Systemd 的简介和特点
Systemd 是 Linux 系统中最新的初始化系统(init),它主要的设计目标是克服 sysvinit 固有的缺点,提高系统的启动速度。系统启动和服务器守护进程管理器,负责在系统启动或运行时,激活系统资源,服务器进程和其它进程,向下兼容,但是效率没有systemd高。
Systemd新特性:
系统引导时实现服务并行启动
按需启动守护进程
自动化的服务依赖关系管理
同时采用socket式与D-Bus总线式激活服务
系统状态快照
[root@localhost ~]# pstree
systemd─┬─NetworkManager─┬─2*[dhclient]
│ ├─teamd
│ └─2*[{NetworkManager}]
├─abrt-watch-log
├─abrtd
├─agetty
├─auditd───{auditd}
├─crond
├─dbus-daemon───{dbus-daemon}
├─firewalld───{firewalld}
├─httpd───5*[httpd]
├─irqbalance
├─lvmetad
├─master─┬─pickup
│ └─qmgr
├─polkitd───5*[{polkitd}]
├─rpcbind
├─rsyslogd───2*[{rsyslogd}]
systemd提供了并发启动能力,开机不会启动所有服务,按需激活的方式,提高了启动速度。
核心概念: unit
unit表示不同类型的systemd对象,通过配置文件进行标识和配置;文件中主要包含了系统服务、监听socket、保存的系统快照以及其它与init相关的信息
配置文件:
/usr/lib/systemd/system:每个服务最主要的启动脚本设置,类似于之前的/etc/init.d/
/run/systemd/system:系统执行过程中所产生的服务脚本,比上面目录优先运行
/etc/systemd/system:管理员建立的执行脚本,类似于/etc/rc.d/rcN.d/Sxx类的功能,比上面目录优先运行
Unit类型
service unit:扩展名为 .service
不需要执行权限,只是配置文件,用于定义系统服务
target unit : 扩展名为 . target
用于模拟实现"运行级别"
Divice unit : .divice
用于定义内核识别的设备
Mount unit : .mount
定义文件系统挂载点
Socket unit: .socket
用于标识进程间通信用的socket文件,也可在系统启动时,延迟启动服务,实现按需启动
Snapshot unit: .snapshot,
管理系统快照
Swap unit: .swap,
用于标识swap设备
Automount unit: .automount,
文件系统的自动挂载点
Automount unit: .automount,
文件系统的自动挂载点
Path unit: .path,
用于定义文件系统中的一个文件或目录使用,常用于当文件系统变化时,延迟激活服务,如: spool 目录
特性
关键特性:
基于socket的激活机制: socket与服务程序分离
#为每个服务预先创建激活socket,systemd监听对应socket,当需要使用时启动服务
基于d-bus的激活机制:
基于device的激活机制:
基于path的激活机制:
系统快照:保存各unit的当前状态信息于持久存储设备中
向后兼容sysv init脚本(在cenos7上不建议init级别和init切换运行级别)
不兼容:
systemctl命令固定不变,不可扩展
非由systemd启动的服务, systemctl无法与之通信和控制
系统服务不会读取标准输入流,系统服务启动不会读取任何用户环境变量,服务中需要使用绝对路径超过5分钟,就会强制退出
管理系统服务:
CentOS 7: service unit
注意:能兼容早期的服务脚本
命令: systemctl COMMAND name.service 启动: service name start ==> systemctl start name.service 停止: service name stop ==> systemctl stop name.service 重启: service name restart ==> systemctl restart name.service 状态: service name status ==> systemctl status name.service 条件式重启:已启动才重启,否则不做操作 service name condrestart ==> systemctl tryrestart name.service 重载或重启服务:先加载,再启动 systemctl reload-or-restart name.service 重载或条件式重启服务: systemctl reload-or-try-restart name.service 禁止自动和手动启动: systemctl mask name.service 取消禁止: systemctl unmask name.service
查看活动服务
查看某服务当前激活与否的状态:
systemctl is-active name.service
[root@localhost system]# systemctl list-units UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats Fi sys-devices-pci0000:00-0000:00:07.1-ata2-host1-target1:0:0-1:0:0:0-block-sr0.device loaded activ sys-devices-pci0000:00-0000:00:10.0-host2-target2:0:0-2:0:0:0-block-sda-sda1.device loaded activ sys-devices-pci0000:00-0000:00:10.0-host2-target2:0:0-2:0:0:0-block-sda-sda2.device loaded acti
查看激活服务
systemctl list-units --type|-t service
[root@localhost system]# systemctl list-units --type service
查看所有服务:
systemctl list-units --type service –all|-a
[root@localhost system]# systemctl list-units --type service all
chkconfig命令的对应关系:
设定某服务开机自启:
chkconfig name on ==> systemctl enable name.service
设定某服务开机禁止启动:
chkconfig name off ==> systemctl disable name.service
查看所有服务的开机自启状态:
chkconfig --list ==> systemctl list-unit-files --type service
列出该服务在哪些运行级别下启用和禁用
ls /etc/systemd/system/*.wants/sshd.service
