systemd and configuration management

1,342 views

Published on

Slides from my talk at the 1st systemd.conf in Berlin.

Published in: Technology
1 Comment
5 Likes
Statistics
Notes
No Downloads
Views
Total views
1,342
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
1
Likes
5
Embeds 0
No embeds

No notes for slide

systemd and configuration management

  1. 1. systemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config management Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto systemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.confsystemd.conf November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015November 6, 2015
  2. 2. user-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.sliceuser-1000.slice Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto • Sysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.eu • FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004 • systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010 EEEEEEEEEEEEEEEEExherbo Linux • DevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believer • @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie on irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/github
  3. 3. inuits.eu
  4. 4. IntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroduction Licensed under a Creative Commons Attribution-2.0 License https://www.flickr.com/photos/cote/13932690487
  5. 5. The DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movement • DDDDDDDDDDDDDDDDDevOps is a movement born in 2009 • CCCCCCCCCCCCCCCCCollaboration between Developers and Operations • NNNNNNNNNNNNNNNNNothing new, just common sense • DDDDDDDDDDDDDDDDDevOpsDays, a serie of conferences all around the world
  6. 6. #DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS#DevOps C(L)AMS • CCCCCCCCCCCCCCCCCulture • (((((((((((((((((Lean) • AAAAAAAAAAAAAAAAAutomation • MMMMMMMMMMMMMMMMMeasurement • SSSSSSSSSSSSSSSSSharing John Willis and Damon Edwards
  7. 7. The A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMS • AAAAAAAAAAAAAAAAAutomation reduces human mistakes • CCCCCCCCCCCCCCCCContinuous Integration/Delivery • RRRRRRRRRRRRRRRRReproducable build • RRRRRRRRRRRRRRRRReproducable infrastructure • Infrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as Code
  8. 8. Infrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as Code • AAAAAAAAAAAAAAAAAutomate your infrastructure with code • MMMMMMMMMMMMMMMMModel your infrastructure • MMMMMMMMMMMMMMMMMonitoring, security, applications and backups are part of the process • SSSSSSSSSSSSSSSSScripts are not IaC
  9. 9. IaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practices • RRRRRRRRRRRRRRRRRun tests against that code • PPPPPPPPPPPPPPPPPut it under version control • DDDDDDDDDDDDDDDDDeploy with CI/CD: dev, uat, prod environments…
  10. 10. Configuration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management toolsConfiguration Management tools
  11. 11. Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this? • bbbbbbbbbbbbbbbbbare-metal • vvvvvvvvvvvvvvvvvirtualization • cccccccccccccccccloud • ……………………………………………
  12. 12. Heterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environmentsHeterogeneous environments • LLLLLLLLLLLLLLLLLinux distributions are different • IIIIIIIIIIIIIIIIInit systems, File hierarchy • EEEEEEEEEEEEEEEEEven between different releases of the same distro • CCCCCCCCCCCCCCCCConfiguration manegement tools try to abstract that
  13. 13. systemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picture
  14. 14. what people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people see • bbbbbbbbbbbbbbbbbefore: distinction between distributions • nnnnnnnnnnnnnnnnnow: distinction between distributions and systemd or not • tttttttttttttttttomorrow: it will be hard to provide the all the features of systemd to old distros
  15. 15. systemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distros • RRRRRRRRRRRRRRRRReaching Debian Stable and RHEL 7 • CCCCCCCCCCCCCCCCConfig management needs to learn it • IIIIIIIIIIIIIIIIIt brings lots of new patterns
  16. 16. Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified)Terminology (puppet, simplified) • rrrrrrrrrrrrrrrrresource: description of a small piece (file, service) with desired state • mmmmmmmmmmmmmmmmmodule: collection of resources (e.g. a module to setup Mysql)
