| 知乎专栏 |
目录
# systemctl stop postfix # systemctl stop avahi-daemon # systemctl disable postfix # systemctl disable avahi-daemon
systemd是Linux电脑操作系统之下的一套中央化系统及设置管理程序(init软件),包括有守护进程、程序库跟应用软件,由Lennart Poettering带头开发。 其开发目标是提供更优秀的框架以表示系统服务间的依赖关系,并依此实现系统初始化时服务的并行启动,同时达到降低Shell的系统开销的效果,最终代替现在常用的System V与BSD风格init程序。
与多数发行版使用的System V风格init相比,systemd采用了以下新技术:
采用Socket激活式与D-Bus激活式服务,以提高相互依赖的各服务的并行运行性能;
用cgroups代替进程ID来追踪进程,以此即使是两次fork之后生成的守护进程也不会脱离systemd的控制。
下面是一个启动tomcat的systemd脚本,以此脚本为例我带大家进入 systemd 的世界。
例 12.1. /usr/lib/systemd/system/tomcat.service
#################################################### # Homepage: http://netkiller.github.io # Author: netkiller<netkiller@msn.com> # Script: https://github.com/oscm/shell # Date: 2015-11-03 #################################################### [Unit] Description=Apache Tomcat Web Application Container After=network.target After=syslog.target [Service] Type=forking User=www Group=www #EnvironmentFile=/etc/sysconfig/tomcat ExecStartPre="rm -rf /srv/apache-tomcat/logs/*" ExecStart=/srv/apache-tomcat/bin/startup.sh #ExecStartPost= ExecStop=/srv/apache-tomcat/bin/shutdown.sh [Install] WantedBy=multi-user.target
脚本安装到 /usr/lib/systemd/system/tomcat.service 下面
systemctl enable tomcat systemctl start tomcat systemctl stop tomcat systemctl disable tomcat
启用脚本的时候会创建一个符号链接
[neo@netkiller ~]# ll /etc/systemd/system/multi-user.target.wants/tomcat.service lrwxrwxrwx 1 root root 38 Nov 3 04:06 /etc/systemd/system/multi-user.target.wants/tomcat.service -> /usr/lib/systemd/system/tomcat.service
Type 启动类型
User, Group 运行 ExecStart 脚本的用户,相当于 su - user -c ExecStart
Environment 环境变量,EnvironmentFile 环境变量文件
ExecStartPre 开始之前运行的脚本,ExecStart 启动脚本, ExecStartPost 启动之后运行的脚本
ExecStop 停止脚本
systemd 处理某些电源相关的 ACPI事件,可以通过从 /etc/systemd/logind.conf以下选项进行配置
ACPI事件
触发的行为可以有
如果要合盖不休眠只需要把HandleLidSwitch选项设置为如下即可:
去掉HandleLidSwitch前面的注释符号#,并把它的值从suspend修改为ignore 或者 lock。
[root@localhost ~]# vim /etc/systemd/logind.conf HandleLidSwitch=lock
注意:设置完成保存后运行下列命令才生效。systemctl restart systemd-logind
[root@localhost ~]# cat /etc/systemd/logind.conf # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # Entries in this file show the compile time defaults. # You can change settings by editing this file. # Defaults can be restored by simply deleting this file. # # See logind.conf(5) for details. [Login] #NAutoVTs=6 #ReserveVT=6 #KillUserProcesses=no #KillOnlyUsers= #KillExcludeUsers=root #InhibitDelayMaxSec=5 #HandlePowerKey=poweroff #HandleSuspendKey=suspend #HandleHibernateKey=hibernate #HandleLidSwitch=suspend HandleLidSwitch=ignore #HandleLidSwitchDocked=ignore #PowerKeyIgnoreInhibited=no #SuspendKeyIgnoreInhibited=no #HibernateKeyIgnoreInhibited=no #LidSwitchIgnoreInhibited=yes #IdleAction=ignore #IdleActionSec=30min #RuntimeDirectorySize=10% #RemoveIPC=no #UserTasksMax= [root@localhost ~]# systemctl restart systemd-logind
$ chmod +x /etc/rc.d/rc.local $ systemctl enable rc-local $ systemctl start rc-local $ systemctl status rc-local
systemctl cat docker
[root@netkiller ~]# systemctl cat docker # /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket containerd.service [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process OOMScoreAdjust=-500 [Install] WantedBy=multi-user.target
[root@www.netkiller.cn ~]# systemctl is-enabled mongod enabled [root@www.netkiller.cn ~]# systemctl is-enabled spring disabled
# systemctl --failed UNIT LOAD ACTIVE SUB DESCRIPTION ● spring.service loaded failed failed Spring Boot Application LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'.
