Systemd 的简介和特点
Systemd 是 Linux 系统中最新的初始化系统(init),它主要的设计目标是克服 sysvinit 固有的缺点,提高系统的启动速度。系统启动和服务器守护进程管理器,负责在系统启动或运行时,激活系统资源,服务器进程和其它进程,向下兼容,但是效率没有systemd高。
Systemd新特性:
系统引导时实现服务并行启动
按需启动守护进程
自动化的服务依赖关系管理
同时采用socket式与D-Bus总线式激活服务
系统状态快照
[root@localhost ~]# pstree
systemd─┬─NetworkManager─┬─2*[dhclient]
│ ├─teamd
│ └─2*[{NetworkManager}]
├─abrt-watch-log
├─abrtd
├─agetty
├─auditd───{auditd}
├─crond
├─dbus-daemon───{dbus-daemon}
├─firewalld───{firewalld}
├─httpd───5*[httpd]
├─irqbalance
├─lvmetad
├─master─┬─pickup
│ └─qmgr
├─polkitd───5*[{polkitd}]
├─rpcbind
├─rsyslogd───2*[{rsyslogd}]
systemd提供了并发启动能力,开机不会启动所有服务,按需激活的方式,提高了启动速度。
核心概念: unit
unit表示不同类型的systemd对象,通过配置文件进行标识和配置;文件中主要包含了系统服务、监听socket、保存的系统快照以及其它与init相关的信息
配置文件:
/usr/lib/systemd/system:每个服务最主要的启动脚本设置,类似于之前的/etc/init.d/
/run/systemd/system:系统执行过程中所产生的服务脚本,比上面目录优先运行
/etc/systemd/system:管理员建立的执行脚本,类似于/etc/rc.d/rcN.d/Sxx类的功能,比上面目录优先运行
Unit类型
service unit:扩展名为 .service
不需要执行权限,只是配置文件,用于定义系统服务
target unit : 扩展名为 . target
用于模拟实现"运行级别"
Divice unit : .divice
用于定义内核识别的设备
Mount unit : .mount
定义文件系统挂载点
Socket unit: .socket
用于标识进程间通信用的socket文件,也可在系统启动时,延迟启动服务,实现按需启动
Snapshot unit: .snapshot,
管理系统快照
Swap unit: .swap,
用于标识swap设备
Automount unit: .automount,
文件系统的自动挂载点
Automount unit: .automount,
文件系统的自动挂载点
Path unit: .path,
用于定义文件系统中的一个文件或目录使用,常用于当文件系统变化时,延迟激活服务,如: spool 目录
特性
关键特性:
基于socket的激活机制: socket与服务程序分离
#为每个服务预先创建激活socket,systemd监听对应socket,当需要使用时启动服务
基于d-bus的激活机制:
基于device的激活机制:
基于path的激活机制:
系统快照:保存各unit的当前状态信息于持久存储设备中
向后兼容sysv init脚本(在cenos7上不建议init级别和init切换运行级别)
不兼容:
systemctl命令固定不变,不可扩展
非由systemd启动的服务, systemctl无法与之通信和控制
系统服务不会读取标准输入流,系统服务启动不会读取任何用户环境变量,服务中需要使用绝对路径超过5分钟,就会强制退出
管理系统服务:
CentOS 7: service unit
注意:能兼容早期的服务脚本
命令: systemctl COMMAND name.service
启动: service name start ==> systemctl start name.service
停止: service name stop ==> systemctl stop name.service
重启: service name restart ==> systemctl restart name.service
状态: service name status ==> systemctl status name.service
条件式重启:已启动才重启,否则不做操作
service name condrestart ==> systemctl tryrestart name.service
重载或重启服务:先加载,再启动
systemctl reload-or-restart name.service
重载或条件式重启服务:
systemctl reload-or-try-restart name.service
禁止自动和手动启动:
systemctl mask name.service
取消禁止:
systemctl unmask name.service
查看活动服务
查看某服务当前激活与否的状态:
systemctl is-active name.service
[root@localhost system]# systemctl list-units
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats Fi
sys-devices-pci0000:00-0000:00:07.1-ata2-host1-target1:0:0-1:0:0:0-block-sr0.device loaded activ
sys-devices-pci0000:00-0000:00:10.0-host2-target2:0:0-2:0:0:0-block-sda-sda1.device loaded activ
sys-devices-pci0000:00-0000:00:10.0-host2-target2:0:0-2:0:0:0-block-sda-sda2.device loaded acti
查看激活服务
systemctl list-units --type|-t service
[root@localhost system]# systemctl list-units --type service
查看所有服务:
systemctl list-units --type service –all|-a
[root@localhost system]# systemctl list-units --type service all
chkconfig命令的对应关系:
设定某服务开机自启:
chkconfig name on ==> systemctl enable name.service
设定某服务开机禁止启动:
chkconfig name off ==> systemctl disable name.service
查看所有服务的开机自启状态:
chkconfig --list ==> systemctl list-unit-files --type service
列出该服务在哪些运行级别下启用和禁用
ls /etc/systemd/system/*.wants/sshd.service
[root@localhost system]# ls /etc/systemd/system/
basic.target.wants default.target.wants
dbus-org.fedoraproject.FirewallD1.service getty.target.wants
dbus-org.freedesktop.ModemManager1.service multi-user.target.wants
dbus-org.freedesktop.NetworkManager.service sockets.target.wants
