[release-notes] too much info about systemd
Pete Travis
immanetize at fedoraproject.org
Fri Oct 10 02:57:20 UTC 2014
commit a728029faedae9efc213965f6a21f23361467329
Author: Pete Travis <immanetize at fedoraproject.org>
Date: Thu Oct 9 20:57:15 2014 -0600
too much info about systemd
en-US/System_Daemons.xml | 135 ++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 130 insertions(+), 5 deletions(-)
---
diff --git a/en-US/System_Daemons.xml b/en-US/System_Daemons.xml
index 82038f7..59c4504 100644
--- a/en-US/System_Daemons.xml
+++ b/en-US/System_Daemons.xml
@@ -79,13 +79,113 @@
The new command <command>systemctl preset-all</command> applices service preset settings to all unit files. The equivalent operation if the system is booted with an empty <filename class="directory" >/etc</filename>. Preset files for crucial services are provided with systemd in <filename class="directory" >/usr/lib/systemd/system-preset/</filename>
</para>
</listitem>
+ <listitem>
+ <para>
+ <emphasis>/var recreation</emphasis>
+ </para>
+ <para>
+ A tmpfiles snippet, <filename>/usr/lib/tmpfiles.d/var.conf</filename>, recreates the basic structure of <filename class="directory">/var</filename>, if <filename class="directory" >/var</filename> is empty.
+ </para>
+ </listitem>
+
</itemizedlist>
</section>
- <!--
-
+
+
+ <listitem>
+ <para>
+ <emphasis>DefaultInstance= for templates</emphasis>
+ </para>
+ <para>
+ A templated unit file can unclude a <option>DefaultInstance=</option> option. If the template unit is enabled without declaring an instance, the value of <option>DefaultInstance</option> is used.
+ </para>
+ </listitem>
+
- <para>
+ <para>
+ nspawn uses devices cgroup controller, only permits access,creaton to,of API device notes ie /dev/null /dev/random, access for pty
+ systemd-nspawn has --tmpfs=/path switch to create a tmpfs at /path in the container
+ `systemd-nspawn --image` boots disk images and linux installations following the discoverable partition specification.
+ `systemd-nspawn --network-macvlan=` sets up a private macvlan interface; compliments Kind=macvlan setting in .netdev files
+ systemd-network-wait-online is new, waits for network connectiviry using systemd-networkd
+ /usr/lib/systemd/network/80-container-host0.network
+ /usr/lib/systemd/network/80-container-ve.network
+ systemd ships .network file for systemd-networkd that automatically configures DHCP for network interfaces created by nspawn's --network-veth= or --network-bridge=
+ unit files gain DeviceAllow to whitelist device access, uses names from /proc/devices
+ /etc/systemd/network/*.link, man systemd.link
+ netword veth interfaces prefixed with vb- if --network-bridge or ve- if --network-veth
+ new tool to save/restore rfkill state on shutdown/reboot [what? how?]
+ restore state of keyboard backlights in addition to screen backlights
+ $XDG_RUNTIME_DIR are individual tmpfs instances, allows quota settings, superior isolation. Set default size in logind.conf:RuntimeDirectorySize= defaults to 10% of available physical memory
+ logind automatically turns off automatic suspending on laptop lid close iff more than one display is closed. This had been left to DEs, but what about when the system starts with the lid closed?
+ After resuming from suspend, the system won't suspend again for 30s. The system won't suspend due to a laptop lid close until 3 minutes after resume. This gives peripherals that might be used or block suspend time to come up.
+ systemd-run --property= for resource control properties ie BlockIOWeight=10
+ systemd-run --uid --gid --setenv also works in scope mode
+
+ systemd-machine-id-setup has --root arg to operate on a given root directory
+ `machinectl poweroff` to shut down container
+ MAC addresses for nspawn containers with the --network-interface= are generated from machineID, so they can be consistent.
+ Logic for handling legacy init scripts moved out of PID1 and into a dynamically run generator that creates unit files on demand. Units that need the network automatically get a dependency for network-online.target
+ fsck.repair= boot option declares how the kernel deals with unclean filesystems
+ preen=safe repair only, yes=force yes, no=no repair
+ systemd-udevd runs in dissociated mount namespace. To mount directories from udev rules, make sure to pull in mount units via SYSTEMD_WANTS properties.
+ systemd native support for tcpwrappers removed
+ system.conf option gains DefaultTImerAccuracySec= that sets default AccuracySec= for .timer units.
+ timer units get WakeSystem= switch to resume from suspend (given [common] hardware support)
+ timer units gain Persistent= switch to save to disk when last triggered, causes units to trigger if their last scheduled time was missed due to poweroff.
+
+ """
+As an experimental feature, udev now tries to lock the
+disk device node (flock(LOCK_SH|LOCK_NB)) while it
+executes events for the disk or any of its partitions.
+Applications like partitioning programs can lock the
+disk device node (flock(LOCK_EX)) and claim temporary
+device ownership that way; udev will entirely skip all event
+handling for this disk and its partitions. If the disk
+was opened for writing, the close will trigger a partition
+table rescan in udev's "watch" facility, and if needed
+synthesize "change" events for the disk and all its partitions.
+This is now unconditionally enabled, and if it turns out to
+cause major problems, we might turn it on only for specific
+devices, or might need to disable it entirely. Device Mapper
+devices are excluded from this logic.
