 19 02:36:01 keskus systemd[1]: Starting Session 81008 of user root. May 19 02:36:01 keskus systemd[1]: Started Session 81008 of user root. May 19 02:36:01 keskus systemd[1]: Starting Journal Socket (/dev/log). May 19 02:36:01 keskus systemd[1]: Listening on Journal Socket (/dev/log). May 19 02:36:01 keskus systemd[1]: Starting Journal Socket. May 19 02:36:01 keskus systemd[1]: Listening on Journal Socket. May 19 02:36:01 keskus systemd[1]: Starting Journal Service... May 19 02:36:01 keskus systemd[1]: Started Journal Service. May 19 02:36:01 keskus systemd-journal[32447]: Journal started -- Subject: The Journal has been started -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- The system journal process has been starting up, opened the journal -- files for writing and is now ready to process requests.
Apache veebiserver
Kui Apache seadistusfailis on viga, siis see paistab journald juurest välja selline
# journalctl -u apache2 .. Jul 28 09:11:31 systemd systemd[1]: Starting LSB: Apache2 web server... Jul 28 09:11:31 systemd apache2[2491]: Starting web server: apache2 failed! Jul 28 09:11:31 systemd apache2[2491]: The apache2 configtest failed. ... (warning). Jul 28 09:11:31 systemd apache2[2491]: Output of config test was: Jul 28 09:11:31 systemd apache2[2491]: AH00526: Syntax error on line 1 of /etc/apache2/sites-enabled/000-default.conf: Jul 28 09:11:31 systemd apache2[2491]: <VirtualHost> directive missing closing '>' Jul 28 09:11:31 systemd apache2[2491]: Action 'configtest' failed. Jul 28 09:11:31 systemd apache2[2491]: The Apache error log may have more information. Jul 28 09:11:31 systemd systemd[1]: apache2.service: Control process exited, code=exited status=1 Jul 28 09:11:31 systemd systemd[1]: Failed to start LSB: Apache2 web server. Jul 28 09:11:31 systemd systemd[1]: apache2.service: Unit entered failed state. Jul 28 09:11:31 systemd systemd[1]: apache2.service: Failed with result 'exit-code'.
kus
- journald tegeleb apache2 protsessidega seotud nö süsteemse logiga, mitte http päringute logimisega
Kasulikud lisamaterjalid
- https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs
- http://0pointer.de/blog/projects/journalctl.html
targetite vahel liikumine
Nö init=/bin/bash keskkonda liikumiseks tuleb kasutada bootloaderis tuuma real parameetrit
systemd.unit=emergency.target
tulemusena jõutakse (arvuti hostname on antud juhul systemd)
..
Welcome to Debian GNU/Linux stretch/sid!
[260222.496889] systemd[1]: Set hostname to <systemd>.
[ OK ] Created slice Root Slice.
[260223.089638] systemd[1]: Created slice Root Slice.
[260223.096748] systemd[1]: Starting Root Slice.
[ OK ] Created slice System Slice.
[260223.109289] systemd[1]: Created slice System Slice.
[260223.115005] systemd[1]: Starting System Slice.
[ OK ] Started Emergency Shell.
[260223.134133] systemd[1]: Started Emergency Shell.
[260223.146296] systemd[1]: Starting Emergency Shell...
Starting Emergency Shell...
[ OK ] Reached target Emergency Mode.
[260223.192047] systemd[1]: Reached target Emergency Mode.
[260223.205684] systemd[1]: Startup finished in 3.658s (kernel) + 967ms (userspace) = 4.626s.
[260223.221455] systemd[1]: Starting Emergency Mode.
[260223.232336] systemd[157]: emergency.service: Failed at step EXEC spawning /bin/plymouth: No such file or directory
Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
try again to boot into default mode.
Give root password for maintenance
(or press Control-D to continue): <root parool>
root@systemd:~#
Tavalisse nn multi-user režiimi jõudmiseks sobib öelda seejärel
# systemctl isolate multi-user.target
Arvuti väljalülitamiseks sh toitest
# systemctl poweroff
systemd-socket-proxyd
systemd-ocket-proxyd võimaldab käivitada teenuse selle poole pöördumisel. Nt nginx protsessid käivitatakse port 80 poole pöördumisel. Selleks tuleb
- seadistada nginx server kuulama port 8080
# cat /etc/nginx/sites-available/default
..
server {
listen 8080 default_server;
...
