Getting the maximum out of systemd

Getting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemd
Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto
FLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring Conference
March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016

whoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoami
• Sysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.eu
• FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004
• systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010
EEEEEEEEEEEEEEEEExherbo Linux
• DevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believer
• @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie on irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/github

systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd
• AAAAAAAAAAAAAAAAAn init system
• IIIIIIIIIIIIIIIIImprove the Linux init process
• SSSSSSSSSSSSSSSSStarting more in parallel
• MMMMMMMMMMMMMMMMMaking better decisions
• TTTTTTTTTTTTTTTTTakes advantages of Linux features

systemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoption
• 22222222222222222011: Fedora, Exherbo
• 22222222222222222012: Mageia, openSUSE, Arch Linux
• 22222222222222222013: CoreOS
• 22222222222222222014: RHEL, CentOS
• 22222222222222222015: Ubuntu, Debian

AlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternatives
• SSSSSSSSSSSSSSSSSystem V: legacy
• UUUUUUUUUUUUUUUUUpstart: Ubuntu < 2015 and EL6
• OOOOOOOOOOOOOOOOOpenRC: mainly Gentoo

Talk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibility
• CCCCCCCCCCCCCCCCContent of this talk runs on CentOS 7.2
• sssssssssssssssssystemd 219
• SSSSSSSSSSSSSSSSShould work on any other distro

UnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnits
Licensed under a Creative Commons Attribution 2.0 License
https://www.ﬂickr.com/photos/dbackmansfo/10939296845

systemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd units
• BBBBBBBBBBBBBBBBBase bricks of systemd systems
• OOOOOOOOOOOOOOOOOne unit = one resource
• mmmmmmmmmmmmmmmmmountpoint, service, device, timer, socket, …

• nnnnnnnnnnnnnnnnnetwork.target
• mmmmmmmmmmmmmmmmmariadb.service
• ssssssssssssssssshaarli.socket
• pppppppppppppppppuppet-run.timer
• hhhhhhhhhhhhhhhhhome.mount
• sssssssssssssssssession-1.scope

Unit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configuration
• IIIIIIIIIIIIIIIIIni-style text files
• LLLLLLLLLLLLLLLLList: systemctl list-units --all
• RRRRRRRRRRRRRRRRRead: systemctl cat

Unit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit example
[Unit]
Description=nscd
[Service]
Type=forking
PIDFile=/run/nscd/nscd.pid
ExecStart=/usr/host/bin/nscd
ExecStop=/usr/host/bin/nscd −−shutdown
[Install]
WantedBy=multi−user.target

Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?
• /////////////////etc/systemd/system/*
• /////////////////run/systemd/system/*
• /////////////////usr/lib/systemd/system/*

Here is the rule:
Packaged ﬁles go in /usr/lib.
Humans (or Conﬁg management
tools) override in /etc.

Overriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding units
https://www.ﬂickr.com/photos/alovesdc/3468924493

Overriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: why
• AAAAAAAAAAAAAAAAAdd/Remove/Change parameters
• AAAAAAAAAAAAAAAAAdapt them to your needs
• SSSSSSSSSSSSSSSSSet ulimits, user, …
• FFFFFFFFFFFFFFFFFix bugs

Changing services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemd
• RRRRRRRRRRRRRRRRReplace /etc/init.d scripts
• /////////////////etc/default, /etc/sysconfig
• SSSSSSSSSSSSSSSSSpaghetti code

Overriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemd
• OOOOOOOOOOOOOOOOOverride completely a unit
• JJJJJJJJJJJJJJJJJust add/change one parameter
• """""""""""""""""Patch" vendor units

Complete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete override
# /etc/systemd/system/openvpn.service
[Unit]
Description=OpenVPN
After=syslog.target
[Service]
ExecStart=/usr/host/bin/openvpn −−syslog −−writepid /run
/openvpn.pid −−cd /etc/openvpn −−config /etc/openvpn/
openvpn.conf
[Install]
WantedBy=multi−user.target

Advantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overrides
• IIIIIIIIIIIIIIIIIn /etc/systemd/system
• DDDDDDDDDDDDDDDDDo not conflict with packages
• OOOOOOOOOOOOOOOOOverride everything, even dependencies
• NNNNNNNNNNNNNNNNNot only for overrides: if you have
unpackaged units, put them there

Partial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial override
# /etc/systemd/system/mariadb.service.d/niceness.conf
[service]
Nice=5

Advantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overrides
• IIIIIIIIIIIIIIIIIn /etc/systemd/system/$Unit
name.d/*.conf
• DDDDDDDDDDDDDDDDDo not conflict with packages
• OOOOOOOOOOOOOOOOOverride only what is needed
• AAAAAAAAAAAAAAAAAdapt while still accept upstream work
• NNNNNNNNNNNNNNNNNo need to adapt at each upgrade
• WWWWWWWWWWWWWWWWWorks for everything (not only services)

