SlideShare une entreprise Scribd logo

Full system roll-back and systemd in SUSE Linux Enterprise 12

Gábor Nyers
Gábor Nyers

SUSE Linux Enterprise 12 is packed with new innovative features. This deck is introducing full system roll-back and systemd.

Technologie
1  sur  67
Télécharger pour lire hors ligne
SUSE Linux Enterprise 12 Innovations in System Boot and Full System Roll-back Gábor Nyers Sales Engineer @SUSE gnyers@suse.com
2 Agenda ● Quick overview of SLE 12 ● Full-system rollback ►Demo: Full-system rollback, Integratie snapper and grub2 ● System initialization with systemd ►Feature overview, compatibility, demo ● System initialization with systemd ►Feature overview, compatibility, from traditional init scripts to unit files; demo's
Quick Overview of SUSE Linux Enterprise 12
4 SUSE Linux Enterprise 12 Life Cycle
5 SUSE® Linux Enterprise Server 12 Lifecyle Model 10 years lifecycle + 3 years Extended Support General Support Extended Support Year 1 Year 2 Year 3 Year 4 Year 5 Year 6 Year 7 Year 8 Year 9 Year 10 Year 11 Year 12 Year 13 GA LTSS SP1 LTSS SP2 LTSS SP3 LTSS SP4 LTSS • 13-year lifecycle (10 years general support, 3 years extended support) • Long Term Service Pack Support (LTSS) available for all versions, including GA
6 SUSE® Linux Enterprise Lifecycle & Code Streams 2011 2012 2013 2014 2015 2016 SLE10 SLE 11 SLE 12 SP4 SP2 SP3 SP4 SP1 13-year lifecycle For SLES 11 and SLES 12, 10 years general support, +3 years Long Term Support Tentative – Dates subject to change SUSE Linux Enterprise 12 Long Term Service Pack Support for every Service Pack GA
7 SUSE Linux Enterprise Modules Web Scripting Legacy Toolchain Public Cloud Advanced Systems Mgmt. php, python3 sendmail, syslog-ng, ksh, old versions of: Java, cups, libstdc++ gcc cloud-init; google-, aws-, openstack- tools; lots of Python modules, cfengine, puppet, machinery 3yrs 3yrs 1y CI CI Module name Content Release schedule
8
Full system roll-back
10 Components Grub2: boot loader integration for full system rollback Snapper: GUI and CLI tool for easy snapshot/rollback Btrfs: default filesystem with fault tolerance, repair, and easy management features
11 Full system roll- back Btrfs ● Btrfs features ● Concepts ►Subvolume ►Snapshot ● Filesystem recommendations
12 Btrfs feature overview Supported by SUSE ● Copy-on-Write ● Snapshots ● Subvolumes ● Data integrity ● Metadata integrity ● On-line scrubbing ● Manual de-duplication ● Quota Groups Work in progress ● Inode Cache ● Auto Defrag ● RAID ● Transparent compression ● Send / Receive ● Hot add / remove ● Seeding devices
13 Btrfs Concepts: Subvolumes Subvolume(s)...: … appear to be a directory … start as an independent but empty root node … are independently mountable … are independently snapshotable … are “equals” amongst each other, but there is a designated “default subvolume”Subvol (B-Tree) / Subvol (B-Tree) /home /var/log Subvolume Root node Subvolume Root node Default Subvolume Root node Storage block
14 Btrfs Concepts: Snapshots Snapshot(s)...: … are an independent clone of the state of a subvolume … share all raw data with its ancestor after creation … may be (practically) unlimited in number … are either RO or RW … may be “nested”, that is “snapshot of a snapshot” Subvol (B-Tree) / /home Clone B-Tree Clone B-Tree data blocks When a snapshot is created, the parent and child sub-trees point to the same data blocks
15 Btrfs integration in YaST Partitioner
16 Filesystem Recommendations Type? New Filesystem? Purpose? Snapshots?Snapshots? ext3|4xfs btrfs OS Data No Yes Yes Convert No ext2/3/4 xfs reiserfs Yes No
17 Full system roll- back Snapper ● Snapshot management tool ● Features ● Metadata ● Compare snapshots
18 Snapper feature overview ● btrfs, ext4 and LVM ● Plug-in support ● Grub2 integration ● Stores metadata with snapshot ►free text for humans ►key = value pairs for computers ● Management of multiple btrfs filesystems and subvolumes ►Automatic snapshot creation ►Configurable clean-up algorithms ►Creates RO snapshots by default ►Snapshots for non-root users ►Show difference between snapshots ►Mount snapshots
19 sles1201:~ # snapper list Type | # | Pre # | Date | User | Cleanup | Description | Userdata -------+----+-------+---------------------------------+------+----------+-------------------------------------------------------+-------------------------------- single | 0 | | | root | | current | single | 1 | | Mon 27 Oct 2014 09:52:24 PM CET | root | timeline | This is a free-text description for human consumption | changeID=Demo001, myvar1=value1 single | 2 | | Mon 27 Oct 2014 10:00:19 PM CET | root | home-tux | 1st snapshot for user tux | single | 3 | | Mon 27 Oct 2014 10:01:10 PM CET | root | home-tux | 1st snapshot for user tux | single | 8 | | Mon 27 Oct 2014 11:18:19 PM CET | root | | Recovery point 2014-10-27 | single | 9 | | Tue 28 Oct 2014 12:41:46 AM CET | root | | Rolling back to snapshot 8 | single | 10 | | Tue 28 Oct 2014 12:41:46 AM CET | root | | Rolling back to snapshot 8 | single | 11 | | Tue 28 Oct 2014 01:17:01 AM CET | root | | Recovery point 2 | important=yes single | 12 | | Tue 28 Oct 2014 05:47:39 AM CET | root | | Rolling back disabled state to Recovery point 2 | single | 13 | | Tue 28 Oct 2014 05:47:40 AM CET | root | | Rolling back disabled state to Recovery point 2 | pre | 18 | | Tue 28 Oct 2014 11:16:22 PM CET | root | number | yast apparmor | post | 19 | 18 | Tue 28 Oct 2014 11:16:41 PM CET | root | number | | pre | 20 | | Mon 19 Jan 2015 09:25:19 PM CET | root | number | zypp(zypper) | important=yes post | 21 | 20 | Mon 19 Jan 2015 09:34:32 PM CET | root | number | | important=yes pre | 22 | | Mon 19 Jan 2015 09:55:14 PM CET | root | number | zypp(zypper) | important=no post | 23 | 22 | Mon 19 Jan 2015 09:55:26 PM CET | root | number | | important=no pre | 24 | | Mon 19 Jan 2015 10:52:22 PM CET | root | number | zypp(zypper) | important=no post | 25 | 24 | Mon 19 Jan 2015 10:52:24 PM CET | root | number | | important=no pre | 26 | | Thu 22 Jan 2015 12:37:27 AM CET | root | number | yast sw_single | post | 27 | 26 | Thu 22 Jan 2015 12:38:35 AM CET | root | number | | pre | 28 | | Thu 22 Jan 2015 12:50:23 AM CET | root | number | yast repositories | post | 29 | 28 | Thu 22 Jan 2015 01:00:49 AM CET | root | number | | sles1201:~ # Snapper – snapshot management
20 Snapper – Metadata Meta information stored with each snapshot: ►Type : [ Pre | Post | Single ] ►# : Nr of snapshot ►Pre # : Matching “Pre” number, if type is “Post” ►Date : Timestamp ►User : User who created the snapshot ►Cleanup : Cleanup algorithm for this snapshot ►Description : A fitting description of the snapshot (free text) ►Userdata : key=value pairs to record all sorts of useful information about the snapshot in an (e.g.: easily parsing from scripts)
21 Snapshot management with Snapper
22 Snapper DBus support dbus daemon snapperd Unprivileged user Unprivileged user Privileged userPrivileged user Privileged user agent (snapper) agent (yast) agent (e.g.: custom script) ● Snapper: ►snapper (client) ►snapperd (server) ● Authorized users submit request through DBus ● snapperd performs actions on behalf of users ● Authorization scheme ►Users ►Agents
23 Full system roll- back Grub2 ● the Grand Unified Boot Loader v2
24 Grub2 Features ● Scripting support ● Dynamic modules ● Custom menus ● Boot LiveCD ISO images directly from hard drive
25 Full System Roll-back 1/2 ● Rollback to a good state with one click for faster recovery from planned or unplanned downtime ● Support for service pack rollback ● Support for kernel upgrade ● Based on btrfs and Snapper, bootloader integration
26 Full System Roll-back 2/2 Goal: Reduce operational downtime by quickly restoring the system to a well-known working state.
27 Demo: Full system roll-back ● Create recovery point ● Wreck havoc ● Boot system → fail! ● Boot system to recovery point → read-only! ● Roll-back system using snapper
System initialization with systemd
29 The boot process in general http://en.wikipedia.org/wiki/Linux_startup_process BIOS Boot loader Kernel Init Login Prompt Find and load boot loader from disk Enumerate disks Hardware init (RAM, PCI bus, USB, video, keyboard, disks, etc..) Load and run OS (Linux: kernel+initrd) User interaction (optional) Enumerate bootable OS's Decompress initrd and run init Kernel initHardware init (Remaining HW) Start getty & display manager Start system and network services Mount root and other filesystems Setup sessionAuthorize user
30 The Init Process Init Start getty & display manager Start services Mount root and other filesystems A few Linux init system implementations: ● sysvinit (SysV style) ● Upstart (Ubuntu) ● OpenRC ● systemd ● etc... A few problems with traditional init systems: ● rely heavily on shell scripting: ► slow, ► fragile, ►redundancy, hard to read: 100s of shell script lines vs. 10-20 Unit File ● weak parallelism
31 systemd ● What is systemd? ● Adoption
32 What is systemd? 1/3 ● a system- and session manager for Linux, ● provides aggressive parallelization capabilities, (no shell during boot!) ● uses socket and D-Bus activation for starting services, ● offers on-demand starting of services, ● keeps track of processes using Linux cgroups,
33 What is systemd? 2/3 ● supports restoring the system's state to a predefined state, ● maintains mount and auto-mount points, ● provides dependency based service control logic, ● provides replacement for a nr. of well-known tools, e.g.: udev, automount, inetd, consolekit and syslog, ● a drop-in replacement for sysvinit
34 What is systemd? 3/3 There is a lot of criticism and opinions as well... ● “It's not the UNIX way” referring to the “do one thing and do it well” maxim ● “It's monolithic” ● “It introduces too many dependencies” ● (and worse) ... but we won't be addressing these today :-)
35 “If I had asked people what they wanted, they would have said faster horses” Henry Ford
