Getting the maximum out of systemd

1. Getting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemd Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto FLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring Conference March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016

2. whoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoami Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto • Sysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.eu • FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004 • systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010 EEEEEEEEEEEEEEEEExherbo Linux • DevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believer • @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie on irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/github

3. inuits.eu

4. systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd • AAAAAAAAAAAAAAAAAn init system • IIIIIIIIIIIIIIIIImprove the Linux init process • SSSSSSSSSSSSSSSSStarting more in parallel • MMMMMMMMMMMMMMMMMaking better decisions • TTTTTTTTTTTTTTTTTakes advantages of Linux features

5. systemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoption • 22222222222222222011: Fedora, Exherbo • 22222222222222222012: Mageia, openSUSE, Arch Linux • 22222222222222222013: CoreOS • 22222222222222222014: RHEL, CentOS • 22222222222222222015: Ubuntu, Debian

6. AlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternatives • SSSSSSSSSSSSSSSSSystem V: legacy • UUUUUUUUUUUUUUUUUpstart: Ubuntu < 2015 and EL6 • OOOOOOOOOOOOOOOOOpenRC: mainly Gentoo

7. Talk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibility • CCCCCCCCCCCCCCCCContent of this talk runs on CentOS 7.2 • sssssssssssssssssystemd 219 • SSSSSSSSSSSSSSSSShould work on any other distro

8. UnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnits Licensed under a Creative Commons Attribution 2.0 License https://www.ﬂickr.com/photos/dbackmansfo/10939296845

9. systemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd units • BBBBBBBBBBBBBBBBBase bricks of systemd systems • OOOOOOOOOOOOOOOOOne unit = one resource • mmmmmmmmmmmmmmmmmountpoint, service, device, timer, socket, …

10. • nnnnnnnnnnnnnnnnnetwork.target • mmmmmmmmmmmmmmmmmariadb.service • ssssssssssssssssshaarli.socket • pppppppppppppppppuppet-run.timer • hhhhhhhhhhhhhhhhhome.mount • sssssssssssssssssession-1.scope

11. Unit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configuration • IIIIIIIIIIIIIIIIIni-style text files • LLLLLLLLLLLLLLLLList: systemctl list-units --all • RRRRRRRRRRRRRRRRRead: systemctl cat

12. Unit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit example [Unit] Description=nscd [Service] Type=forking PIDFile=/run/nscd/nscd.pid ExecStart=/usr/host/bin/nscd ExecStop=/usr/host/bin/nscd −−shutdown [Install] WantedBy=multi−user.target

13. Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where? • /////////////////etc/systemd/system/* • /////////////////run/systemd/system/* • /////////////////usr/lib/systemd/system/*

14. Here is the rule: Packaged ﬁles go in /usr/lib. Humans (or Conﬁg management tools) override in /etc.

15. Overriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding units Licensed under a Creative Commons Attribution 2.0 License https://www.ﬂickr.com/photos/alovesdc/3468924493

16. Overriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: why • AAAAAAAAAAAAAAAAAdd/Remove/Change parameters • AAAAAAAAAAAAAAAAAdapt them to your needs • SSSSSSSSSSSSSSSSSet ulimits, user, … • FFFFFFFFFFFFFFFFFix bugs

17. Changing services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemd • RRRRRRRRRRRRRRRRReplace /etc/init.d scripts • /////////////////etc/default, /etc/sysconfig • SSSSSSSSSSSSSSSSSpaghetti code

18. Overriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemd • OOOOOOOOOOOOOOOOOverride completely a unit • JJJJJJJJJJJJJJJJJust add/change one parameter • """""""""""""""""Patch" vendor units

19. Complete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete override # /etc/systemd/system/openvpn.service [Unit] Description=OpenVPN After=syslog.target [Service] ExecStart=/usr/host/bin/openvpn −−syslog −−writepid /run /openvpn.pid −−cd /etc/openvpn −−config /etc/openvpn/ openvpn.conf [Install] WantedBy=multi−user.target

20. Advantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overrides • IIIIIIIIIIIIIIIIIn /etc/systemd/system • DDDDDDDDDDDDDDDDDo not conflict with packages • OOOOOOOOOOOOOOOOOverride everything, even dependencies • NNNNNNNNNNNNNNNNNot only for overrides: if you have unpackaged units, put them there

21. Partial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial override # /etc/systemd/system/mariadb.service.d/niceness.conf [service] Nice=5

22. Advantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overrides • IIIIIIIIIIIIIIIIIn /etc/systemd/system/$Unit name.d/*.conf • DDDDDDDDDDDDDDDDDo not conflict with packages • OOOOOOOOOOOOOOOOOverride only what is needed • AAAAAAAAAAAAAAAAAdapt while still accept upstream work • NNNNNNNNNNNNNNNNNo need to adapt at each upgrade • WWWWWWWWWWWWWWWWWorks for everything (not only services)

23. The price of that ﬂexibility: systemctl daemon-reload

24. Verify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unit systemctl cat mariadb.service # /usr/x86_64−pc−linux−gnu/lib/systemd/system/mariadb. service [Unit] Description=MySQL database server After=syslog.target After=network.target [Service] User=mysql Group=mysql ExecStart=/usr/sbin/mysqld −−defaults−file=/etc/mysql/my .cnf −−basedir=/usr −−datadir=/var/lib/mysql # /etc/systemd/system/mariadb.service.d/nice.conf [service] Nice=5

25. Instantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated units • UUUUUUUUUUUUUUUUUnits cat take @ in the name • ooooooooooooooooopenvpn@inuits.service • OOOOOOOOOOOOOOOOOn-disk: openvpn@.service • IIIIIIIIIIIIIIIIIn the file: %i will be "inuits" • %%%%%%%%%%%%%%%%%p will be "openvpn"

26. Instantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit example [Unit] Description=OpenVPN daemon %i After=syslog.target [Service] ExecStart=/usr/host/bin/openvpn −−writepid /run/openvpn .%i.pid −−cd /etc/openvpn −−config /etc/openvpn/%i. conf PIDFile=/run/openvpn.%i.pid

27. Controlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling units • sssssssssssssssssystemctl start mariadb.service • sssssssssssssssssystemctl status /dev/sda • sssssssssssssssssystemctl stop openvpn@*.service • sssssssssssssssssystemctl kill openvpn • sssssssssssssssssystemctl kill -s SIGKILL openvpn.service • sssssssssssssssssystemctl is-active runlevel1.target • sssssssssssssssssystemctl is-failed puppet-run.service • sssssssssssssssssystemctl is-failed puppet-run.service • sssssssssssssssssystemctl help mariadb.service

28. Enabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a service • sssssssssssssssssystemctl disable mariadb.service • WWWWWWWWWWWWWWWWWill disable the service • PPPPPPPPPPPPPPPPPrevent it to start automatically

29. MaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMasking • sssssssssssssssssystemctl mask mariadb.service • sssssssssssssssssystemctl mask --force mariadb.service • llllllllllllllllln -s /dev/null /etc/systemd/system/mariadb.service • PPPPPPPPPPPPPPPPPrevents a unit to start • BBBBBBBBBBBBBBBBBetter than "disabling" • PPPPPPPPPPPPPPPPPrevent units to be launched by hand or systemd

30. ServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServices Licensed under a Creative Commons Attribution ShareAlike 2.0 License https://www.ﬂickr.com/photos/nojhan/754257252

31. ServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceService • AAAAAAAAAAAAAAAAAn important part of the units • UUUUUUUUUUUUUUUUUses cgroups to track processes • [[[[[[[[[[[[[[[[[Service] section inside units

32. What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service? • TTTTTTTTTTTTTTTTThe command(s) to run • MMMMMMMMMMMMMMMMMost of them can fork or stay in foreground • sssssssssssssssssystemd can manage both

