Systemd is a system and service manager that replaces sysvinit. It manages services, devices, mounts and other system components. It relies on control groups (cgroups) to isolate and manage processes and resources for each service. Services are configured through declarative unit files instead of shell scripts. Systemd provides features like socket activation, timers, and integrates with journald for logging.
Systemd: the modern Linux init system you will learn to loveAlison Chaiken
The talk combines a design overview of systemd with some tutorial incofrmation about how to configure it. Systemd's features and pitfalls are illustrated by short demos and real-life examples. Files used in the demos are listed under "Presentations" at http://she-devel.com/
Video of the live presentation will appear here:
http://www.meetup.com/Silicon-Valley-Linux-Technology/events/208133972/
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...Adrian Huang
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Linux Kernel Booting Process (1) - For NLKBshimosawa
Describes the bootstrapping part in Linux and some related technologies.
This is the part one of the slides, and the succeeding slides will contain the errata for this slide.
Systemd: the modern Linux init system you will learn to loveAlison Chaiken
The talk combines a design overview of systemd with some tutorial incofrmation about how to configure it. Systemd's features and pitfalls are illustrated by short demos and real-life examples. Files used in the demos are listed under "Presentations" at http://she-devel.com/
Video of the live presentation will appear here:
http://www.meetup.com/Silicon-Valley-Linux-Technology/events/208133972/
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...Adrian Huang
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Linux Kernel Booting Process (1) - For NLKBshimosawa
Describes the bootstrapping part in Linux and some related technologies.
This is the part one of the slides, and the succeeding slides will contain the errata for this slide.
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
---------------------------------------------------
Speaker: Jorge Ramirez-Ortiz
Date: February 13, 2015
---------------------------------------------------
★ Session Summary ★
[Note: this is a joint Security/Power Management session) Understand what use cases related to Power Management have to interact with Trusted Firmware via Secure calls. Walk through some key use cases like CPU Suspend and explain how PM Linux drivers interacts with Trusted Firmware / PSCI
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250855
Video: https://www.youtube.com/watch?v=hQ2ITjHZY4s
Etherpad: http://pad.linaro.org/p/hkg15-505
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
As the name would suggest, a Non-Maskable Interrupt (NMI) is an interrupt-like feature that is unaffected by the disabling of classic interrupts. In Linux, NMIs are involved in some features such as performance event monitoring, hard-lockup detector, on demand state dumping, etc… Their potential to fire when least expected can fill the most seasoned kernel hackers with dread.
AArch64 (aka arm64 in the Linux tree) does not provide architected NMIs, a consequence being that features benefiting from NMIs see their use limited on AArch64. However, the Arm Generic Interrupt Controller (GIC) supports interrupt prioritization and masking, which, among other things, provides a way to control whether or not a set of interrupts can be signaled to a CPU.
This talk will cover how, using the GIC interrupt priorities, we provide a way to configure some interrupts to behave in an NMI-like manner on AArch64. We’ll discuss the implementation, some of the complications that ensued and also some of the benefits obtained from it.
Julien Thierry
Page cache mechanism in Linux kernel.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
A tutorial for beginners who are curious to learn about the Linux boot process. If you have any more doubts, you can contact me through my email given in the slide, or through my blog: mastro77.blogspot.in
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
Introduction to Linux Kernel by Quontra SolutionsQUONTRASOLUTIONS
Course Duration: 30-35 hours Training + Assignments + Actual Project Based Case Studies
Training Materials: All attendees will receive,
Assignment after each module, Video recording of every session
Notes and study material for examples covered.
Access to the Training Blog & Repository of Materials
Pre-requisites:
Basic Computer Skills and knowledge of IT.
Training Highlights
* Focus on Hands on training.
* 30 hours of Assignments, Live Case Studies.
* Video Recordings of sessions provided.
* One Problem Statement discussed across the whole training program.
* Resume prep, Interview Questions provided.
