systemd

our next-generation init system

PABLO N. HESS
Instructor
Red Hat São Paulo
December 2011
General info & History
Authors: Current default init for:
Lennart Poettering (Red Hat) Fedora
Pulseaudio, Avahi
openSUSE
Kay Sievers (openSUSE)
Mandriva
Udev

Spelling: Future default init for:

It’s systemd, Gentoo
not system D Arch
not System D
Mageia
not SystemD
not system d Probably everyone else
Major features

Massively parallel service initialization

Replaces Upstart and SysVinit

On-demand network service initialization

Replaces (x)inetd

On-demand fsck’ing & mounting

Replaces fstab and autofs

On-demand socket-based initialization

Better than Upstart
Motivation: Reliable supervisioning
What current init systems Reliable dependencies

do not/can not provide Parallel service

initialization
Socket-based
initialization
Better-than-shellscript
speeds
Code deduplication/
sanitization
Low first user PIDs
Path-based initialization
SysV/Upstart
Reliable supervisioning

double fork()
Daemon process
Reliable dependencies
Parallel service
initialization
Socket-based
Re-parented initialization

daemon stopped
to init
Better-than-shellscript
speeds
Code deduplication/
sanitization
Low first user PIDs

Child Path-based initialization

not stopped
systemd
daemon’s cgroup
Reliable supervisioning

double fork()
Daemon process
Reliable dependencies
Parallel service
initialization
Socket-based
Re-parented initialization

daemon stopped
to init
Better-than-shellscript
speeds
Code deduplication/
sanitization
Low first user PIDs

Whole cgroup Path-based initialization

stopped
SysV/Upstart
Reliable supervisioning
Reliable dependencies
CUPS starts, Parallel service

init starts D-bus

needs D-bus initialization
CUPS may send Socket-based
D-bus messages initialization
Better-than-shellscript
tell CUPS speeds
D-bus started,
open socket Code deduplication/
sanitization
Low first user PIDs
Path-based initialization
systemd
systemd has already Reliable supervisioning
opened needed sockets
Reliable dependencies
CUPS starts, Parallel service

systemd starts D-bus

needs D-bus initialization

CUPS may send Socket-based

D-bus messages initialization
Better-than-shellscript
speeds
Code deduplication/
D-bus started, sanitization
retrieves messages
Low first user PIDs
Path-based initialization
SystemV
start() {
[ -x $exec ] || exit 5 Reliable supervisioning
# Source config
Reliable dependencies
if [ -f /etc/sysconfig/rsyslog ] ;
then Parallel service
. /etc/sysconfig/rsyslog
initialization
fi
umask 077 Socket-based
echo -n $"Starting system logger: "
initialization
daemon --pidfile="${PIDFILE}" \
$exec $SYSLOGD_OPTIONS Better-than-shellscript
RETVAL=$?
echo
speeds
[ $RETVAL -eq 0 ] && touch $lockfile Code deduplication/
return $RETVAL
} sanitization
ExecStartPre=/bin/systemctl stop \ Low first user PIDs
systemd-kmsg-syslogd.service
ExecStart=/usr/sbin/rsyslogd -n -c5 Path-based initialization
Sockets=syslog.socket
StandardOutput=null

systemd
Rsyslog as an example Reliable supervisioning
Reliable dependencies
sysvinit script
Parallel service
106 lines initialization
75 lines of code Socket-based
initialization
systemd “unit file”
Better-than-shellscript
11 lines speeds
9 lines of code Code deduplication/
sanitization
Low first user PIDs
Path-based initialization
 CUPS as an example Reliable supervisioning
Reliable dependencies
File created in Parallel service

systemd starts CUPS

/var/spool/cups initialization
Socket-based
initialization
Better-than-shellscript
speeds
Code deduplication/
CUPS started, sanitization
processes job
Low first user PIDs
Path-based initialization
Working with systemd

Everything is a unit:
home.automount auto-mounted FS
rsyslog.service regular service
sshd.socket socket definition
cups.path path definition

Targets “want” units

multi-user.target.wants/
postfix.service
cron.target
sysinit.target
sysinit.target.wants/
remount-rootfs.service
quotaon.service
 Invocation: systemd versus SystemV
SystemV systemd

# service sshd start # systemctl start sshd.service

# chkconfig sshd on # systemctl enable sshd.service

add autofs map # systemctl enable home.automount

add fstab entry # systemctl enable home.mount

# init 5 # systemctl isolate graphical.target

 Unit files example: automount & mount
home.automount
[Unit]
Description=Automount my /home
man systemd.automount

[Automount]
Where=/home

[Install]
WantedBy=sysinit.target home.mount
[Unit]
Description=My home directory

[Mount]
triggers home.mount #What=UUID=fd6e2ed9-d430-45b3-9...
What=/dev/sdb9
Where=/home
Type=ext4
Options=noatime,discard,nobarrier

man systemd.mount
 Unit files example: swap
dev-sda5.swap
[Unit]
Description=Swap on /dev/sda5
man systemd.swap

[Swap]
What=/dev/sda5
Priority=1
TimeoutSec=5

[Install]
WantedBy=swap.target
 Unit files example: services
sshd.service
[Unit]
Description=OpenSSH server daemon.
After=syslog.target network.target auditd.service
or
[Service]
Type=simple
ExecStart=/usr/sbin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

man systemd.service
 Unit files example: services
[email protected]
...
[Service]
Environment=TERM=linux
ExecStart=-/sbin/agetty %I 38400
Restart=always
RestartSec=0
or
UtmpIdentifier=%I
TTYPath=/dev/%I
...

