Systemd: RHEL 7 Update

RED HAT | Ingo Brnig 1
RHEL 7 Update
systemd
July 2!"
#$ER$IE%
RHEL 7.0 will ship with systemd, a new init system that replaces
upstart.
But systemd is more then a SysVinitupstart replacement
!t is a system and ser"ice mana#er $or Linu%.
!t can wor& as a drop'in replacement $or sys"init.
!t replaces inetd and %inetd $or most scenarios

# ps --pid 1
PID TTY TIME CMD
1 ? 00:00:01 systemd
RED HAT | Ingo Brnig (
&ey 'on(epts
)*!+S,
Ser"ices, Soc&ets,
-e"ices, .ounts, /utomounts, Swaps
+imers, 0aths,
+ar#ets, Snapshots
Slices
)nitSer"ice -ependency +rac&in#
0rocess trac&in# with Ser"ice in$ormation

Bene)its
-ependency trac&in# $or units and processes
*o more 2sleep 304 do somethin#5 loops
0roperly &ill daemons
.inimal 6oot times
-e6u#in# 7 no early 6oot messa#es are lost
Easy to learn and 6ac&wards compati6le.
/utospawn and Respawn $or Ser"ices
+i#ht inte#ration with c#roups, the de$ault inter$ace in the $uture

*ystemd + Units
*amin# con"ention is, name.type
httpd.ser"ice, sshd.soc&et, or de"'hu#epa#es.mount
Ser"ice 7 -escri6e a daemon9s type, e%ecution, en"ironment,

and how it9s monitored.
Soc&et 7 Endpoint $or interprocess communication. :ile,

networ&, or )ni% soc&ets.
+ar#et 7 Lo#ical #roupin# o$ units. Replacement $or runle"els.
-e"ice 7 /utomatically created 6y the &ernel. ;an 6e pro"ided

to ser"ices as dependents.
.ounts, automounts, swap 7 .onitor the mountin#unmountin#

o$ $ile systems.
*ystemd + Units
Snapshots 7 sa"e the state o$ units 7 use$ul $or testin#
+imers 7 +imer'6ased acti"ation
0aths 7 )ses inoti$y to monitor a path
Slices 7 c#roup hierarchy $or resource mana#ement.
Scopes 7 <r#ani=ational units that #roups ser"ices9 wor&er

processes.
*ystemd , Dependen(y Resolution
E%ample,
>ait $or 6loc& de"ice
;hec& $le system $or de"ice
.ount $le system
n$s'loc&.ser"ice,
Re?uires@rpc6ind.ser"ice networ&.tar#et
/$ter@networ&.tar#et named.ser"ice rpc6ind.ser"ice
Be$ore@remote'$s'pre.tar#et
RED HAT | Ingo Brnig A
%-at a.out my *ystem+$ init s(ripts/
systemd maintains BBC 6ac&wards compati6ility with initscripts

and the e%ceptions are well documented.
>hile we do encoura#e e"eryone to con"ert le#acy scripts to

ser"ice unit $iles, it9s not a re?uirement.
Hint, we9ll show you how to do this in a $ew minutes.
!ncompati6ilities are listed here,

http,www.$reedes&top.or#wi&iSo$twaresystemd!ncompati6ilities
;on"ertin# SysV !nit Scripts,

http,0pointer.de6lo#proDectssystemd'$or'admins'(.html
RED HAT | Ingo Brnig B
0aster Boot times
Lennart 0oetterin# says that E:ast 6ootin# isn9t the #oal o$

systemd, it9s a result o$ a well desi#ned system.F
/s "irtcloud demand continues, the desire $or li#ht'wei#ht,

relia6leresilient, and $ast ima#es #rows.
/ stripped down ima#e can 6oot in G2 seconds.
Less ;0) cycles 6urned durin# the 6oot process
!mportant $or hi#hly dense and dynamic en"ironments.
E"en more important $or containers.