36 systemd adoption Distribution Added to repositories Enabled by default? Released as default SUSE Linux Enterprise v12 Yes Yes openSUSE v11.4 Yes v12.2 (2012) Fedora v15 (2011) Yes v15 (2011) Red Hat Linux Enterprise v7 (2014) Yes v7 (2014) Debian in 2012 No, planned for Debian Jessie Not yet released Arch Linux in 2012 Yes 2012 see also: http://en.wikipedia.org/wiki/Systemd#Adoption_and_reception
37 Compatibility with SysV Init Scripts ● systemd-sysvinit pkg provides compatible versions of halt, init, poweroff, reboot, runlevel, shutdown, telinit ● init scripts may be augmented with systemd mechanisms, e.g. dependencies ● There are also incompatibilities: see [1] for comprehensive list [1]: http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities/ sles1201:~ # systemctl status nfs nfs.service - LSB: NFS client services Loaded: loaded (/etc/init.d/nfs) Drop-In: /run/systemd/generator/nfs.service.d └─50-insserv.conf-$remote_fs.conf Active: inactive (dead) # sles1201:~ # cat /run/systemd/generator/nfs.service.d/50-insserv.conf-$remote_fs.conf # Automatically generated by systemd-insserv-generator [Unit] Wants=remote-fs-pre.target Before=remote-fs-pre.target sles1201:~ #
38 systemd Related Concepts ● Kernel cgroups (independent of systemd) ● socket based activation ● Unit Files ● Generators
39 Kernel Cgroups (Control Groups) ● Linux Kernel facility allowing the grouping of processes (and their “children”) into a tree- structure hierarchy ● Each group can be assigned a quota for these system resources: ►CPU ►RAM ►Disk I/O ►Network I/O Control groups hierarchy created by systemd ├─machine.slice │ └─machine-qemux2dsles1201.scope │ └─20958 /usr/bin/qemu-system-x86_64 -m... ├─user.slice │ ├─user-0.slice │ │ └─user@0.service │ │ ├─4322 /usr/lib/systemd/systemd --us... │ │ └─4323 (sd-pam) │ ├─user-1000.slice │ │ ├─session-560.scope │ │ │ ├─ 2810 /usr/bin/claws-mail │ │ │ ├─ 3035 /usr/lib64/firefox/firefox │ │ │ ├─ 3086 /usr/lib/mozilla/kmozillahel... │ │ │ ├─ 5459 /bin/bash │ │ │ ├─ 7854 /usr/bin/kwalletmanager --kw... │ │ ├─session-1.scope │ │ │ ├─4179 /bin/bash ./bridge start │ │ │ └─4182 dnsmasq --conf-file=mydnsmasq... │ │ └─user@1000.service │ │ ├─1891 /usr/lib/systemd/systemd --us... │ │ └─1892 (sd-pam) │ └─user-489.slice │ └─user@489.service │ ├─1703 /usr/lib/systemd/systemd --us... │ └─1704 (sd-pam) └─system.slice ├─libvirtd.service │ └─4008 /usr/sbin/libvirtd --listen ├─rsyslog.service │ └─985 /usr/sbin/rsyslogd -n ├─apache2.service │ ├─1254 /usr/sbin/httpd2-prefork -f /et... │ └─1840 /usr/sbin/httpd2-prefork -f /et... See also: SLES 12 Tunining Guide, Ch8: “Kernel Control Groups” and Kernel documentation on cgroups
40 Demo: Kernel Cgroups Managing cgroups ►How to find cgroup configuration? ►List currently running cgroups with lscgroup (pkg libcgroups-tools) with systemd-cgls (pkg systemd) → nicely shows the cgroup hiearchy created by systemd ►Limit resources ►See also: ►cgexec - run the task in given control groups ►cgclassify - move running task(s) to given cgroups
41 Socket-based activation ►Using sockets systemd can monitor the availability of the connected service ►When the service crashes, the messages to the socket will be buffered (~ MBs) ►Especially well suited for services that mostly receive through the socket, e.g. syslog ►Temporarily stand-in for the service ►example: during boot kmsg is active but at some point syslog takes over See also: http://0pointer.de/blog/projects/socket-activation.html sles1201:~ # systemctl list-sockets LISTEN UNIT ACTIVATES /dev/initctl systemd-initctl.socket systemd-initctl.service /dev/log systemd-journald.socket systemd-journald.service /run/dmeventd-client dm-event.socket dm-event.service /run/dmeventd-server dm-event.socket dm-event.service /run/systemd/journal/socket systemd-journald.socket systemd-journald.service /run/systemd/journal/stdout systemd-journald.socket systemd-journald.service /run/systemd/journal/syslog syslog.socket rsyslog.service /run/systemd/shutdownd systemd-shutdownd.socket systemd-shutdownd.service /run/udev/control systemd-udevd-control.socket systemd-udevd.service /var/run/dbus/system_bus_socket dbus.socket dbus.service /var/run/pcscd/pcscd.comm pcscd.socket pcscd.service [...]
42 Unit File Types ● service ● target ● socket ● path ● device ● timer ● mount ● automount ● snapshot ● slice ● swap ● scope
43 Generators ►Generators are located in /usr/lib/systemd/system- generators/ ►Templates are located in directory /usr/lib/systemd/system- generators/ ►Based on templates systemd generators creates one or more unit instances for example for: getty,lvm; or mount units based on /etc/fstab See also: http://www.freedesktop.org/wiki/Software/systemd/Generators/ sles1201:/etc/systemd # cat /usr/lib/systemd/system/user@.service [Unit] Description=User Manager for UID %i After=systemd-user-sessions.service [Service] User=%i PAMName=systemd-user Type=notify ExecStart=-/usr/lib/systemd/systemd --user Slice=user-%i.slice KillMode=mixed
44 systemd Unit files ● Unit file locations ● Unit file strcuture ● A few Unit file types: ►service ►socket ►target ►slice, scope ►timer
45 Unit File Locations (in order of precedence) In system mode (systemd --system) ►Runtime units: /run/systemd/system/ ►Local configuration: /etc/systemd/system/ ►Units of installed packages: /usr/lib/systemd/system In user mode (systemd --user) ►User configuration: $HOME/.config/systemd/user/ ►Local configuration: /etc/systemd/user/ ►Runtime units: /run/systemd/user/ ►Units of installed packages: /usr/lib/systemd/user/
46 [Section] Unit File Syntax(*) ● Generic sections: ►[Unit]: Dependencies, etc.. ►[Install]: What to do to install or remove ● Other ►empty lines and prefixed with “#” or “;” will be ignored ►“” at line end will wrap long lines ● Options ►Pre-defined ►User defined, prefixed with “X-” ● Values ►Bolean: 1, “true”, “yes”,”on” or 0, “false”, “no”, “off” ►Time: “50”, “4min 140ms” [Unit] Option = Value Option = Value # This line will be ignored ; As well as this [Install] BoleanOption = true Option = Value Option = Value [Specific Section] Option = Value Option = Value X-MyOption = “User defined option” See also man(5) system.unit (*) Conform “XDG Desktop Entry Specification”
47 [Unit] # will include all settings from # bar.service .include bar.service Description = foo service Wanted = Value ; As well as this Unit File Logic 1/2 ● Directory “foo.service.d” may contain “*.conf” files to alter or add configuration ● Directory “foo.service.wants/” can contain symlinks to dependencies of “foo.service” ● Unit file templates: ►getty@tty3.service will be generated from: ►getty@.service foo.service
48 Unit File Logic 2/2 [Unit] Directives ►Description, Documentation: Make live easy ►Wants, Requires, Conflicts Express dependencies between units ►WantedBy, RequiredBy: Reverse dependencies; Will result in symlink to this unit in mentioned services' $unit.wants/ or $unit.requires/ directory ►Before, After Specify order when starting and stopping units ►Alias: when enabled, unit will also be registered under these names
49 Unit files: service service units start and control daemons and the processes they consist of sles1201:~ # cat /usr/lib/systemd/system/ntpd.service [Unit] Description=NTP Server Daemon Documentation=man:ntpd(1) After=nss-lookup.target Wants=network.target After=network.target [Service] Type=forking PIDFile=/var/run/ntp/ntpd.pid ExecStart=/usr/sbin/start-ntpd start RestartSec=11min Restart=always [Install] WantedBy=multi-user.target See also: man systemd.service(5)
50 Unit files: socket socket units create local unix or network sockets, useful for socket based activation sles1201:~ # systemctl -t socket UNIT LOAD ACTIVE SUB DESCRIPTION dbus.socket loaded active running D-Bus System Message Bus Socket dm-event.socket loaded active running Device-mapper event daemon FIFOs iscsid.socket loaded active listening Open-iSCSI iscsid Socket pcscd.socket loaded active listening PC/SC Smart Card Daemon Activation Socket syslog.socket loaded active running Syslog Socket systemd-initctl.socket loaded active listening /dev/initctl Compatibility Named Pipe systemd-journald.socket loaded active running Journal Socket systemd-shutdownd.socket loaded active listening Delayed Shutdown Socket systemd-udevd-control.socket loaded active running udev Control Socket systemd-udevd-kernel.socket loaded active running udev Kernel Socket sles1201:~ # systemctl status dbus.socket dbus.socket - D-Bus System Message Bus Socket Loaded: loaded (/usr/lib/systemd/system/dbus.socket; static) Active: active (running) since Wed 2015-01-28 14:37:31 CET; 7h ago Listen: /var/run/dbus/system_bus_socket (Stream) sles1201:~ # cat /usr/lib/systemd/system/dbus.socket [Unit] Description=D-Bus System Message Bus Socket [Socket] ListenStream=/var/run/dbus/system_bus_socket sles1201:~ #
51 Unit files: target ● target units: ►are useful to group units, or ►provide well-known synchronization points during boot-up sles1201:~ # systemctl get-default multi-user.target sles1201:~ # systemctl -t target UNIT LOAD ACTIVE SUB DESCRIPTION basic.target loaded active active Basic System cryptsetup.target loaded active active Encrypted Volumes getty.target loaded active active Login Prompts local-fs-pre.target loaded active active Local File Systems (Pre) local-fs.target loaded active active Local File Systems multi-user.target loaded active active Multi-User System network.target loaded active active Network nss-lookup.target loaded active active Host and Network Name Lookups nss-user-lookup.target loaded active active User and Group Name Lookups paths.target loaded active active Paths remote-fs-pre.target loaded active active Remote File Systems (Pre) remote-fs.target loaded active active Remote File Systems [...] ►are equivalent to “runlevel”: ►`init 5` is equivalent to ►`systemctl isolate runlevel5.target` ►/etc/inittab is deprecated ►see also: systemd.target(5)