WEBSITE: www.QuontraSolutions.com
Contact Info: Phone +1 404-900-9988(or) Email - info@quontrasolutions.com
Buildroot is a set of Makefiles and patches that makes it
easy to generate a complete embedded Linux system. It generates root file system images ready to be used. Complete build system based on the Linux Kernel configuration system and supports a wide range of target architectures. Here is a presentation that gives a practical quick start to build-root.
Talk by Brendan Gregg for USENIX LISA 2019: Linux Systems Performance. Abstract: "
Systems performance is an effective discipline for performance analysis and tuning, and can help you find performance wins for your applications and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes the topic for everyone, touring six important areas of Linux systems performance: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events) and tracing (Ftrace, bcc/BPF, and bpftrace/BPF), and much advice about what is and isn't important to learn. This talk is aimed at everyone: developers, operations, sysadmins, etc, and in any environment running Linux, bare metal or the cloud."
Kernel Recipes 2015 - Kernel dump analysisAnne Nicolas
Kernel dump analysis
Cloud this, cloud that…It’s making everything easier, especially for web hosted services. But what about the servers that are not supposed to crash ? For applications making the assumption the OS won’t do any fault or go down, what can you write in your post-mortem once the server froze and has been restarted ? How to track down the bug that lead to service unavailability ?
In this talk, we’ll see how to setup kdump and how to panic a server to generate a coredump. Once you have the vmcore file, how to track the issue with “crash” tool to find why your OS went down. Last but not least : with “crash” you can also modify your live kernel, the same way you would do with gdb.
Adrien Mahieux – System administrator obsessed with performance and uptime, tracking down microseconds from hardware to software since 2011. The application must be seen as a whole to provide efficiently the requested service. This includes searching for bottlenecks and tradeoffs, design issues or hardware optimization.
Virtual File System in Linux Kernel
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Getting started with setting up embedded platform requires audience to understand some of the key aspects of Linux. This presentation deals with basics of Linux as an OS, Linux commands, vi editor, Shell features like redirection, pipes and shell scripting
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
---------------------------------------------------
Speaker: Jorge Ramirez-Ortiz
Date: February 13, 2015
---------------------------------------------------
★ Session Summary ★
[Note: this is a joint Security/Power Management session) Understand what use cases related to Power Management have to interact with Trusted Firmware via Secure calls. Walk through some key use cases like CPU Suspend and explain how PM Linux drivers interacts with Trusted Firmware / PSCI
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250855
Video: https://www.youtube.com/watch?v=hQ2ITjHZY4s
Etherpad: http://pad.linaro.org/p/hkg15-505
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
As the name would suggest, a Non-Maskable Interrupt (NMI) is an interrupt-like feature that is unaffected by the disabling of classic interrupts. In Linux, NMIs are involved in some features such as performance event monitoring, hard-lockup detector, on demand state dumping, etc… Their potential to fire when least expected can fill the most seasoned kernel hackers with dread.
AArch64 (aka arm64 in the Linux tree) does not provide architected NMIs, a consequence being that features benefiting from NMIs see their use limited on AArch64. However, the Arm Generic Interrupt Controller (GIC) supports interrupt prioritization and masking, which, among other things, provides a way to control whether or not a set of interrupts can be signaled to a CPU.
This talk will cover how, using the GIC interrupt priorities, we provide a way to configure some interrupts to behave in an NMI-like manner on AArch64. We’ll discuss the implementation, some of the complications that ensued and also some of the benefits obtained from it.
Julien Thierry
Page cache mechanism in Linux kernel.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
A tutorial for beginners who are curious to learn about the Linux boot process. If you have any more doubts, you can contact me through my email given in the slide, or through my blog: mastro77.blogspot.in
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
Introduction to Linux Kernel by Quontra SolutionsQUONTRASOLUTIONS
Course Duration: 30-35 hours Training + Assignments + Actual Project Based Case Studies
Training Materials: All attendees will receive,
Assignment after each module, Video recording of every session
Notes and study material for examples covered.
Access to the Training Blog & Repository of Materials
Pre-requisites:
Basic Computer Skills and knowledge of IT.
Training Highlights
* Focus on Hands on training.
* 30 hours of Assignments, Live Case Studies.