T-e Basi(s1 2anaging *er3i(es
2anaging *er3i(es + Unit 0iles
Via !nit,
!nit scripts are stored in etcinit.d H called $rom etcrcI
Via systemd,
.aintainer $iles, usrli6systemdsystem
)ser modi$cations, etcsystemdsystem
*ote, unit $iles under etc will ta&e precedence o"er usr
2anaging *er3i(es + *tart4*top
Via !nit,
J ser"ice httpd Kstart,stop,restart,reloadL
Via systemctl,
J systemctl Kstart,stop,restart,reloadL httpd.ser"ice
*otes,
systemctl places the EactionF 6e$ore the ser"ice name.
!$ a unit isn9t speci$ed, .ser"ice is assumed.
systemctl start httpd @@ systemctl start httpd.ser"ice
+a6 completion wor&s #reat with systemctl, install 6ash'completion
systemctl can connect to remote hosts o"er SSH usin# E'HF

RED HAT | Ingo Brnig 1(
2anaging *er3i(es + *tatus
Via !nit,
J ser"ice httpd status
Via systemctl,
J systemctl status httpd.ser"ice
List loaded ser"ices,
systemctl 't ser"ice
List installed ser"ices,
systemctl list'unit'$iles 't ser"ice 2similar to ch&con$# ''list5
View state,
systemctl ''state $ailed

2anaging *er3i(es + Ena.le4Disa.le
Via !nit,
J ch&con$# httpd Kon,o$$L
Via systemctl,
J systemctl Kena6le, disa6le, mas&, unmas&L httpd.ser"ice
mas& 7 E+his will lin& these units to de"null, ma&in# it

impossi6le to start them. +his is a stron#er "ersion o$ disa6le,
since it prohi6its all &inds o$ acti"ation o$ the unit, includin#
manual acti"ation. )se this option with care.F

Runle3els555
gone5
%-at Runle3els/
Runle"els @@ +ar#ets
ERunle"elsF are e%posed "ia tar#et units
etcinitta6 is no lon#er used
+ar#et names are more rele"ant,
multi'user.tar#et "s. runle"el(
#raphical.tar#et "s. runle"el8
Set the de$ault "ia, Msystemctl ena6le #raphical.tar#et ''$orceM
;han#e at run'time "ia, Msystemctl isolate Ntar#etOM

Runle3el 6ames
Runle3el *ystemd Target Des(ription
0 powero$$.tar#et, runle"el0.tar#et System halt
1 rescue.tar#et, runle"el1.tar#et Sin#le user mode
( 22,15 multi'user.tar#et, runle"el(.tar#et .ulti'user, non #raphical
8 #raphical.tar#et, runle"el8.tar#et .ulti'user, #raphical
3 re6oot.tar#et, runle"el3.tar#et System re6oot
ls /lib/systemd/system/runlevel*target -l
lrwxrwxrwx. 1 root root 15 Jul 3 21:37 /lib/systemd/system/runlevel0.target -> poweroff.target
lrwxrwxrwx. 1 root root 13 Jul 3 21:37 /lib/systemd/system/runlevel1.target -> rescue.target
lrwxrwxrwx. 1 root root 17 Jul 3 21:37 /lib/systemd/system/runlevel2.target -> multi-user.target
lrwxrwxrwx. 1 root root 16 Jul 3 21:37 /lib/systemd/system/runlevel5.target -> graphical.target
lrwxrwxrwx. 1 root root 13 Jul 3 21:37 /lib/systemd/system/runlevel6.target -> reboot.target
RED HAT | Ingo Brnig 1A

'ustomi7ing *er3i(e Unit 0iles
RED HAT | Ingo Brnig 1B
)nit $iles can 6e altered or e%tended 6y placin# Edrop'insF under,

etcsystemdsystem$oo6ar.ser"ice.dI.con$
;han#es are applied on top o$ maintainer unit $iles.