52 Unit files: slice and scope A standard hierarchy of processes, sessions for resource control ● slices: ►automatically created slices: ►“-” (root), ►machine ►user: parent for user-* slices ►system: parent for services ►see also: man systemd.slice(5) ● scopes: ►each session (on tty or graphical) is an individual scope ►see also: man systemd.scope(5) -.slice ├─machine.slice │ └─machine-qemux2dsles1201.scope │ └─3721 /usr/bin/qemu-system-x86_64 | -name sles1201 -machine │ accel=kvm [...] ├─user.slice │ ├─user-0.slice │ │ └─user@0.service │ │ └─4519 /usr/lib/systemd/systemd --user . . │ └─user-1000.slice │ ├─session-1.scope . . │ └─system.slice ├─1 /sbin/init showopts ├─systemd-machined.service │ └─3722 /usr/lib/systemd/systemd-machined ├─libvirtd.service │ └─3514 /usr/sbin/libvirtd --listen ├─rsyslog.service │ └─968 /usr/sbin/rsyslogd -n .
53 Unit files: timer ►Timer units trigger matching unit files on the defined moments, ie: “foo.timer” has to have a foo.<unit type> ►Timers are monotonic, independent of wall-clock time and timezones. sles1201:~ # cat /usr/lib/systemd/system/systemd-tmpfiles-clean.timer [Unit] Description=Daily Cleanup of Temporary Directories Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) [Timer] OnBootSec=15min OnUnitActiveSec=1d sles1201:~ # ls -1 /usr/lib/systemd/system/systemd-tmpfiles-clean* systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer sles1201:~ # systemctl --all list-timers NEXT LEFT UNIT ACTIVATES Thu 2015-01-29 14:52:19 CET 13h left systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service n/a n/a systemd-readahead-done.timer systemd-readahead-done.service ►If system is suspended, the monotonic clock stops too. ►see also: man systemd.timer(5)
54 Using unmodified SysV/LSB scripts with systemd ►Compatibility mode with symlinks to /usr/lib/systemd/systemd: halt, init, poweroff, reboot, runlevel, shutdown, telinit ►Requests to above utilities will be forwarded to systemd ►The correct invocation of an init script is through /sbin/service ►systemd understands and respects the LSB headers ►Be sure to check the list of incompatibilities with SysV, see [1], e.g.: ►The concept of runlevels is different than with sysvinit ►Interactive scripts should use `systemd-ask-password` [1] http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities/
55 From SysV/LSB Script to systemd Unit File ►Read and understand what the script does! ►Section [Unit] Description and Documentation Dependencies: based on LSB headers “Required-Start”, “Required-Stop” Ordering: “Before” or “After” ►Section [Service] ExecStart: the full path to the services binary/script Type: How to monitor the daemon? Possible values: simple, forking, oneshot, dbus, notify, idle PIDFile: the file containing a forked daemon's PID ►Section [Install] Runlevel to corresponding target, e.g.: WantedBy=multi-user.target ►See also: ►man systemd.unit(5) ►man systemd.service(5) ►Lennart Poettering's blog article [1] [1] “systemd for Administrators, Part III”, http://0pointer.de/blog/projects/systemd-for-admins-3.html
56 A few select systemd Use Cases
57 List Available Unit Files sles1201:~ # systemctl list-unit-files UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static org.freedesktop.hostname1.busname static org.freedesktop.locale1.busname static org.freedesktop.login1.busname static org.freedesktop.machine1.busname static org.freedesktop.timedate1.busname static dev-hugepages.mount static dev-mqueue.mount static proc-sys-fs-binfmt_misc.mount static ... cleanup.service static clock.service masked rsyslog.service enabled ... system-update.target static time-sync.target static timers.target static umount.target static fstrim.timer disabled mdadm-last-resort@.timer static systemd-readahead-done.timer static systemd-tmpfiles-clean.timer static 287 unit files listed. sles1201:~ # ● systemctl ►list-timers ►list-sockets ►list-units ►list-unit-files
58 Start / Stop / Restart / Enable / Disable ● Multiple services at the same time ● Completion (requires the “bash- completion” pkg) sles1201:~ # systemctl status a<TAB><TAB> after-local.service auditd.service amavis.service autofs.service apparmor.service autovt@.service atd.service sles1201:~ # systemctl status a sles1201:~ # systemctl -t <TAB><TAB> automount device mount path service snapshot socket swap target timer sles1201:~ # systemctl -t <TAB><TAB> sles1201:~ # systemctl restart ntpd apache2 sles1201:~ # systemctl status ntpd apache2 sles1201:~ # systemctl disable apache2 sles1201:~ # systemctl status apache2 apache2.service - The Apache Webserver Loaded: loaded (/usr/lib/systemd/system... Active: active (running) since Thu 2015... Main PID: 12391 (httpd2-prefork) Status: "Total requests: 0; Current req... CGroup: /system.slice/apache2.service ├─12391 /usr/sbin/httpd2-prefor... ├─12408 /usr/sbin/httpd2-prefor... ├─12410 /usr/sbin/httpd2-prefor... ├─12411 /usr/sbin/httpd2-prefor... ├─12412 /usr/sbin/httpd2-prefor... └─12413 /usr/sbin/httpd2-prefor...
59 More informative service status sles1201:~ # systemctl status postfix postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled) Active: active (running) since Sun 2015-01-25 17:15:02 CET; 2 days ago Process: 1182 ExecStartPost=/etc/postfix/system/cond_slp register (code=exited, status=0/SUCCESS) Process: 1177 ExecStartPost=/etc/postfix/system/wait_qmgr 60 (code=exited, status=0/SUCCESS) Process: 1072 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS) Process: 1061 ExecStartPre=/etc/postfix/system/update_postmaps (code=exited, status=0/SUCCESS) Process: 1051 ExecStartPre=/etc/postfix/system/update_chroot (code=exited, status=0/SUCCESS) Process: 1007 ExecStartPre=/etc/postfix/system/config_postfix (code=exited, status=0/SUCCESS) Process: 992 ExecStartPre=/bin/echo Starting mail service (Postfix) (code=exited, status=0/SUCCESS) Main PID: 1175 (master) CGroup: /system.slice/postfix.service ├─ 1175 /usr/lib/postfix/master -w ├─ 1178 qmgr -l -t fifo -u └─25344 pickup -l -t fifo -u Jan 25 17:15:01 sles1201 echo[992]: Starting mail service (Postfix) Jan 25 17:15:02 sles1201 postfix/postfix-script[1156]: warning: not owned by group maildrop: /usr/sbin/postqueue Jan 25 17:15:02 sles1201 postfix/postfix-script[1158]: warning: not owned by group maildrop: /usr/sbin/postdrop Jan 25 17:15:02 sles1201 postfix/postfix-script[1161]: warning: not set-gid or not owner+group+world executable: /usr/sbin/postdrop Jan 25 17:15:02 sles1201 postfix/postfix-script[1173]: starting the Postfix mail system Jan 25 17:15:02 sles1201 postfix/master[1175]: daemon started -- version 2.11.0, configuration /etc/postfix sles1201:~ #
60 Managing remote machines $ systemctl -H root@sles1201 status postfix.service Host key fingerprint is bc:87:d7:c9:06:5f:16:1c:b2:e5:88:0f:8f:d7:f6:9d +--[ECDSA 256]---+ | . o | | w - B . | | o o + | | a . = . . | | S o + = | | o * = .o| | o P * Eo| | o . | | | +-----------------+ postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled) Active: active (running) since Wed 2015-01-28 14:37:51 CET; 12h ago Main PID: 1340 CGroup: /system.slice/postfix.service
61 Resource Control Limit Apache service ►default CPUShares = 1024 ►temporarily: systemctl set-property apache2.service CPUShares=612 MemoryLimit=500M ►permanently: systemctl set-property --runtime apache2.service CPUShares=612 MemoryLimit=500M or “CPUShares = 612” in Unit File See also ►man systemd.resource-control(5) ►man systemd-cgtop ►“systemd's Resource Control Concepts” [1] [1] http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/
62 Boot process analysis sles1201:~ # systemd-analyze blame 16.029s wicked.service 2.852s systemd-udev-settle.service 1.684s SuSEfirewall2_init.service 1.596s postfix.service 1.420s SuSEfirewall2.service 1.235s apparmor.service 1.132s systemd-remount-fs.service 1.057s systemd-udev-root-symlink.service 1.056s sys-kernel-debug.mount 1.055s dev-mqueue.mount 1.054s dev-hugepages.mount 911ms systemd-udev-trigger.service 888ms btrfsmaintenance-refresh.service 854ms sshd.service 831ms rsyslog.service sles1201:~ # systemd-analyze plot > sles1201-boot.svg
63 Containers with systemd-nspawn Similar to chroot, but: ►RO access to /sys, /proc/sys, /sys/fs/selinux, ►No device files may be created and ►No changes to network and clock ... from within the container Demo: ►Bootstrap a new filesystem ►Add repositories ►Install a few packages ►Start container systemd-nspawn may be used to run a command or OS in a light-weight namespace container. (man systemd-nspawn)
64 systemd-nspawn Demo: bootstrap a new container Bootstrap a new filesystem zypper --root /vmstore/containers/os131/ addrepo http://download.opensuse.org/distribution/13.1/repo/non-oss/ repo-oss zypper --root /vmstore/containers/os131/ addrepo http://download.opensuse.org/distribution/13.1/repo/non-oss/ repo-non-oss zypper --root /vmstore/containers/os131/ refresh Install a few packages zypper --root /vmstore/containers/os131/ install openSUSE-release-13.1-1.10.x86_64 bash iproute2 coreutils Container size <60MB! du -sm /vmstore/containers/os131/ 56 /vmstore/containers/os131/ Start container systemd-nspawn -D /vmstore/containers/os131/ /bin/bash Spawning namespace container on /vmstore/containers/opensuse13.1 (console is /dev/pts/8). Init process in the container running as PID 26205. Timezone Europe/Amsterdam does not exist in container, not updating container timezone. bash-4.2#
65 Summary ● systemd introduces radical changes in the Linux boot process ● Because of the richness of unit file vocabulary and tools it can be overwhelming at first ● Transitioning to systemd is made easier by the “compatibility” features ● by making clear choices and enforcing its standards --for good or ill-- systemd will simplify things ● The adoption of systemd is already large and growing
Thank you. 66 Questions?
Unpublished Work of SUSE. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Recommandé

CLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemCLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemPaulWay
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemdDavid Timothy Strauss
 
Systemd mlug-20140614
Systemd mlug-20140614Systemd mlug-20140614
Systemd mlug-20140614Susant Sahani
 
Introduction to systemd
Introduction to systemdIntroduction to systemd
Introduction to systemdYusaku OGAWA
 
Systemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to loveSystemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to loveAlison Chaiken
 
Systemd for developers
Systemd for developersSystemd for developers
Systemd for developersAlison Chaiken
 
Your first dive into systemd!
Your first dive into systemd!Your first dive into systemd!
Your first dive into systemd!Etsuji Nakai
 

Recommandé

CLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemCLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemPaulWay
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemdDavid Timothy Strauss
 
Systemd mlug-20140614
Systemd mlug-20140614Systemd mlug-20140614
Systemd mlug-20140614Susant Sahani
 
Introduction to systemd
Introduction to systemdIntroduction to systemd
Introduction to systemdYusaku OGAWA
 
Systemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to loveSystemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to loveAlison Chaiken
 
Systemd for developers
Systemd for developersSystemd for developers
Systemd for developersAlison Chaiken
 
Your first dive into systemd!
Your first dive into systemd!Your first dive into systemd!
Your first dive into systemd!Etsuji Nakai
 
Basic of Systemd
Basic of SystemdBasic of Systemd
Basic of SystemdPraveen Kumar
 
Pdf c1t tlawaxb
Pdf c1t tlawaxbPdf c1t tlawaxb
Pdf c1t tlawaxbSusant Sahani
 
Systemd poettering
Systemd poetteringSystemd poettering
Systemd poetteringSusant Sahani
 
LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager Alison Chaiken
 
Systemd evolution revolution_regression
Systemd evolution revolution_regressionSystemd evolution revolution_regression
Systemd evolution revolution_regressionSusant Sahani
 
SystemV vs systemd
SystemV vs systemdSystemV vs systemd
SystemV vs systemdAll Things Open
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7Marc Cortinas Val
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratchjoshuasoundcloud
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelOpenVZ
 
Linux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSLinux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSjoshuasoundcloud
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embeddedAlison Chaiken
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdRichard Lister
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespacesLocaweb
 
IRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleIRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleAlison Chaiken
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-timeNational Cheng Kung University
 
Linux Process & CF scheduling
Linux Process & CF schedulingLinux Process & CF scheduling
Linux Process & CF schedulingSangJung Woo
 
.ppt
.ppt.ppt
.pptwebhostingguy
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xrkr10
 

Contenu connexe

Tendances

LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager Alison Chaiken
 
Systemd evolution revolution_regression
Systemd evolution revolution_regressionSystemd evolution revolution_regression
Systemd evolution revolution_regressionSusant Sahani
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratchjoshuasoundcloud
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelOpenVZ
 
Linux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSLinux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSjoshuasoundcloud
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embeddedAlison Chaiken
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdRichard Lister
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespacesLocaweb
 
IRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleIRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleAlison Chaiken
 
Linux Process & CF scheduling
Linux Process & CF schedulingLinux Process & CF scheduling
Linux Process & CF schedulingSangJung Woo
 

Tendances (20)

Basic of Systemd
Basic of SystemdBasic of Systemd
Basic of Systemd
 
Pdf c1t tlawaxb
Pdf c1t tlawaxbPdf c1t tlawaxb
Pdf c1t tlawaxb
 
Systemd poettering
Systemd poetteringSystemd poettering
Systemd poettering
 
LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager
 
Systemd evolution revolution_regression
Systemd evolution revolution_regressionSystemd evolution revolution_regression
Systemd evolution revolution_regression
 