* Video Recordings of sessions provided.
* One Problem Statement discussed across the whole training program.
* Resume prep, Interview Questions provided.
WEBSITE: www.QuontraSolutions.com
Contact Info: Phone +1 404-900-9988(or) Email - info@quontrasolutions.com
Buildroot is a set of Makefiles and patches that makes it
easy to generate a complete embedded Linux system. It generates root file system images ready to be used. Complete build system based on the Linux Kernel configuration system and supports a wide range of target architectures. Here is a presentation that gives a practical quick start to build-root.
Talk by Brendan Gregg for USENIX LISA 2019: Linux Systems Performance. Abstract: "
Systems performance is an effective discipline for performance analysis and tuning, and can help you find performance wins for your applications and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes the topic for everyone, touring six important areas of Linux systems performance: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events) and tracing (Ftrace, bcc/BPF, and bpftrace/BPF), and much advice about what is and isn't important to learn. This talk is aimed at everyone: developers, operations, sysadmins, etc, and in any environment running Linux, bare metal or the cloud."
Kernel Recipes 2015 - Kernel dump analysisAnne Nicolas
Kernel dump analysis
Cloud this, cloud that…It’s making everything easier, especially for web hosted services. But what about the servers that are not supposed to crash ? For applications making the assumption the OS won’t do any fault or go down, what can you write in your post-mortem once the server froze and has been restarted ? How to track down the bug that lead to service unavailability ?
In this talk, we’ll see how to setup kdump and how to panic a server to generate a coredump. Once you have the vmcore file, how to track the issue with “crash” tool to find why your OS went down. Last but not least : with “crash” you can also modify your live kernel, the same way you would do with gdb.
Adrien Mahieux – System administrator obsessed with performance and uptime, tracking down microseconds from hardware to software since 2011. The application must be seen as a whole to provide efficiently the requested service. This includes searching for bottlenecks and tradeoffs, design issues or hardware optimization.
Virtual File System in Linux Kernel
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Getting started with setting up embedded platform requires audience to understand some of the key aspects of Linux. This presentation deals with basics of Linux as an OS, Linux commands, vi editor, Shell features like redirection, pipes and shell scripting
A short overview of current technologies plucked from the Texas Linux Fest schedule for 2014. Includes overviews of systemd, popular configuration management tools, docker, distributed log collection, and openstack.
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
System Programming
Deamon Process
A daemon process is a process which runs in background and has no controlling terminal. A daemon (also known as background processes) is UNIX and it is known as services and agents in windows. Since a daemon process usually has no controlling terminal so almost no user interaction is required. Daemon processes are used to provide services that can well be done in background without any user interaction. Daemons are processes that are often started when the system is bootstrapped (boot time) and terminate only when the system is shut down.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Outline
1 Introduction
2 Behind the scenes: cgroups
3 Managing services
4 Analyzing startup performance
5 Exploring the system status
6 Configuring services by writing unit files
7 Timer units
8 Socket activation
9 Logging with journald
10 Containers integration
11 Networking with systemd-networkd
12 Migration from sysvinit
13 Conclusions
Lucas Nussbaum systemd 2 / 40
3. Init system
First process started by the kernel (pid 1)
Responsible for bringing up the rest of userspace
Mounting filesystems
Starting services
. . .
Also the parent for orphan processes
Traditional init system on Linux: sysVinit
Inherited from Unix System V
With additional tools (insserv, startpar) to handle
dependencies and parallel initialization
Lucas Nussbaum systemd 3 / 40
4. systemd
Written (since 2010) by Lennart Poettering (Red Hat) and others
Now the default on most Linux distributions
Shifts the scope from starting all services (sysVinit) to
managing the system and all services
Key features:
Relies on cgroups for
Services supervision
Control of services execution environment
Declarative syntax for unit files more efficient/robust
Socket activation for parallel services startup
Nicer user interface (systemctl & friends)
Additional features: logging, timer units (cron-like), user sessions
handling, containers management
Lucas Nussbaum systemd 4 / 40
5. Behind the scenes: cgroups
Abbreviated from control groups
Linux kernel feature
Limit, account for and isolate processes and their resource usage
(CPU, memory, disk I/O, network, etc.)