dbus-org.freedesktop.nm-dispatcher.service sysinit.target.wants
default.target system-update.target.wants
查看服务是否开机自启:
systemctl is-enabled name.service
[root@localhost system]# systemctl is-enabled sshd.service
enabled
[root@localhost system]# systemctl is-enabled network.service
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network --level=5
enabled
查看服务的依赖关系:
systemctl list-dependencies name.service
[root@localhost system]# systemctl list-dependencies network.service
network.service
● ├─system.slice
● ├─basic.target
● │ ├─firewalld.service
● │ ├─microcode.service
● │ ├─rhel-autorelabel-mark.service
[root@localhost system]# systemctl list-dependencies emergency.service
emergency.service
● ├─-.mount
● └─system.slice
杀掉进程:
systemctl kill 进程名
服务状态
systemctl list-unit-files --type service --all显示状态
loaded:Unit配置文件已处理
active(running):一次或多次持续处理的运行
active(exited):成功完成一次性的配置
active(waiting):运行中,等待一个事件
inactive:不运行
enabled:开机启动
disabled:开机不启动
static:开机不启动,但可被另一个启用的服务激活
systemctl 命令示例
显示所有单元状态
systemctl 或 systemctl list-units
[root@localhost getty.target.wants]# systemctl list-units
sys-subsystem-rfkill-devices-rfkill1.device loaded active plugged /sys/subsystem/rfkill/device
-.mount loaded active mounted /
app.mount loaded active mounted /app
boot.mount loaded active mounted /boot
dev-hugepages.mount loaded active mounted Huge Pages File System
dev-mqueue.mount loaded active mounted POSIX Message Queue File System
home.mount loaded active mounted /home
mnt.mount loaded active mounted /mnt
run-user-0.mount loaded active mounted /run/user/0
只显示服务单元的状态
systemctl --type=service
[root@localhost getty.target.wants]# systemctl --type=service
UNIT LOAD ACTIVE SUB DESCRIPTION
abrt-ccpp.service loaded active exited Install ABRT coredump hook
abrt-oops.service loaded active running ABRT kernel log watcher
abrtd.service loaded active running ABRT Automated Bug Reporting Tool
auditd.service loaded active running Security Auditing Service
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
firewalld.service loaded active running firewalld - dynamic firewall daemon
[email protected] loaded active running Getty on tty1
httpd.service loaded active running The Apache HTTP Server
显示sshd服务单元
systemctl status sshd.service –l
[root@localhost getty.target.wants]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-07-14 09:39:24 CST; 6h ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 68544 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─68544 /usr/sbin/httpd -DFOREGROUND
├─68545 /usr/sbin/httpd -DFOREGROUND
├─68546 /usr/sbin/httpd -DFOREGROUND
├─68547 /usr/sbin/httpd -DFOREGROUND
├─68548 /usr/sbin/httpd -DFOREGROUND
└─68549 /usr/sbin/httpd -DFOREGROUND
Jul 14 09:39:23 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Jul 14 09:39:24 localhost.localdomain httpd[68544]: AH00558: httpd: Could not reliably determ...ge
Jul 14 09:39:24 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
验证sshd服务当前是否活动
systemctl is-active sshd
[root@localhost getty.target.wants]# systemctl is-active sshd
active
[root@localhost getty.target.wants]# systemctl is-active httpd
active
启动,停止和重启sshd服务
systemctl start sshd.service
systemctl stop sshd.service
systemctl restart sshd.service
[root@localhost getty.target.wants]# systemctl restart httpd
[root@localhost getty.target.wants]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-07-14 15:47:48 CST; 9s ago
重新加载配置
systemctl reload sshd.service
用于修改配置文件后修改
[root@localhost getty.target.wants]# systemctl reload sshd.service &&echo $?