The price of that ﬂexibility:
systemctl daemon-reload

Verify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unit
systemctl cat mariadb.service
# /usr/x86_64−pc−linux−gnu/lib/systemd/system/mariadb.
service
[Unit]
Description=MySQL database server
After=syslog.target
After=network.target
[Service]
User=mysql
Group=mysql
ExecStart=/usr/sbin/mysqld −−defaults−file=/etc/mysql/my
.cnf −−basedir=/usr −−datadir=/var/lib/mysql
# /etc/systemd/system/mariadb.service.d/nice.conf
[service]
Nice=5

Instantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated units
• UUUUUUUUUUUUUUUUUnits cat take @ in the name
• ooooooooooooooooopenvpn@inuits.service
• OOOOOOOOOOOOOOOOOn-disk: openvpn@.service
• IIIIIIIIIIIIIIIIIn the file: %i will be "inuits"
• %%%%%%%%%%%%%%%%%p will be "openvpn"

Instantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit example
[Unit]
Description=OpenVPN daemon %i
After=syslog.target
[Service]
ExecStart=/usr/host/bin/openvpn −−writepid /run/openvpn
.%i.pid −−cd /etc/openvpn −−config /etc/openvpn/%i.
conf
PIDFile=/run/openvpn.%i.pid

Controlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling units
• sssssssssssssssssystemctl start mariadb.service
• sssssssssssssssssystemctl status /dev/sda
• sssssssssssssssssystemctl stop openvpn@*.service
• sssssssssssssssssystemctl kill openvpn
• sssssssssssssssssystemctl kill -s SIGKILL openvpn.service
• sssssssssssssssssystemctl is-active runlevel1.target
• sssssssssssssssssystemctl is-failed puppet-run.service
• sssssssssssssssssystemctl is-failed puppet-run.service
• sssssssssssssssssystemctl help mariadb.service

Enabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a service
• sssssssssssssssssystemctl disable mariadb.service
• WWWWWWWWWWWWWWWWWill disable the service
• PPPPPPPPPPPPPPPPPrevent it to start automatically

MaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMasking
• sssssssssssssssssystemctl mask mariadb.service
• sssssssssssssssssystemctl mask --force mariadb.service
• llllllllllllllllln -s /dev/null
/etc/systemd/system/mariadb.service
• PPPPPPPPPPPPPPPPPrevents a unit to start
• BBBBBBBBBBBBBBBBBetter than "disabling"
• PPPPPPPPPPPPPPPPPrevent units to be launched by hand or
systemd

ServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServices
Licensed under a Creative Commons Attribution ShareAlike 2.0 License
https://www.ﬂickr.com/photos/nojhan/754257252

ServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceService
• AAAAAAAAAAAAAAAAAn important part of the units
• UUUUUUUUUUUUUUUUUses cgroups to track processes
• [[[[[[[[[[[[[[[[[Service] section inside units

What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?
• TTTTTTTTTTTTTTTTThe command(s) to run
• MMMMMMMMMMMMMMMMMost of them can fork or stay in foreground
• sssssssssssssssssystemd can manage both

Type=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simple
• UUUUUUUUUUUUUUUUUsecase: the service stays in foreground
• sssssssssssssssssystemd will track the process
• IIIIIIIIIIIIIIIIIt will take care of running it "in the
background"

Type=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forking
• UUUUUUUUUUUUUUUUUsecase: the service forks when ready
• sssssssssssssssssystemd will track process and its forks

Type=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshot
• UUUUUUUUUUUUUUUUUsecase: A command to run
• eeeeeeeeeeeeeeeee.g: puppet agent --test
• IIIIIIIIIIIIIIIIInteresting options: RemainAfterExit=,
SuccessExitStatus=
• RRRRRRRRRRRRRRRRReliable way to run commands
• CCCCCCCCCCCCCCCCCan have all the services properties

Other propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther properties
• EEEEEEEEEEEEEEEEExecStart= ExecStop=
• EEEEEEEEEEEEEEEEExecStartPre= ExecStartPost=
• EEEEEEEEEEEEEEEEExecReload=
• TTTTTTTTTTTTTTTTTimeoutStartSec= TimeoutSec=
• RRRRRRRRRRRRRRRRRuntimeMaxSec=
• RRRRRRRRRRRRRRRRRestart=on-failure

ExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecs
https://www.ﬂickr.com/photos/daveynin/3657852579/

execsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecs
• AAAAAAAAAAAAAAAAA set of properties to configure an exec
environment
• UUUUUUUUUUUUUUUUUsed in services, mounts, swap, socket
units
• DDDDDDDDDDDDDDDDDeterministic environment for processes

