systemd
From systemd's website:
systemd is a system and service manager for Linux, compatible with SysV and LSB init scripts. systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using/ Linux cgroups, supports snapshotting and restoring of the system state, maintains mount and automount points and implements an elaborate transactional dependency-based service control logic. It can work as a drop-in replacement for sysvinit.
Contents |
[edit] Installation
[edit] Kernel
The Gentoo ebuild for systemd requires at least 2.6.38 kernel. Although it is higher than what upstream requires, we already had trouble running systemd on 2.6.37.
systemd requires some non-standard kernel options to be enabled:
| Linux Kernel Configuration: systemd options |
General setup --->
[*] Control Group support
Device Drivers --->/
Generic Driver Options --->
[*] Maintain a devtmpfs filesystem to mount at /dev
File systems --->
[*] Filesystem wide access notification
< > Kernel automounter support
<*> Kernel automounter version 4 support (also supports v3)
|
(Re)build and (Re)install.
[edit] Userland
Many packages support systemd by default and are already available in the official portage tree but are (obviously) not stable yet.
Keyword required for installing systemd:
sys-apps/systemd sys-apps/dbus sys-fs/udev sys-kernel/linux-headers >=sys-apps/kmod-5
Optional: if you want GTK support, then add these packages too:
dev-libs/atk dev-libs/glib dev-lang/vala x11-libs/gtk+:2
For desktops you can also add the following few systemd-ready packages:
net-dns/avahi net-misc/networkmanager net-wireless/bluez net-wireless/wpa_supplicant sys-auth/consolekit
Install systemd and related packages:
[edit] Finalizing
By default systemd will start your system to allow you to login in on a tty. This means no display manager gets started, no network is set up, etc. Make sure to enable the necessary services before you reboot.
Finally you will need to tell your kernel to run the init provided by systemd. If you have a kernel built by genkernel, change the real_init kernel parameter to point to /usr/bin/systemd:
... title=My Gentoo Linux root (hd0,0) kernel /my-genkernel... root=/dev/hda3 real_init=/usr/bin/systemd initrd /initramfs-genkernel-x86-2.6.32-gentoo-r7
If you have built your kernel yourself, change the init kernel parameter to point to /usr/bin/systemd:
title=My Gentoo Linux root (hd0,0) kernel /vmlinuz.bin root=/dev/hda3 init=/usr/bin/systemd ...
[edit] Services
To list available services, run:
To enable services (similar to what rc-update -a does):
A further list of unit files is available from http://git.overlays.gentoo.org/gitweb/?p=user/systemd.git;a=tree;f=sys-apps/systemd-units/files or from http://cgit.freedesktop.org/systemd/tree/units
You can find a list of some packages and their openrc and systemd services in the Gentoo Wiki
[edit]
[edit] LVM
[Unit] Description=Linux Volume Manager DefaultDependencies=no Requires=udev-settle.service After=udev-settle.service Before=shutdown.target local-fs.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/sbin/pvscan --ignorelockingfailure ExecStart=/sbin/vgscan --mknodes --ignorelockingfailure ExecStart=/sbin/vgchange --sysinit -a ly ExecStop=/sbin/lvchange --sysinit -a ln $(/sbin/vgs -o vg_name --noheadings --nosuffix 2> /dev/null) ExecStop=/sbin/lvchange --sysinit -a ln ExecStop=/sbin/vgchange --sysinit -a ln [Install] WantedBy=sysinit.target
[edit] microcode_ctl
[Unit] Description=CPU microcode updater [Service] Type=oneshot ExecStart=/usr/sbin/microcode_ctl -qu -f /lib/firmware/microcode.dat [Install] WantedBy=multi-user.target
[edit] radeon-power_profile
[Unit] Description=Radeon Power Profile [Service] Type=oneshot ExecStart=/usr/local/sbin/radeon-power_profile low [Install] WantedBy=multi-user.target
#!/bin/sh
EXEC_NAME=`basename $0`;
TARGET="/sys/class/drm/card0/device/power_profile"
CURRENT_PROFILE=`cat ${TARGET}`
append_profile() {
local PROFILE=$1
echo -n " ${PROFILE}"
if [ "x${CURRENT_PROFILE}x" == "x${PROFILE}x" ]; then
echo -n " (current)"
fi
echo
}
if [ $# != 1 ]; then
echo "usage: ${EXEC_NAME} <profile>"
echo
echo "Valid profiles:"
for AVAILABLE_PROFILE in low high default auto; do
append_profile ${AVAILABLE_PROFILE}
done
exit 0
fi
PROFILE="$1"
if [ "x${PROFILE}x" == "xlowx" ] || [ "x${PROFILE}x" == "xhighx" ] || [ "x${PROFILE}x" == "xautox" ] || [ "x${PROFILE}x" == "xdefaultx" ]; then
echo "${PROFILE}" > ${TARGET}
else
logger "[${EXEC_NAME}] WARN: Invalid power_profile '${PROFILE}'"
exit 1
fi
exit 0
[edit] ALSA
alsa-utils already provides systemd service files. They are enabled automatically when installed.
