systemd: wymyślmy jeszcze jedno koło

systemd: wymyślmy jeszcze jedno koło Zimowisko TLUG 2011 Tomasz Torcz <tomek@pipebreaker.pl>

Rozdzielnik co to jest init? jaką ma rolę? dlaczego systemd?

SystemV init PID 1 /etc/inittab sysinit: initdefault: http://en.wikipedia.org/wiki/init#other_styles

Mamo, skąd się biorą procesy? - boot - cron, at - inetd - D-Bus activation

Autorzy systemd% git log --format=%an sort -u wc -l 47 >10 commitów: Michael Biebl, Kay Sievers, Lennart Pöttering Pomysły: reszta świata

Usługi to nie wszystko usługi gniazda punkty mountowania pliki, katalogi upływ czasu urządzenia, cele

Ale my już mamy koło!

Ale my już mamy koło! /etc/init.d/* /etc/fstab /etc/init/* kernel command line (emergency, single itp.)

Usługi zależności (implicit) restartowanie demonizacja limity i kontrola (CPU, I/O, mem)

Usługi - kontrola WorkingDirectory= RootDirectory= User= Group= SupplementaryGroups= Nice= OOMScoreAdjust= IOSchedulingClass= IOSchedulingPriority= CPUSchedulingPolicy= CPUSchedulingPriority= CPUSchedulingResetOnFork= CPUAffinity= UMask= Environment= EnvironmentFile= StandardInput= StandardOutput= StandardError= TTYPath= SyslogIdentifer= SyslogFacility= SyslogLevel= SyslogLevelPrefix= TimerSlackNSec= LimitCPU= LimitFSIZE= LimitDATA= LimitSTACK= LimitCORE= LimitRSS= LimitNOFILE= LimitAS= LimitNPROC= LimitMEMLOCK= LimitLOCKS= LimitSIGPENDING= LimitMSGQUEUE= LimitNICE= LimitRTPRIO= LimitRTTIME= PAMName= TCPWrapName= Capabilities= SecureBits= CapabilityBoundingSetDrop= ControlGroup= ReadWriteDirectories= ReadOnlyDirectories= InaccessibleDirectories= PrivateTmp= MountFlags=

Usługi - kontrola WorkingDirectory= RootDirectory= User= Group= SupplementaryGroups= Nice= OOMScoreAdjust= IOSchedulingClass= IOSchedulingPriority= CPUSchedulingPolicy= CPUSchedulingPriority= CPUSchedulingResetOnFork= CPUAffinity= UMask= Environment= EnvironmentFile= StandardInput= StandardOutput= StandardError= TTYPath= SyslogIdentifer= SyslogFacility= SyslogLevel= SyslogLevelPrefix= TimerSlackNSec= LimitCPU= LimitFSIZE= LimitDATA= LimitSTACK= LimitCORE= LimitRSS= LimitNOFILE= LimitAS= LimitNPROC= LimitMEMLOCK= LimitLOCKS= LimitSIGPENDING= LimitMSGQUEUE= LimitNICE= LimitRTPRIO= LimitRTTIME= PAMName= TCPWrapName= Capabilities= SecureBits= CapabilityBoundingSetDrop= ControlGroup= ReadWriteDirectories= ReadOnlyDirectories= InaccessibleDirectories= PrivateTmp= MountFlags=

Usługi - kontrola WorkingDirectory= RootDirectory= User= Group= SupplementaryGroups= Nice= OOMScoreAdjust= IOSchedulingClass= IOSchedulingPriority= CPUSchedulingPolicy= CPUSchedulingPriority= CPUSchedulingResetOnFork= CPUAffinity= UMask= Environment= EnvironmentFile= StandardInput= StandardOutput= StandardError= TTYPath= SyslogIdentifer= SyslogFacility= SyslogLevel= SyslogLevelPrefix= TimerSlackNSec= LimitCPU= LimitFSIZE= LimitDATA= LimitSTACK= LimitCORE= LimitRSS= LimitNOFILE= LimitAS= LimitNPROC= LimitMEMLOCK= LimitLOCKS= LimitSIGPENDING= LimitMSGQUEUE= LimitNICE= LimitRTPRIO= LimitRTTIME= PAMName= TCPWrapName= Capabilities= SecureBits= CapabilityBoundingSetDrop= ControlGroup= ReadWriteDirectories= ReadOnlyDirectories= InaccessibleDirectories= PrivateTmp= MountFlags=