33. Type=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simple • UUUUUUUUUUUUUUUUUsecase: the service stays in foreground • sssssssssssssssssystemd will track the process • IIIIIIIIIIIIIIIIIt will take care of running it "in the background"

34. Type=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forking • UUUUUUUUUUUUUUUUUsecase: the service forks when ready • sssssssssssssssssystemd will track process and its forks

35. Type=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshot • UUUUUUUUUUUUUUUUUsecase: A command to run • eeeeeeeeeeeeeeeee.g: puppet agent --test • IIIIIIIIIIIIIIIIInteresting options: RemainAfterExit=, SuccessExitStatus= • RRRRRRRRRRRRRRRRReliable way to run commands • CCCCCCCCCCCCCCCCCan have all the services properties

36. Other propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther properties • EEEEEEEEEEEEEEEEExecStart= ExecStop= • EEEEEEEEEEEEEEEEExecStartPre= ExecStartPost= • EEEEEEEEEEEEEEEEExecReload= • TTTTTTTTTTTTTTTTTimeoutStartSec= TimeoutSec= • RRRRRRRRRRRRRRRRRuntimeMaxSec= • RRRRRRRRRRRRRRRRRestart=on-failure

37. ExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecs Licensed under a Creative Commons Attribution 2.0 License https://www.ﬂickr.com/photos/daveynin/3657852579/

38. execsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecs • AAAAAAAAAAAAAAAAA set of properties to configure an exec environment • UUUUUUUUUUUUUUUUUsed in services, mounts, swap, socket units • DDDDDDDDDDDDDDDDDeterministic environment for processes

39. Classic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic properties • UUUUUUUUUUUUUUUUUser= Group= • NNNNNNNNNNNNNNNNNice= • OOOOOOOOOOOOOOOOOOMScoreAdjust= • LLLLLLLLLLLLLLLLLimitNOFILE= • EEEEEEEEEEEEEEEEEnvironment= EnvironmentFile=

40. Isolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/Security • PPPPPPPPPPPPPPPPPrivateTmp= • PPPPPPPPPPPPPPPPPrivateNetwork= PrivateDevices= • PPPPPPPPPPPPPPPPProtectSystem= • PPPPPPPPPPPPPPPPProtectHome= • RRRRRRRRRRRRRRRRReadWriteDirectories= ReadOnlyDirectories= • IIIIIIIIIIIIIIIIInaccessibleDirectories=

41. DependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependencies • RRRRRRRRRRRRRRRRRequires= • WWWWWWWWWWWWWWWWWants= • AAAAAAAAAAAAAAAAAfter= Before= • AAAAAAAAAAAAAAAAAny unit can depent on any unit • AAAAAAAAAAAAAAAAA service can require a mountpoint • AAAAAAAAAAAAAAAAA moutpoint can require a target

42. Problems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solved • RRRRRRRRRRRRRRRRRun service as a different user • JJJJJJJJJJJJJJJJJava Service Wrapper • GGGGGGGGGGGGGGGGGo Service Wrapper • YYYYYYYYYYYYYYYYYou can still use custom scripts

43. tmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfiles Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/english106/4357529719

44. temp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp files • /////////////////etc/tmpfiles.d/*.conf • /////////////////run/tmpfiles.d/*.conf • /////////////////usr/lib/tmpfiles.d/*.conf

45. temp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp files • sssssssssssssssssystemd will create, and cleanup temporary files • YYYYYYYYYYYYYYYYYou can assign files, directories to specific users • IIIIIIIIIIIIIIIIIt will decide when to delete them • WWWWWWWWWWWWWWWWWhen you change the files, run systemd-tmpfiles --create

46. MountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpoints Licensed under a Creative Commons Attribution ShareAlike 2.0 License https://www.ﬂickr.com/photos/manchesterlibrary/5425248883/

47. mountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmount • mmmmmmmmmmmmmmmmmounts are units • sssssssssssssssssystemd parses /etc/fstab • sssssssssssssssssystemd creates dependencies

48. systemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab options • xxxxxxxxxxxxxxxxx-systemd.automount • nnnnnnnnnnnnnnnnnofail • aaaaaaaaaaaaaaaaauto noauto

49. /etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab //host1/share /net/share cifs noauto ,nofail ,x−systemd. automount ,x−systemd.requires=network.target 0 0

50. journaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournald Licensed under a Creative Commons Attribution 2.0 License https://www.ﬂickr.com/photos/gregloby/3763720734

51. systemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journald • AAAAAAAAAAAAAAAAA daemon that captures and stores the logs • sssssssssssssssssyslog • kkkkkkkkkkkkkkkkkernel logs • bbbbbbbbbbbbbbbbboot messages • ssssssssssssssssstdout/stderr of services

52. systemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integration • sssssssssssssssssystemctl status shows the latest logs • sssssssssssssssssystemctl status -n 100 • sssssssssssssssssystemctl status -l

53. Enabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journald • BBBBBBBBBBBBBBBBBy default (el7), hybrid mode (not persistent) • MMMMMMMMMMMMMMMMMake it persistent: mkdir -p /var/log/journal

54. Reading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logs • fffffffffffffffffollow: journalctl -f • lllllllllllllllllast lines: journalctl -n 100 • fffffffffffffffffrom a unit: journalctl -u puppet-run.service • ooooooooooooooooonly this boot: journalctl -b • ooooooooooooooooonly this process: journalctl /opt/puppetlabs/puppet/bin/ruby

55. Logs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs example − Logs begin at Mon 2016−03−14 18:30:28 CET, end at Tue 2016 Mar 14 18:30:28 fqdn systemd−journal[137]: Runtime journ Mar 14 18:30:28 fqdn systemd−journal[137]: Runtime journ Mar 14 18:30:28 fqdn kernel: Initializing cgroup subsys Mar 14 18:30:28 fqdn kernel: Initializing cgroup subsys Mar 14 18:30:28 fqdn kernel: Initializing cgroup subsys Mar 14 18:30:28 fqdn kernel: Linux version 3.10.0−327.10 Mar 14 18:30:28 fqdn kernel: Command line: BOOT_IMAGE=/b Mar 14 18:30:28 fqdn kernel: e820: BIOS−provided physica Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000 Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000 Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000 Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000 Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000b Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000f Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000f Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000010

56. timerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimers Licensed under a Creative Commons Attribution 2.0 License https://www.ﬂickr.com/photos/modomatic/2538687135

57. Traditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cron AMQP_BROKER_HOST =10.1.40.19 MAILTO="sysadmin@example.com" ORACLE_HOME="/opt/example/part/python−oracle" PG_HOSTNAME ="10.1.30.10" PG_NAME="example" WS_URL=https://prod.example.com/ws/input LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/example/lib" CUPS_HOSTNAME ="10.1.40.1" LOGGING_HOST ="10.0.50.16" LOGGING_PORT="5544" 0 * * * * /opt/example/bin/cron−hourly 30 times.

58. What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong? • NNNNNNNNNNNNNNNNNo one reads those mails • DDDDDDDDDDDDDDDDDo not keep track of exit code • HHHHHHHHHHHHHHHHHard to read that crontab • HHHHHHHHHHHHHHHHHow to reproduce the script?

59. timerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimers • UUUUUUUUUUUUUUUUUnits that are used to launch a service unit • SSSSSSSSSSSSSSSSSupports some cron features and anacron • AAAAAAAAAAAAAAAAAllows you to launch commands in a controlled environment

60. timers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs cron • NNNNNNNNNNNNNNNNNo built-in emails function • CCCCCCCCCCCCCCCCCron is more simple (one line to one file vs 2 units) • TTTTTTTTTTTTTTTTTimers uses services, so predictible env • YYYYYYYYYYYYYYYYYou can run independently the service unit • TTTTTTTTTTTTTTTTTimers logs are in systemd