# systemctl --full --no-pager |grep getty

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

man systemd.service
Unit files example: services
sshd.socket
[email protected] [Unit]
Conflicts=sshd.service
[Unit]
Description=SSH Per-Connection [Socket]
Server ListenStream=22
After=syslog.target ListenStream=2200
Accept=yes
[Service]
ExecStart=/usr/sbin/sshd -i [Install]
StandardInput=socket WantedBy=sockets.target

man systemd.service man systemd.socket

# systemctl --full --no-pager |grep sshd

[email protected]:22-192.168.123.100:50083.service
[email protected]:22-192.168.123.245:35623.service
[email protected]:22-192.168.123.245:35624.service
[email protected]:22-192.168.123.245:60016.service
[email protected]:2200-66.187.233.202:11574.service
 Unit files example: services (oneshot)
iptables.service
[Unit]
Description=IPv4 firewall with iptables
After=syslog.target
ConditionPathExists=/etc/sysconfig/iptables

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/libexec/iptables.init start
ExecStop=/usr/libexec/iptables.init stop external scripts!
Environment=BOOTUP=serial
Environment=CONSOLETYPE=serial
StandardOutput=syslog
StandardError=syslog

[Install]
WantedBy=basic.target
 Unit files example: services (forking)
dnsmasq.service
[Unit]
Description=DNS caching server.
After=syslog.target network.target
the choice for
[Service]
Type=forking legacy SysV
PIDFile=/var/run/dnsmasq.pid
EnvironmentFile=-/etc/sysconfig/network init scripts
ExecStart=/usr/sbin/dnsmasq -s $HOSTNAME

[Install]
WantedBy=multi-user.target
 One dir for the packager

$ ls /lib/systemd/system
abrt-ccpp.service poweroff.service
abrtd.service poweroff.target
abrt-oops.service poweroff.target.wants
abrt-vmcore.service pppoe-server.service
accounts-daemon.service prefdm.service
alsa-restore.service printer.target
alsa-store.service proc-sys-fs-binfmt_misc.automount
[email protected] proc-sys-fs-binfmt_misc.mount
anaconda.target psacct.service
arp-ethers.service quotacheck.service
atd.service quotaon.service
auditd.service rc-local.service
[email protected] rdisc.service
avahi-daemon.service reboot.service
avahi-daemon.socket reboot.target
basic.target reboot.target.wants
basic.target.wants remote-fs.target
bluetooth.service remount-rootfs.service
bluetooth.target rescue.service
canberra-system-bootup.service rescue.target
canberra-system-shutdown-reboot.service restorecond.service
canberra-system-shutdown.service rpcbind.target
chronyd.service rsyslog.service
chrony-wait.service rtkit-daemon.service
 One dir for the packager
...and one for the sysadmin
$ ls /lib/systemd/system
abrt-ccpp.service poweroff.service
$ ls /etc/systemd/system
abrtd.service poweroff.target
abrt-oops.service poweroff.target.wants
home.automount
abrt-vmcore.service home.mount
pppoe-server.service
basic.target.wants
accounts-daemon.service graphical.target.wants
prefdm.service
bluetooth.target.wants
alsa-restore.service multi-user.target.wants
printer.target
my-own-target.target.wants
alsa-store.service network.target.wants
proc-sys-fs-binfmt_misc.automount
dbus-org.freedesktop.NetworkManager.service
[email protected] printer.target.wants
proc-sys-fs-binfmt_misc.mount
default.target
anaconda.target sockets.target.wants
psacct.service
default.target.wants
arp-ethers.service sysinit.target.wants
quotacheck.service
getty.target.wants
atd.service quotaon.service
auditd.service rc-local.service
[email protected] rdisc.service
avahi-daemon.service reboot.service
avahi-daemon.socket reboot.target
basic.target reboot.target.wants
basic.target.wants remote-fs.target
bluetooth.service remount-rootfs.service
bluetooth.target rescue.service
canberra-system-bootup.service rescue.target
canberra-system-shutdown-reboot.service restorecond.service
canberra-system-shutdown.service rpcbind.target
chronyd.service rsyslog.service
chrony-wait.service rtkit-daemon.service
 Troubleshooting

Select a target (“runlevel”) at boot time:

kernel /vmlinuz-3.1 (...) systemd.target=emergency.target

loads the basic stuff

kernel /vmlinuz-3.1 (...) systemd.target=multi-user.target

equivalent to runlevel 3

kernel /vmlinuz-3.1 (...) systemd.log_level=debug

sets log level

kernel /vmlinuz-3.1 (...) systemd.log_target=kmsg

logs to dmesg
 Benchmarking
# systemd-analyze time
Startup finished in 1812ms (kernel) + 3722ms (initramfs) +
3912ms (userspace) = 9446ms

# systemd-analyze blame
9682ms sshd-keygen.service
4483ms abrtd.service
4382ms plymouth-start.service
4365ms systemd-readahead-replay.service
2268ms sendmail.service
2182ms udev-settle.service
...
16ms rpcbind.service
13ms dnsmasq.service
 Benchmarking
# systemd-analyze plot
PABLO N. HESS
Instructor
Red Hat São Paulo
December 2011