Getting the maximum out of systemd

7,388 views

Published on



Systemd is in all the major distributions nowadays and there is a lot of ways you can take advantages of it. It provides an easy way to manage your system and your services and interacts closely with the kernel features added in the last years like cgroups. This talk will show you how to get the added value of systemd and easily do a lot of things that were complicated in the past.

Published in: Technology

Getting the maximum out of systemd

  1. 1. Getting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemdGetting the maximum out of systemd Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto FLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring ConferenceFLOSS UK Spring Conference March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016March 16, 2016
  2. 2. whoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoami Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto • Sysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.eu • FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004 • systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010 EEEEEEEEEEEEEEEEExherbo Linux • DevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believer • @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie on irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/github
  3. 3. inuits.eu
  4. 4. systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd • AAAAAAAAAAAAAAAAAn init system • IIIIIIIIIIIIIIIIImprove the Linux init process • SSSSSSSSSSSSSSSSStarting more in parallel • MMMMMMMMMMMMMMMMMaking better decisions • TTTTTTTTTTTTTTTTTakes advantages of Linux features
  5. 5. systemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoptionsystemd adoption • 22222222222222222011: Fedora, Exherbo • 22222222222222222012: Mageia, openSUSE, Arch Linux • 22222222222222222013: CoreOS • 22222222222222222014: RHEL, CentOS • 22222222222222222015: Ubuntu, Debian
  6. 6. AlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternativesAlternatives • SSSSSSSSSSSSSSSSSystem V: legacy • UUUUUUUUUUUUUUUUUpstart: Ubuntu < 2015 and EL6 • OOOOOOOOOOOOOOOOOpenRC: mainly Gentoo
  7. 7. Talk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibilityTalk compatibility • CCCCCCCCCCCCCCCCContent of this talk runs on CentOS 7.2 • sssssssssssssssssystemd 219 • SSSSSSSSSSSSSSSSShould work on any other distro
  8. 8. UnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnitsUnits Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/dbackmansfo/10939296845
  9. 9. systemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd unitssystemd units • BBBBBBBBBBBBBBBBBase bricks of systemd systems • OOOOOOOOOOOOOOOOOne unit = one resource • mmmmmmmmmmmmmmmmmountpoint, service, device, timer, socket, …
  10. 10. • nnnnnnnnnnnnnnnnnetwork.target • mmmmmmmmmmmmmmmmmariadb.service • ssssssssssssssssshaarli.socket • pppppppppppppppppuppet-run.timer • hhhhhhhhhhhhhhhhhome.mount • sssssssssssssssssession-1.scope
  11. 11. Unit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configurationUnit configuration • IIIIIIIIIIIIIIIIIni-style text files • LLLLLLLLLLLLLLLLList: systemctl list-units --all • RRRRRRRRRRRRRRRRRead: systemctl cat
  12. 12. Unit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit exampleUnit example [Unit] Description=nscd [Service] Type=forking PIDFile=/run/nscd/nscd.pid ExecStart=/usr/host/bin/nscd ExecStop=/usr/host/bin/nscd −−shutdown [Install] WantedBy=multi−user.target
  13. 13. Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where?Where? • /////////////////etc/systemd/system/* • /////////////////run/systemd/system/* • /////////////////usr/lib/systemd/system/*
  14. 14. Here is the rule: Packaged files go in /usr/lib. Humans (or Config management tools) override in /etc.
