Systemd

Systemd 的简介和特点

   Systemd 是 Linux 系统中最新的初始化系统(init),它主要的设计目标是克服 sysvinit 固有的缺点,提高系统的启动速度。系统启动和服务器守护进程管理器,负责在系统启动或运行时,激活系统资源,服务器进程和其它进程,向下兼容,但是效率没有systemd高。

      Systemd新特性:

       系统引导时实现服务并行启动

       按需启动守护进程

       自动化的服务依赖关系管理

        同时采用socket式与D-Bus总线式激活服务

       系统状态快照  

[root@localhost ~]# pstree
systemd─┬─NetworkManager─┬─2*[dhclient]
        │                ├─teamd
        │                └─2*[{NetworkManager}]
        ├─abrt-watch-log
        ├─abrtd
        ├─agetty
        ├─auditd───{auditd}
        ├─crond
        ├─dbus-daemon───{dbus-daemon}
        ├─firewalld───{firewalld}
        ├─httpd───5*[httpd]
        ├─irqbalance
        ├─lvmetad
        ├─master─┬─pickup
        │        └─qmgr
        ├─polkitd───5*[{polkitd}]
        ├─rpcbind
        ├─rsyslogd───2*[{rsyslogd}]

Systemd_第1张图片

wKiom1lsqQuAFLYHAABNNgTaqyY779.png

systemd提供了并发启动能力,开机不会启动所有服务,按需激活的方式,提高了启动速度。

核心概念: unit

     unit表示不同类型的systemd对象,通过配置文件进行标识和配置;文件中主要包含了系统服务、监听socket、保存的系统快照以及其它与init相关的信息

      配置文件:

/usr/lib/systemd/system:每个服务最主要的启动脚本设置,类似于之前的/etc/init.d/

/run/systemd/system:系统执行过程中所产生的服务脚本,比上面目录优先运行

/etc/systemd/system:管理员建立的执行脚本,类似于/etc/rc.d/rcN.d/Sxx类的功能,比上面目录优先运行

     Unit类型

          service unit:扩展名为 .service

               不需要执行权限,只是配置文件,用于定义系统服务

          target unit   : 扩展名为  . target

                用于模拟实现"运行级别"

          Divice unit   :  .divice  

               用于定义内核识别的设备

          Mount unit    :  .mount

                 定义文件系统挂载点

          Socket unit: .socket

            用于标识进程间通信用的socket文件,也可在系统启动时,延迟启动服务,实现按需启动

          Snapshot unit: .snapshot,

                管理系统快照

          Swap unit: .swap,

                用于标识swap设备

          Automount unit: .automount,

                文件系统的自动挂载点

         Automount unit: .automount,

                文件系统的自动挂载点

       Path unit: .path,

             用于定义文件系统中的一个文件或目录使用,常用于当文件系统变化时,延迟激活服务,如: spool 目录

特性

 

  关键特性:

          基于socket的激活机制: socket与服务程序分离

      #为每个服务预先创建激活socket,systemd监听对应socket,当需要使用时启动服务

        基于d-bus的激活机制:

        基于device的激活机制:

        基于path的激活机制:

        系统快照:保存各unit的当前状态信息于持久存储设备中 

        向后兼容sysv init脚本(在cenos7上不建议init级别和init切换运行级别)

不兼容:

        systemctl命令固定不变,不可扩展

        非由systemd启动的服务, systemctl无法与之通信和控制

   系统服务不会读取标准输入流,系统服务启动不会读取任何用户环境变量,服务中需要使用绝对路径超过5分钟,就会强制退出

管理系统服务:

    

    CentOS 7: service unit

    注意:能兼容早期的服务脚本

命令: systemctl COMMAND name.service
启动: service name start ==> systemctl start name.service
停止: service name stop ==> systemctl stop name.service
重启: service name restart ==> systemctl restart name.service
状态: service name status ==> systemctl status name.service
条件式重启:已启动才重启,否则不做操作
service name condrestart ==> systemctl tryrestart name.service
重载或重启服务:先加载,再启动
systemctl reload-or-restart name.service
重载或条件式重启服务:
systemctl reload-or-try-restart name.service
禁止自动和手动启动:
systemctl mask name.service
取消禁止:
systemctl unmask name.service

查看活动服务

    查看某服务当前激活与否的状态:

    systemctl is-active name.service

    