+"""
+ /dev/log and /dev/initctl moved to /run with symlinks so PrivateSystem units can get them.
+ systemd-notify fixed to send messages as from the invoking script and not systemd-notify itself.
+ ReadOnlyDirectories= now applied recursively to submounts. systemd-nspawn --read-only does the same thing.
+ New unit file RestrictAddressFamilies= restricts the socket address familiew that units are given access to. ie AF_INET,AF_UNIX
+ units get RuntimeDirectory= RuntimeDirectoryMode= to declare /run workingdirs
+ units get DeviceAllow= setting to glob against device group names
+ systemd.conf gains options to set defaults:
+ DefaultCPUAccounting=
+ DefaultBlockIOAccounting=
+ DefaultMemoryAccounting=
+ - can turn on or off accounting for units, overridden by individual unit configs
+
+ systemd-gpt-auto-generator can discover /srv,/,/home,swap. Supports LUKS. http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec
+
+ systemd doesn't consider dom0s to be virtual machines.
+ Restart=on-abnormal triggers automatic restarts on all abnormal exit statii, restarts harder than on-failure
+ Socket units can be owned by SocketUser= or SocketGroup=
+ ProtectedHome= makes home inaccessible
+ ProtectedSystem= makes /usr/ read only
+ systemd-netowrkd runs as "systemd-network" user so it can't write to root owned files.
+ kbus has support for loading policy into the kernel
+ kbus has support for loading policy into the kernel
+ systemd-resolved runs as systemd-resolve user
+ systemd-resolved provides different /etc/resolv.conf to different interfaces
+ resolved symlink from /etc/resolv.conf should target /run/systemd/resolv/something
+ systemd-bus-proxyd runs as systemd-bus-proxy
+ networkd does veth for containers, and GRE, VTI,IPIP,SIT tunnels
+ networkd supports matching on system virtualization, arch, kernel command line, hostname, machineID
+ networkd doesn't dynamically load kernel modules, assumes the kernel can do it.
+ systemd-detect-virt works without privs
+ REstartForceExitStatus= return value for main service process exit; force restart of all child processes if seen
+ Systemctl -H (for remote machines) can connect to containers, ie `systemctl -H user at host:containername`
+ udev uses dev_port from sysfs instead of dev_id; ensures consistent naming even if devices have the same hardware address on system bus
+ machined reads /etc/os-release and /usr/lib/os-release, value shown in machinectl (contaniers>
+ machined reads container IPs, value shown in machinectl
file-heirarchy(7) describes minimized, modernized version of the filesystem systemd expects, similar to heir(5) or FHS. tool: systemd-path
systemd-nspawn filters syscals for kernel module loading, io port access, swap, kexec, more; for security
boot options: systemd.wants= systemd.mask= systemd.debug-shell(TTY9)
@@ -93,14 +193,16 @@
coredumpctl gains 'info' commmand to show details
systemd-coredump logs stack trace of running dumps to journal
systemd-coredup optionally stores to /var/lib/systemd/coredump instead of journal
- /dev/loop-control /dev/btrfs-control owned by 'disk' group
+ /dev/loop-control /dev/btrfs-control /dev/fd* owned by 'disk' group
cryptsetup-pre for services that need to run before encypted mounts are up
+ network-pre.target for services like firewall that must start before network is up
service presets??
systemctl is-system-running
tmpfiles:
L+ force symlink
b+ force block device
c+ force character device
+ C option to copy files
p+ force fifo
Omitting source for target automatically grabs correlating path based from /usr/share/factory/path
mount units have SloppyOptions= mapping to -s of `mount`.
@@ -108,7 +210,30 @@
input group for input devices compliments audio and video groups
networkd does DHCPv4 server
netowrkd does vxlan virtual networks, tun/tap devices, dummy devices
- automatic allocation of address ranges for interfaces from a pool, used to manage large numbers of interfaces, useful for many nspawn instances.
+ networkd does predictable address assignments to its local interfaces.
+ netowrkd does automatic allocation of address ranges for interfaces from a pool, used to manage large numbers of interfaces, useful for many nspawn instances.
+ systemd-timesyncd - ntp client, saves state to disc for RTC-less systems, runs as systemd-timesync
+ systemctl list-timers;systemctl list-sockets gets --recursive to list timers and sockets inside containers.
+ FailureAction= option is triggered on unit failure
+ hostnamed exposes kernel n-v-r, helpful for -H
+ hostnamed prefers /etc/hostname over dhcp (unless localhost or empty)
+ when restoring brightness, stay away from lowest setting or lowest 5%
+ bootchart can show cgroup information
+ cgroup cpu quotas can be set with CPUQuota=NN% option
+ StartupCPUShares= and StartupIOWeight= sets limits only during startup
+ systemctl status with no arguments returns:
+ starting: startup
+ running: normal runtime
+ degraded: at least one failed service
+ maintenance: rescue/emergency mode
+ stopping: shutdown
+ - useful with containers
+ systemctl list-machines shows containers running systemd and their state
+ systemctl gets -r switch to recursively enumerate units in containers
+ partition discovery logic will honor GPT partition flags for read only, ignore
+ two GPT UUIDs, on discovery, will be mounted as / - for 32,64bit arm.
+ logind clears all IPC objects on user logout, controlled by RemoveIPC= in logind.conf
+ journald emergency messages forwarded to all users in the way of `wall`
</para>
-->
More information about the docs-commits
mailing list