  15. 15. Overriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding unitsOverriding units Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/alovesdc/3468924493
  16. 16. Overriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: whyOverriding units: why • AAAAAAAAAAAAAAAAAdd/Remove/Change parameters • AAAAAAAAAAAAAAAAAdapt them to your needs • SSSSSSSSSSSSSSSSSet ulimits, user, … • FFFFFFFFFFFFFFFFFix bugs
  17. 17. Changing services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemdChanging services before systemd • RRRRRRRRRRRRRRRRReplace /etc/init.d scripts • /////////////////etc/default, /etc/sysconfig • SSSSSSSSSSSSSSSSSpaghetti code
  18. 18. Overriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemdOverriding units: with systemd • OOOOOOOOOOOOOOOOOverride completely a unit • JJJJJJJJJJJJJJJJJust add/change one parameter • """""""""""""""""Patch" vendor units
  19. 19. Complete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete overrideComplete override # /etc/systemd/system/openvpn.service [Unit] Description=OpenVPN After=syslog.target [Service] ExecStart=/usr/host/bin/openvpn −−syslog −−writepid /run /openvpn.pid −−cd /etc/openvpn −−config /etc/openvpn/ openvpn.conf [Install] WantedBy=multi−user.target
  20. 20. Advantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overridesAdvantages of "full" overrides • IIIIIIIIIIIIIIIIIn /etc/systemd/system • DDDDDDDDDDDDDDDDDo not conflict with packages • OOOOOOOOOOOOOOOOOverride everything, even dependencies • NNNNNNNNNNNNNNNNNot only for overrides: if you have unpackaged units, put them there
  21. 21. Partial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial overridePartial override # /etc/systemd/system/mariadb.service.d/niceness.conf [service] Nice=5
  22. 22. Advantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overridesAdvantages of partial overrides • IIIIIIIIIIIIIIIIIn /etc/systemd/system/$Unit name.d/*.conf • DDDDDDDDDDDDDDDDDo not conflict with packages • OOOOOOOOOOOOOOOOOverride only what is needed • AAAAAAAAAAAAAAAAAdapt while still accept upstream work • NNNNNNNNNNNNNNNNNo need to adapt at each upgrade • WWWWWWWWWWWWWWWWWorks for everything (not only services)
  23. 23. The price of that flexibility: systemctl daemon-reload
  24. 24. Verify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unitVerify the loaded unit systemctl cat mariadb.service # /usr/x86_64−pc−linux−gnu/lib/systemd/system/mariadb. service [Unit] Description=MySQL database server After=syslog.target After=network.target [Service] User=mysql Group=mysql ExecStart=/usr/sbin/mysqld −−defaults−file=/etc/mysql/my .cnf −−basedir=/usr −−datadir=/var/lib/mysql # /etc/systemd/system/mariadb.service.d/nice.conf [service] Nice=5
  25. 25. Instantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated unitsInstantiated units • UUUUUUUUUUUUUUUUUnits cat take @ in the name • ooooooooooooooooopenvpn@inuits.service • OOOOOOOOOOOOOOOOOn-disk: openvpn@.service • IIIIIIIIIIIIIIIIIn the file: %i will be "inuits" • %%%%%%%%%%%%%%%%%p will be "openvpn"
  26. 26. Instantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit exampleInstantiated unit example [Unit] Description=OpenVPN daemon %i After=syslog.target [Service] ExecStart=/usr/host/bin/openvpn −−writepid /run/openvpn .%i.pid −−cd /etc/openvpn −−config /etc/openvpn/%i. conf PIDFile=/run/openvpn.%i.pid
  27. 27. Controlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling unitsControlling units • sssssssssssssssssystemctl start mariadb.service • sssssssssssssssssystemctl status /dev/sda • sssssssssssssssssystemctl stop openvpn@*.service • sssssssssssssssssystemctl kill openvpn • sssssssssssssssssystemctl kill -s SIGKILL openvpn.service • sssssssssssssssssystemctl is-active runlevel1.target • sssssssssssssssssystemctl is-failed puppet-run.service • sssssssssssssssssystemctl is-failed puppet-run.service • sssssssssssssssssystemctl help mariadb.service
  28. 28. Enabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a serviceEnabling/Disabling a service • sssssssssssssssssystemctl disable mariadb.service • WWWWWWWWWWWWWWWWWill disable the service • PPPPPPPPPPPPPPPPPrevent it to start automatically