0
列出活动状态的所有服务单元
systemctl list-units --type=service
root@localhost getty.target.wants]# systemctl list-units --type service
UNIT LOAD ACTIVE SUB DESCRIPTION
abrt-ccpp.service loaded active exited Install ABRT coredump hook
abrt-oops.service loaded active running ABRT kernel log watcher
列出所有服务单元
systemctl list-units --type=service --all
[root@localhost getty.target.wants]# systemctl list-units --type service -a
UNIT LOAD ACTIVE SUB DESCRIPTION
abrt-ccpp.service loaded active exited Install ABRT coredump hook
abrt-oops.service
查看服务单元的启用和禁用状态
systemctl list-unit-files --type=service
[root@localhost getty.target.wants]# systemctl list-unit-files --type service
UNIT FILE STATE
abrt-ccpp.service enabled
abrt-oops.service enabled
abrt-pstoreoops.service disabled
abrt-vmcore.service enabled
abrt-xorg.service enabled
abrtd.service enabled
arp-ethers.service disabled
atd.service enabled
auditd.service enabled
[email protected] enabled
blk-availability.service disabled
brandbot.service static
chrony-dn***[email protected] static
[root@localhost getty.target.wants]# systemctl list-unit-files --type service |grep enabled
abrt-ccpp.service enabled
abrt-oops.service enabled
abrt-vmcore.service enabled
列出失败的服务
systemctl --failed --type=service
[root@localhost getty.target.wants]# systemctl --failed --type service
UNIT LOAD ACTIVE SUB DESCRIPTION
● kdump.service loaded failed failed Crash recovery kernel arming
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
列出依赖的单元
systemctl list-dependencies sshd
[root@localhost getty.target.wants]# systemctl list-dependencies sshd
sshd.service
● ├─sshd-keygen.service
● ├─system.slice
● └─basic.target
● ├─firewalld.service
● ├─microcode.service
● ├─rhel-autorelabel-mark.service
● ├─rhel-autorelabel.service
● ├─rhel-configure.service
● ├─rhel-dmesg.service
验证sshd服务是否开机启动
systemctl is-enabled sshd
[root@localhost getty.target.wants]# systemctl is-enabled sshd
enabled
禁用network,使之不能自动启动,但手动可以
systemctl disable network
[root@localhost getty.target.wants]# systemctl disable network
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network off
[root@localhost getty.target.wants]# systemctl is-enabled network
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network --level=5
disabled
启用network
systemctl enable network
[root@localhost getty.target.wants]# systemctl is-enabled network
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network --level=5
enabled
禁用network,使之不能手动或自动启动
systemctl mask network
[root@localhost getty.target.wants]# systemctl mask network
Created symlink from /etc/systemd/system/network.service to /dev/null.
[root@localhost getty.target.wants]# systemctl enable network
Failed to execute operation: Cannot send after transport endpoint shutdown
启用network
systemctl unmask network
[root@localhost getty.target.wants]# systemctl unmask network.service
Removed symlink /etc/systemd/system/network.service.