[root@localhost system]# systemctl list-units
  UNIT                                LOAD   ACTIVE SUB       DESCRIPTION
  proc-sys-fs-binfmt_misc.automount   loaded active waiting   Arbitrary Executable File Formats Fi
  sys-devices-pci0000:00-0000:00:07.1-ata2-host1-target1:0:0-1:0:0:0-block-sr0.device loaded activ
  sys-devices-pci0000:00-0000:00:10.0-host2-target2:0:0-2:0:0:0-block-sda-sda1.device loaded activ
  sys-devices-pci0000:00-0000:00:10.0-host2-target2:0:0-2:0:0:0-block-sda-sda2.device loaded acti

查看激活服务

         systemctl list-units --type|-t service

[root@localhost system]# systemctl list-units --type service

  查看所有服务:

        systemctl list-units --type service –all|-a

[root@localhost system]# systemctl list-units --type service all

  chkconfig命令的对应关系:

           设定某服务开机自启:

               chkconfig name on ==> systemctl enable name.service

          设定某服务开机禁止启动:

               chkconfig name off ==> systemctl disable name.service

          查看所有服务的开机自启状态:

               chkconfig --list ==> systemctl list-unit-files --type service

 列出该服务在哪些运行级别下启用和禁用

    ls /etc/systemd/system/*.wants/sshd.service

[root@localhost system]# ls /etc/systemd/system/
basic.target.wants                           default.target.wants
dbus-org.fedoraproject.FirewallD1.service    getty.target.wants
dbus-org.freedesktop.ModemManager1.service   multi-user.target.wants
dbus-org.freedesktop.NetworkManager.service  sockets.target.wants
dbus-org.freedesktop.nm-dispatcher.service   sysinit.target.wants
default.target                               system-update.target.wants

 查看服务是否开机自启:

           systemctl is-enabled name.service

[root@localhost system]# systemctl is-enabled sshd.service
enabled
[root@localhost system]# systemctl is-enabled network.service
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network --level=5
enabled

 查看服务的依赖关系:

        systemctl list-dependencies name.service

[root@localhost system]# systemctl list-dependencies network.service
network.service
● ├─system.slice
● ├─basic.target
● │ ├─firewalld.service
● │ ├─microcode.service
● │ ├─rhel-autorelabel-mark.service
[root@localhost system]# systemctl list-dependencies emergency.service
emergency.service
● ├─-.mount
● └─system.slice

 杀掉进程:

    systemctl kill 进程名

服务状态

systemctl list-unit-files --type service --all显示状态

     loaded:Unit配置文件已处理

 

     active(running):一次或多次持续处理的运行

     active(exited):成功完成一次性的配置

     active(waiting):运行中,等待一个事件

     inactive:不运行

     enabled:开机启动

     disabled:开机不启动

     static:开机不启动,但可被另一个启用的服务激活

systemctl 命令示例

显示所有单元状态

    systemctl 或 systemctl list-units

[root@localhost getty.target.wants]# systemctl list-units 
 sys-subsystem-rfkill-devices-rfkill1.device loaded active plugged   /sys/subsystem/rfkill/device
  -.mount                             loaded active mounted   /
  app.mount                           loaded active mounted   /app
  boot.mount                          loaded active mounted   /boot
  dev-hugepages.mount                 loaded active mounted   Huge Pages File System
  dev-mqueue.mount                    loaded active mounted   POSIX Message Queue File System
  home.mount                          loaded active mounted   /home
  mnt.mount                           loaded active mounted   /mnt
  run-user-0.mount                    loaded active mounted   /run/user/0

只显示服务单元的状态

    systemctl --type=service

[root@localhost getty.target.wants]# systemctl --type=service
  UNIT                               LOAD   ACTIVE SUB     DESCRIPTION
  abrt-ccpp.service                  loaded active exited  Install ABRT coredump hook
  abrt-oops.service                  loaded active running ABRT kernel log watcher
  abrtd.service                      loaded active running ABRT Automated Bug Reporting Tool
  auditd.service                     loaded active running Security Auditing Service
  crond.service                      loaded active running Command Scheduler
  dbus.service                       loaded active running D-Bus System Message Bus
  firewalld.service                  loaded active running firewalld - dynamic firewall daemon
  [email protected]                 loaded active running Getty on tty1
  httpd.service                      loaded active running The Apache HTTP Server