Related to namespace isolation:
Isolate processes from the rest of the system
Chroots on steroids
PID, network, UTS, mount, user, etc.
LXC, Docker ≈ cgroups + namespaces (+ management tools)
Lucas Nussbaum systemd 5 / 40
6. cgroups and systemd
Each service runs in its own cgroup
Enables:
Tracking and killing all processes created by each service
Per-service accounting and resources allocation/limitation
Previously, with sysVinit:
No tracking of which service started which processes
PID files, or hacks in init scripts: pidof / killall / pgrep
Hard to completely terminate a service (left-over CGI
scripts when killing Apache)
No resources limitation (or using setrlimit (= ulimit), which
is per-process, not per-service)
Also isolate user sessions kill all user processes (not by default)
More information: Control Groups vs. Control Groups and
Which Service Owns Which Processes?
Lucas Nussbaum systemd 6 / 40
9. Managing services with systemctl
What is being manipulated is called a unit: services (.service),
mount points (.mount), devices (.device), sockets (.socket), etc.
Basic commands:
sysVinit systemd notes
service foo start systemctl start foo
service foo stop systemctl stop foo
service foo restart systemctl restart foo
service foo reload systemctl reload foo
service foo condrestart systemctl condrestart foo restart if already running
update-rc.d foo enable systemctl enable foo auto-start at next boot
update-rc.d foo disable systemctl disable foo disable auto-start
systemctl is-enabled foo
There’s auto-completion (apache2 and apache2.service work)
Several services can be specified:
systemctl restart apache2 postgresql
Lucas Nussbaum systemd 9 / 40
10. systemd and runlevels
With sysVinit, runlevels control which services are started
automatically
0 = halt; 1 = single-user / minimal mode; 6 = reboot
Debian: no difference by default between levels 2, 3, 4, 5
RHEL: 3 = multi-user text, 5 = multi-user graphical
systemd replaces runlevels with targets:
Configured using symlinks farms in
/etc/systemd/system/target.wants/
systemctl enable/disable manipule those symlinks
systemctl mask disables the service and prevents it from
being started manually
The default target can be configured with
systemctl get-default/set-default
More information: The Three Levels of "Off"
Lucas Nussbaum systemd 10 / 40
11. Default targets (bootup(7))
local -fs-pre.target
|
v
(various mounts and (various swap (various cryptsetup
fsck services ...) devices ...) devices ...) (various low -level (various low -level
| | | services: udevd , API VFS mounts:
v v v tmpfiles , random mqueue , configfs ,
local -fs.target swap.target cryptsetup.target seed , sysctl , ...) debugfs , ...)
| | | | |
__________________|_________________ | ___________________|____________________/
|/
v
sysinit.target
|
____________________________________ /| ________________________________________
/ | | |
| | | | |
v v | v v
(various (various | (various rescue.service
timers ...) paths ...) | sockets ...) |
| | | | v
v v | v rescue.target
timers.target paths.target | sockets.target
| | | |
__________________|_________________ | ___________________/
|/
v
basic.target
|
____________________________________ /| emergency.service
/ | | |
| | | v
v v v emergency.target
display - (various system (various system
manager.service services services)
| required for |
| graphical UIs) v
| | multi-user.target
| | |
_________________ | _________________/
|/
v
graphical.target
Lucas Nussbaum systemd 11 / 40
12. Analyzing startup performance
Fast boot matters in some use-cases:
Virtualization, Cloud:
Almost no BIOS / hardware checks only software
startup
Requirement for infrastructure elasticity
Embedded world
systemd-analyze time: summary
Startup finished in 4.883s (kernel) + 5.229s (userspace) = 10.112s
systemd-analyze blame: worst offenders
2.417s systemd -udev -settle.service
2.386s postgresql@9 .4-main.service