# systemctl list-unit-files UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount disabled brandbot.path disabled systemd-ask-password-console.path static systemd-ask-password-plymouth.path static systemd-ask-password-wall.path static session-1.scope static session-2.scope static session-3.scope static session-4.scope static auditd.service enabled autovt@.service disabled avahi-daemon.service enabled blk-availability.service disabled brandbot.service static console-getty.service disabled console-shell.service disabled cpupower.service disabled crond.service enabled dbus-org.fedoraproject.FirewallD1.service enabled dbus-org.freedesktop.Avahi.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.NetworkManager.service enabled dbus-org.freedesktop.nm-dispatcher.service enabled dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disabled dm-event.service disabled dnsmasq.service disabled dracut-cmdline.service static dracut-initqueue.service static dracut-mount.service static dracut-pre-mount.service static dracut-pre-pivot.service static dracut-pre-trigger.service static dracut-pre-udev.service static dracut-shutdown.service static ebtables.service disabled emergency.service static firewalld.service enabled getty@.service enabled halt-local.service static initrd-cleanup.service static initrd-parse-etc.service static initrd-switch-root.service static initrd-udevadm-cleanup-db.service static irqbalance.service enabled kdump.service enabled kmod-static-nodes.service static lvm2-lvmetad.service disabled lvm2-monitor.service enabled lvm2-pvscan@.service static messagebus.service static microcode.service enabled NetworkManager-dispatcher.service enabled NetworkManager-wait-online.service disabled NetworkManager.service enabled plymouth-halt.service disabled plymouth-kexec.service disabled plymouth-poweroff.service disabled plymouth-quit-wait.service disabled plymouth-quit.service disabled plymouth-read-write.service disabled plymouth-reboot.service disabled plymouth-start.service disabled plymouth-switch-root.service static polkit.service static postfix.service enabled quotaon.service static rc-local.service static rdisc.service disabled rescue.service static rhel-autorelabel-mark.service static rhel-autorelabel.service static rhel-configure.service static rhel-dmesg.service disabled rhel-domainname.service disabled rhel-import-state.service static rhel-loadmodules.service static rhel-readonly.service static rsyslog.service enabled serial-getty@.service disabled sshd-keygen.service static sshd.service enabled sshd@.service static systemd-ask-password-console.service static systemd-ask-password-plymouth.service static systemd-ask-password-wall.service static systemd-backlight@.service static systemd-binfmt.service static systemd-fsck-root.service static systemd-fsck@.service static systemd-halt.service static systemd-hibernate.service static systemd-hostnamed.service static systemd-hybrid-sleep.service static systemd-initctl.service static systemd-journal-flush.service static systemd-journald.service static systemd-kexec.service static systemd-localed.service static systemd-logind.service static systemd-machined.service static systemd-modules-load.service static systemd-nspawn@.service disabled systemd-poweroff.service static systemd-quotacheck.service static systemd-random-seed.service static systemd-readahead-collect.service enabled systemd-readahead-done.service static systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled systemd-reboot.service static systemd-remount-fs.service static systemd-shutdownd.service static systemd-suspend.service static systemd-sysctl.service static systemd-timedated.service static systemd-tmpfiles-clean.service static systemd-tmpfiles-setup-dev.service static systemd-tmpfiles-setup.service static systemd-udev-settle.service static systemd-udev-trigger.service static systemd-udevd.service static systemd-update-utmp-runlevel.service static systemd-update-utmp.service static systemd-user-sessions.service static systemd-vconsole-setup.service static teamd@.service static tuned.service enabled wpa_supplicant.service disabled -.slice static machine.slice static system.slice static user.slice static avahi-daemon.socket enabled dbus.socket static dm-event.socket enabled lvm2-lvmetad.socket enabled sshd.socket disabled syslog.socket static systemd-initctl.socket static systemd-journald.socket static systemd-shutdownd.socket static systemd-udevd-control.socket static systemd-udevd-kernel.socket static basic.target static bluetooth.target static cryptsetup.target static ctrl-alt-del.target disabled default.target enabled emergency.target static final.target static getty.target static graphical.target disabled halt.target disabled hibernate.target static hybrid-sleep.target static initrd-fs.target static initrd-root-fs.target static initrd-switch-root.target static initrd.target static kexec.target disabled local-fs-pre.target static local-fs.target static multi-user.target enabled network-online.target static network.target static nss-lookup.target static nss-user-lookup.target static paths.target static poweroff.target disabled printer.target static reboot.target disabled remote-fs-pre.target static remote-fs.target enabled rescue.target disabled rpcbind.target static runlevel0.target disabled runlevel1.target disabled runlevel2.target disabled runlevel3.target disabled runlevel4.target disabled runlevel5.target disabled runlevel6.target disabled shutdown.target static sigpwr.target static sleep.target static slices.target static smartcard.target static sockets.target static sound.target static suspend.target static swap.target static sysinit.target static system-update.target static time-sync.target static timers.target static umount.target static systemd-readahead-done.timer static systemd-tmpfiles-clean.timer static 210 unit files listed.