 显示sshd服务单元

    systemctl status sshd.service –l

[root@localhost getty.target.wants]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-07-14 09:39:24 CST; 6h ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 68544 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─68544 /usr/sbin/httpd -DFOREGROUND
           ├─68545 /usr/sbin/httpd -DFOREGROUND
           ├─68546 /usr/sbin/httpd -DFOREGROUND
           ├─68547 /usr/sbin/httpd -DFOREGROUND
           ├─68548 /usr/sbin/httpd -DFOREGROUND
           └─68549 /usr/sbin/httpd -DFOREGROUND
Jul 14 09:39:23 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Jul 14 09:39:24 localhost.localdomain httpd[68544]: AH00558: httpd: Could not reliably determ...ge
Jul 14 09:39:24 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

 验证sshd服务当前是否活动

    systemctl is-active sshd

[root@localhost getty.target.wants]# systemctl is-active sshd
active
[root@localhost getty.target.wants]# systemctl is-active httpd
active

  启动,停止和重启sshd服务

    systemctl start sshd.service
    systemctl stop sshd.service

    systemctl restart sshd.service

[root@localhost getty.target.wants]# systemctl restart httpd
[root@localhost getty.target.wants]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-07-14 15:47:48 CST; 9s ago

  

重新加载配置

    systemctl reload sshd.service

   用于修改配置文件后修改

[root@localhost getty.target.wants]# systemctl reload sshd.service &&echo $?
0

列出活动状态的所有服务单元

    systemctl list-units --type=service

root@localhost getty.target.wants]# systemctl list-units --type service
  UNIT                               LOAD   ACTIVE SUB     DESCRIPTION
  abrt-ccpp.service                  loaded active exited  Install ABRT coredump hook
  abrt-oops.service                  loaded active running ABRT kernel log watcher

列出所有服务单元

      systemctl list-units --type=service --all

[root@localhost getty.target.wants]# systemctl list-units --type service -a
  UNIT                                LOAD      ACTIVE   SUB     DESCRIPTION
  abrt-ccpp.service                   loaded    active   exited  Install ABRT coredump hook
  abrt-oops.service

查看服务单元的启用和禁用状态

     systemctl list-unit-files --type=service

[root@localhost getty.target.wants]# systemctl list-unit-files --type service
UNIT FILE                                     STATE   
abrt-ccpp.service                             enabled
abrt-oops.service                             enabled
abrt-pstoreoops.service                       disabled
abrt-vmcore.service                           enabled
abrt-xorg.service                             enabled
abrtd.service                                 enabled
arp-ethers.service                            disabled
atd.service                                   enabled
auditd.service                                enabled
[email protected]                               enabled
blk-availability.service                      disabled
brandbot.service                              static 
chrony-dn***[email protected]                        static
[root@localhost getty.target.wants]# systemctl list-unit-files --type service |grep enabled
abrt-ccpp.service                             enabled
abrt-oops.service                             enabled
abrt-vmcore.service                           enabled

列出失败的服务

      systemctl --failed --type=service

[root@localhost getty.target.wants]# systemctl --failed --type service
  UNIT          LOAD   ACTIVE SUB    DESCRIPTION
● kdump.service loaded failed failed Crash recovery kernel arming
LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

列出依赖的单元

     systemctl list-dependencies sshd

[root@localhost getty.target.wants]# systemctl list-dependencies sshd
sshd.service
● ├─sshd-keygen.service
● ├─system.slice
● └─basic.target
●   ├─firewalld.service
●   ├─microcode.service
●   ├─rhel-autorelabel-mark.service
●   ├─rhel-autorelabel.service
●   ├─rhel-configure.service
●   ├─rhel-dmesg.service

验证sshd服务是否开机启动

     systemctl is-enabled sshd

[root@localhost getty.target.wants]# systemctl is-enabled sshd
enabled

禁用network,使之不能自动启动,但手动可以

     systemctl disable network

[root@localhost getty.target.wants]# systemctl disable network
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network off
[root@localhost getty.target.wants]# systemctl is-enabled network
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network --level=5
disabled

启用network

      systemctl enable network

[root@localhost getty.target.wants]# systemctl is-enabled network
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network --level=5
enabled

禁用network,使之不能手动或自动启动

          systemctl mask network

[root@localhost getty.target.wants]# systemctl mask network
Created symlink from /etc/systemd/system/network.service to /dev/null.
[root@localhost getty.target.wants]# systemctl enable network
Failed to execute operation: Cannot send after transport endpoint shutdown

启用network

          systemctl unmask network

[root@localhost getty.target.wants]# systemctl unmask network.service
Removed symlink /etc/systemd/system/network.service.
[root@localhost getty.target.wants]# systemctl enable network
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network on

