systemd, the modern Linux service and resource manager Alison - - PowerPoint PPT Presentation

systemd the modern linux service and resource manager
SMART_READER_LITE
LIVE PREVIEW

systemd, the modern Linux service and resource manager Alison - - PowerPoint PPT Presentation

Nov 02, 2023 724 likes •952 views

systemd, the modern Linux service and resource manager Alison Chaiken Sept. 8, 2015 mentor.com/automo tive Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of

slide-1
SLIDE 1

Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus T

  • rvalds in the U.S. and other countries.

Qt is a registered trade mark of Digia Plc and/or its subsidiaries. All other trademarks mentioned in this document are trademarks of their respective owners.

mentor.com/automo tive

Alison Chaiken

  • Sept. 8, 2015

systemd, the modern Linux service and resource manager

slide-2
SLIDE 2

2

Philosophy of systemd

  • Extract duplicate functionality from daemons and

move it to systemd core or kernel.

  • Replace /etc scripts with declarative config files.
  • Expose newer kernel APIs to userspace via a simple

interface.

2

slide-3
SLIDE 3

3

systemd is:

  • modular;
  • asynchronous and concurrent;
  • described by declarative sets of

properties;

  • bundled with analysis tools and tests;
  • supplied with a fully language-agnostic

API.

3

slide-4
SLIDE 4

4

init.d scripts ⇒ systemd unit properties

  • Unit's action and parameters: ExecStart=
  • Dependencies: Before=, After=, Requires=,

Confmicts= and Wants=.

  • Default dependencies:

– Requires= and After= on basic.target; – Confmicts= and Before= on

shutdown.target.

  • T

ypes of unit fjles: service, socket, device, mount, scope, slice, automount, swap, target, path, timer, snapshot

4

slide-5
SLIDE 5

5

Example: Automotive Message Broker

From /lib/systemd/system/ambd.service:

# ambd systemd service unit fjle [Unit] Description=Automotive Message Broker After=syslog.target [Service] T ype=dbus BusName=org.automotive.message.broker ExecStart=/usr/bin/ambd [Install] WantedBy=multi-user.target

5

slide-6
SLIDE 6

6

Example: Make the gdp-hmi-controller only start when weston is ready

From: Jonathan Maw <jonathan.maw@codethink.co.uk> [ . . . ]

  • -- /dev/null

+++ b/recipes-demo-hmi/genivi-demo-platform-hmi/gdp-hmi- launcher2/StartLauncher.path +[Unit] +Description=GENIVI Start Launcher when weston is ready +Requires=weston.service +After=weston.service +[Path] +PathExists=/var/run/user/0/wayland-0

6

slide-7
SLIDE 7

7

sysVinit runlevels ≈ systemd targets

7

  • Targets are synchronization points.
  • Check /lib/systemd/system/runlevel?.target symlinks:

– multi-user.target (runlevel 3) – graphical.target (runlevel 5)

  • Select boot-target :

– via /etc/systemd/system/default.target symlink; – appending number or systemd.unit=<target> to bootargs.

slide-8
SLIDE 8

8

Illustration: systemd-bootchart and custom targets

Courtesy Marko Hoyer, ADIT.

8

slide-9
SLIDE 9

9

Custom T argets in GENIVI's Lifecycle Management

9

LUC = Last User Context

Node Startup Controller

slide-10
SLIDE 10

10

10

  • Organized into system and user units
  • /lib/systemd/system: systemd upstream defaults for system-

wide services

  • /etc/systemd/system: local customizations by override and

extension

  • /lib/systemd/user: systemd's upstream defaults for per-user

services

  • $HOME/.local/share/systemd/user for user-installed units
  • 'drop-ins' are run-time extensions

Hierarchy of unit fjles for system and user sessions

slide-11
SLIDE 11

11

Illustration:Tizen Multi-user system

Source: Dominig ar Foll, “Tizen 3 IVI Architecture Multi User App FW”, FOSDEM 2014

slide-12
SLIDE 12

12

Tizen Login Manager and User Sessions

Source: Dominig ar Foll, “Tizen 3 IVI Architecture Multi User App FW”, FOSDEM 2014

slide-13
SLIDE 13

13

using the systemd journal

13

  • Easily pushed to a remote.
  • Can be cryptographically 'sealed'.
  • Configurable max size and rotation.
  • Simple log-reading tools are scriptable:

journalctl -xn journalctl -p err journalctl -u cron journalctl -o json-pretty systemctl status systemctl is-failed bluetooth systemctl --failed

slide-14
SLIDE 14

14

Both systemd journal and DLT:

14

  • are modular and extensible.
  • support pushing data to AF_INET socket.
  • can share data with legacy syslog.
  • natively output binary formats.

→ Linking systemd and DLT involves:

translating binary formats;

handshaking;

synchronization.

  • Performed by remote?
slide-15
SLIDE 15

15

simplifjes access to kernel's security, resource and watchdog controls

  • Including Capabilities, Watchdog, Cgroups and

kdbus (still a 'coming attraction')

  • Kernel features confjgurable via simple ASCII
  • ptions in unit fjles.
  • Encourages creation of system policies via unit

templates.

15

slide-16
SLIDE 16

16

granular resource control: systemd and cgroups

16

  • cgroups: a kernel-level mechanism for allocating

storage, memory, CPU and network.

  • slices are groups of daemons whose resources are

managed jointly.

  • systemd scopes are resultant groups of user

processes.

  • Can set BlockIOWeight, IOSchedulingPriority,

OOMScoreAdjust, CPUShares, MemoryLimit … Tomorrow: “An introduction to Control Groups”

slide-17
SLIDE 17

17

systemd and security: granular encapsulation via kernel's capabilities

17

  • CapabilityBoundingSet
  • PrivateTmp, PrivateDevices, PrivateNetwork
  • JoinNamespaces
  • ProtectSystem (/usr and /etc), ProtectHome
  • ReadOnlyDirectories, InaccessibleDirectories
  • systemd-nspawn: systemd's native containers
slide-18
SLIDE 18

18

systemd's watchdog support

  • Provides simple confjguration of soft or hard

watchdogs.

  • RuntimeWatchdogSec sets a timer for petting the

dog.

  • ShutdownWatchdogSec sets a timer to force

reboot if shutdown hangs.

18

slide-19
SLIDE 19

19

Summary

  • Adaptation to systemd requires considerable

thought.

  • Uniform dependency language is attractive.
  • Managing resources, security and and watchdogs

is potentially simplifjed.

  • Backwards compatibility eases transition, but

project moves quickly.

19

slide-20
SLIDE 20

20

20

  • Man pages are part of systemd git repo.
  • freedesktop.org: systemd mailing list archives and wiki
  • Poettering's 0pointer.de blog
  • ➟At wayback machine: “Booting up” articles
  • Neil Brown series at LWN
  • ➟Fedora's SysVinit to systemd cheatsheet
  • Poettering's 'What's new' talk from FOSDEM 2015
  • Josh Triplett's Debconf talk video
  • Linux Action Show interviews with Mark Shuttleworth and

Lennart Poettering

  • A bunch of videos and slides linked at my website

Resources

slide-21
SLIDE 21

21

resource utilization of systemd itself

21

  • systemd-211 in Poky includes 17 packages = 8 MB.
  • systemd-219 builds 90 MB of executables (not all needed).
  • minimal build = systemd, udevd and journald.
  • Memory (RSS) of fully featured build: ≈9 MB; minimum build ≈5 MB.
  • Features added/removed via './configure'.