SystemV vs systemd
SystemV vs systemdSystemV vs systemd
SystemV vs systemd
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architecture
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux Kernel
 
Linux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSLinux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPS
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embedded
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
 
CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love Systemd
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespaces
 
IRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleIRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the Preemptible
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-time
 
Linux Process & CF scheduling
Linux Process & CF schedulingLinux Process & CF scheduling
Linux Process & CF scheduling
 

Similaire à Full system roll-back and systemd in SUSE Linux Enterprise 12

Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xrkr10
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016Brendan Gregg
 
Linux Du Jour
Linux Du JourLinux Du Jour
Linux Du Jourmwedgwood
 
MySQL Workbench for DFW Unix Users Group
MySQL Workbench for DFW Unix Users GroupMySQL Workbench for DFW Unix Users Group
MySQL Workbench for DFW Unix Users GroupDave Stokes
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
 
A3Sec Advanced Deployment System
A3Sec Advanced Deployment SystemA3Sec Advanced Deployment System
A3Sec Advanced Deployment Systema3sec
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Research
 
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesPuppet
 
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakWorkflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakNETWAYS
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactAlessandro Selli
 
Monitor your CentOS stack with Prometheus
Monitor your CentOS stack with PrometheusMonitor your CentOS stack with Prometheus
Monitor your CentOS stack with PrometheusJulien Pivotto
 
linux monitoring and performance tunning
linux monitoring and performance tunning linux monitoring and performance tunning
linux monitoring and performance tunning iman darabi
 
Monitor your CentOS stack with Prometheus
Monitor your CentOS stack with PrometheusMonitor your CentOS stack with Prometheus
Monitor your CentOS stack with PrometheusJulien Pivotto
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFsDocker, Inc.
 
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
 

Similaire à Full system roll-back and systemd in SUSE Linux Enterprise 12 (20)

.ppt
.ppt.ppt
.ppt
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
 
Linux Du Jour
Linux Du JourLinux Du Jour
Linux Du Jour
 
Linux Internals - Part II
Linux Internals - Part IILinux Internals - Part II
Linux Internals - Part II
 
MySQL Workbench for DFW Unix Users Group
MySQL Workbench for DFW Unix Users GroupMySQL Workbench for DFW Unix Users Group
MySQL Workbench for DFW Unix Users Group
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
 
A3Sec Advanced Deployment System
A3Sec Advanced Deployment SystemA3Sec Advanced Deployment System
A3Sec Advanced Deployment System
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
 
systemd
systemdsystemd
systemd
 
Lxbrand
LxbrandLxbrand
Lxbrand
 
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large Enterprises
 
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakWorkflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
 
200.1,2-Capacity Planning
200.1,2-Capacity Planning200.1,2-Capacity Planning
200.1,2-Capacity Planning
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compact
 
Monitor your CentOS stack with Prometheus
Monitor your CentOS stack with PrometheusMonitor your CentOS stack with Prometheus
Monitor your CentOS stack with Prometheus
 
linux monitoring and performance tunning
linux monitoring and performance tunning linux monitoring and performance tunning
linux monitoring and performance tunning
 
Monitor your CentOS stack with Prometheus
Monitor your CentOS stack with PrometheusMonitor your CentOS stack with Prometheus
Monitor your CentOS stack with Prometheus
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFs
 
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
 

Dernier

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Dernier (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Full system roll-back and systemd in SUSE Linux Enterprise 12