# cat /etc/systemd/system/httpd.service.d/50-httpd.conf
[Service]
Restart=always
StartLimitInterval=10
StartLimitBurst=5
StartLimitAction=reboot
CPUShares=2048
Nice=-10
OOMScoreAdjust=-1000
Run Msystemctl daemon'reloadM a$ter ma&in# chan#es to noti$y

systemd
-rop'ins will 6e shown $rom Msystemctl statusM

# systemctl status httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service;
enabled)
Drop-In: /etc/systemd/system/httpd.service.d
50-httpd.conf
'ustomi7ing *er3i(e Unit 0iles + Tips8
;han#es to unit $iles under usrli6systemdsystem could 6e

o"erwritten 6y updates. -<*9+ -< !+P
etc ser"ice $iles will ta&e precedence o"er usr
Simply delete the drop'in to re"ert to de$aults. -on9t $or#et to run

Msystemctl daemon'reloadM
systemd'delta 7 will show what is o"erridden and e%tended

6etween usr H etc.
man 8 systemd.ser"ice, man 8 systemd.e%ec


Resour(e 2anagement
2a9ing 'groups Easier
View c#roup hierarchy "ia systemd'c#ls
View usa#e stats "ia systemd'c#top 2use $or tunin#5
-e$ault hierarchy
system.slice 7 contains system ser"ices
user.slice 7 contains user sessions
machine.slice 7 contains "irtual machines and containers
Ser"ices can 6e promoted to their own slice i$ necessary.

Resour(e 2anagement , 'on)iguration
systemctl can con$i#ure and persist c#roup attri6utes
systemctl set'property httpd.ser"ice ;0)Shares@201A
/dd ''runtime to not persist the settin#s,
systemctl set'property ''runtime httpd.ser"ice Q ;0)Shares@201A
/lternati"ely settin#s can 6e placed in unit $iles
NSer"iceO
;0)Shares@201A

'on3erting Init *(ripts
Remem.er :-at an init+)ile loo9s li9e/
#!/bin/bash
#
# httpd Startup script for the Apache HTTP Server
#
# chkconfig: - 85 15
# description: The Apache HTTP Server is an efficient and extensible \
# server implementing the current HTTP standards.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd/httpd.pid
#
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server
# Description: The Apache HTTP Server is an extensible server
# implementing the current HTTP standards.
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi
# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-"C"}
# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""
# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based "worker" MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/sbin/apachectl
httpd=${HTTPD-/usr/sbin/httpd}
prog=httpd
pidfile=${PIDFILE-/var/run/httpd/httpd.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httpd}
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}
# check for 1.3 configuration
check13 () {
CONFFILE=/etc/httpd/conf/httpd.conf
GONE="(ServerType|BindAddress|Port|AddModule|ClearModuleList|"
GONE="${GONE}AgentLog|RefererLog|RefererIgnore|FancyIndexing|"
GONE="${GONE}AccessConfig|ResourceConfig)"
if LANG=C grep -Eiq "^[[:space:]]*($GONE)" $CONFFILE; then
echo
echo 1>&2 " Apache 1.3 configuration directives found"
echo 1>&2 " please read /usr/share/doc/httpd-2.2.22/migration.html"
failure "Apache 1.3 config directives test"
echo
exit 1
fi
}
# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $"Starting $prog: "
check13 || exit 1
LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
RED HAT | Ingo Brnig 2A
# When stopping httpd, a delay (of default 10 second) is required
# before SIGKILLing the httpd parent; this gives enough time for the
# httpd parent to SIGKILL any errant children.
stop() {
echo -n $"Stopping $prog: "
killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
echo -n $"Reloading $prog: "
if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
RETVAL=6
echo $"not reloading due to configuration syntax error"
failure $"not reloading $httpd due to configuration syntax error"
else
# Force LSB behaviour from killproc
LSB=1 killproc -p ${pidfile} $httpd -HUP
RETVAL=$?
if [ $RETVAL -eq 7 ]; then
failure $"httpd shutdown"
fi
fi
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status -p ${pidfile} $httpd
RETVAL=$?
;;
restart)
stop
start
;;

RED HAT | Ingo Brnig 2B
condrestart|try-restart)
if status -p ${pidfile} $httpd >&/dev/null; then
stop
start
fi
44
$orce'reloadRreload5
reload
44
#race$ulRhelpRcon$i#testR$ullstatus5
Japachectl JS
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}"
RETVAL=2
esac
exit $RETVAL
RED HAT | Ingo Brnig (0
'ontrast t-at :it- a systemd unit )ile synta;
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
ExecStop=/usr/sbin/httpd $OPTIONS -k graceful-stop
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Test Unit 0ile
;opy the unit $ile
cp NmyappO.ser"ice etcsystemdsystem
/lert systemd o$ the chan#es,
systemctl daemon'reload
Start ser"ice
systemctl start NmyappO.ser"ice
View status
systemctl status NmyappO.ser"ice