  17. 17. ServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServices
  18. 18. ServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServicesServices • SSSSSSSSSSSSSSSSServices are basic resources in traditional IT • sssssssssssssssssystemd changes a lot of things in that area • ssssssssssssssssservices are now part of the "units" concept
  19. 19. Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd)Init scripts (without systemd) • WWWWWWWWWWWWWWWWWritten from scratch or templates • DDDDDDDDDDDDDDDDDifferent patterns • SSSSSSSSSSSSSSSSSometimes very long, hard to read
  20. 20. Changing old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scripts • WWWWWWWWWWWWWWWWWhy? Solve bugs, ajust niceness, change command… • CCCCCCCCCCCCCCCCChange the full file! • TTTTTTTTTTTTTTTTTemplate OS and version dependant
  21. 21. Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)Ordering (without systemd)
  22. 22. Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd)Unit files (with systemd) • iiiiiiiiiiiiiiiiini-like syntax • SSSSSSSSSSSSSSSSSelf-explanatory • SSSSSSSSSSSSSSSSStandardized accross distros
  23. 23. Here is the rule: Packaged files go in /lib. Config management tools override in /etc.
  24. 24. No conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor files • CCCCCCCCCCCCCCCCCan be overriden in /etc/systemd/system • NNNNNNNNNNNNNNNNNot afraid of package updates • PPPPPPPPPPPPPPPPPartial override possible
  25. 25. Partial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override examplePartial override example /etc/systemd/system/httpd.service.d/niceness.conf [Service] Nice=3
  26. 26. The surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surpriseThe surprise • CCCCCCCCCCCCCCCCCreating the file is not enough • sssssssssssssssssystemctl daemon-reload Notice: /Service[mariadb]/ensure: ensure changed ’stopped’ to ’running’
  27. 27. Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)Ordering (with systemd)
  28. 28. daemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppet file { '/etc/systemd/system/mariadb.service.d/niceness.conf ': ensure => present , content => template('systemd/niceness.erb '), notify => [ Exec['systemctl−daemon−reload '], Service['mariadb '], ] } exec { 'systemctl−daemon−reload ': command => '/usr/bin/systemctl reload−daemon ', refreshonly => true , } service { 'mariadb ': ensure => running , require => Exec['systemctl−daemon−reload '], }
  29. 29. systemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reload
  30. 30. systemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reload
  31. 31. systemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reloadsystemctl daemon-reload
  32. 32. systemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload orderingsystemctl daemon-reload ordering
  33. 33. Prevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to start • CCCCCCCCCCCCCCCCClassic init allows to disable services • CCCCCCCCCCCCCCCCConfigmgmt tools do not care • ccccccccccccccccchmod 000 /etc/init.d/mysqld
  34. 34. Masking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking servicesMasking services • llllllllllllllllln -s /dev/null /etc/systemd/system/mysqld.service • sssssssssssssssssystemctl daemon-reload • DDDDDDDDDDDDDDDDDone. It can't be started anymore
  35. 35. masking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppet file { '/etc/systemd/system/mariadb.service ': ensure => link , target => '/dev/null ', notify => Exec['systemctl daemon−reload '], }
  36. 36. (tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files(tmp) files Licensed under a Creative Commons Attribution-ShareAlike 2.0 License https://www.flickr.com/photos/brightmeadow/3748310435
  37. 37. tmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemd Several techniques: tmpfs, tmpwatch #! /bin/sh flags=−umc /usr/sbin/tmpwatch "$flags" −x /tmp/.X11−unix −x /tmp/. XIM−unix −x /tmp/.font−unix −x /tmp/.ICE−unix −x /tmp/. Test−unix −X '/tmp/hsperfdata_*' 10d /tmp /usr/sbin/tmpwatch "$flags" 30d /var/tmp for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/ cat?}; do if [ −d "$d" ]; then /usr/sbin/tmpwatch "$flags" −f 30d "$d" fi done
  38. 38. tmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemd systemd-tmpfiles v /tmp 1777 root root 10d v /var/tmp 1777 root root 30d