- tekitada .service tüüpi unit (erinevalt man systemd-socket-proxyd soovitusest on JoinsNamespaceOf ja PrivateNetwork välja kommenteeritud ja lülitatud)
# cat /etc/systemd/system/proxy-to-nginx.service [Unit] Rquires=nginx.service After=nginx.service # JoinsNamespaceOf=nginx.service
[Service] ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:8080 PrivateTmp=yes PrivateNetwork=no
- tekitada .socket tüüpi unit
# cat /etc/systemd/system/proxy-to-nginx.socket [Socket] ListenStream=80 [Install] WantedBy=sockets.target
Seejärel tuleb sisse lülitada ja käivitada socket unit (nginx ise ega proxy-to-nginx.service ei pea töötama)
# systemctl enable proxy-to-nginx.socket # systemctl start proxy-to-nginx.socket
Tulemusena pöördudes aadressile http://127.0.0.1:80/ käivitatakse .service ja nginx protsessid.
Kasulikud lisamaterjalid
- https://developer.atlassian.com/blog/2015/03/docker-systemd-socket-activation/
- man systemd-socket-proxyd
systemd-resolved
Paigaldada pakett libnss-resolve
# apt-get install libnss-resolve
Kirjeldada meelepärane nö ISP nimeserver
# cat /etc/systemd/resolved.conf [Resolve] DNS=10.192.0.53
Lülitada sisse systemd-resolved
# systemctl start systemd-resolved # systemctl enable systemd-resolved
Testida systemd-resolved rekursiivse nimeserveri töötamist
# /lib/systemd/systemd-resolve-host kuutorvaja.eenet.ee kuutorvaja.eenet.ee: 193.40.0.7 -- Information acquired via protocol DNS in 157.3ms.
Kustutada fail /etc/resolv.conf
# rm /etc/resolv.conf
Kasutada failis /etc/nsswitch.conf rida
hosts: files resolve dns
Soovi korral
# ln -fs /run/systemd/resolve/resolv.conf /etc/resolv.conf
Debugi sisselülitamine
# cp /lib/systemd/system/systemd-resolved.service /etc/systemd/system
kus on sektsioonis Service lisatud debug
[Service] .. Environment=SYSTEMD_LOG_LEVEL=debug
dns cache jms logisse kirjutamiseks
# kill -SIGUSR1 PID
Tulemuse esitamine
# systemd-resolve --status
Logi jälgimine
# journalctl -f -u systemd-resolved
localectl
# localectl list-locales C.UTF-8 en_US.utf8
Service haldamine
Käivitamine
# systemctl start apache2
Oleku küsimine
# systemctl status apache2
Seiskamine
# systemctl stop apache2
Väljalülitamine, st selliselt seadistatud teenust ei käivitata automaatselt (süsteemi alglaadimisel, mingi event esinemisel vms), aga käsitsi start abil saab käivitada
# systemctl disable apache2
Sisselülitamiseks
# systemctl enable apache2
Maskeerimine, selliselt seadistatud teenust ei saa üldse käivitada
# systemctl mask apache2
Maskeerimise väljalülitamiseks
# systemctl unmask apache2
Kõigi service'ite nimekirja küsimine (töötavate küsimiseks jätta -a ära; sarnaselt saab küsida target, socket, mount)
# systemctl list-units --type service -a
Kõigi failide nimekirja küsimine
# systemctl list-unit-files --type=service
systemd seadistustes tehtud muudatuste esitamine
# systemd-delta
Sõltuvuste nimekirja esitamine
# systemctl list-dependencies sshd.service
Teenuse omaduste esitamiseks
# systemctl show sshd.service
Unitite seadistusfailidega töötamiseks sobib öelda (vastavalt redigeeritakse /etc/systemd/system/nginx.service, /etc/systemd/system/nginx.service.d/failinimi või esitatakse faili sisu)
# systemctl edit --full nginx.service # systemctl edit nginx.service # systemctl cat nginx.service
systemd-networkd
systemd-networkd tegeleb võrgu seadistamisega. Nt nspawn konteinerile saab võrgu seadistada selliselt
- seadistada konteinerit hostiva arvuti võrguühendus nt bridge-utils bridge abil
- tekitada konteinerisse seadistusfail (kui arvutis on mitu võrguliidest, siis võiks iga liidese jaoks olla oma fail)
# cat /etc/systemd/network/50-static.network [Match] Name=host0 [Network] Address=192.168.10.16/24 Gateway=192.168.10.254
- /etc/network/interfaces failis kirjeldada vaid lo seade
# cat /etc/network/interfaces source /etc/network/interfaces.d/* auto lo iface lo inet loopback
- võrgu käivitamiseks öelda
# systemctl start systemd-networkd
- ipv4 ja ipv6 aadressi seadistamiseks
.. [Network] Gateway=192.168.10.254 [Address] Address=192.168.10.16/24 [Address] Address=110:1/64
Konsooli alglaadimisjärgse puhastamise lõpetamine
Järgneva töötamise eelduseks on /etc/default/grub failis "quiet" eemaldamine, vt man systemd -> ShowStatus 'Defaults to enabled, unless quiet is passed as kernel command line option, in which case it defaults to error.' Alternatiiv on kasutada kernel argumenti 'systemd.show_status=1'.