T-e Journal
RED HAT | Ingo Brnig ((
T-e Journal + Logging :it- systemd
E+he Dournal is a component o$ systemd, that captures Syslo#

messa#es, Ternel lo# messa#es, initial R/. dis& and early 6oot
messa#es as well as messa#es written to S+-<)+S+-ERR o$
all ser"ices, inde%es them and ma&es this a"aila6le to the userF
!nde%ed
:ormatted
Errors in red
>arnin#s in 6old
Security
Relia6ility
!ntelli#ently rotated
Journal
-oes not replace rsyslo# in RHEL 7
rsyslo# is ena6led 6y de$ault
)se rsyslo# $or traditional lo##in# w enterprise $eatures
+he Dournal is not persistent 6y de$ault at the moment 6ut a

rin#'6u$$er in runlo#Dournal.
;ollects e"ent metadata
Stored in &ey'"alue pairs
man pa#e, systemd.Dournal'$elds275
Dournalctl ' utility $or to "iewin# the Dournal.
Simple 2or comple%5 $lterin#
!nterlea"e units, 6inaries, etc

Using t-e Journal
Ena6le persistence, Mm&dir "arlo#DournalM
View $rom 6oot, MDournalctl '6M
+ail '$ and 'n wor& as e%pected,
Dournalctl '$ 4 Dournalctl 'n 80
:ilter 6y priority, MDournalctl 'p Nle"elOM

0 emer#
1 alert
2 crit
( err
1 warnin#
8 notice
3 de6u#
Using t-e Journal
<ther use$ul $ilters,
''since@yesterday or UUUU'..'-- 2HH,..,SS5
''until@UUUU'..'--
'u NunitO
0ass 6inary e.#. usrs6indnsmas?
View Dournal $elds
Dournalctl Nta6O Nta6OV6ash'completion roc&sPP
Entire Dournal
Dournalctl 'o "er6ose 2use$ul $or #rep5


Trou.les-ooting t-e Boot <ro(ess
RED HAT | Ingo Brnig (A
Booting
Boot process is too $ast, interacti"e 6oot append,

systemd.con$irmWspawn@1
"arlo#6oot.lo# 7 still wor&s the same
Ena6le de6u##in# $rom #ru6 6y appendin#,
systemd.lo#Wle"el@de6u# systemd.lo#Wtar#et@&ms#
lo#W6u$Wlen@1.
<r send d6u# in$o to a serial console, systemd.lo#Wle"el@de6u#

systemd.lo#Wtar#et@console console@ttyS0
Ena6le early 6oot shell on ttyB
systemctl ena6le de6u#'shell.ser"ice
ln 's usrli6systemdsystemde6u#'shell.ser"ice Q
etcsystemdsystemsysinit.tar#et.wants
systemctl list'Do6s

RED HAT | Ingo Brnig (B

Resour(e 2anagement
'ontrol =roups 2ade *imple
Resource .ana#ement with c#roups can reduce application or V.
contention and impro"e throu#hput and predicta6ility
*li(es> *(opes> *er3i(es
!n RHEL7 systemd mana#es c#roups, new concept o$

ScopesSlices,
Slice 7 )nit type $or creatin# the c#roup hierarchy $or resource
mana#ement.
Scope 7 <r#ani=ational unit that #roups a ser"ices9 wor&er

processes.
Ser"ice 7 0rocess or #roup o$ processes controlled 6y systemd

'ontrol =roups + Usa.ility Impro3ements1 *(opes
Systemd puts all related wor&er 0!-s into c#roup called a XscopeY.
Ser"ices
/pache processes in same ser"icesapache scope
.ys?l processes in same ser"ices.ys?l scope
/pache.ys?l #et an e?ual EsliceF o$ the system
)sers accounts
/ll users #et an e?ual EsliceF
.achines
/ll containersV.s #et an e?ual EsliceF
*o ser"iceusermachine can dominate system