  39. 39. tmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemd • AAAAAAAAAAAAAAAAAgain, simple text files • CCCCCCCCCCCCCCCCCan be overwritten in /etc • YYYYYYYYYYYYYYYYYet another command to launch
  40. 40. tmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppet augeas { "tmpfiles.d−${path}": context => "/files/etc/tmpfiles.d/my.conf/*[path = ' ${path}']", changes => [ "set type 'd'", "set gid '${group}'", "set uid '${owner}'", "set mode '${mode}'", ], } exec {"systemd−tmpfiles−${path}": command => '/usr/bin/systemd−tmpfiles −−create ', creates => $path , requires => Augeas["tmpfiles.d−${path}"], }
  41. 41. TimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimers Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/southbeachcars/15110111516
  42. 42. Traditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cronTraditional cron AMQP_BROKER_HOST =10.1.40.19 MAILTO="sysadmin@example.com" ORACLE_HOME="/opt/example/part/python−oracle" PG_HOSTNAME ="10.1.30.10" PG_NAME="example" WS_URL=https://prod.example.com/ws/input LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/example/lib" CUPS_HOSTNAME ="10.1.40.1" LOGGING_HOST ="10.0.50.16" LOGGING_PORT="5544" 0 * * * * /opt/example/bin/cron−hourly 30 times.
  43. 43. What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong?What's wrong? • NNNNNNNNNNNNNNNNNo one reads those mails • DDDDDDDDDDDDDDDDDo not keep track of exit code • HHHHHHHHHHHHHHHHHard to read that crontab • HHHHHHHHHHHHHHHHHow to reproduce the script?
  44. 44. The systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timersThe systemd approach: timers • DDDDDDDDDDDDDDDDDescribe the job in a service file • AAAAAAAAAAAAAAAAAdd a timer file • EEEEEEEEEEEEEEEEEnable/start the timer service
  45. 45. Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better? • EEEEEEEEEEEEEEEEEasy to reproduce (launch the service unit) • LLLLLLLLLLLLLLLLLogs go to the journal, isolated by unit • AAAAAAAAAAAAAAAAAll the advantages of systemd units
  46. 46. NetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworking Licensed under a Creative Commons Attribution-ShareAlike 2.0 License https://www.flickr.com/photos/clonedmilkmen/4391670988
  47. 47. NetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworking • NNNNNNNNNNNNNNNNNew name interfaces • MMMMMMMMMMMMMMMMMakes sense because it is reliable • DDDDDDDDDDDDDDDDDoes not really meet configmgmt requirements
  48. 48. ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusion
  49. 49. systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex… • IIIIIIIIIIIIIIIIIt drags in a bunch of new pattern • IIIIIIIIIIIIIIIIIt supports a lot of scenarios • IIIIIIIIIIIIIIIIIt can do really advanced things
  50. 50. …but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks • IIIIIIIIIIIIIIIIIni-like file format • EEEEEEEEEEEEEEEEEasy to read, to change • CCCCCCCCCCCCCCCCConfig management tools have all the base bricks to manage that
  51. 51. There are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprises • sssssssssssssssssystemctl daemon-reload • sssssssssssssssssystemd-tmpfiles • tttttttttttttttttimers
  52. 52. You need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rules • TTTTTTTTTTTTTTTTTake time to learn how this works • TTTTTTTTTTTTTTTTThere is a gap between systemd devs and sysadmins • TTTTTTTTTTTTTTTTThere are new non-obvious patterns for sysadmins • BBBBBBBBBBBBBBBBBut at the end eveyone can win
  53. 53. The tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools sideThe tools side • TTTTTTTTTTTTTTTTThe tools natively supports systemd services • CCCCCCCCCCCCCCCCChef goes a lot further • hhhhhhhhhhhhhhhhhttps://github.com/nathwill/chef-systemd
  54. 54. A Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gaps • Gap between systemd and configmgmt tools • Gap between systemd community and cfgmgmt tools community • Together we can close those gaps
  55. 55. Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?Any Question?
  56. 56. ContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContact Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto julien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eu @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie inuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuits https://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.eu info@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.eu +32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636

×