  • 1. SUSE Linux Enterprise 12 Innovations in System Boot and Full System Roll-back Gábor Nyers Sales Engineer @SUSE gnyers@suse.com
  • 2. 2 Agenda ● Quick overview of SLE 12 ● Full-system rollback ►Demo: Full-system rollback, Integratie snapper and grub2 ● System initialization with systemd ►Feature overview, compatibility, demo ● System initialization with systemd ►Feature overview, compatibility, from traditional init scripts to unit files; demo's
  • 3. Quick Overview of SUSE Linux Enterprise 12
  • 4. 4 SUSE Linux Enterprise 12 Life Cycle
  • 5. 5 SUSE® Linux Enterprise Server 12 Lifecyle Model 10 years lifecycle + 3 years Extended Support General Support Extended Support Year 1 Year 2 Year 3 Year 4 Year 5 Year 6 Year 7 Year 8 Year 9 Year 10 Year 11 Year 12 Year 13 GA LTSS SP1 LTSS SP2 LTSS SP3 LTSS SP4 LTSS • 13-year lifecycle (10 years general support, 3 years extended support) • Long Term Service Pack Support (LTSS) available for all versions, including GA
  • 6. 6 SUSE® Linux Enterprise Lifecycle & Code Streams 2011 2012 2013 2014 2015 2016 SLE10 SLE 11 SLE 12 SP4 SP2 SP3 SP4 SP1 13-year lifecycle For SLES 11 and SLES 12, 10 years general support, +3 years Long Term Support Tentative – Dates subject to change SUSE Linux Enterprise 12 Long Term Service Pack Support for every Service Pack GA
  • 7. 7 SUSE Linux Enterprise Modules Web Scripting Legacy Toolchain Public Cloud Advanced Systems Mgmt. php, python3 sendmail, syslog-ng, ksh, old versions of: Java, cups, libstdc++ gcc cloud-init; google-, aws-, openstack- tools; lots of Python modules, cfengine, puppet, machinery 3yrs 3yrs 1y CI CI Module name Content Release schedule
  • 8. 8
  • 10. 10 Components Grub2: boot loader integration for full system rollback Snapper: GUI and CLI tool for easy snapshot/rollback Btrfs: default filesystem with fault tolerance, repair, and easy management features
  • 11. 11 Full system roll- back Btrfs ● Btrfs features ● Concepts ►Subvolume ►Snapshot ● Filesystem recommendations
  • 12. 12 Btrfs feature overview Supported by SUSE ● Copy-on-Write ● Snapshots ● Subvolumes ● Data integrity ● Metadata integrity ● On-line scrubbing ● Manual de-duplication ● Quota Groups Work in progress ● Inode Cache ● Auto Defrag ● RAID ● Transparent compression ● Send / Receive ● Hot add / remove ● Seeding devices
  • 13. 13 Btrfs Concepts: Subvolumes Subvolume(s)...: … appear to be a directory … start as an independent but empty root node … are independently mountable … are independently snapshotable … are “equals” amongst each other, but there is a designated “default subvolume”Subvol (B-Tree) / Subvol (B-Tree) /home /var/log Subvolume Root node Subvolume Root node Default Subvolume Root node Storage block
  • 14. 14 Btrfs Concepts: Snapshots Snapshot(s)...: … are an independent clone of the state of a subvolume … share all raw data with its ancestor after creation … may be (practically) unlimited in number … are either RO or RW … may be “nested”, that is “snapshot of a snapshot” Subvol (B-Tree) / /home Clone B-Tree Clone B-Tree data blocks When a snapshot is created, the parent and child sub-trees point to the same data blocks
  • 15. 15 Btrfs integration in YaST Partitioner
  • 17. 17 Full system roll- back Snapper ● Snapshot management tool ● Features ● Metadata ● Compare snapshots
  • 18. 18 Snapper feature overview ● btrfs, ext4 and LVM ● Plug-in support ● Grub2 integration ● Stores metadata with snapshot ►free text for humans ►key = value pairs for computers ● Management of multiple btrfs filesystems and subvolumes ►Automatic snapshot creation ►Configurable clean-up algorithms ►Creates RO snapshots by default ►Snapshots for non-root users ►Show difference between snapshots ►Mount snapshots
  • 19. 19 sles1201:~ # snapper list Type | # | Pre # | Date | User | Cleanup | Description | Userdata -------+----+-------+---------------------------------+------+----------+-------------------------------------------------------+-------------------------------- single | 0 | | | root | | current | single | 1 | | Mon 27 Oct 2014 09:52:24 PM CET | root | timeline | This is a free-text description for human consumption | changeID=Demo001, myvar1=value1 single | 2 | | Mon 27 Oct 2014 10:00:19 PM CET | root | home-tux | 1st snapshot for user tux | single | 3 | | Mon 27 Oct 2014 10:01:10 PM CET | root | home-tux | 1st snapshot for user tux | single | 8 | | Mon 27 Oct 2014 11:18:19 PM CET | root | | Recovery point 2014-10-27 | single | 9 | | Tue 28 Oct 2014 12:41:46 AM CET | root | | Rolling back to snapshot 8 | single | 10 | | Tue 28 Oct 2014 12:41:46 AM CET | root | | Rolling back to snapshot 8 | single | 11 | | Tue 28 Oct 2014 01:17:01 AM CET | root | | Recovery point 2 | important=yes single | 12 | | Tue 28 Oct 2014 05:47:39 AM CET | root | | Rolling back disabled state to Recovery point 2 | single | 13 | | Tue 28 Oct 2014 05:47:40 AM CET | root | | Rolling back disabled state to Recovery point 2 | pre | 18 | | Tue 28 Oct 2014 11:16:22 PM CET | root | number | yast apparmor | post | 19 | 18 | Tue 28 Oct 2014 11:16:41 PM CET | root | number | | pre | 20 | | Mon 19 Jan 2015 09:25:19 PM CET | root | number | zypp(zypper) | important=yes post | 21 | 20 | Mon 19 Jan 2015 09:34:32 PM CET | root | number | | important=yes pre | 22 | | Mon 19 Jan 2015 09:55:14 PM CET | root | number | zypp(zypper) | important=no post | 23 | 22 | Mon 19 Jan 2015 09:55:26 PM CET | root | number | | important=no pre | 24 | | Mon 19 Jan 2015 10:52:22 PM CET | root | number | zypp(zypper) | important=no post | 25 | 24 | Mon 19 Jan 2015 10:52:24 PM CET | root | number | | important=no pre | 26 | | Thu 22 Jan 2015 12:37:27 AM CET | root | number | yast sw_single | post | 27 | 26 | Thu 22 Jan 2015 12:38:35 AM CET | root | number | | pre | 28 | | Thu 22 Jan 2015 12:50:23 AM CET | root | number | yast repositories | post | 29 | 28 | Thu 22 Jan 2015 01:00:49 AM CET | root | number | | sles1201:~ # Snapper – snapshot management
  • 20. 20 Snapper – Metadata Meta information stored with each snapshot: ►Type : [ Pre | Post | Single ] ►# : Nr of snapshot ►Pre # : Matching “Pre” number, if type is “Post” ►Date : Timestamp ►User : User who created the snapshot ►Cleanup : Cleanup algorithm for this snapshot ►Description : A fitting description of the snapshot (free text) ►Userdata : key=value pairs to record all sorts of useful information about the snapshot in an (e.g.: easily parsing from scripts)
  • 22. 22 Snapper DBus support dbus daemon snapperd Unprivileged user Unprivileged user Privileged userPrivileged user Privileged user agent (snapper) agent (yast) agent (e.g.: custom script) ● Snapper: ►snapper (client) ►snapperd (server) ● Authorized users submit request through DBus ● snapperd performs actions on behalf of users ● Authorization scheme ►Users ►Agents
  • 23. 23 Full system roll- back Grub2 ● the Grand Unified Boot Loader v2
  • 24. 24 Grub2 Features ● Scripting support ● Dynamic modules ● Custom menus ● Boot LiveCD ISO images directly from hard drive
  • 25. 25 Full System Roll-back 1/2 ● Rollback to a good state with one click for faster recovery from planned or unplanned downtime ● Support for service pack rollback ● Support for kernel upgrade ● Based on btrfs and Snapper, bootloader integration
  • 26. 26 Full System Roll-back 2/2 Goal: Reduce operational downtime by quickly restoring the system to a well-known working state.
  • 27. 27 Demo: Full system roll-back ● Create recovery point ● Wreck havoc ● Boot system → fail! ● Boot system to recovery point → read-only! ● Roll-back system using snapper
  • 29. 29 The boot process in general http://en.wikipedia.org/wiki/Linux_startup_process BIOS Boot loader Kernel Init Login Prompt Find and load boot loader from disk Enumerate disks Hardware init (RAM, PCI bus, USB, video, keyboard, disks, etc..) Load and run OS (Linux: kernel+initrd) User interaction (optional) Enumerate bootable OS's Decompress initrd and run init Kernel initHardware init (Remaining HW) Start getty & display manager Start system and network services Mount root and other filesystems Setup sessionAuthorize user
  • 30. 30 The Init Process Init Start getty & display manager Start services Mount root and other filesystems A few Linux init system implementations: ● sysvinit (SysV style) ● Upstart (Ubuntu) ● OpenRC ● systemd ● etc... A few problems with traditional init systems: ● rely heavily on shell scripting: ► slow, ► fragile, ►redundancy, hard to read: 100s of shell script lines vs. 10-20 Unit File ● weak parallelism
  • 31. 31 systemd ● What is systemd? ● Adoption
  • 32. 32 What is systemd? 1/3 ● a system- and session manager for Linux, ● provides aggressive parallelization capabilities, (no shell during boot!) ● uses socket and D-Bus activation for starting services, ● offers on-demand starting of services, ● keeps track of processes using Linux cgroups,
  • 33. 33 What is systemd? 2/3 ● supports restoring the system's state to a predefined state, ● maintains mount and auto-mount points, ● provides dependency based service control logic, ● provides replacement for a nr. of well-known tools, e.g.: udev, automount, inetd, consolekit and syslog, ● a drop-in replacement for sysvinit
  • 34. 34 What is systemd? 3/3 There is a lot of criticism and opinions as well... ● “It's not the UNIX way” referring to the “do one thing and do it well” maxim ● “It's monolithic” ● “It introduces too many dependencies” ● (and worse) ... but we won't be addressing these today :-)
  • 35. 35 “If I had asked people what they wanted, they would have said faster horses” Henry Ford
  • 36. 36 systemd adoption Distribution Added to repositories Enabled by default? Released as default SUSE Linux Enterprise v12 Yes Yes openSUSE v11.4 Yes v12.2 (2012) Fedora v15 (2011) Yes v15 (2011) Red Hat Linux Enterprise v7 (2014) Yes v7 (2014) Debian in 2012 No, planned for Debian Jessie Not yet released Arch Linux in 2012 Yes 2012 see also: http://en.wikipedia.org/wiki/Systemd#Adoption_and_reception