  29. 29. MaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMaskingMasking • sssssssssssssssssystemctl mask mariadb.service • sssssssssssssssssystemctl mask --force mariadb.service • llllllllllllllllln -s /dev/null /etc/systemd/system/mariadb.service • PPPPPPPPPPPPPPPPPrevents a unit to start • BBBBBBBBBBBBBBBBBetter than "disabling" • PPPPPPPPPPPPPPPPPrevent units to be launched by hand or systemd
  30. 30. ServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServices Licensed under a Creative Commons Attribution ShareAlike 2.0 License https://www.flickr.com/photos/nojhan/754257252
  31. 31. ServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceServiceService • AAAAAAAAAAAAAAAAAn important part of the units • UUUUUUUUUUUUUUUUUses cgroups to track processes • [[[[[[[[[[[[[[[[[Service] section inside units
  32. 32. What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service?What defines a service? • TTTTTTTTTTTTTTTTThe command(s) to run • MMMMMMMMMMMMMMMMMost of them can fork or stay in foreground • sssssssssssssssssystemd can manage both
  33. 33. Type=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simpleType=simple • UUUUUUUUUUUUUUUUUsecase: the service stays in foreground • sssssssssssssssssystemd will track the process • IIIIIIIIIIIIIIIIIt will take care of running it "in the background"
  34. 34. Type=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forkingType=forking • UUUUUUUUUUUUUUUUUsecase: the service forks when ready • sssssssssssssssssystemd will track process and its forks
  35. 35. Type=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshotType=oneshot • UUUUUUUUUUUUUUUUUsecase: A command to run • eeeeeeeeeeeeeeeee.g: puppet agent --test • IIIIIIIIIIIIIIIIInteresting options: RemainAfterExit=, SuccessExitStatus= • RRRRRRRRRRRRRRRRReliable way to run commands • CCCCCCCCCCCCCCCCCan have all the services properties
  36. 36. Other propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther propertiesOther properties • EEEEEEEEEEEEEEEEExecStart= ExecStop= • EEEEEEEEEEEEEEEEExecStartPre= ExecStartPost= • EEEEEEEEEEEEEEEEExecReload= • TTTTTTTTTTTTTTTTTimeoutStartSec= TimeoutSec= • RRRRRRRRRRRRRRRRRuntimeMaxSec= • RRRRRRRRRRRRRRRRRestart=on-failure
  37. 37. ExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecsExecs Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/daveynin/3657852579/
  38. 38. execsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecsexecs • AAAAAAAAAAAAAAAAA set of properties to configure an exec environment • UUUUUUUUUUUUUUUUUsed in services, mounts, swap, socket units • DDDDDDDDDDDDDDDDDeterministic environment for processes
  39. 39. Classic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic propertiesClassic properties • UUUUUUUUUUUUUUUUUser= Group= • NNNNNNNNNNNNNNNNNice= • OOOOOOOOOOOOOOOOOOMScoreAdjust= • LLLLLLLLLLLLLLLLLimitNOFILE= • EEEEEEEEEEEEEEEEEnvironment= EnvironmentFile=
  40. 40. Isolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/SecurityIsolation/Security • PPPPPPPPPPPPPPPPPrivateTmp= • PPPPPPPPPPPPPPPPPrivateNetwork= PrivateDevices= • PPPPPPPPPPPPPPPPProtectSystem= • PPPPPPPPPPPPPPPPProtectHome= • RRRRRRRRRRRRRRRRReadWriteDirectories= ReadOnlyDirectories= • IIIIIIIIIIIIIIIIInaccessibleDirectories=
  41. 41. DependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependencies • RRRRRRRRRRRRRRRRRequires= • WWWWWWWWWWWWWWWWWants= • AAAAAAAAAAAAAAAAAfter= Before= • AAAAAAAAAAAAAAAAAny unit can depent on any unit • AAAAAAAAAAAAAAAAA service can require a mountpoint • AAAAAAAAAAAAAAAAA moutpoint can require a target
  42. 42. Problems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solvedProblems solved • RRRRRRRRRRRRRRRRRun service as a different user • JJJJJJJJJJJJJJJJJava Service Wrapper • GGGGGGGGGGGGGGGGGo Service Wrapper • YYYYYYYYYYYYYYYYYou can still use custom scripts
  43. 43. tmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfilestmpfiles Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/english106/4357529719
  44. 44. temp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp files • /////////////////etc/tmpfiles.d/*.conf • /////////////////run/tmpfiles.d/*.conf • /////////////////usr/lib/tmpfiles.d/*.conf