[root@localhost system]# ls /etc/systemd/system/ basic.target.wants default.target.wants dbus-org.fedoraproject.FirewallD1.service getty.target.wants dbus-org.freedesktop.ModemManager1.service multi-user.target.wants dbus-org.freedesktop.NetworkManager.service sockets.target.wants dbus-org.freedesktop.nm-dispatcher.service sysinit.target.wants default.target system-update.target.wants
查看服务是否开机自启:
systemctl is-enabled name.service
[root@localhost system]# systemctl is-enabled sshd.service enabled [root@localhost system]# systemctl is-enabled network.service network.service is not a native service, redirecting to /sbin/chkconfig. Executing /sbin/chkconfig network --level=5 enabled
查看服务的依赖关系:
systemctl list-dependencies name.service
[root@localhost system]# systemctl list-dependencies network.service network.service ● ├─system.slice ● ├─basic.target ● │ ├─firewalld.service ● │ ├─microcode.service ● │ ├─rhel-autorelabel-mark.service
[root@localhost system]# systemctl list-dependencies emergency.service emergency.service ● ├─-.mount ● └─system.slice
杀掉进程:
systemctl kill 进程名
服务状态
systemctl list-unit-files --type service --all显示状态
loaded:Unit配置文件已处理
active(running):一次或多次持续处理的运行
active(exited):成功完成一次性的配置
active(waiting):运行中,等待一个事件
inactive:不运行
enabled:开机启动
disabled:开机不启动
static:开机不启动,但可被另一个启用的服务激活
systemctl 命令示例
显示所有单元状态
systemctl 或 systemctl list-units
[root@localhost getty.target.wants]# systemctl list-units sys-subsystem-rfkill-devices-rfkill1.device loaded active plugged /sys/subsystem/rfkill/device -.mount loaded active mounted / app.mount loaded active mounted /app boot.mount loaded active mounted /boot dev-hugepages.mount loaded active mounted Huge Pages File System dev-mqueue.mount loaded active mounted POSIX Message Queue File System home.mount loaded active mounted /home mnt.mount loaded active mounted /mnt run-user-0.mount loaded active mounted /run/user/0
只显示服务单元的状态
systemctl --type=service
[root@localhost getty.target.wants]# systemctl --type=service UNIT LOAD ACTIVE SUB DESCRIPTION abrt-ccpp.service loaded active exited Install ABRT coredump hook abrt-oops.service loaded active running ABRT kernel log watcher abrtd.service loaded active running ABRT Automated Bug Reporting Tool auditd.service loaded active running Security Auditing Service crond.service loaded active running Command Scheduler dbus.service loaded active running D-Bus System Message Bus firewalld.service loaded active running firewalld - dynamic firewall daemon [email protected] loaded active running Getty on tty1 httpd.service loaded active running The Apache HTTP Server
显示sshd服务单元
systemctl status sshd.service –l
[root@localhost getty.target.wants]# systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2017-07-14 09:39:24 CST; 6h ago Docs: man:httpd(8) man:apachectl(8) Main PID: 68544 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service ├─68544 /usr/sbin/httpd -DFOREGROUND ├─68545 /usr/sbin/httpd -DFOREGROUND ├─68546 /usr/sbin/httpd -DFOREGROUND ├─68547 /usr/sbin/httpd -DFOREGROUND ├─68548 /usr/sbin/httpd -DFOREGROUND └─68549 /usr/sbin/httpd -DFOREGROUND Jul 14 09:39:23 localhost.localdomain systemd[1]: Starting The Apache HTTP Server... Jul 14 09:39:24 localhost.localdomain httpd[68544]: AH00558: httpd: Could not reliably determ...ge Jul 14 09:39:24 localhost.localdomain systemd[1]: Started The Apache HTTP Server. Hint: Some lines were ellipsized, use -l to show in full.