1.507s apache2.service
240ms NetworkManager.service
236ms ModemManager.service
194ms accounts -daemon.service
Lucas Nussbaum systemd 12 / 40
13. systemd-analyze plot
Similar to bootchartd, but does not require rebooting with a
custom init= kernel command-line
Lucas Nussbaum systemd 13 / 40
15. Exploring the system status
Listing units with systemctl list-units (or just systemctl):
active units: systemctl
List only services: systemctl -t service
List units in failed state: systemctl --failed
Whole system overview: systemctl status
GUI available: systemadm
Lucas Nussbaum systemd 15 / 40
16. systemctl status service
Includes:
Service name and description, state, PID
Free-form status line from systemd-notify(1) or sd_notify(3)
Processes tree inside the cgroup
Last lines from journald (syslog messages and stdout/stderr)
Lucas Nussbaum systemd 16 / 40
17. Configuring services by writing unit files
With sysVinit: shell scripts in /etc/init.d/
Long and difficult to write
Redundant code between services
Slow (numerous fork() calls)
With systemd: declarative syntax (.desktop-like)
Move intelligence from scripts to systemd
Covers most of the needs, but shell scripts can still be used
Can use includes and overrides (systemd-delta)
View config file for a unit: systemctl cat atd.service
Or just find the file under /lib/systemd/system/ (distribution’s
defaults) or /etc/systemd/system (local overrides)
Lucas Nussbaum systemd 17 / 40
18. Simple example: atd
[Unit]
Description=Deferred execution scheduler
# Pointer to documentation shown in systemctl status
Documentation=man:atd(8)
[Service]
# Command to start the service
ExecStart =/usr/sbin/atd -f
IgnoreSIGPIPE=false # Default is true
[Install]
# Where "systemctl enable" creates the symlink
WantedBy=multi -user.target
Lucas Nussbaum systemd 18 / 40
19. Common options
Documented in systemd.unit(5) ([Unit]), systemd.service(5)
([Service]), systemd.exec(5) (execution environment)
Show all options for a given service:
systemctl show atd
Sourcing a configuration file:
EnvironmentFile=-/etc/default/ssh
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
Using the $MAINPID magic variable:
ExecReload=/bin/kill -HUP $MAINPID
Auto-restart a service when crashed: (≈ runit / monit)
Restart=on-failure
Conditional start:
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
Conditions on architecture, virtualization, kernel cmdline, AC power, etc.
Lucas Nussbaum systemd 19 / 40
20. Options for isolation and security
Use a network namespace to isolate the service from the network:
PrivateNetwork=yes
Use a filesystem namespaces:
To provide a service-specific /tmp directory:
PrivateTmp=yes
To make some directories inaccessible or read-only:
InaccessibleDirectories=/home
ReadOnlyDirectories=/var
Specify the list of capabilities(7) for a service:
CapabilityBoundingSet=CAP_CHOWN CAP_KILL
Or just remove one:
CapabilityBoundingSet=~CAP_SYS_PTRACE
Disallow forking:
LimitNPROC=1
Lucas Nussbaum systemd 20 / 40
21. Options for isolation and security (2)
Run as user/group: User=, Group=
Run service inside a chroot:
RootDirectory=/srv/chroot/foobar
ExecStartPre=/usr/local/bin/setup-foobar-chroot.sh
ExecStart=/usr/bin/foobard
RootDirectoryStartOnly=yes
Control CPU shares, memory limits, block I/O, swapiness:
CPUShares=1500
MemoryLimit=1G
BlockIOWeight=500
BlockIOReadBandwith=/var/log 5M
ControlGroupAttribute=memory.swappiness 70
More information: Converting sysV init scripts to systemd service
files, Securing your services, Changing roots, Managing
resources
Lucas Nussbaum systemd 21 / 40
22. Timer units
Similar to cron, but with all the power of systemd (dependencies,
execution environment configuration, etc)
Realtime (wallclock) timers: calendar event expressions
Expressed using a complex format (see systemd.time(7)),
matching timestamps like: Fri 2012-11-23 11:12:13