[edit] Network
[edit] Static network
[Unit] Description=Network Connectivity [Service] Type=oneshot RemainAfterExit=yes ExecStart=/sbin/ifconfig eth0 192.168.1.2 mtu 1496 ExecStart=/sbin/route add default gw 192.168.1.1 ExecStop=/sbin/ifconfig eth0 down [Install] WantedBy=network.target
[edit] DHCPCD
As of 5.2.12-r1, dhcpcd ebuild installs dhcpcd.service unit file.
[edit] wpa_supplicant
As of 0.7.3-r3, wpa_supplicant ebuild provides two systemd units:
-
wpa_supplicant.servicefor NetworkManager users (using D-Bus), -
wpa_supplicant@.servicefor plain wpa_supplicant users.
The latter one should be enabled as wpa_supplicant@wlan0.service, where wlan0 shall be replaced by your wireless interface.
[edit] wicd
[Unit] Description=Wicd Network Manager [Service] Type=dbus BusName=org.wicd.daemon ExecStart=/usr/sbin/wicd -f [Install] WantedBy=network.target
[edit] Core services
[edit] dcron
[Unit] Description=dcron [Service] ExecStart=/usr/sbin/crond -f [Install] WantedBy=multi-user.target
[edit] hwclock
[Unit] Description=hwclock [Service] Type=oneshot ExecStart=/sbin/hwclock --hctosys --localtime ExecStop=/sbin/hwclock --systohc --localtime [Install] WantedBy=multi-user.target
[edit] loadkeys
[Unit] Description=Loads keymap in console (dvorak in example) DefaultDependencies=no Before=sysinit.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/loadkeys -q /usr/share/keymaps/i386/dvorak/dvorak.map.gz [Install] WantedBy=multi-user.target
[edit] metalog
[Unit] Description=System Logger Daemon [Service] ExecStart=/usr/sbin/metalog
[Unit] Description=Syslog Socket [Socket] ListenDatagram=/dev/log [Install] WantedBy=sockets.target
[edit] ntp-client
[Unit] Description=NTP client After=hwclock.service [Service] Type=oneshot ExecStart=/usr/sbin/ntpdate -s -b -u 0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org [Install] WantedBy=multi-user.target
[edit] Display managers
[edit] KDM
[Unit] Description=K Display Manager on %I Requires=dev-%i.device After=dev-%i.device [Service] ExecStart=/usr/bin/kdm -nodaemon %I StandardOutput=syslog [Install] Alias=graphical.target.wants/kdm@tty7.service
[edit] startx
[Unit] Description=Startx [Service] #User=bob #uncomment this to run startx as desired user (in example bob), otherwise it will run startx as root ExecStart=/usr/bin/startx [Install] WantedBy=graphical.target
[edit] Daemons and servers
[edit] CUPS
Starting with cups 1.5.2-r20 the necessary socket, path and service files are provided by the ebuild.