Viisakas variant
# systemctl edit getty@tty1 [Service] TTYVTDisallocate=no
Vulgaarsem variant
# mkdir /etc/systemd/system/getty@tty1.service.d # cat /etc/systemd/system/getty@tty1.service.d/noclear.conf [Service] TTYVTDisallocate=no
Ja järgmisel alglaadimisel enam ekraani ei puhastata
# reboot
NB! Selleks, et tuuma teateid oleks näha tuleb lisaks GRUB2 seadistusfailis kasutada rida
# cat /etc/default/grub .. GRUB_CMDLINE_LINUX_DEFAULT="" ...
ning öelda
# update-grub
Kasulikud lisamaterjalid
journalctl kasuamine
Bootimisest alates antud logi sissekannete esitamiseks sobib öelda
# journalctl -b
Selleks, et näha erinevate bootimiskordade logi tuleb öelda
# mkdir /var/log/journal # sed -ri s/^#Storage=auto/Storage=persistent/ /etc/systemd/journald.conf
tulemusena saab nimekirja vaadata
# journalctl --list-boots
ning konkreetse korra sissekandeid nt
# journalctl -b -2
Uniti vms logi follow režiimis esitamiseks
# journalctl -n 20 -f -u ssh
Systemd debugimine
TODO
Kasulikud lisamaterjalid
Ressursikasutuse kontrollimine
# grep -v "^#" /etc/systemd/system.conf [Manager] DefaultCPUAccounting=yes DefaultBlockIOAccounting=yes DefaultMemoryAccounting=yes
# systemctl set-property nginx.service MemoryLimit=10M
systemd-run
$ systemd-run --user --unit=limit-test.scope --scope -p MemoryAccounting=yes -p MemoryLimit=2M bash
$ systemctl show --user limit-test.scope | grep Mem MemoryAccounting=yes MemoryLimit=2M
systemd-boot
TODO
Kasulikud lisamaterjalid
systemd-logind
systemd-logind asendab ConsoleKit lahenduse. nt saab küsida
# loginctl list-sessions
SESSION UID USER SEAT TTY
31 0 root seat0 /dev/tty2
189 1001 priit seat0 /dev/tty4
2 1000 imre seat0
c5 111 lightdm seat0
187 1001 priit seat0 /dev/tty3
33 1000 imre seat0
6 sessions listed.
Kasulikud lisamaterjalid
systemd user services
TODO
Kasulikud lisamaterjalid
- https://wiki.archlinux.org/index.php/Systemd/User
- https://unix.stackexchange.com/questions/251211/why-doesnt-my-systemd-user-unit-start-at-boot
- https://www.brendanlong.com/systemd-user-services-are-amazing.html
tmpfiles-setup
tmpfiles-setup haldab programmide ajutiste jms failide jaoks kataloogide olemasolu eest
# ls -ld /usr/lib/tmpfiles.d/* -rw-r--r-- 1 root root 238 Dec 2 2015 /usr/lib/tmpfiles.d/00rsyslog.conf -rw-r--r-- 1 root root 153 Dec 2 2015 /usr/lib/tmpfiles.d/dbus.conf -rw-r--r-- 1 root root 577 Jul 5 16:56 /usr/lib/tmpfiles.d/debian.conf -rw-r--r-- 1 root root 362 Jul 19 02:56 /usr/lib/tmpfiles.d/home.conf -rw-r--r-- 1 root root 1098 Jul 19 02:56 /usr/lib/tmpfiles.d/journal-nocow.conf -rw-r--r-- 1 root root 812 Jul 19 02:56 /usr/lib/tmpfiles.d/legacy.conf -rw-r--r-- 1 root root 61 Apr 16 2016 /usr/lib/tmpfiles.d/lvm2.conf -rw-r--r-- 1 root root 239 Feb 5 2016 /usr/lib/tmpfiles.d/passwd.conf -rw-r--r-- 1 root root 176 Feb 21 2016 /usr/lib/tmpfiles.d/postgresql.conf -rw-r--r-- 1 root root 33 Jun 9 2015 /usr/lib/tmpfiles.d/screen-cleanup.conf -rw-r--r-- 1 root root 31 Mar 16 2017 /usr/lib/tmpfiles.d/sshd.conf -rw-r--r-- 1 root root 313 Jul 4 10:37 /usr/lib/tmpfiles.d/sudo.conf -rw-r--r-- 1 root root 1544 Jul 19 02:56 /usr/lib/tmpfiles.d/systemd.conf -rw-r--r-- 1 root root 496 Jul 19 02:56 /usr/lib/tmpfiles.d/systemd-nologin.conf -rw-r--r-- 1 root root 637 Jul 19 02:56 /usr/lib/tmpfiles.d/tmp.conf -rw-r--r-- 1 root root 532 Jul 19 02:56 /usr/lib/tmpfiles.d/var.conf -rw-r--r-- 1 root root 623 Jul 19 02:56 /usr/lib/tmpfiles.d/x11.conf -rw-r--r-- 1 root root 41 Aug 16 12:13 /usr/lib/tmpfiles.d/zabbix-agent.conf
Timer