61. Timers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers example # /etc/systemd/system/puppet−run.timer [Unit] Description=Systemd Timer for Puppet Agent [Timer] OnCalendar=*−*−* *:0,30:00 Persistent=true [Install] WantedBy=timers.target

62. What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when? • sssssssssssssssssystemctl list-timers • LLLLLLLLLLLLLLLLLast run time • NNNNNNNNNNNNNNNNNext run time • SSSSSSSSSSSSSSSSService unit

63. Socket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activation Licensed under a Creative Commons Attribution 2.0 License https://www.ﬂickr.com/photos/alikai/1376760481

64. Socket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activation • GGGGGGGGGGGGGGGGGoal: start a service when needed • sssssssssssssssssystemd will open a socket • SSSSSSSSSSSSSSSSStart the service at first connection • pppppppppppppppppass the socket to the service

65. socket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unit # /etc/systemd/system/proxy−to−shaarli.socket [Unit] Description=Shaarli Proxy [Socket] ListenStream =127.0.0.1:43000 [Install] WantedBy=default.target

66. systemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unit [Unit] Requires=shaarli.service After=shaarli.service JoinsNamespaceOf=shaarli.service [Service] ExecStart=/usr/lib/systemd/systemd−socket−proxyd 127.0.0.1:43001

67. Actual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unit [Unit] Description=Shaarli [Service] WorkingDirectory=/opt/Shaarli/dev ExecStart=/usr/bin/php −S 127.0.0.1:43001 ExecStartPost=/bin/sleep 0.1 User=shaarli Group=shaarli [Install] WantedBy=default.target

68. Side commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commands Licensed under a Creative Commons Attribution ShareAlike 2.0 License https://www.ﬂickr.com/photos/archer10/3029638204/

69. systemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commands • sssssssssssssssssystemd-cgls: Show the cgroups hierarchy • sssssssssssssssssystemd-analyze blame: Shows the startup time • sssssssssssssssssystemd-nspawn: Containers • sssssssssssssssssystemd-run: run a command like if it was a service unit

70. systemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-run systemd−run −t −p PrivateTmp=true −p PrivateNetwork=yes −p ProtectHome=true bash

71. system settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settings • tttttttttttttttttimedatectl: manage/show current datetime, timezome, DST change • lllllllllllllllllocatectl: locale/keyboard changes • mmmmmmmmmmmmmmmmmachinectl: containers/vms management • hhhhhhhhhhhhhhhhhostnamectl: change/view system hostname and os info

72. ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusion Licensed under a Creative Commons Attribution 2.0 License https://www.ﬂickr.com/photos/drainrat/14090130452

73. systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd • AAAAAAAAAAAAAAAAAvailable in all modern distros • BBBBBBBBBBBBBBBBBy default in almost all of them • MMMMMMMMMMMMMMMMMakes a lot for standardization • RRRRRRRRRRRRRRRRRemoves "Distro" lock-in, Adds "Linux" lock-in • IIIIIIIIIIIIIIIIIt did more for standardization than LFS

74. systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd • PPPPPPPPPPPPPPPPPowerful tools, easily configured • RRRRRRRRRRRRRRRRReadable configuration • TTTTTTTTTTTTTTTTTakes advantage of Linux-specific mechanisms • RRRRRRRRRRRRRRRRRemoves the need for a lot of workarounds

75. ContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContact Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto julien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eu @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie inuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuits https://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.eu info@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.eu +32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636

Getting the maximum out of systemd

You are reading a preview.

Getting the maximum out of systemd

More Related Content

Slideshows for you

Viewers also liked

Similar to Getting the maximum out of systemd

More from Julien Pivotto

Featured

Related Books

Related Audiobooks

Getting the maximum out of systemd

You are reading a preview.

Getting the maximum out of systemd

More Related Content

Slideshows for you

Viewers also liked

Similar to Getting the maximum out of systemd

More from Julien Pivotto

Featured

Related Books

Related Audiobooks

Just for you: FREE 60-day trial to the world’s largest digital library.