Classic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic properties
• UUUUUUUUUUUUUUUUUser= Group=
• NNNNNNNNNNNNNNNNNice=
• OOOOOOOOOOOOOOOOOOMScoreAdjust=
• LLLLLLLLLLLLLLLLLimitNOFILE=
• EEEEEEEEEEEEEEEEEnvironment= EnvironmentFile=

Isolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/Security
• PPPPPPPPPPPPPPPPPrivateTmp=
• PPPPPPPPPPPPPPPPPrivateNetwork= PrivateDevices=
• PPPPPPPPPPPPPPPPProtectSystem=
• PPPPPPPPPPPPPPPPProtectHome=
• RRRRRRRRRRRRRRRRReadWriteDirectories=
ReadOnlyDirectories=
• IIIIIIIIIIIIIIIIInaccessibleDirectories=

DependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependencies
• RRRRRRRRRRRRRRRRRequires=
• WWWWWWWWWWWWWWWWWants=
• AAAAAAAAAAAAAAAAAfter= Before=
• AAAAAAAAAAAAAAAAAny unit can depent on any unit
• AAAAAAAAAAAAAAAAA service can require a mountpoint
• AAAAAAAAAAAAAAAAA moutpoint can require a target

Problems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solved
• RRRRRRRRRRRRRRRRRun service as a different user
• JJJJJJJJJJJJJJJJJava Service Wrapper
• GGGGGGGGGGGGGGGGGo Service Wrapper
• YYYYYYYYYYYYYYYYYou can still use custom scripts

tmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfiles
https://www.flickr.com/photos/english106/4357529719

temp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp files
• /////////////////etc/tmpfiles.d/*.conf
• /////////////////run/tmpfiles.d/*.conf
• /////////////////usr/lib/tmpfiles.d/*.conf

temp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp files
• sssssssssssssssssystemd will create, and cleanup temporary
files
• YYYYYYYYYYYYYYYYYou can assign files, directories to specific
users
• IIIIIIIIIIIIIIIIIt will decide when to delete them
• WWWWWWWWWWWWWWWWWhen you change the files, run
systemd-tmpfiles --create

MountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpoints
https://www.ﬂickr.com/photos/manchesterlibrary/5425248883/

mountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmount
• mmmmmmmmmmmmmmmmmounts are units
• sssssssssssssssssystemd parses /etc/fstab
• sssssssssssssssssystemd creates dependencies

systemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab options
• xxxxxxxxxxxxxxxxx-systemd.automount
• nnnnnnnnnnnnnnnnnofail
• aaaaaaaaaaaaaaaaauto noauto

/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab
//host1/share /net/share cifs noauto ,nofail ,x−systemd.
automount ,x−systemd.requires=network.target 0 0

journaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournald
https://www.ﬂickr.com/photos/gregloby/3763720734

systemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journald
• AAAAAAAAAAAAAAAAA daemon that captures and stores the logs
• sssssssssssssssssyslog
• kkkkkkkkkkkkkkkkkernel logs
• bbbbbbbbbbbbbbbbboot messages
• ssssssssssssssssstdout/stderr of services

systemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integration
• sssssssssssssssssystemctl status shows the latest logs
• sssssssssssssssssystemctl status -n 100
• sssssssssssssssssystemctl status -l

Enabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journald
• BBBBBBBBBBBBBBBBBy default (el7), hybrid mode (not
persistent)
• MMMMMMMMMMMMMMMMMake it persistent: mkdir -p /var/log/journal

Reading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logs
• fffffffffffffffffollow: journalctl -f
• lllllllllllllllllast lines: journalctl -n 100
• fffffffffffffffffrom a unit: journalctl -u puppet-run.service
• ooooooooooooooooonly this boot: journalctl -b
• ooooooooooooooooonly this process: journalctl
/opt/puppetlabs/puppet/bin/ruby

Logs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs example
− Logs begin at Mon 2016−03−14 18:30:28 CET, end at Tue
2016
Mar 14 18:30:28 fqdn systemd−journal[137]: Runtime journ
Mar 14 18:30:28 fqdn systemd−journal[137]: Runtime journ
Mar 14 18:30:28 fqdn kernel: Initializing cgroup subsys
Mar 14 18:30:28 fqdn kernel: Linux version 3.10.0−327.10
Mar 14 18:30:28 fqdn kernel: Command line: BOOT_IMAGE=/b
Mar 14 18:30:28 fqdn kernel: e820: BIOS−provided physica
Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000
Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000b
Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000f
Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000f

timerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimers
https://www.ﬂickr.com/photos/modomatic/2538687135

Traditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cron
AMQP_BROKER_HOST =10.1.40.19
MAILTO="sysadmin@example.com"
ORACLE_HOME="/opt/example/part/python−oracle"
PG_HOSTNAME ="10.1.30.10"
PG_NAME="example"
WS_URL=https://prod.example.com/ws/input
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/example/lib"
CUPS_HOSTNAME ="10.1.40.1"
LOGGING_HOST ="10.0.50.16"
LOGGING_PORT="5544"
0 * * * * /opt/example/bin/cron−hourly
30 times.