Usługi - kontrola WorkingDirectory= RootDirectory= User= Group= SupplementaryGroups= Nice= OOMScoreAdjust= IOSchedulingClass= IOSchedulingPriority= CPUSchedulingPolicy= CPUSchedulingPriority= CPUSchedulingResetOnFork= CPUAffinity= UMask= Environment= EnvironmentFile= StandardInput= StandardOutput= StandardError= TTYPath= SyslogIdentifer= SyslogFacility= SyslogLevel= SyslogLevelPrefix= TimerSlackNSec= LimitCPU= LimitFSIZE= LimitDATA= LimitSTACK= LimitCORE= LimitRSS= LimitNOFILE= LimitAS= LimitNPROC= LimitMEMLOCK= LimitLOCKS= LimitSIGPENDING= LimitMSGQUEUE= LimitNICE= LimitRTPRIO= LimitRTTIME= PAMName= TCPWrapName= Capabilities= SecureBits= CapabilityBoundingSetDrop= ControlGroup= ReadWriteDirectories= ReadOnlyDirectories= InaccessibleDirectories= PrivateTmp= MountFlags=

Usługi - kontrola WorkingDirectory= RootDirectory= User= Group= SupplementaryGroups= Nice= OOMScoreAdjust= IOSchedulingClass= IOSchedulingPriority= CPUSchedulingPolicy= CPUSchedulingPriority= CPUSchedulingResetOnFork= CPUAffinity= UMask= Environment= EnvironmentFile= StandardInput= StandardOutput= StandardError= TTYPath= SyslogIdentifer= SyslogFacility= SyslogLevel= SyslogLevelPrefix= TimerSlackNSec= LimitCPU= LimitFSIZE= LimitDATA= LimitSTACK= LimitCORE= LimitRSS= LimitNOFILE= LimitAS= LimitNPROC= LimitMEMLOCK= LimitLOCKS= LimitSIGPENDING= LimitMSGQUEUE= LimitNICE= LimitRTPRIO= LimitRTTIME= PAMName= TCPWrapName= Capabilities= SecureBits= CapabilityBoundingSetDrop= ControlGroup= ReadWriteDirectories= ReadOnlyDirectories= InaccessibleDirectories= PrivateTmp= MountFlags=

Usługi - kontrola man systemd.exec man systemd.unit man systemd.service

Usługi - sysvinit #!/bin/bash # # ladvd Startup script for the [cefn]dp/lldp sender # # chkconfig: - 85 15 # description: ladvd uses [cefn]dp / lldp frames to inform switches \ # about connected hosts, which simplifies ethernet \ # switch management. # processname: ladvd # pidfile: /var/run/ladvd.pid # ### BEGIN INIT INFO # Provides: ladvd # Required-Start: $local_fs $network # Required-Stop: $local_fs $network # Short-Description: start and stop cdp/lldp sender # Description: ladvd uses [cefn]dp / lldp frames to inform switches # about connected hosts, which simplifies ethernet # switch management. ### END INIT INFO # Source function library.. /etc/rc.d/init.d/functions [ -f /etc/sysconfig/network ] &&. /etc/sysconfig/network [ "${NETWORKING}" = "yes" ] exit 0 [ -r /etc/sysconfig/ladvd ] &&. /etc/sysconfig/ladvd start() { [ -z "$ARGS" ] && exit 6 } echo -n $"Starting ladvd: " [! -d "/var/run/ladvd" ] && mkdir /var/run/ladvd && chown ladvd.ladvd /var/run/ladvd daemon /usr/sbin/ladvd $ARGS $LADVDARGS RETVAL=$? echo [ $RETVAL = 0 ] && touch /var/lock/subsys/ladvd return $RETVAL stop() { echo -n $"Shutting down ladvd: " killproc ladvd RETVAL=$? rm -f /var/lock/subsys/ladvd echo return $RETVAL } [ -f /usr/sbin/ladvd ] exit 0 # See how we were called. case "$1" in start) start ;; stop) stop ;; force-reload restart reload) stop start ;; try-restart condrestart) [ -e /var/lock/subsys/ladvd ] && (stop; start) ;; status) status ladvd RETVAL=$? ;; *) echo $"Usage: $0 {start stop status restart reload condrestart}" exit 3 esac exit $RETVAL