TODO
# systemctl list-timers NEXT LEFT LAST PASSED UNIT ACTIVATES Tue 2017-07-25 06:52:49 EEST 6h left Mon 2017-07-24 06:49:40 EEST 17h ago apt-daily.timer apt-daily.service Tue 2017-07-25 10:41:54 EEST 10h left Mon 2017-07-24 10:41:54 EEST 13h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
systemd-fstab-generator
Paistab, et systemd tekitab automaatselt /etc/fstab sisule vastavad unit failid /run alla, nt
# cat /run/systemd/generator/var-lib-postgresql.mount # Automatically generated by systemd-fstab-generator [Unit] SourcePath=/etc/fstab Documentation=man:fstab(5) man:systemd-fstab-generator(8) Before=local-fs.target Requires=systemd-fsck@dev-system-var_lib_postgresql.service After=systemd-fsck@dev-system-var_lib_postgresql.service [Mount] What=/dev/system/var_lib_postgresql Where=/var/lib/postgresql Type=ext4
Kui fstab sees kirjeldatud LVM voluumi nime jääb samaks, aga UUID muutub (nt olemasolev LVM volüüm kustutada ja tekitada asemele teine) ning öelda
# mount /var/lib/postgresql
siis failisüsteem monteeritakse ja ühendatakse ka kohe lahti syslog tekstiga
Feb 20 00:57:33 ky-test kernel: [1210006.815639] EXT4-fs (dm-6): mounted filesystem with ordered data mode. Opts: discard Feb 20 00:57:33 ky-test systemd[1]: var-lib-postgresql.mount: Unit is bound to inactive unit dev-system-var_lib_postgresql.device. Stopping, too. Feb 20 00:57:33 ky-test systemd[1]: Unmounting /var/lib/postgresql... Feb 20 00:57:33 ky-test systemd[1]: Unmounted /var/lib/postgresql.
Lahenduseks on öelda
# systemctl daemon-reload
Märkused
- kerneli mooduleid loeb käivitamisel systemd-modules-load
systemd-modules-load.service
Seadistusfailiks on
# ls -ld /etc/modules-load.d/modules.conf lrwxrwxrwx 1 root root 10 Oct 9 14:58 /etc/modules-load.d/modules.conf -> ../modules
systemd komponente kasutavas operatsioonisüsteemis töötavad nt sellised protsessid
# ps aux | grep '/lib/systemd/systemd-' root 173 0.0 0.5 28188 2912 ? Ss 15:39 0:00 /lib/systemd/systemd-journald root 190 0.0 0.7 44072 4000 ? Ss 15:39 0:00 /lib/systemd/systemd-udevd systemd+ 388 0.0 0.4 97952 2312 ? Ssl 15:39 0:00 /lib/systemd/systemd-timesyncd root 396 0.0 0.5 28352 2772 ? Ss 15:39 0:00 /lib/systemd/systemd-logind systemd+ 402 0.0 0.5 28504 2892 ? Ss 15:39 0:00 /lib/systemd/systemd-networkd systemd+ 1004 0.0 0.5 31340 2880 ? Ss 16:00 0:00 /lib/systemd/systemd-resolved
Tundub, et midagi teeb käsk systemd konfi muudatuste kehtestamiseks
# systemctl daemon-reload
Tugevamaks kehtestamiseks või nö jamade lahendamiseks sobib öelda
# systemctl daemon-reexec
su ja sudo kasutamine
Tundub, et su ja sudo programmide kasutamise asemel annab nö autentsema tulemuse machinectl kasutamine, nt
# machinectl shell imre@
nt on seejärel väärtustatud mitmesugused XDG keskkonnamuutujad
$ env | grep XDG XDG_SESSION_TYPE=tty XDG_SESSION_CLASS=user XDG_SESSION_ID=29 XDG_RUNTIME_DIR=/run/user/1000 XDG_DATA_DIRS=/usr/local/share:/usr/share:/var/lib/snapd/deskto
Kasulikud lisamaterjalid
- Systemd-nspawn kasutamine operatsioonisüsteemiga Debian
- http://en.wikipedia.org/wiki/Systemd
- http://blog.exppad.com/article/a-docker-like-container-management-using-systemd
- http://0pointer.net/blog/projects/systemd-for-admins-1.html
- http://zero-knowledge.org/post/92
- http://0pointer.de/public/systemd-ebook-psankar.pdf
- http://ktaraghi.blogspot.com/2013/11/what-is-systemd-and-how-it-works-part-1.html