Examples of valid values: hourly (= *-*-* *:00:00), daily (=
*-*-* 00:00:00), *:2/3 (= *-*-* *:02/3:00)
Monotonic timers, relative to different starting points:
5 hours and 30 mins after system boot: OnBootSec=5h 30m
50s after systemd startup: OnstartupSec=50s
1 hour after the unit was last activated: OnUnitActiveSec=1h
(can be combined with OnBootSec or OnStartupSec to ensure
that a unit runs on a regular basis)
Lucas Nussbaum systemd 22 / 40
23. Timer units example
myscript.service:
[Unit]
Description=MyScript
[Service]
Type=simple
ExecStart =/usr/local/bin/myscript
myscript.timer:
[Unit]
Description=Runs myscript every hour
[Timer]
# Time to wait after booting before we run first time
OnBootSec =10min
# Time between running each consecutive time
OnUnitActiveSec =1h
Unit=myscript.service
[Install]
WantedBy=multi -user.target
Lucas Nussbaum systemd 23 / 40
24. Timer units example (2)
Start timer:
systemctl start myscript.timer
Enable timer to start at boot:
systemctl enable myscript.timer
List all timers:
systemctl list-timers
Lucas Nussbaum systemd 24 / 40
25. Socket activation
systemd listens for connection on behalf of service until the
service is ready, then passes pending connections
Benefits:
No need to express ordering of services during boot:
They can all be started in parallel faster boot
And they will wait for each other when needed (when
they will talk to each other), thanks to socket activation
Services that are seldomly used do not need to keep running,
and can be started on-demand
Not limited to network services: also D-Bus activation and path
activation
More information: Converting inetd Service, Socket Activation for
developers (+ follow-up)
Lucas Nussbaum systemd 25 / 40
27. Socket activation example: sshd
sshd.socket:
[Unit]
Description=SSH Socket for Per -Connection Servers
[Socket]
ListenStream =22
Accept=yes
[Install]
WantedBy=sockets.target
sshd@.service:
[Unit]
Description=SSH Per -Connection Server
[Service]
ExecStart=-/usr/sbin/sshd -i
StandardInput=socket
Lucas Nussbaum systemd 27 / 40
28. Socket activation example: sshd (2)
sshd@.service means that this is an instantiated service
There’s one instance of sshd@.service per connection:
# systemctl --full | grep ssh
sshd@172 .31.0.52:22 -172.31.0.4:47779. service loaded active running
sshd@172 .31.0.52:22 -172.31.0.54:52985. service loaded active running
sshd.socket loaded active listening
Instanciated services are also used by getty
See Serial console and Instanciated services
Lucas Nussbaum systemd 28 / 40
29. Logging with journald
Component of systemd
Captures syslog messages, kernel log messages, initrd and early
boot messages, messages written to stdout/stderr by all services
Forwards everything to syslog
Structured format (key/value fields), can contain arbitrary data
But viewable as syslog-like format with journalctl
Indexed, binary logs; rotation handled transparently
Can replace syslog (but can also work in parallel)
Not persistent across reboots by default – to make it persistent,
create the /var/log/journal directory, preferably with:
install -d -g systemd-journal /var/log/journal
setfacl -R -nm g:adm:rx,d:g:adm:rx /var/log/journal
Can log to a remote host (with systemd-journal-gateway, not in
Debian yet)
Lucas Nussbaum systemd 29 / 40
31. Using journalctl
View the full log: journalctl
Since last boot: journalctl -b
For a given time interval: journalctl --since=yesterday
or journalctl --until="2013-03-15 13:10:30"
View it in the verbose (native) format: journalctl -o verbose
Filter by systemd unit: journalctl -u ssh
Filter by field from the verbose format:
journalctl _SYSTEMD_UNIT=ssh.service
journalctl _PID=810
Line view (≈ tail -f): journalctl -f
Last entries (≈ tail): journalctl -n
Works with bash-completion
See also: Journald design document, Using the Journal
Lucas Nussbaum systemd 31 / 40
32. Containers integration
General philosophy: integrate management of services from