'ontrol =roups + Usa.ility Impro3ements1 *li(es
Special unit $ile $or assi#nin# resource constraints
Slices #et assi#ned to scopes
Systemd automatically assi#ns ser"ices to system.slice
Uou can o"erride resource with )nit $ile con$i#uration
.emoryLimit@1#
;ommand Line
Z[ systemctl set'property httpd.ser"ice ;0)Shares@821

.emoryLimit@800.
Systemd will assi#n ;ontainers to machine.slice
Uou can o"erride 6y editin#
etcsystemdsystem6i#'machine.slice

Systemd: RHEL 7 Update

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Systemd: RHEL 7 Update

Transféré par

Droits d'auteur :

Formats disponibles

RED HAT | Ingo Brnig 1

But systemd is more then a SysVinitupstart replacement

!t is a system and ser"ice mana#er $or Linu%.

!t can wor& as a drop'in replacement $or sys"init.

!t replaces inetd and %inetd $or most scenarios

-e"ices, .ounts, /utomounts, Swaps

)nitSer"ice -ependency +rac&in#

0rocess trac&in# with Ser"ice in$ormation

-ependency trac&in# $or units and processes

*o more 2sleep 304 do somethin#5 loops

0roperly &ill daemons

.inimal 6oot times

-e6u#in# 7 no early 6oot messa#es are lost

Easy to learn and 6ac&wards compati6le.

/utospawn and Respawn $or Ser"ices

+i#ht inte#ration with c#roups, the de$ault inter$ace in the $uture

*amin# con"ention is, name.type

httpd.ser"ice, sshd.soc&et, or de"'hu#epa#es.mount

Ser"ice 7 -escri6e a daemon9s type, e%ecution, en"ironment,

Soc&et 7 Endpoint $or interprocess communication. :ile,

+ar#et 7 Lo#ical #roupin# o$ units. Replacement $or runle"els.

-e"ice 7 /utomatically created 6y the &ernel. ;an 6e pro"ided

.ounts, automounts, swap 7 .onitor the mountin#unmountin#

Snapshots 7 sa"e the state o$ units 7 use$ul $or testin#

+imers 7 +imer'6ased acti"ation

0aths 7 )ses inoti$y to monitor a path

Slices 7 c#roup hierarchy $or resource mana#ement.

Scopes 7 <r#ani=ational units that #roups ser"ices9 wor&er

>ait $or 6loc& de"ice

;hec& $le system $or de"ice

.ount $le system

/$ter@networ&.tar#et named.ser"ice rpc6ind.ser"ice

systemd maintains BBC 6ac&wards compati6ility with initscripts

>hile we do encoura#e e"eryone to con"ert le#acy scripts to

Hint, we9ll show you how to do this in a $ew minutes.

!ncompati6ilities are listed here,

;on"ertin# SysV !nit Scripts,

Lennart 0oetterin# says that E:ast 6ootin# isn9t the #oal o$

/s "irtcloud demand continues, the desire $or li#ht'wei#ht,

/ stripped down ima#e can 6oot in G2 seconds.

Less ;0) cycles 6urned durin# the 6oot process

!mportant $or hi#hly dense and dynamic en"ironments.

E"en more important $or containers.

!nit scripts are stored in etcinit.d H called $rom etcrcI

.aintainer $iles, usrli6systemdsystem

)ser modi$cations, etcsystemdsystem

J ser"ice httpd Kstart,stop,restart,reloadL

J systemctl Kstart,stop,restart,reloadL httpd.ser"ice

systemctl places the EactionF 6e$ore the ser"ice name.

!$ a unit isn9t speci$ed, .ser"ice is assumed.

systemctl start httpd @@ systemctl start httpd.ser"ice

+a6 completion wor&s #reat with systemctl, install 6ash'completion

systemctl can connect to remote hosts o"er SSH usin# E'HF

J ser"ice httpd status

J systemctl status httpd.ser"ice

List loaded ser"ices,

systemctl 't ser"ice

List installed ser"ices,

systemctl list'unit'$iles 't ser"ice 2similar to ch&con$# ''list5

systemctl ''state $ailed

J ch&con$# httpd Kon,o$$L

J systemctl Kena6le, disa6le, mas&, unmas&L httpd.ser"ice

mas& 7 E+his will lin& these units to de"null, ma&in# it