  • 37. 37 Compatibility with SysV Init Scripts ● systemd-sysvinit pkg provides compatible versions of halt, init, poweroff, reboot, runlevel, shutdown, telinit ● init scripts may be augmented with systemd mechanisms, e.g. dependencies ● There are also incompatibilities: see [1] for comprehensive list [1]: http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities/ sles1201:~ # systemctl status nfs nfs.service - LSB: NFS client services Loaded: loaded (/etc/init.d/nfs) Drop-In: /run/systemd/generator/nfs.service.d └─50-insserv.conf-$remote_fs.conf Active: inactive (dead) # sles1201:~ # cat /run/systemd/generator/nfs.service.d/50-insserv.conf-$remote_fs.conf # Automatically generated by systemd-insserv-generator [Unit] Wants=remote-fs-pre.target Before=remote-fs-pre.target sles1201:~ #
  • 38. 38 systemd Related Concepts ● Kernel cgroups (independent of systemd) ● socket based activation ● Unit Files ● Generators
  • 39. 39 Kernel Cgroups (Control Groups) ● Linux Kernel facility allowing the grouping of processes (and their “children”) into a tree- structure hierarchy ● Each group can be assigned a quota for these system resources: ►CPU ►RAM ►Disk I/O ►Network I/O Control groups hierarchy created by systemd ├─machine.slice │ └─machine-qemux2dsles1201.scope │ └─20958 /usr/bin/qemu-system-x86_64 -m... ├─user.slice │ ├─user-0.slice │ │ └─user@0.service │ │ ├─4322 /usr/lib/systemd/systemd --us... │ │ └─4323 (sd-pam) │ ├─user-1000.slice │ │ ├─session-560.scope │ │ │ ├─ 2810 /usr/bin/claws-mail │ │ │ ├─ 3035 /usr/lib64/firefox/firefox │ │ │ ├─ 3086 /usr/lib/mozilla/kmozillahel... │ │ │ ├─ 5459 /bin/bash │ │ │ ├─ 7854 /usr/bin/kwalletmanager --kw... │ │ ├─session-1.scope │ │ │ ├─4179 /bin/bash ./bridge start │ │ │ └─4182 dnsmasq --conf-file=mydnsmasq... │ │ └─user@1000.service │ │ ├─1891 /usr/lib/systemd/systemd --us... │ │ └─1892 (sd-pam) │ └─user-489.slice │ └─user@489.service │ ├─1703 /usr/lib/systemd/systemd --us... │ └─1704 (sd-pam) └─system.slice ├─libvirtd.service │ └─4008 /usr/sbin/libvirtd --listen ├─rsyslog.service │ └─985 /usr/sbin/rsyslogd -n ├─apache2.service │ ├─1254 /usr/sbin/httpd2-prefork -f /et... │ └─1840 /usr/sbin/httpd2-prefork -f /et... See also: SLES 12 Tunining Guide, Ch8: “Kernel Control Groups” and Kernel documentation on cgroups
  • 40. 40 Demo: Kernel Cgroups Managing cgroups ►How to find cgroup configuration? ►List currently running cgroups with lscgroup (pkg libcgroups-tools) with systemd-cgls (pkg systemd) → nicely shows the cgroup hiearchy created by systemd ►Limit resources ►See also: ►cgexec - run the task in given control groups ►cgclassify - move running task(s) to given cgroups
  • 41. 41 Socket-based activation ►Using sockets systemd can monitor the availability of the connected service ►When the service crashes, the messages to the socket will be buffered (~ MBs) ►Especially well suited for services that mostly receive through the socket, e.g. syslog ►Temporarily stand-in for the service ►example: during boot kmsg is active but at some point syslog takes over See also: http://0pointer.de/blog/projects/socket-activation.html sles1201:~ # systemctl list-sockets LISTEN UNIT ACTIVATES /dev/initctl systemd-initctl.socket systemd-initctl.service /dev/log systemd-journald.socket systemd-journald.service /run/dmeventd-client dm-event.socket dm-event.service /run/dmeventd-server dm-event.socket dm-event.service /run/systemd/journal/socket systemd-journald.socket systemd-journald.service /run/systemd/journal/stdout systemd-journald.socket systemd-journald.service /run/systemd/journal/syslog syslog.socket rsyslog.service /run/systemd/shutdownd systemd-shutdownd.socket systemd-shutdownd.service /run/udev/control systemd-udevd-control.socket systemd-udevd.service /var/run/dbus/system_bus_socket dbus.socket dbus.service /var/run/pcscd/pcscd.comm pcscd.socket pcscd.service [...]
  • 42. 42 Unit File Types ● service ● target ● socket ● path ● device ● timer ● mount ● automount ● snapshot ● slice ● swap ● scope
  • 43. 43 Generators ►Generators are located in /usr/lib/systemd/system- generators/ ►Templates are located in directory /usr/lib/systemd/system- generators/ ►Based on templates systemd generators creates one or more unit instances for example for: getty,lvm; or mount units based on /etc/fstab See also: http://www.freedesktop.org/wiki/Software/systemd/Generators/ sles1201:/etc/systemd # cat /usr/lib/systemd/system/user@.service [Unit] Description=User Manager for UID %i After=systemd-user-sessions.service [Service] User=%i PAMName=systemd-user Type=notify ExecStart=-/usr/lib/systemd/systemd --user Slice=user-%i.slice KillMode=mixed
  • 44. 44 systemd Unit files ● Unit file locations ● Unit file strcuture ● A few Unit file types: ►service ►socket ►target ►slice, scope ►timer
  • 45. 45 Unit File Locations (in order of precedence) In system mode (systemd --system) ►Runtime units: /run/systemd/system/ ►Local configuration: /etc/systemd/system/ ►Units of installed packages: /usr/lib/systemd/system In user mode (systemd --user) ►User configuration: $HOME/.config/systemd/user/ ►Local configuration: /etc/systemd/user/ ►Runtime units: /run/systemd/user/ ►Units of installed packages: /usr/lib/systemd/user/
  • 46. 46 [Section] Unit File Syntax(*) ● Generic sections: ►[Unit]: Dependencies, etc.. ►[Install]: What to do to install or remove ● Other ►empty lines and prefixed with “#” or “;” will be ignored ►“” at line end will wrap long lines ● Options ►Pre-defined ►User defined, prefixed with “X-” ● Values ►Bolean: 1, “true”, “yes”,”on” or 0, “false”, “no”, “off” ►Time: “50”, “4min 140ms” [Unit] Option = Value Option = Value # This line will be ignored ; As well as this [Install] BoleanOption = true Option = Value Option = Value [Specific Section] Option = Value Option = Value X-MyOption = “User defined option” See also man(5) system.unit (*) Conform “XDG Desktop Entry Specification”
  • 47. 47 [Unit] # will include all settings from # bar.service .include bar.service Description = foo service Wanted = Value ; As well as this Unit File Logic 1/2 ● Directory “foo.service.d” may contain “*.conf” files to alter or add configuration ● Directory “foo.service.wants/” can contain symlinks to dependencies of “foo.service” ● Unit file templates: ►getty@tty3.service will be generated from: ►getty@.service foo.service
  • 48. 48 Unit File Logic 2/2 [Unit] Directives ►Description, Documentation: Make live easy ►Wants, Requires, Conflicts Express dependencies between units ►WantedBy, RequiredBy: Reverse dependencies; Will result in symlink to this unit in mentioned services' $unit.wants/ or $unit.requires/ directory ►Before, After Specify order when starting and stopping units ►Alias: when enabled, unit will also be registered under these names
  • 49. 49 Unit files: service service units start and control daemons and the processes they consist of sles1201:~ # cat /usr/lib/systemd/system/ntpd.service [Unit] Description=NTP Server Daemon Documentation=man:ntpd(1) After=nss-lookup.target Wants=network.target After=network.target [Service] Type=forking PIDFile=/var/run/ntp/ntpd.pid ExecStart=/usr/sbin/start-ntpd start RestartSec=11min Restart=always [Install] WantedBy=multi-user.target See also: man systemd.service(5)
  • 50. 50 Unit files: socket socket units create local unix or network sockets, useful for socket based activation sles1201:~ # systemctl -t socket UNIT LOAD ACTIVE SUB DESCRIPTION dbus.socket loaded active running D-Bus System Message Bus Socket dm-event.socket loaded active running Device-mapper event daemon FIFOs iscsid.socket loaded active listening Open-iSCSI iscsid Socket pcscd.socket loaded active listening PC/SC Smart Card Daemon Activation Socket syslog.socket loaded active running Syslog Socket systemd-initctl.socket loaded active listening /dev/initctl Compatibility Named Pipe systemd-journald.socket loaded active running Journal Socket systemd-shutdownd.socket loaded active listening Delayed Shutdown Socket systemd-udevd-control.socket loaded active running udev Control Socket systemd-udevd-kernel.socket loaded active running udev Kernel Socket sles1201:~ # systemctl status dbus.socket dbus.socket - D-Bus System Message Bus Socket Loaded: loaded (/usr/lib/systemd/system/dbus.socket; static) Active: active (running) since Wed 2015-01-28 14:37:31 CET; 7h ago Listen: /var/run/dbus/system_bus_socket (Stream) sles1201:~ # cat /usr/lib/systemd/system/dbus.socket [Unit] Description=D-Bus System Message Bus Socket [Socket] ListenStream=/var/run/dbus/system_bus_socket sles1201:~ #
  • 51. 51 Unit files: target ● target units: ►are useful to group units, or ►provide well-known synchronization points during boot-up sles1201:~ # systemctl get-default multi-user.target sles1201:~ # systemctl -t target UNIT LOAD ACTIVE SUB DESCRIPTION basic.target loaded active active Basic System cryptsetup.target loaded active active Encrypted Volumes getty.target loaded active active Login Prompts local-fs-pre.target loaded active active Local File Systems (Pre) local-fs.target loaded active active Local File Systems multi-user.target loaded active active Multi-User System network.target loaded active active Network nss-lookup.target loaded active active Host and Network Name Lookups nss-user-lookup.target loaded active active User and Group Name Lookups paths.target loaded active active Paths remote-fs-pre.target loaded active active Remote File Systems (Pre) remote-fs.target loaded active active Remote File Systems [...] ►are equivalent to “runlevel”: ►`init 5` is equivalent to ►`systemctl isolate runlevel5.target` ►/etc/inittab is deprecated ►see also: systemd.target(5)