  45. 45. temp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp filestemp files • sssssssssssssssssystemd will create, and cleanup temporary files • YYYYYYYYYYYYYYYYYou can assign files, directories to specific users • IIIIIIIIIIIIIIIIIt will decide when to delete them • WWWWWWWWWWWWWWWWWhen you change the files, run systemd-tmpfiles --create
  46. 46. MountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpointsMountpoints Licensed under a Creative Commons Attribution ShareAlike 2.0 License https://www.flickr.com/photos/manchesterlibrary/5425248883/
  47. 47. mountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmount • mmmmmmmmmmmmmmmmmounts are units • sssssssssssssssssystemd parses /etc/fstab • sssssssssssssssssystemd creates dependencies
  48. 48. systemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab optionssystemd /etc/fstab options • xxxxxxxxxxxxxxxxx-systemd.automount • nnnnnnnnnnnnnnnnnofail • aaaaaaaaaaaaaaaaauto noauto
  49. 49. /etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab //host1/share /net/share cifs noauto ,nofail ,x−systemd. automount ,x−systemd.requires=network.target 0 0
  50. 50. journaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournaldjournald Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/gregloby/3763720734
  51. 51. systemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journaldsystemd-journald • AAAAAAAAAAAAAAAAA daemon that captures and stores the logs • sssssssssssssssssyslog • kkkkkkkkkkkkkkkkkernel logs • bbbbbbbbbbbbbbbbboot messages • ssssssssssssssssstdout/stderr of services
  52. 52. systemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integrationsystemctl integration • sssssssssssssssssystemctl status shows the latest logs • sssssssssssssssssystemctl status -n 100 • sssssssssssssssssystemctl status -l
  53. 53. Enabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journaldEnabling journald • BBBBBBBBBBBBBBBBBy default (el7), hybrid mode (not persistent) • MMMMMMMMMMMMMMMMMake it persistent: mkdir -p /var/log/journal
  54. 54. Reading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logsReading the logs • fffffffffffffffffollow: journalctl -f • lllllllllllllllllast lines: journalctl -n 100 • fffffffffffffffffrom a unit: journalctl -u puppet-run.service • ooooooooooooooooonly this boot: journalctl -b • ooooooooooooooooonly this process: journalctl /opt/puppetlabs/puppet/bin/ruby
  55. 55. Logs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs exampleLogs example − Logs begin at Mon 2016−03−14 18:30:28 CET, end at Tue 2016 Mar 14 18:30:28 fqdn systemd−journal[137]: Runtime journ Mar 14 18:30:28 fqdn systemd−journal[137]: Runtime journ Mar 14 18:30:28 fqdn kernel: Initializing cgroup subsys Mar 14 18:30:28 fqdn kernel: Initializing cgroup subsys Mar 14 18:30:28 fqdn kernel: Initializing cgroup subsys Mar 14 18:30:28 fqdn kernel: Linux version 3.10.0−327.10 Mar 14 18:30:28 fqdn kernel: Command line: BOOT_IMAGE=/b Mar 14 18:30:28 fqdn kernel: e820: BIOS−provided physica Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000 Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000 Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000 Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000000 Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000b Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000f Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x00000000f Mar 14 18:30:28 fqdn kernel: BIOS−e820: [mem 0x000000010
  56. 56. timerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimers Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/modomatic/2538687135
  57. 57. Traditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cron AMQP_BROKER_HOST =10.1.40.19 MAILTO="sysadmin@example.com" ORACLE_HOME="/opt/example/part/python−oracle" PG_HOSTNAME ="10.1.30.10" PG_NAME="example" WS_URL=https://prod.example.com/ws/input LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/example/lib" CUPS_HOSTNAME ="10.1.40.1" LOGGING_HOST ="10.0.50.16" LOGGING_PORT="5544" 0 * * * * /opt/example/bin/cron−hourly 30 times.
  58. 58. What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong? • NNNNNNNNNNNNNNNNNo one reads those mails • DDDDDDDDDDDDDDDDDo not keep track of exit code • HHHHHHHHHHHHHHHHHard to read that crontab • HHHHHHHHHHHHHHHHHow to reproduce the script?
