[release-notes] some systemd stateless system enhancements, and more notes in comments (TODO)

Pete Travis immanetize at fedoraproject.org
Mon Oct 6 05:45:13 UTC 2014 

commit af78e648b418d0d10a374d9bc2661b9a829eacd1
Author: Pete Travis <immanetize at fedoraproject.org>
Date:   Sun Oct 5 23:45:09 2014 -0600

    some systemd stateless system enhancements, and more notes in comments (TODO)

 en-US/System_Daemons.xml |   78 ++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 78 insertions(+), 0 deletions(-)
---
diff --git a/en-US/System_Daemons.xml b/en-US/System_Daemons.xml
index a64cd82..82038f7 100644
--- a/en-US/System_Daemons.xml
+++ b/en-US/System_Daemons.xml
@@ -35,6 +35,84 @@
       For detailed information, refer to <ulink url="https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork" />
     </para>
   </section>
+  <section id="systemd-stateless">
+    <title>Stateless Systems</title>
+    <para>
+      The <ulink url="https://fedoraproject.org/wiki/Features/UsrMove">usrmove</ulink> Feature in Fedora 17 began a convention of distribution provided configurations residing in <filename>/usr</filename>, with overriding administrator provided configurations in <filename>/etc</filename>.  The systemd project's stateless systems effort goes a step further, to ensure that a system can boot <emphasis>without</emphasis> the configuration files in <filename>/etc</filename>.
+    </para>
+    <para>
+      This capabiity allows systems to be reset to a factory state, or various installation types to share a predictable base system.  Read <ulink url="http://0pointer.de/blog/projects/stateless.html" /> to learn about the potential of stateless systems.
+    </para>
+    <para>
+      Changes to <systemitem class="daemon">systemd</systemitem> that enable stateless systems include:
+    </para>
+    <itemizedlist>
+      <listitem>
+        <para>
+          <emphasis>systemd-sysusers</emphasis>
+        </para>
+        <para>
+          The <systemitem>systemd-sysitems</systemitem> utlity creates system users in <filename>/etc/passwd</filename> and system groups in <filename>/etc/groups</filename> based on declared entries in <filename>/usr/lib/sysusers.d/</filename>.  This ensures that crucial accounts are available in early boot.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <emphasis>tmpfiles snippet for <filename>/etc/filename</filename></emphasis>
+        </para>
+        <para>
+          <filename>/usr/lib/tmpfiles.d/etc.conf</filename> rebuilds essential files in <filename>/etc</filename>, should they be missing.  Notably, a symlink is created linking <filename>/etc/os-release</filename> to <filename>/usr/lib/os-release</filename>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <emphasis>ConditionNeedsUpdate directive</emphasis>
+        </para>
+        <para>
+          Service units can conditionally run only when related files in <filename>/etc</filename> or <filename>/var</filename> are older than the correlating files in <filename>/usr</filename>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <emphasis>systemd presets</emphasis>
+        </para>
+        <para>
+          The new command <command>systemctl preset-all</command> applices service preset settings to all unit files.  The equivalent operation if the system is booted with an empty <filename class="directory" >/etc</filename>.  Preset files for crucial services are provided with systemd in <filename class="directory" >/usr/lib/systemd/system-preset/</filename>
+        </para>
+      </listitem>
+    </itemizedlist>
+  </section>
+  <!--
+      
+          
+          
+          <para>
+            file-heirarchy(7) describes minimized, modernized version of the filesystem systemd expects, similar to heir(5) or FHS. tool: systemd-path
+            systemd-nspawn filters syscals for kernel module loading, io port access, swap, kexec, more; for security
+            boot options: systemd.wants= systemd.mask= systemd.debug-shell(TTY9)
+            journald defaults to SplitMode=uid so users can see their coredumps
+            coredumpctl gains 'info' commmand to show details
+            systemd-coredump logs stack trace of running dumps to journal
+            systemd-coredup optionally stores to /var/lib/systemd/coredump instead of journal
+            /dev/loop-control /dev/btrfs-control owned by 'disk' group
+            cryptsetup-pre for services that need to run before encypted mounts are up
+            service presets??
+            systemctl is-system-running
+            tmpfiles:
+              L+ force symlink
+              b+ force block device
+              c+ force character device
+              p+ force fifo
+              Omitting source for target automatically grabs correlating path based from /usr/share/factory/path
+            mount units have SloppyOptions= mapping to -s of `mount`.
+            rpm macros for sysusers, sysctl, binfmt
+            input group for input devices compliments audio and video groups
+            networkd does DHCPv4 server
+            netowrkd does vxlan virtual networks, tun/tap devices, dummy devices
+            automatic allocation of address ranges for interfaces from a pool, used to manage large numbers of interfaces, useful for many nspawn instances.
+          </para>
+          -->
+
+
 
 </section>

More information about the docs-commits mailing list