  • 52. 52 Unit files: slice and scope A standard hierarchy of processes, sessions for resource control ● slices: ►automatically created slices: ►“-” (root), ►machine ►user: parent for user-* slices ►system: parent for services ►see also: man systemd.slice(5) ● scopes: ►each session (on tty or graphical) is an individual scope ►see also: man systemd.scope(5) -.slice ├─machine.slice │ └─machine-qemux2dsles1201.scope │ └─3721 /usr/bin/qemu-system-x86_64 | -name sles1201 -machine │ accel=kvm [...] ├─user.slice │ ├─user-0.slice │ │ └─user@0.service │ │ └─4519 /usr/lib/systemd/systemd --user . . │ └─user-1000.slice │ ├─session-1.scope . . │ └─system.slice ├─1 /sbin/init showopts ├─systemd-machined.service │ └─3722 /usr/lib/systemd/systemd-machined ├─libvirtd.service │ └─3514 /usr/sbin/libvirtd --listen ├─rsyslog.service │ └─968 /usr/sbin/rsyslogd -n .
  • 53. 53 Unit files: timer ►Timer units trigger matching unit files on the defined moments, ie: “foo.timer” has to have a foo.<unit type> ►Timers are monotonic, independent of wall-clock time and timezones. sles1201:~ # cat /usr/lib/systemd/system/systemd-tmpfiles-clean.timer [Unit] Description=Daily Cleanup of Temporary Directories Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) [Timer] OnBootSec=15min OnUnitActiveSec=1d sles1201:~ # ls -1 /usr/lib/systemd/system/systemd-tmpfiles-clean* systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer sles1201:~ # systemctl --all list-timers NEXT LEFT UNIT ACTIVATES Thu 2015-01-29 14:52:19 CET 13h left systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service n/a n/a systemd-readahead-done.timer systemd-readahead-done.service ►If system is suspended, the monotonic clock stops too. ►see also: man systemd.timer(5)
  • 54. 54 Using unmodified SysV/LSB scripts with systemd ►Compatibility mode with symlinks to /usr/lib/systemd/systemd: halt, init, poweroff, reboot, runlevel, shutdown, telinit ►Requests to above utilities will be forwarded to systemd ►The correct invocation of an init script is through /sbin/service ►systemd understands and respects the LSB headers ►Be sure to check the list of incompatibilities with SysV, see [1], e.g.: ►The concept of runlevels is different than with sysvinit ►Interactive scripts should use `systemd-ask-password` [1] http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities/
  • 55. 55 From SysV/LSB Script to systemd Unit File ►Read and understand what the script does! ►Section [Unit] Description and Documentation Dependencies: based on LSB headers “Required-Start”, “Required-Stop” Ordering: “Before” or “After” ►Section [Service] ExecStart: the full path to the services binary/script Type: How to monitor the daemon? Possible values: simple, forking, oneshot, dbus, notify, idle PIDFile: the file containing a forked daemon's PID ►Section [Install] Runlevel to corresponding target, e.g.: WantedBy=multi-user.target ►See also: ►man systemd.unit(5) ►man systemd.service(5) ►Lennart Poettering's blog article [1] [1] “systemd for Administrators, Part III”, http://0pointer.de/blog/projects/systemd-for-admins-3.html
  • 56. 56 A few select systemd Use Cases
  • 57. 57 List Available Unit Files sles1201:~ # systemctl list-unit-files UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static org.freedesktop.hostname1.busname static org.freedesktop.locale1.busname static org.freedesktop.login1.busname static org.freedesktop.machine1.busname static org.freedesktop.timedate1.busname static dev-hugepages.mount static dev-mqueue.mount static proc-sys-fs-binfmt_misc.mount static ... cleanup.service static clock.service masked rsyslog.service enabled ... system-update.target static time-sync.target static timers.target static umount.target static fstrim.timer disabled mdadm-last-resort@.timer static systemd-readahead-done.timer static systemd-tmpfiles-clean.timer static 287 unit files listed. sles1201:~ # ● systemctl ►list-timers ►list-sockets ►list-units ►list-unit-files
  • 58. 58 Start / Stop / Restart / Enable / Disable ● Multiple services at the same time ● Completion (requires the “bash- completion” pkg) sles1201:~ # systemctl status a<TAB><TAB> after-local.service auditd.service amavis.service autofs.service apparmor.service autovt@.service atd.service sles1201:~ # systemctl status a sles1201:~ # systemctl -t <TAB><TAB> automount device mount path service snapshot socket swap target timer sles1201:~ # systemctl -t <TAB><TAB> sles1201:~ # systemctl restart ntpd apache2 sles1201:~ # systemctl status ntpd apache2 sles1201:~ # systemctl disable apache2 sles1201:~ # systemctl status apache2 apache2.service - The Apache Webserver Loaded: loaded (/usr/lib/systemd/system... Active: active (running) since Thu 2015... Main PID: 12391 (httpd2-prefork) Status: "Total requests: 0; Current req... CGroup: /system.slice/apache2.service ├─12391 /usr/sbin/httpd2-prefor... ├─12408 /usr/sbin/httpd2-prefor... ├─12410 /usr/sbin/httpd2-prefor... ├─12411 /usr/sbin/httpd2-prefor... ├─12412 /usr/sbin/httpd2-prefor... └─12413 /usr/sbin/httpd2-prefor...
  • 59. 59 More informative service status sles1201:~ # systemctl status postfix postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled) Active: active (running) since Sun 2015-01-25 17:15:02 CET; 2 days ago Process: 1182 ExecStartPost=/etc/postfix/system/cond_slp register (code=exited, status=0/SUCCESS) Process: 1177 ExecStartPost=/etc/postfix/system/wait_qmgr 60 (code=exited, status=0/SUCCESS) Process: 1072 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS) Process: 1061 ExecStartPre=/etc/postfix/system/update_postmaps (code=exited, status=0/SUCCESS) Process: 1051 ExecStartPre=/etc/postfix/system/update_chroot (code=exited, status=0/SUCCESS) Process: 1007 ExecStartPre=/etc/postfix/system/config_postfix (code=exited, status=0/SUCCESS) Process: 992 ExecStartPre=/bin/echo Starting mail service (Postfix) (code=exited, status=0/SUCCESS) Main PID: 1175 (master) CGroup: /system.slice/postfix.service ├─ 1175 /usr/lib/postfix/master -w ├─ 1178 qmgr -l -t fifo -u └─25344 pickup -l -t fifo -u Jan 25 17:15:01 sles1201 echo[992]: Starting mail service (Postfix) Jan 25 17:15:02 sles1201 postfix/postfix-script[1156]: warning: not owned by group maildrop: /usr/sbin/postqueue Jan 25 17:15:02 sles1201 postfix/postfix-script[1158]: warning: not owned by group maildrop: /usr/sbin/postdrop Jan 25 17:15:02 sles1201 postfix/postfix-script[1161]: warning: not set-gid or not owner+group+world executable: /usr/sbin/postdrop Jan 25 17:15:02 sles1201 postfix/postfix-script[1173]: starting the Postfix mail system Jan 25 17:15:02 sles1201 postfix/master[1175]: daemon started -- version 2.11.0, configuration /etc/postfix sles1201:~ #
  • 60. 60 Managing remote machines $ systemctl -H root@sles1201 status postfix.service Host key fingerprint is bc:87:d7:c9:06:5f:16:1c:b2:e5:88:0f:8f:d7:f6:9d +--[ECDSA 256]---+ | . o | | w - B . | | o o + | | a . = . . | | S o + = | | o * = .o| | o P * Eo| | o . | | | +-----------------+ postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled) Active: active (running) since Wed 2015-01-28 14:37:51 CET; 12h ago Main PID: 1340 CGroup: /system.slice/postfix.service
  • 61. 61 Resource Control Limit Apache service ►default CPUShares = 1024 ►temporarily: systemctl set-property apache2.service CPUShares=612 MemoryLimit=500M ►permanently: systemctl set-property --runtime apache2.service CPUShares=612 MemoryLimit=500M or “CPUShares = 612” in Unit File See also ►man systemd.resource-control(5) ►man systemd-cgtop ►“systemd's Resource Control Concepts” [1] [1] http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/
  • 62. 62 Boot process analysis sles1201:~ # systemd-analyze blame 16.029s wicked.service 2.852s systemd-udev-settle.service 1.684s SuSEfirewall2_init.service 1.596s postfix.service 1.420s SuSEfirewall2.service 1.235s apparmor.service 1.132s systemd-remount-fs.service 1.057s systemd-udev-root-symlink.service 1.056s sys-kernel-debug.mount 1.055s dev-mqueue.mount 1.054s dev-hugepages.mount 911ms systemd-udev-trigger.service 888ms btrfsmaintenance-refresh.service 854ms sshd.service 831ms rsyslog.service sles1201:~ # systemd-analyze plot > sles1201-boot.svg
  • 63. 63 Containers with systemd-nspawn Similar to chroot, but: ►RO access to /sys, /proc/sys, /sys/fs/selinux, ►No device files may be created and ►No changes to network and clock ... from within the container Demo: ►Bootstrap a new filesystem ►Add repositories ►Install a few packages ►Start container systemd-nspawn may be used to run a command or OS in a light-weight namespace container. (man systemd-nspawn)
  • 64. 64 systemd-nspawn Demo: bootstrap a new container Bootstrap a new filesystem zypper --root /vmstore/containers/os131/ addrepo http://download.opensuse.org/distribution/13.1/repo/non-oss/ repo-oss zypper --root /vmstore/containers/os131/ addrepo http://download.opensuse.org/distribution/13.1/repo/non-oss/ repo-non-oss zypper --root /vmstore/containers/os131/ refresh Install a few packages zypper --root /vmstore/containers/os131/ install openSUSE-release-13.1-1.10.x86_64 bash iproute2 coreutils Container size <60MB! du -sm /vmstore/containers/os131/ 56 /vmstore/containers/os131/ Start container systemd-nspawn -D /vmstore/containers/os131/ /bin/bash Spawning namespace container on /vmstore/containers/opensuse13.1 (console is /dev/pts/8). Init process in the container running as PID 26205. Timezone Europe/Amsterdam does not exist in container, not updating container timezone. bash-4.2#
  • 65. 65 Summary ● systemd introduces radical changes in the Linux boot process ● Because of the richness of unit file vocabulary and tools it can be overwhelming at first ● Transitioning to systemd is made easier by the “compatibility” features ● by making clear choices and enforcing its standards --for good or ill-- systemd will simplify things ● The adoption of systemd is already large and growing
  • 67. Unpublished Work of SUSE. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.