  59. 59. timerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimerstimers • UUUUUUUUUUUUUUUUUnits that are used to launch a service unit • SSSSSSSSSSSSSSSSSupports some cron features and anacron • AAAAAAAAAAAAAAAAAllows you to launch commands in a controlled environment
  60. 60. timers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs crontimers vs cron • NNNNNNNNNNNNNNNNNo built-in emails function • CCCCCCCCCCCCCCCCCron is more simple (one line to one file vs 2 units) • TTTTTTTTTTTTTTTTTimers uses services, so predictible env • YYYYYYYYYYYYYYYYYou can run independently the service unit • TTTTTTTTTTTTTTTTTimers logs are in systemd
  61. 61. Timers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers exampleTimers example # /etc/systemd/system/puppet−run.timer [Unit] Description=Systemd Timer for Puppet Agent [Timer] OnCalendar=*−*−* *:0,30:00 Persistent=true [Install] WantedBy=timers.target
  62. 62. What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when?What, when? • sssssssssssssssssystemctl list-timers • LLLLLLLLLLLLLLLLLast run time • NNNNNNNNNNNNNNNNNext run time • SSSSSSSSSSSSSSSSService unit
  63. 63. Socket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activation Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/alikai/1376760481
  64. 64. Socket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activationSocket activation • GGGGGGGGGGGGGGGGGoal: start a service when needed • sssssssssssssssssystemd will open a socket • SSSSSSSSSSSSSSSSStart the service at first connection • pppppppppppppppppass the socket to the service
  65. 65. socket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unitsocket unit # /etc/systemd/system/proxy−to−shaarli.socket [Unit] Description=Shaarli Proxy [Socket] ListenStream =127.0.0.1:43000 [Install] WantedBy=default.target
  66. 66. systemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unitsystemd-proxy service unit [Unit] Requires=shaarli.service After=shaarli.service JoinsNamespaceOf=shaarli.service [Service] ExecStart=/usr/lib/systemd/systemd−socket−proxyd 127.0.0.1:43001
  67. 67. Actual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unitActual service unit [Unit] Description=Shaarli [Service] WorkingDirectory=/opt/Shaarli/dev ExecStart=/usr/bin/php −S 127.0.0.1:43001 ExecStartPost=/bin/sleep 0.1 User=shaarli Group=shaarli [Install] WantedBy=default.target
  68. 68. Side commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commandsSide commands Licensed under a Creative Commons Attribution ShareAlike 2.0 License https://www.flickr.com/photos/archer10/3029638204/
  69. 69. systemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commandssystemd-* commands • sssssssssssssssssystemd-cgls: Show the cgroups hierarchy • sssssssssssssssssystemd-analyze blame: Shows the startup time • sssssssssssssssssystemd-nspawn: Containers • sssssssssssssssssystemd-run: run a command like if it was a service unit
  70. 70. systemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-runsystemd-run systemd−run −t −p PrivateTmp=true −p PrivateNetwork=yes −p ProtectHome=true bash
  71. 71. system settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settingssystem settings • tttttttttttttttttimedatectl: manage/show current datetime, timezome, DST change • lllllllllllllllllocatectl: locale/keyboard changes • mmmmmmmmmmmmmmmmmachinectl: containers/vms management • hhhhhhhhhhhhhhhhhostnamectl: change/view system hostname and os info
  72. 72. ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusion Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/drainrat/14090130452
  73. 73. systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd • AAAAAAAAAAAAAAAAAvailable in all modern distros • BBBBBBBBBBBBBBBBBy default in almost all of them • MMMMMMMMMMMMMMMMMakes a lot for standardization • RRRRRRRRRRRRRRRRRemoves "Distro" lock-in, Adds "Linux" lock-in • IIIIIIIIIIIIIIIIIt did more for standardization than LFS
  74. 74. systemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemdsystemd • PPPPPPPPPPPPPPPPPowerful tools, easily configured • RRRRRRRRRRRRRRRRReadable configuration • TTTTTTTTTTTTTTTTTakes advantage of Linux-specific mechanisms • RRRRRRRRRRRRRRRRRemoves the need for a lot of workarounds
  75. 75. ContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContact Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto julien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eu @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie inuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuits https://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.eu info@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.eu +32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636

×