machines (VMs and containers) with those of the host
systemd-machined: tracks machines, provides an API to list,
create, register, kill, terminate machines, transfer images (tar,
raw, Docker)
machinectl: command-line utility to manipulate machines
other tools also have containers support:
systemctl -M mycontainer restart foo
systemctl list-machines: provides state of containers
journalctl -M mycontainer
journalctl -m: combined log of all containers
systemd has its own mini container manager: systemd-nspawn
Other virtualization solutions can also talk to machined
More information: Container integration
Lucas Nussbaum systemd 32 / 40
33. Networking with systemd-networkd
Replacement for /etc/network/interfaces, on servers and VMs
Not really for Network Manager on desktops and laptops
Supports setting IP configuration, configuring bridges, vlans,
bonding, tunnels, etc
Configuration files with a [Match] section to match on MAC
address, driver, udev path, type, hostname, etc
foo.link: link-level configuration – MAC address, interface
name, MTU, rate, Duplex mode, Wake on Lan
foo.netdev: creation of virtual network devices (bridges,
bonds, vlans, IPIP or GRE tunnels, VXLAN, tun, tap, veth)
foo.network: network devices configuration: IP (static or
DHCP, gateway, additional routes, DNS), addition to bridge
More information: systemd-networkd(8), systemd.link(5),
systemd.network(5), systemd.netdev(5)
Lucas Nussbaum systemd 33 / 40
34. Example 1: DHCP, additional route
For higher performance, systemd includes a DHCP client
# /etc/systemd/network/ethernet.network
[Match]
Name=eth0
[Network]
DHCP=yes
[Route]
Gateway =192.168.1.253
Destination =10.0.0.0/8
Lucas Nussbaum systemd 34 / 40
35. Example 2: static addressing and VLAN
# /etc/systemd/network/vlan1.netdev
# [Match] section is optional in netdev files
[NetDev]
Name=vlan1
Kind=vlan
[VLAN]
Id=1
# /etc/systemd/network/ethernet.network
[Match]
Name=eth0
[Network]
DHCP=yes
VLAN=vlan1 # will create vlan1 on this device
# /etc/systemd/network/vlan1.network
[Match]
Name=vlan1
[Network]
Address =192.168.1.1/24
Gateway =192.168.1.254
Lucas Nussbaum systemd 35 / 40
36. Example 3: bridge and tap
# /etc/systemd/network/bridge0.netdev
[NetDev]
Name=bridge0
Kind=bridge
# /etc/systemd/network/bridge0.network
[Match]
Name=bridge0
[Network]
Address =192.168.1.1/24
DHCPServer=yes # systemd has its own , very basic , DHCP server
# /etc/systemd/network/tap.netdev
[NetDev]
Name=tap0
Kind=tap
# /etc/systemd/network/tap.network
[Match]
Name=bridge0
[NetDev]
Bridge=bridge0
Lucas Nussbaum systemd 36 / 40
37. Migration from sysvinit
systemd hooks into LSB init scripts: service foo start|stop|...
and /etc/init.d/foo redirect to systemctl
systemd-sysv-generator creates wrapper units for LSB scripts:
Using LSB dependencies
Services are described as LSB: foo
List all generated services:
systemctl list-units | grep LSB:
Lucas Nussbaum systemd 37 / 40
39. More stuff
New cross-distro configuration files: /etc/hostname,
/etc/locale.conf, /etc/sysctl.d/*.conf,
/etc/tmpfiles.d/*.conf
Tools to manage hostname, locale, time and date: hostnamectl,
localectl, timedatectl
Support for watchdogs
Handling of user sessions
Each within its own cgroup
Multi-seat support
loginctl to manage sessions, users, seats
Lucas Nussbaum systemd 39 / 40
40. Conclusions
systemd revisits the way we manage Linux systems
If we redesigned services management from scratch, would it
look like systemd?
For service developers: easier to support systemd than sysVinit
No need to fork, to drop privileges, to write a pid file
Just output logs to stdout (redirected to syslog, with priorities)
Some parts still have rough edges, or are still moving targets, but
are promising: journal, containers, networking
systemd might not be the final answer, but at least it’s an
interesting data point to look at
Lucas Nussbaum systemd 40 / 40