[edit] distccd
[Unit] Description=distcc [Service] ExecStart=/usr/bin/distccd --user distcc --daemon --no-detach --port 3632 --log-level info --allow 192.168.1.0/24 --listen 192.168.1.111 -N 15 [Install] WantedBy=multi-user.target
[edit] lighttpd
[Unit] Description=Lighttpd Daemon After=network.target [Service] ExecStartPre=/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target
d /var/run/lighttpd 0750 lighttpd lighttpd -
[edit] MySQL
[Unit] Description=MySQL database server After=syslog.target After=network.target [Service] User=mysql Group=mysql ExecStart=/usr/sbin/mysqld --pid-file=/var/run/mysqld/mysqld.pid ExecStop=/bin/kill -15 $MAINPID PIDFile=/var/run/mysqld/mysqld.pid # We rely on systemd, not mysqld_safe, to restart mysqld if it dies Restart=always # Place temp files in a secure directory, not /tmp PrivateTmp=true [Install] WantedBy=multi-user.target
# systemd tmpfile settings for mysql # See tmpfiles.d(5) for details d /var/run/mysqld 0755 mysql mysql -
[edit] PostgreSQL
This starts PostgreSQL 9.1.
First copy the configuration files into the PostgreSQL database directory.
[Unit] Description=Initilizing Postgresql 9.1 Database [Service] User=postgres Group=postgres PermissionsStartOnly=true ExecPre=mkdir /run/postgres ExecPre=chown postgres:postgres /run/postgres ExecPre=chmod 700 /run/postgres ExecStart=/usr/lib/postgresql-9.1/bin/postgres -D /var/lib/postgresql/9.1/data
[edit] NFS
Implements the functions of /etc/init.d/nfs, /etc/init.d/nfsmount and helper services.
sunrpc nfs
The following is only necessary if you are running a NFS server.
nfsd
The following files are necessary for all versions of NFS:
[Unit] Description=NFS port mapping server Requires=network.target [Service] EnvironmentFile=/etc/conf.d/rpcbind ExecStart=/sbin/rpcbind $RPCBIND_OPTS Type=forking Restart=always
[Unit] Description=NFS status daemon Requires=rpcbind.service Requires=network.target [Service] EnvironmentFile=/etc/conf.d/nfs ExecStart=/sbin/rpc.statd --no-notify -F $OPTS_RPC_STATD Restart=on-failure
[Unit] Description=NFS sm-notify Requires=rpc.statd.service Requires=network.target [Service] EnvironmentFile=/etc/conf.d/nfs ExecStart=/usr/sbin/sm-notify -d $OPTS_SMNOTIFY Type=oneshot Restart=on-failure
The following files are necessary for NFSv4 only:
[Unit] Description=NFS rpcsec_gss daemon Requires=rpcbind.service Requires=var-lib-nfs-rpc_pipefs.mount [Service] EnvironmentFile=/etc/conf.d/nfs ExecStart=/usr/sbin/rpc.gssd -f $OPTS_RPC_GSSD Restart=on-failure
[Unit] Description=rpc_pipefs [Mount] What=rpc_pipefs Where=/var/lib/nfs/rpc_pipefs Type=rpc_pipefs
[Unit] Description=NFSv4 ID - Name Mapper Requires=rpcbind.service Requires=var-lib-nfs-rpc_pipefs.mount Requires=network.target [Service] EnvironmentFile=/etc/conf.d/nfs ExecStart=/usr/sbin/rpc.idmapd -f $OPTS_RPC_IDMAPD Restart=on-failure
To mount NFS 2 and 3 shares only use the following service file:
[Unit] Description=Dependencies for NFSv3 mounts Requires=rpc.statd.service Requires=sm-notify.service Wants=cachefilesd.service [Install] WantedBy=remote-fs.target
This service file pulls in the dependencies for mounting NFSv4 shares (also works for earlier versions):
[Unit] Description=Dependencies for NFSv4 mounts Requires=rpc.idmapd.service Requires=rpc.statd.service Requires=sm-notify.service Wants=rpc.gssd.service Wants=cachefilesd.service [Install] WantedBy=remote-fs.target
Service files for an NFS server are a work in progress:
[Unit] Description=RPC mountd Requires=rpcbind.service [Service] EnvironmentFile=/etc/conf.d/nfs ExecStart=/usr/sbin/rpc.mountd --foreground $OPTS_RPC_MOUNTD
[Unit] Description=NFS server Requires=rpcbind.service rpc.statd.service rpc.mountd.service [Service] Type=oneshot RemainAfterExit=yes EnvironmentFile=/etc/conf.d/nfs ExecStart=/usr/sbin/rpc.nfsd $OPTS_RPC_NFSD ExecStart=/usr/sbin/exportfs -r ExecStop=/usr/sbin/exportfs -ua ExecStop=/usr/sbin/rpc.nfsd 0 [Install] WantedBy=multi-user.target
[edit] ntpd
[Unit] Description=ntpd [Service] ExecStart=/usr/sbin/ntpd -n [Install] WantedBy=multi-user.target
[edit] Postfix
[Unit] Description=Mail Daemon After=network.target [Service] Type=forking ExecStart=/usr/sbin/postfix -c /etc/postfix start ExecStop=/usr/sbin/postfix -c /etc/postfix stop ExecReload=/usr/sbin/postfix -c /etc/postfix reload [Install] WantedBy=multi-user.target
[edit] sshd
[Unit] Description=SSH Server After=network.target [Service] ExecStart=/usr/sbin/sshd -D KillMode=process Restart=always [Install] WantedBy=multi-user.target
[edit] sshd.socket (socket-activated sshd)
The current sytemd ebuild already brings a unit file /lib/systemd/system/sshd@.service which is ready for socket activation, so all you need to do is create its respective .socket unit file and disable the non-socket-activated unit file, i.e. sshd.service.