[root@localhost getty.target.wants]# systemctl enable network
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network on
运行级别
target units:
unit配置文件: .target
ls /usr/lib/systemd/system/*.target
systemctl list-unit-files --type target --all
[root@localhost getty.target.wants]# ls /usr/lib/systemd/system
abrt-ccpp.service proc-sys-fs-binfmt_misc.automount
abrtd.service proc-sys-fs-binfmt_misc.mount
abrt-oops.service psacct.service
abrt-pstoreoops.service quotaon.service
abrt-vmcore.service rc-local.service
abrt-xorg.service rdisc.service
arp-ethers.service rdma.service
atd.service reboot.target
auditd.service reboot.target.wants
[email protected] remote-fs-pre.target
basic.target remote-fs.target
basic.target.wants rescue.service
blk-availability.service rescue.target
bluetooth.target rescue.target.wants
[root@localhost getty.target.wants]# systemctl list-unit-files --type target -a
UNIT FILE STATE
basic.target static
bluetooth.target static
cryptsetup-pre.target static
cryptsetup.target static
ctrl-alt-del.target disabled
cvs.target static
default.target enabled
emergency.target static
final.target static
getty.target static
graphical.target static
halt.target disabled
hibernate.target static
hybrid-sleep.target static
initrd-fs.target static
initrd-root-fs.target static
initrd-switch-root.target static
initrd.target static
iprutils.target disabled
级别切换: init N ==> systemctl isolate name.target
systemctl isolate multi-user.target
注: 只有/lib/systemd/system/*.target文件中AllowIsolate=yes 才能切换(修改文件需执行systemctl daemonreload才能生效)
查看target:
runlevel ; who -r
systemctl list-units --type target
[root@localhost getty.target.wants]# who -r
run-level 3 2017-07-12 18:48
[root@localhost getty.target.wants]# systemctl list-units --type target
UNIT LOAD ACTIVE SUB DESCRIPTION
basic.target loaded active active Basic System
bluetooth.target loaded active active Bluetooth
cryptsetup.target loaded active active Encrypted Volumes
getty.target loaded active active Login Prompts
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
multi-user.target loaded active active Multi-User System
network-online.target loaded active active Network is Online
network.target loaded active active Network
paths.target loaded active active Paths
remote-fs.target loaded active active Remote File Systems
slices.target loaded active active Slices
sockets.target loaded active active Sockets
sound.target loaded active active Sound Card
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
timers.target loaded active active Timers
获取默认运行级别:
/etc/inittab ==> systemctl get-default
[root@localhost getty.target.wants]# systemctl get-default
multi-user.target
修改默认级别:
/etc/inittab ==> systemctl set-default name.target
systemctl set-default multi-user.target
ls –l /etc/systemd/system/default.target
切换至紧急救援模式:
systemctl rescue
切换至emergency模式:
systemctl emergency