Usługi - sysvinit #!/bin/bash # # ladvd Startup script for the [cefn]dp/lldp sender # # chkconfig: - 85 15 # description: ladvd uses [cefn]dp / lldp frames to inform switches \ # about connected hosts, which simplifies ethernet \ # switch management. # processname: ladvd # pidfile: /var/run/ladvd.pid # ### BEGIN INIT INFO # Provides: ladvd # Required-Start: $local_fs $network # Required-Stop: $local_fs $network # Short-Description: start and stop cdp/lldp sender # Description: ladvd uses [cefn]dp / lldp frames to inform switches # about connected hosts, which simplifies ethernet # switch management. ### END INIT INFO

Usługi - sysvinit [ -r /etc/sysconfig/ladvd ] &&. /etc/sysconfig/ladvd start() { [ -z "$ARGS" ] && exit 6 echo -n $"Starting ladvd: " [! -d "/var/run/ladvd" ] && mkdir /var/run/ladvd && chown ladvd.ladvd /var/run/ladvd daemon /usr/sbin/ladvd $ARGS $LADVDARGS RETVAL=$? echo [ $RETVAL = 0 ] && touch /var/lock/subsys/ladvd return $RETVAL } stop() { echo -n $"Shutting down ladvd: " killproc ladvd RETVAL=$? rm -f /var/lock/subsys/ladvd echo return $RETVAL } [ -f /usr/sbin/ladvd ] exit 0

Usługi - sysvinit # See how we were called. case "$1" in start) start ;; stop) stop ;; force-reload restart reload) stop start ;; try-restart condrestart) [ -e /var/lock/subsys/ladvd ] && (stop; start) ;; status) status ladvd RETVAL=$? ;; *) echo $"Usage: $0 {start stop status restart reload condrestart}" exit 3 esac exit $RETVAL

Usługi - systemd [Unit] Description=uses [cefn]dp / lldp frames to inform switches about connected hosts [Service] EnvironmentFile=/etc/sysconfig/ladvd ExecStart=/usr/sbin/ladvd -a -f $LADVD_OPTIONS PIDFile=/var/run/ladvd.pid StandardOutput=syslog

Usługi - pilnowanie systemctl status (DEMO)

Gniazda kompatybilność (x)inetd niezrywalne połączenia przykład: syslog pełna kontrola

Gniazda - kontrola BindIPv6Only= Backlog= BindToDevice= SocketMode= MaxConnections= KeepAlive= Priority= ReceiveBuffer= SendBuffer= IPTOS= IPTTL= Mark= PipeSize= FreeBind= TCPCongestion=

Gniazda (DEMO)

Gniazda vsftpd.socket [Unit] Description=vsftpd incoming socket [Socket] ListenStream=21 Accept=yes [Install] WantedBy=multi-user.target

Gniazda vsftpd@.service [Unit] Description=vsftpd instance service [Service] Type=simple ExecStart=-/usr/sbin/vsftpd StandardInput=socket