[Unit] Conflicts=sshd.service [Socket] ListenStream=22 # Uncomment the next line to also listen on port 2200 # ListenStream=2200 Accept=yes [Install] WantedBy=sockets.target
[edit] Verynice
[Unit] Description=A tool for dynamically adjusting the nice-level of processes [Service] Type=forking ExecStart=/usr/sbin/verynice -d /var/run/verynice.pid PIDFile=/var/run/verynice.pid ExecStop=/bin/kill -15 $MAINPID [Install] WantedBy=multi-user.target
[edit] Misc
[edit] iptables
[Unit]
Description=iptables
Before=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/iptables
ExecStart=/sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} ${IPTABLES_SAVE}
ExecStop=/usr/sbin/iptables-stop
[Install]
WantedBy=multi-user.target
#!/bin/sh
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
iptables_proc="/proc/net/ip_tables_names"
iptables_bin="/sbin/iptables"
set_table_policy() {
local chains table=$1 policy=$2
case ${table} in
nat) return;;
mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
filter) chains="INPUT FORWARD OUTPUT";;
*) chains="";;
esac
local chain
for chain in ${chains} ; do
${iptables_bin} -t ${table} -P ${chain} ${policy}
done
}
for a in $(cat ${iptables_proc}) ; do
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
set_table_policy $a DROP
done
The iptables-stop script is optional. It is basically a port of what /etc/init.d/iptables does now in the stop() method and will completely wipe your firewall settings to allow everything.
[Unit]
Description=ip6tables
Before=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/ip6tables
ExecStart=/sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} ${IP6TABLES_SAVE}
[Install]
WantedBy=multi-user.target
[edit] kexec_load
[Unit] Description=Load kexec kernel DefaultDependencies=no Before=shutdown.target [Service] Type=oneshot ExecStart=/etc/systemd/scripts/kexec_load [Install] WantedBy=shutdown.target
Example /etc/systemd/scripts/kexec_load:
#!/bin/sh /usr/sbin/kexec -l "/usr/src/linux/arch/x86/boot/bzImage" \ --append="root=/dev/sdb2 init=/bin/systemd fbcon=rotate:3 \ drm_kms_helper.poll=0 quiet" exit 0
systemd hardcodes kexec to /sbin/kexec, while it lives under /usr/sbin/ on Gentoo so you need to copy or hardlink it to /sbin
[edit] rtorrent (in screen)
Automatically opens a new window in your running screen session and starts rtorrent, if a new torrent is copied into the torrents directory. Change myuser to your user.
[Unit] Description=rtorrent Service [Service] Type=oneshot ExecStart=/usr/bin/sudo -u myuser /usr/bin/screen -d -RR -X chdir /music ExecStart=/usr/bin/sudo -u myuser /usr/bin/screen -d -RR -X screen -t rtorrent /usr/bin/rtorrent
[Unit] Description=rtorrent watcher [Path] PathChanged=/home/myuser/torrents [Install] WantedBy=multi-user.target
[edit] Mediatomb
[Unit] Description=MediaTomb Daemon After=network.target mysql.target [Service] EnvironmentFile=/etc/conf.d/mediatomb ExecStart=/usr/bin/mediatomb --logfile $MEDIATOMB_LOGFILE --user $MEDIATOMB_USER --group $MEDIATOMB_GROUP --config $MEDIATOMB_CONFIG --port $MEDIATOMB_PORT Restart=on-abort [Install] WantedBy=multi-user.target