验证sshd服务当前是否活动
systemctl is-active sshd
[root@localhost getty.target.wants]# systemctl is-active sshd active [root@localhost getty.target.wants]# systemctl is-active httpd active
启动,停止和重启sshd服务
systemctl start sshd.service
systemctl stop sshd.service
systemctl restart sshd.service
[root@localhost getty.target.wants]# systemctl restart httpd [root@localhost getty.target.wants]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2017-07-14 15:47:48 CST; 9s ago
重新加载配置
systemctl reload sshd.service
用于修改配置文件后修改
[root@localhost getty.target.wants]# systemctl reload sshd.service &&echo $? 0
列出活动状态的所有服务单元
systemctl list-units --type=service
root@localhost getty.target.wants]# systemctl list-units --type service UNIT LOAD ACTIVE SUB DESCRIPTION abrt-ccpp.service loaded active exited Install ABRT coredump hook abrt-oops.service loaded active running ABRT kernel log watcher
列出所有服务单元
systemctl list-units --type=service --all
[root@localhost getty.target.wants]# systemctl list-units --type service -a UNIT LOAD ACTIVE SUB DESCRIPTION abrt-ccpp.service loaded active exited Install ABRT coredump hook abrt-oops.service
查看服务单元的启用和禁用状态
systemctl list-unit-files --type=service
[root@localhost getty.target.wants]# systemctl list-unit-files --type service UNIT FILE STATE abrt-ccpp.service enabled abrt-oops.service enabled abrt-pstoreoops.service disabled abrt-vmcore.service enabled abrt-xorg.service enabled abrtd.service enabled arp-ethers.service disabled atd.service enabled auditd.service enabled [email protected] enabled blk-availability.service disabled brandbot.service static chrony-dn***[email protected] static
[root@localhost getty.target.wants]# systemctl list-unit-files --type service |grep enabled abrt-ccpp.service enabled abrt-oops.service enabled abrt-vmcore.service enabled
列出失败的服务
systemctl --failed --type=service
[root@localhost getty.target.wants]# systemctl --failed --type service UNIT LOAD ACTIVE SUB DESCRIPTION ● kdump.service loaded failed failed Crash recovery kernel arming LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'.
列出依赖的单元
systemctl list-dependencies sshd
[root@localhost getty.target.wants]# systemctl list-dependencies sshd sshd.service ● ├─sshd-keygen.service ● ├─system.slice ● └─basic.target ● ├─firewalld.service ● ├─microcode.service ● ├─rhel-autorelabel-mark.service ● ├─rhel-autorelabel.service ● ├─rhel-configure.service ● ├─rhel-dmesg.service
验证sshd服务是否开机启动
systemctl is-enabled sshd
[root@localhost getty.target.wants]# systemctl is-enabled sshd enabled
禁用network,使之不能自动启动,但手动可以
systemctl disable network
[root@localhost getty.target.wants]# systemctl disable network network.service is not a native service, redirecting to /sbin/chkconfig. Executing /sbin/chkconfig network off [root@localhost getty.target.wants]# systemctl is-enabled network network.service is not a native service, redirecting to /sbin/chkconfig. Executing /sbin/chkconfig network --level=5 disabled
启用network
systemctl enable network
[root@localhost getty.target.wants]# systemctl is-enabled network network.service is not a native service, redirecting to /sbin/chkconfig. Executing /sbin/chkconfig network --level=5 enabled
禁用network,使之不能手动或自动启动