Urządzenia współpraca z udev start aplikacji zależny od sprzętu

Urządzenia 99-hdapsd.rules # cat /etc/udev/rules.d/99-hdapsd.rules SUBSYSTEM=="block", KERNEL=="sd[ab]", ATTRS{removable}=="0", TAG="systemd", ENV{SYSTEMD_WANTS}="hdapsd@%k.service" (DEMO)

Urządzenia hdapsd@.service [Unit] Description=%I shock protection daemon [Service] EnvironmentFile=/etc/sysconfig/hdapsd StandardOutput=syslog SyslogIdentifier=%p(%I) Nice=-5 ExecStart=/usr/sbin/hdapsd -d %I $HDAPSD_OPTIONS (DEMO)

Timery cykliczne czynności: czyszczenie raportowanie w przyszłości cron

Timery rrd_hddtemp.timer [Timer] OnBootSec=3m OnUnitActiveSec=5m [Install] WantedBy=multi-user.target

Timery rrd_hddtemp.service [Service] ExecStart=/root/bin/rrd_hddtemp.pl Type=oneshot StandardError=syslog

Wymagania jądro 2.6.32 devtmpfs D-Bus 1.4.0 udev 151

Podsumowując lepsza kontrola restarty, limity OnFailure= pilnowanie zależności mniej kodu: demonizowanie, sockety

Podsumowując 2 zintegrowanie usług dystrybucyjnych (random seed, clock, API mounts) ujednolicenie skryptów startowych szybki start, zintegrowany readahead

avahi-daemon.socket [Unit] Description=Avahi mdns/dns-sd Stack Activation Socket [Socket] ListenStream=/var/run/avahi-daemon/socket [Install] WantedBy=sockets.target

avahi-daemon.service [Unit] Description=Avahi mdns/dns-sd Stack Requires=avahi-daemon.socket After=syslog.target [Service] Type=dbus BusName=org.freedesktop.Avahi ExecStart=/usr/sbin/avahi-daemon -s ExecReload=/usr/sbin/avahi-daemon -r NotifyAccess=main [Install] WantedBy=multi-user.target Also=avahi-daemon.socket

systemctl status # systemctl status avahi-daemon.service avahi-daemon.service - Avahi mdns/dns-sd Stack Loaded: loaded (/lib/systemd/system/avahi-daemon.service) Active: active (running) since [Sat, 18 Sep 2010 23:32:54 +0200; 16h ago] Main PID: 3300 (avahi-daemon) Status: "Server startup complete. Host name is dhartha.local. Local service cookie is 966442585." CGroup: name=systemd:/systemd-1/avahi-daemon.service 3300 avahi-daemon: running [dhartha.local] 3305 avahi-daemon: chroot helper

systemctl status # systemctl status avahi-daemon.service avahi-daemon.service - Avahi mdns/dns-sd Stack Loaded: loaded (/lib/systemd/system/avahi-daemon.service) Active: active (running) since [Sat, 18 Sep 2010 23:32:54 +0200; 16h ago] Main PID: 3300 (avahi-daemon) Status: "Server startup complete. Host name is dhartha.local. Local service cookie is 966442585." CGroup: name=systemd:/systemd-1/avahi-daemon.service 3300 avahi-daemon: running [dhartha.local] 3305 avahi-daemon: chroot helper

status mount # systemctl status boot.mount boot.mount - /boot Loaded: loaded Active: active (mounted) since [Sat, 18 Sep 2010 23:32:54 +0200; 16h ago] Where: /boot CGroup: name=systemd:/systemd-1/boot.mount

systemd: wymyślmy jeszcze jedno koło Zimowisko TLUG 2011 Tomasz Torcz <tomek@pipebreaker.pl>

systemctl -t URL Strona: http://www.freedesktop.org/wiki/software/systemd Dokumentacja: http://0pointer.de/public/systemd-man/ Definicje jednostek: https://fedoraproject.org/wiki/user:johannbg/qa/systemd/compatability