$ systemctl list-units --type=target UNIT LOAD ACTIVE SUB DESCRIPTION basic.target loaded active active Basic System cryptsetup.target loaded active active Encrypted Volumes getty.target loaded active active Login Prompts local-fs-pre.target loaded active active Local File Systems (Pre) local-fs.target loaded active active Local File Systems multi-user.target loaded active active Multi-User System network-online.target loaded active active Network is Online network.target loaded active active Network paths.target loaded active active Paths slices.target loaded active active Slices sockets.target loaded active active Sockets swap.target loaded active active Swap sysinit.target loaded active active System Initialization timers.target loaded active active Timers LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 14 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'.
$ systemctl list-units | more UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point sys-devices-platform-serial8250-tty-ttyS0.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS0 sys-devices-platform-serial8250-tty-ttyS1.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS1 sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS2 sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS3 sys-devices-vbd\x2d51728-block-xvdb-xvdb1.device loaded active plugged /sys/devices/vbd-51728/block/xvdb/xvdb1 sys-devices-vbd\x2d51728-block-xvdb.device loaded active plugged /sys/devices/vbd-51728/block/xvdb sys-devices-vbd\x2d768-block-xvda-xvda1.device loaded active plugged /sys/devices/vbd-768/block/xvda/xvda1 sys-devices-vbd\x2d768-block-xvda.device loaded active plugged /sys/devices/vbd-768/block/xvda sys-devices-vif\x2d0-net-eth0.device loaded active plugged /sys/devices/vif-0/net/eth0 sys-devices-vif\x2d1-net-eth1.device loaded active plugged /sys/devices/vif-1/net/eth1 sys-devices-virtual-net-tun0.device loaded active plugged /sys/devices/virtual/net/tun0 sys-module-configfs.device loaded active plugged /sys/module/configfs sys-subsystem-net-devices-eth0.device loaded active plugged /sys/subsystem/net/devices/eth0 sys-subsystem-net-devices-eth1.device loaded active plugged /sys/subsystem/net/devices/eth1 sys-subsystem-net-devices-tun0.device loaded active plugged /sys/subsystem/net/devices/tun0 -.mount loaded active mounted / dev-hugepages.mount loaded active mounted Huge Pages File System dev-mqueue.mount loaded active mounted POSIX Message Queue File System opt.mount loaded active mounted /opt proc-sys-fs-binfmt_misc.mount loaded active mounted Arbitrary Executable File Formats File System proc-xen.mount loaded active mounted /proc/xen run-user-0.mount loaded active mounted /run/user/0 sys-kernel-config.mount loaded active mounted Configuration File System sys-kernel-debug.mount loaded active mounted Debug File System brandbot.path loaded active waiting Flexible branding systemd-ask-password-plymouth.path loaded active waiting Forward Password Requests to Plymouth Directory Watch systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch session-231.scope loaded active running Session 231 of user root session-571.scope loaded active running Session 571 of user root aegis.service loaded active running LSB: aegis update. agentwatch.service loaded active running SYSV: Starts and stops guest agent cloudmonitor.service loaded active running LSB: @app.long.name@ crond.service loaded active running Command Scheduler dbus.service loaded active running D-Bus System Message Bus exim.service loaded active running Exim Mail Transport Agent getty@tty1.service loaded active running Getty on tty1 gitlab-runsvdir.service loaded active running GitLab Runit supervision process iptables.service loaded active exited IPv4 firewall with iptables jexec.service loaded active exited LSB: Supports the direct execution of binary formats. kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel lvm2-lvmetad.service loaded active running LVM2 metadata daemon lvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling mysqld.service loaded active running MySQL Server network.service loaded active exited LSB: Bring up/down networking nscd.service loaded active running Name Service Cache Daemon ntpd.service loaded active running Network Time Service openvpn@server.service loaded active running OpenVPN Robust And Highly Flexible Tunneling Application On server rhel-dmesg.service loaded active exited Dump dmesg to /var/log/dmesg rhel-import-state.service loaded active exited Import network configuration from initramfs rhel-readonly.service loaded active exited Configure read-only root support rsyslog.service loaded active running System Logging Service --More--
neo@netkiller ~ % systemctl list-timers NEXT LEFT LAST PASSED UNIT Wed 2018-11-14 20:43:46 HST 4min 47s left Wed 2018-11-14 16:31:32 HST 4h 7min ago motd-news.timer Wed 2018-11-14 22:07:11 HST 1h 28min left Wed 2018-11-14 15:04:00 HST 5h 34min ago apt-daily.timer Thu 2018-11-15 00:00:00 HST 3h 21min left Wed 2018-11-14 17:33:09 HST 3h 5min ago logrotate.timer Thu 2018-11-15 06:19:21 HST 9h left Wed 2018-11-14 15:04:00 HST 5h 34min ago apt-daily-upgrade.timer Thu 2018-11-15 20:01:56 HST 23h left Wed 2018-11-14 20:01:56 HST 37min ago systemd-tmpfiles-clean.timer Mon 2018-11-19 00:00:00 HST 4 days left Mon 2018-11-12 01:31:25 HST 2 days ago fstrim.timer n/a n/a Wed 2018-11-14 19:49:46 HST 49min ago ureadahead-stop.timer 7 timers listed. Pass --all to see loaded but inactive timers, too. lines 1-11/11 (END)