systemctl mask network
[root@localhost getty.target.wants]# systemctl mask network Created symlink from /etc/systemd/system/network.service to /dev/null. [root@localhost getty.target.wants]# systemctl enable network Failed to execute operation: Cannot send after transport endpoint shutdown
启用network
systemctl unmask network
[root@localhost getty.target.wants]# systemctl unmask network.service Removed symlink /etc/systemd/system/network.service. [root@localhost getty.target.wants]# systemctl enable network network.service is not a native service, redirecting to /sbin/chkconfig. Executing /sbin/chkconfig network on
运行级别
target units:
unit配置文件: .target
ls /usr/lib/systemd/system/*.target systemctl list-unit-files --type target --all [root@localhost getty.target.wants]# ls /usr/lib/systemd/system abrt-ccpp.service proc-sys-fs-binfmt_misc.automount abrtd.service proc-sys-fs-binfmt_misc.mount abrt-oops.service psacct.service abrt-pstoreoops.service quotaon.service abrt-vmcore.service rc-local.service abrt-xorg.service rdisc.service arp-ethers.service rdma.service atd.service reboot.target auditd.service reboot.target.wants [email protected] remote-fs-pre.target basic.target remote-fs.target basic.target.wants rescue.service blk-availability.service rescue.target bluetooth.target rescue.target.wants
[root@localhost getty.target.wants]# systemctl list-unit-files --type target -a UNIT FILE STATE basic.target static bluetooth.target static cryptsetup-pre.target static cryptsetup.target static ctrl-alt-del.target disabled cvs.target static default.target enabled emergency.target static final.target static getty.target static graphical.target static halt.target disabled hibernate.target static hybrid-sleep.target static initrd-fs.target static initrd-root-fs.target static initrd-switch-root.target static initrd.target static iprutils.target disabled
级别切换: init N ==> systemctl isolate name.target
systemctl isolate multi-user.target
注: 只有/lib/systemd/system/*.target文件中AllowIsolate=yes 才能切换(修改文件需执行systemctl daemonreload才能生效)
查看target:
runlevel ; who -r
systemctl list-units --type target
[root@localhost getty.target.wants]# who -r run-level 3 2017-07-12 18:48 [root@localhost getty.target.wants]# systemctl list-units --type target UNIT LOAD ACTIVE SUB DESCRIPTION basic.target loaded active active Basic System bluetooth.target loaded active active Bluetooth cryptsetup.target loaded active active Encrypted Volumes getty.target loaded active active Login Prompts local-fs-pre.target loaded active active Local File Systems (Pre) local-fs.target loaded active active Local File Systems multi-user.target loaded active active Multi-User System network-online.target loaded active active Network is Online network.target loaded active active Network paths.target loaded active active Paths remote-fs.target loaded active active Remote File Systems slices.target loaded active active Slices sockets.target loaded active active Sockets sound.target loaded active active Sound Card swap.target loaded active active Swap sysinit.target loaded active active System Initialization timers.target loaded active active Timers
获取默认运行级别:
/etc/inittab ==> systemctl get-default
[root@localhost getty.target.wants]# systemctl get-default multi-user.target
修改默认级别:
/etc/inittab ==> systemctl set-default name.target
systemctl set-default multi-user.target
ls –l /etc/systemd/system/default.target
切换至紧急救援模式:
systemctl rescue
切换至emergency模式:
systemctl emergency
其它常用命令:
传统命令init, poweroff, halt, reboot都成为systemctl的软链接
关机: systemctl halt、 systemctl poweroff
重启: systemctl reboot
挂起: systemctl suspend
休眠: systemctl hibernate
休眠并挂起: systemctl hybrid-sleep
[root@localhost getty.target.wants]# ls -l /sbin/{init,poweroff,halt,reboot}
lrwxrwxrwx. 1 root root 16 Jul 13 16:10 /sbin/halt -> ../bin/systemctl
lrwxrwxrwx. 1 root root 22 Jul 13 16:10 /sbin/init -> ../lib/systemd/systemd
lrwxrwxrwx. 1 root root 16 Jul 13 16:10 /sbin/poweroff -> ../bin/systemctl
lrwxrwxrwx. 1 root root 16 Jul 13 16:10 /sbin/reboot -> ../bin/systemctl
CentOS7引导顺序
service unit文件格式
/etc/systemd/system:系统管理员和用户使用
/usr/lib/systemd/system:发行版打包者使用
以 “#” 开头的行后面的内容会被认为是注释
相关布尔值, 1、 yes、 on、 true 都是开启, 0、 no、 off、false 都是关闭
时间单位默认是秒,所以要用毫秒(ms)分钟(m)等须显式说明
service unit file文件组成
[Unit]:定义与Unit类型无关的通用选项;用于提供unit的描述信息、 unit行为及依赖关系等
[Service]:与特定类型相关的专用选项;此处为Service类型
[Install]:定义由“systemctl enable”以及"systemctl disable“命令在实现服务启用或禁用时用到的一些选项
Unit段的常用选项:
Description:描述信息
After:定义unit的启动次序,表示当前unit应该晚于哪些unit启动,其功能与Before相反
Requires:依赖到的其它units,强依赖,被依赖的units无法激活时,当前unit也无法激活
Wants:依赖到的其它units,弱依赖
Conflicts:定义units间的冲突关系
Service段的常用选项:
Type:定义影响ExecStart及相关参数的功能的unit进程启动类型
simple:默认值,这个daemon主要由ExecStart接的指令串来启动,启动后常驻于内存中
forking:由ExecStart启动的程序透过spawns延伸出其他子程序来作为此daemon的主要服务。原生父程序在启动结束后就会终止
oneshot:与simple类似,不过这个程序在工作完毕后就结束了,不会常驻在内存中
dbus:与simple类似,但这个daemon必须要在取得一个D-Bus的名称后,才会继续运作.因此通常也要同时设定BusNname= 才行
notify:在启动完成后会发送一个通知消息。还需要配合NotifyAccess 来让 Systemd 接收消息
idle:与simple类似,要执行这个daemon必须要所有的工作都顺利执行完毕后才会执行。这类的daemon通常是开机到最后才执行即可的服务
EnvironmentFile:环境配置文件
ExecStart:指明启动unit要运行命令或脚本的绝对路径
ExecStartPre: ExecStart前运行
ExecStartPost: ExecStart后运行
ExecStop:指明停止unit要运行的命令或脚本
Restart:当设定Restart=1 时,则当次daemon服务意外终止后,会再次自动启动此服务
Install段的常用选项:
Alias:别名,可使用systemctl command Alias.service
RequiredBy:被哪些units所依赖,强依赖
WantedBy:被哪些units所依赖,弱依赖
Also:安装本服务的时候还要安装别的相关服务
注意:对于新创建的unit文件,或者修改了的unit文件,要通知systemd重载此配置文件,而后可以选择重启
systemctl daemon-reload
设置内核参数
设置内核参数,只影响当次启动
启动时,在linux16行后添加systemd.unit=desired.target
systemd.unit=emergency.target
systemd.unit=recure.target
recure.target 比emergency 支持更多的功能,例如日志等
启动排错
文件系统损坏
先尝试自动修复,失败则进入emergency shell,提示用户修复
在/etc/fstab不存在对应的设备和UUID
等一段时间,如不可用,进入emergency shell
在/etc/fstab不存在对应挂载点
systemd 尝试创建挂载点,否则提示进入emergency shell.
在/etc/fstab不正确的挂载选项
提示进入emergency shell
破解CentOS7的root口令
方法1
启动时任意键暂停启动
按e键进入编辑模式
将光标移动linux16开始的行,添加内核参数rd.break
按ctrl-x启动
mount –o remount,rw /sysroot
chroot /sysroot
passwd root
touch /.autorelabel
exit
reboot
方法2
启动时任意键暂停启动
按e键进入编辑模式
将光标移动linux16开始的行,改为rw init=/sysroot/bin/sh
按ctrl-x启动
chroot /sysroot
passwd root
touch /.autorelabel
exit
reboot
修复GRUB2
GRUB“the Grand Unified Bootloader”
引导提示时可以使用命令行界面
可从文件系统引导
主要配置文件 /boot/grub2/grub.cfg
修复配置文件
grub2-mkconfig > /boot/grub2/grub.cfg
修复grub
grub2-install /dev/sda BIOS环境
grub2-install UEFI环境
调整默认启动内核
vim /etc/default/grub
GRUB_DEFAULT=0