What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?
• NNNNNNNNNNNNNNNNNo one reads those mails
• DDDDDDDDDDDDDDDDDo not keep track of exit code
• HHHHHHHHHHHHHHHHHard to read that crontab
• HHHHHHHHHHHHHHHHHow to reproduce the script?

timerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimers
• UUUUUUUUUUUUUUUUUnits that are used to launch a service unit
• SSSSSSSSSSSSSSSSSupports some cron features and anacron
• AAAAAAAAAAAAAAAAAllows you to launch commands in a
controlled environment

timers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs cron
• NNNNNNNNNNNNNNNNNo built-in emails function
• CCCCCCCCCCCCCCCCCron is more simple (one line to one file vs 2
units)
• TTTTTTTTTTTTTTTTTimers uses services, so predictible env
• YYYYYYYYYYYYYYYYYou can run independently the service unit
• TTTTTTTTTTTTTTTTTimers logs are in systemd

Timers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers example
# /etc/systemd/system/puppet−run.timer
[Unit]
Description=Systemd Timer for Puppet Agent
[Timer]
OnCalendar=*−*−* *:0,30:00
Persistent=true
[Install]
WantedBy=timers.target

What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?
• sssssssssssssssssystemctl list-timers
• LLLLLLLLLLLLLLLLLast run time
• NNNNNNNNNNNNNNNNNext run time
• SSSSSSSSSSSSSSSSService unit

Socket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activation
https://www.ﬂickr.com/photos/alikai/1376760481

Socket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activation
• GGGGGGGGGGGGGGGGGoal: start a service when needed
• sssssssssssssssssystemd will open a socket
• SSSSSSSSSSSSSSSSStart the service at first connection
• pppppppppppppppppass the socket to the service

socket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unit
# /etc/systemd/system/proxy−to−shaarli.socket
[Unit]
Description=Shaarli Proxy
[Socket]
ListenStream =127.0.0.1:43000
[Install]
WantedBy=default.target

systemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unit
[Unit]
Requires=shaarli.service
After=shaarli.service
JoinsNamespaceOf=shaarli.service
[Service]
ExecStart=/usr/lib/systemd/systemd−socket−proxyd
127.0.0.1:43001

Actual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unit
[Unit]
Description=Shaarli
[Service]
WorkingDirectory=/opt/Shaarli/dev
ExecStart=/usr/bin/php −S 127.0.0.1:43001
ExecStartPost=/bin/sleep 0.1
User=shaarli
Group=shaarli
[Install]
WantedBy=default.target

Side commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commands
https://www.ﬂickr.com/photos/archer10/3029638204/

systemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commands
• sssssssssssssssssystemd-cgls: Show the cgroups hierarchy
• sssssssssssssssssystemd-analyze blame: Shows the startup
time
• sssssssssssssssssystemd-nspawn: Containers
• sssssssssssssssssystemd-run: run a command like if it was a
service unit

systemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-run
systemd−run −t −p PrivateTmp=true −p PrivateNetwork=yes
−p ProtectHome=true bash

system settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settings
• tttttttttttttttttimedatectl: manage/show current
datetime, timezome, DST change
• lllllllllllllllllocatectl: locale/keyboard changes
• mmmmmmmmmmmmmmmmmachinectl: containers/vms management
• hhhhhhhhhhhhhhhhhostnamectl: change/view system
hostname and os info

ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusion
https://www.ﬂickr.com/photos/drainrat/14090130452

• AAAAAAAAAAAAAAAAAvailable in all modern distros
• BBBBBBBBBBBBBBBBBy default in almost all of them
• MMMMMMMMMMMMMMMMMakes a lot for standardization
• RRRRRRRRRRRRRRRRRemoves "Distro" lock-in, Adds "Linux"
lock-in
• IIIIIIIIIIIIIIIIIt did more for standardization than LFS

• PPPPPPPPPPPPPPPPPowerful tools, easily configured
• RRRRRRRRRRRRRRRRReadable configuration
• TTTTTTTTTTTTTTTTTakes advantage of Linux-specific
mechanisms
• RRRRRRRRRRRRRRRRRemoves the need for a lot of workarounds

ContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContact
julien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eu
@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie
inuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuits
https://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.eu
info@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.eu
+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636

Getting the maximum out of systemd

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Getting the maximum out of systemd

Ähnlich wie Getting the maximum out of systemd (20)

Mehr von Julien Pivotto

Mehr von Julien Pivotto (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Getting the maximum out of systemd