# See the mediatomb(1) manpage for more info.
# MediaTomb Web UI port.
# NOTE: The minimum value allowed is 49152
MEDIATOMB_PORT=49152
# Run MediaTomb as this user.
# NOTE: For security reasons do not run MediaTomb as root.
MEDIATOMB_USER="mediatomb"
# Run MediaTomb as this group.
# NOTE: For security reasons do not run MediaTomb as root.
MEDIATOMB_GROUP="mediatomb"
# Path to MediaTomb config file.
MEDIATOMB_CONFIG="/etc/mediatomb/config.xml"
# Path to MediaTomb log file.
MEDIATOMB_LOGFILE="/var/log/mediatomb.log"
# Other options you want to pass to MediaTomb.
# Add "--interface ${MEDIATOMB_INTERFACE}" to bind to a named interface.
MEDIATOMB_OPTIONS=""
[edit] gpm
gpm is a cut and paste utility and mouse server for virtual consoles.
[Unit] Description=gpm Requires=getty.target [Service] EnvironmentFile=/etc/conf.d/gpm # This use of EnvironmentFile requires $RESPONSIVENESS, # $REPEAT_TYPE and $APPEND to be added to $params in the conf.d/gpm file. ExecStart=/usr/sbin/gpm -D -m $MOUSEDEV -t $MOUSE $params Restart=always [Install] WantedBy=multi-user.target
[edit] Troubleshooting
[edit] OpenRC Compatibility
systemd doesn't initialize the OpenRC environment for you, so starting any OpenRC service will fail and complain that the service has already been started. For example:
* WARNING: lvm has already been started
Enable the OpenRC service to initialize the openrc enviornment:
If you get the following error message when enabling openrc-init.service:
Unit files contain no applicable installation information. Ignoring.
You may need to modify openrc-init.service to work with the latest versions of systemd where empty sections of scripts are disabled by default:
... [Install] WantedBy=multi-user.target
[edit] Removing OpenRC
If you want to have a pure systemd system then you can disable the sysv USE flag globally, then unmerge sysvinit as it won't be used anymore..
- Remove openrc and sysvinit
- Add openrc to package.provided so portage won't complain
sys-apps/openrc-0.6.5
- Install sys-apps/systemd-sysv-utils to have symlinks like reboot and halt
- Add a hostname
myhostname
- Console and keymap settings
KEYMAP=us FONT=lat9w-16 FONT_MAP=8859-1_to_uni
- OS info
NAME=Gentoo ID=gentoo PRETTY_NAME=Gentoo GNU/Linux ANSI_COLOR=1;34
- Locale settings (read man locale.conf for more options )
LANG=en_US.utf8 LC_COLLATE=C
[edit] PAM support: su, sudo, screen...
If you want systemd to register your user sessions in cgroups with the optional advantages of having CPU (or other controllers) balancing between sessions, then you can add the USE flag pam to systemd and do the following:
- Edit the session section of /etc/pam.d/system-auth
.... session optional pam_loginuid.so .... -session optional pam_systemd.so kill-user=1 controllers=
If with systemd-39 and later your su - sessions are ending with a ...killed message and/or your sudo doesn't work anymore, here is what solved it for me. Copy the contents of the session section from /etc/pam.d/system-auth to /etc/pam.d/sudo then edit that file and /etc/pam.d/su:
auth include system-auth account include system-auth password include system-auth ===> Comment the line that mentions pam_loginuid.so. ===> Leave the remaining "session" lines as they are. ... #session optional pam_loginuid.so ...
auth include system-auth account include system-auth password include system-auth session include sudo
[edit] See also
- The designer explains systemd
- ebuild for systemd in the systemd overlay
- Gentoo Bugzilla entry
- Linux Weekly News (LWN.net) Systemd article and comments
- A short article about the LinuxTag 2010 Lennart Poettering presentation on Systemd in the original German and a google translation
- openSUSE systemd setup instructions
- Debian systemd wiki
- Archlinux systemd wiki
- source of some custom systemd unit files
- for admins
- Cheatsheet
- systemd documents
- When shutdown services do not run [1]