其它常用命令:
传统命令init, poweroff, halt, reboot都成为systemctl的软链接
关机: systemctl halt、 systemctl poweroff
重启: systemctl reboot
挂起: systemctl suspend
休眠: systemctl hibernate
休眠并挂起: systemctl hybrid-sleep
[root@localhost getty.target.wants]# ls -l /sbin/{init,poweroff,halt,reboot}
lrwxrwxrwx. 1 root root 16 Jul 13 16:10 /sbin/halt -> ../bin/systemctl
lrwxrwxrwx. 1 root root 22 Jul 13 16:10 /sbin/init -> ../lib/systemd/systemd
lrwxrwxrwx. 1 root root 16 Jul 13 16:10 /sbin/poweroff -> ../bin/systemctl
lrwxrwxrwx. 1 root root 16 Jul 13 16:10 /sbin/reboot -> ../bin/systemctl
CentOS7引导顺序
service unit文件格式
/etc/systemd/system:系统管理员和用户使用
/usr/lib/systemd/system:发行版打包者使用
以 “#” 开头的行后面的内容会被认为是注释
相关布尔值, 1、 yes、 on、 true 都是开启, 0、 no、 off、false 都是关闭
时间单位默认是秒,所以要用毫秒(ms)分钟(m)等须显式说明
service unit file文件组成
[Unit]:定义与Unit类型无关的通用选项;用于提供unit的描述信息、 unit行为及依赖关系等
[Service]:与特定类型相关的专用选项;此处为Service类型
[Install]:定义由“systemctl enable”以及"systemctl disable“命令在实现服务启用或禁用时用到的一些选项
Unit段的常用选项:
Description:描述信息
After:定义unit的启动次序,表示当前unit应该晚于哪些unit启动,其功能与Before相反
Requires:依赖到的其它units,强依赖,被依赖的units无法激活时,当前unit也无法激活
Wants:依赖到的其它units,弱依赖
Conflicts:定义units间的冲突关系
Service段的常用选项:
Type:定义影响ExecStart及相关参数的功能的unit进程启动类型
simple:默认值,这个daemon主要由ExecStart接的指令串来启动,启动后常驻于内存中
forking:由ExecStart启动的程序透过spawns延伸出其他子程序来作为此daemon的主要服务。原生父程序在启动结束后就会终止
oneshot:与simple类似,不过这个程序在工作完毕后就结束了,不会常驻在内存中
dbus:与simple类似,但这个daemon必须要在取得一个D-Bus的名称后,才会继续运作.因此通常也要同时设定BusNname= 才行
notify:在启动完成后会发送一个通知消息。还需要配合NotifyAccess 来让 Systemd 接收消息
idle:与simple类似,要执行这个daemon必须要所有的工作都顺利执行完毕后才会执行。这类的daemon通常是开机到最后才执行即可的服务
EnvironmentFile:环境配置文件
ExecStart:指明启动unit要运行命令或脚本的绝对路径
ExecStartPre: ExecStart前运行
ExecStartPost: ExecStart后运行
ExecStop:指明停止unit要运行的命令或脚本
Restart:当设定Restart=1 时,则当次daemon服务意外终止后,会再次自动启动此服务
Install段的常用选项:
Alias:别名,可使用systemctl command Alias.service
RequiredBy:被哪些units所依赖,强依赖
WantedBy:被哪些units所依赖,弱依赖
Also:安装本服务的时候还要安装别的相关服务
注意:对于新创建的unit文件,或者修改了的unit文件,要通知systemd重载此配置文件,而后可以选择重启
systemctl daemon-reload
设置内核参数
设置内核参数,只影响当次启动
启动时,在linux16行后添加systemd.unit=desired.target
systemd.unit=emergency.target
systemd.unit=recure.target
recure.target 比emergency 支持更多的功能,例如日志等
启动排错
文件系统损坏
先尝试自动修复,失败则进入emergency shell,提示用户修复
在/etc/fstab不存在对应的设备和UUID
等一段时间,如不可用,进入emergency shell
在/etc/fstab不存在对应挂载点
systemd 尝试创建挂载点,否则提示进入emergency shell.
在/etc/fstab不正确的挂载选项
提示进入emergency shell
破解CentOS7的root口令
方法1
启动时任意键暂停启动
按e键进入编辑模式
将光标移动linux16开始的行,添加内核参数rd.break
按ctrl-x启动
mount –o remount,rw /sysroot
chroot /sysroot
passwd root
touch /.autorelabel
exit
reboot
方法2
启动时任意键暂停启动
按e键进入编辑模式
将光标移动linux16开始的行,改为rw init=/sysroot/bin/sh
按ctrl-x启动
chroot /sysroot
passwd root
touch /.autorelabel
exit
reboot
修复GRUB2
GRUB“the Grand Unified Bootloader”
引导提示时可以使用命令行界面
可从文件系统引导
主要配置文件 /boot/grub2/grub.cfg
修复配置文件
grub2-mkconfig > /boot/grub2/grub.cfg
修复grub
grub2-install /dev/sda BIOS环境
grub2-install UEFI环境
调整默认启动内核
vim /etc/default/grub
GRUB_DEFAULT=0