As I occasionally write services for daemon processes, every time when I need I just google for it, this works most of the time. But sometimes it repeated and I haven’t keep a note of those one off(I wrongly thought) services. Recently read the blog systemd by examples which encourage me to write down my services and share here, most usefully hope I can copy them once needed, from here.
Check status or info of a unit don’t need sudo
A name default indicate to service, e.g. systemctl status docker for docker, systemctl status docker.socket for docker socket
Notes from the book
In systemd, a target is a unit that groups together other systemd units for a particular purpose. The units that a target can group together include services, paths, mount points, sockets, and even other targets.
Copied from iptables-restore.service of awslabs/amazon-eks-ami, modified with adding ExecStartPre, my iptables file have some custom value need to be replaced for the current running machine, i.e. IP address.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[Unit]Description=Restore iptables# iptables-restore must start after docker because docker will# reconfigure iptables to drop forwarded packets.After=docker.service network.target nss-lookup.target[Service]Type=oneshotExecStartPre=/bin/bash /etc/sysconfig/replace_ip_in_iptables.shExecStart=/bin/bash -c "/sbin/iptables-restore < /etc/sysconfig/iptables"ExecStartPost=/usr/bin/mount /data[Install]WantedBy=multi-user.target
D-Bus, which is short for Desktop Bus, is a messaging protocol that allows applications to communicate with each other. It also allows the system to launch daemons and applications on demand, whenever they’re needed.
1
2
3
4
5
6
7
8
man bootup
systemctl list-dependencies local-fs.target
strings /lib/systemd/systemd | grep -A 100'local-fs.target'systemd-analyze # same as systemd-analyze timesystemd-analyze blame # See services run timesystemd-analyze critical-chain # target to start during bootupls -ltr /run/systemd/generator/ # systemd dynamic generate mounts from /etc/fstab to here
man systemd.directives
man systemd.unit
systemctl --state=helpsystemctl list-units -t service
systemctl list-unit-files
systemctl list-unit-files -t
systemctl is-enabled docker
systemctl is-active docker
systemctl show
systemctl show --property=Virtualization
systemctl list-dependencies
systemctl list-dependencies --after network.target
systemd-analyze dot graphical.target
systemctl get-default
ls -ltr /lib/systemd/system/default.target
# This will shut down the graphics server and bring you back to a text-mode login promptsudo systemctl isolate multi-user
sudo systemctl isolate graphical
# cgroupssystemd-cgls
systemctl status user.slice
ls -l /sys/fs/cgroup
sudo apt install cgroup-tools
sudo yum install libcgroup-tools
lssubsys # view active resource controllers# Limit for usersudo systemctl set-property user-1001.slice CPUQuota=200%
# --runtime, reboot the restriction is gonesudo systemctl set-property --runtime user-1001.slice MemoryMax=1G
sudo systemctl set-property user-1001.slice BlockIOReadBandwidth="/dev/sda 1M"sudo systemctl set-property apache2.service BlockIOReadBandwidth="/dev/sda 1M"# Created in /etc/systemd/system.control# Only ff this is first-time for user-1001, need to reload.sudo systemctl daemon-reload
cat /sys/fs/cgroup/cpu/user.slice/user-1001.slice/cpu.cfs_quota_us
# 200000# Limit for service## with systemctl cmdsudo systemctl set-property cputest.service CPUQuota=90%
## with service file# [Service]# ExecStart=/usr/bin/stress-ng -c 4# CPUQuota=90%
The ulimit command allows us to dynamically control resource usage for a shell session and for any processes that get started by the shell session.
you can either set or lower limits as a normal user, but you need sudo privileges to increase any limits