运行级别

      target units:

unit配置文件: .target

ls /usr/lib/systemd/system/*.target
systemctl list-unit-files --type target --all
[root@localhost getty.target.wants]# ls /usr/lib/systemd/system
abrt-ccpp.service                       proc-sys-fs-binfmt_misc.automount
abrtd.service                           proc-sys-fs-binfmt_misc.mount
abrt-oops.service                       psacct.service
abrt-pstoreoops.service                 quotaon.service
abrt-vmcore.service                     rc-local.service
abrt-xorg.service                       rdisc.service
arp-ethers.service                      rdma.service
atd.service                             reboot.target
auditd.service                          reboot.target.wants
[email protected]                         remote-fs-pre.target
basic.target                            remote-fs.target
basic.target.wants                      rescue.service
blk-availability.service                rescue.target
bluetooth.target                        rescue.target.wants
[root@localhost getty.target.wants]# systemctl list-unit-files --type target -a
UNIT FILE                 STATE   
basic.target              static 
bluetooth.target          static 
cryptsetup-pre.target     static 
cryptsetup.target         static 
ctrl-alt-del.target       disabled
cvs.target                static 
default.target            enabled
emergency.target          static 
final.target              static 
getty.target              static 
graphical.target          static 
halt.target               disabled
hibernate.target          static 
hybrid-sleep.target       static 
initrd-fs.target          static 
initrd-root-fs.target     static 
initrd-switch-root.target static 
initrd.target             static 
iprutils.target           disabled

级别切换: init N ==> systemctl isolate name.target

                  systemctl isolate multi-user.target

注: 只有/lib/systemd/system/*.target文件中AllowIsolate=yes 才能切换(修改文件需执行systemctl daemonreload才能生效)

      查看target:

runlevel ; who -r

systemctl list-units --type target

[root@localhost getty.target.wants]# who -r
         run-level 3  2017-07-12 18:48
[root@localhost getty.target.wants]# systemctl list-units --type target
UNIT                  LOAD   ACTIVE SUB    DESCRIPTION
basic.target          loaded active active Basic System
bluetooth.target      loaded active active Bluetooth
cryptsetup.target     loaded active active Encrypted Volumes
getty.target          loaded active active Login Prompts
local-fs-pre.target   loaded active active Local File Systems (Pre)
local-fs.target       loaded active active Local File Systems
multi-user.target     loaded active active Multi-User System
network-online.target loaded active active Network is Online
network.target        loaded active active Network
paths.target          loaded active active Paths
remote-fs.target      loaded active active Remote File Systems
slices.target         loaded active active Slices
sockets.target        loaded active active Sockets
sound.target          loaded active active Sound Card
swap.target           loaded active active Swap
sysinit.target        loaded active active System Initialization
timers.target         loaded active active Timers

获取默认运行级别:

               /etc/inittab ==> systemctl get-default

[root@localhost getty.target.wants]# systemctl get-default
multi-user.target

修改默认级别:

    /etc/inittab ==> systemctl set-default name.target

    systemctl set-default multi-user.target

    ls –l /etc/systemd/system/default.target

 

切换至紧急救援模式:

          systemctl rescue

切换至emergency模式:

          systemctl emergency

其它常用命令:

传统命令init, poweroff, halt, reboot都成为systemctl的软链接

    关机: systemctl halt、 systemctl poweroff

    重启: systemctl reboot

    挂起: systemctl suspend

    休眠: systemctl hibernate

    休眠并挂起: systemctl hybrid-sleep

[root@localhost getty.target.wants]# ls -l /sbin/{init,poweroff,halt,reboot}
lrwxrwxrwx. 1 root root 16 Jul 13 16:10 /sbin/halt -> ../bin/systemctl
lrwxrwxrwx. 1 root root 22 Jul 13 16:10 /sbin/init -> ../lib/systemd/systemd
lrwxrwxrwx. 1 root root 16 Jul 13 16:10 /sbin/poweroff -> ../bin/systemctl
lrwxrwxrwx. 1 root root 16 Jul 13 16:10 /sbin/reboot -> ../bin/systemctl

CentOS7引导顺序

Systemd_第2张图片

 

service unit文件格式

  /etc/systemd/system:系统管理员和用户使用

  /usr/lib/systemd/system:发行版打包者使用          

    以 “#” 开头的行后面的内容会被认为是注释

    相关布尔值, 1、 yes、 on、 true 都是开启, 0、 no、 off、false 都是关闭

    时间单位默认是秒,所以要用毫秒(ms)分钟(m)等须显式说明

service unit file文件组成

[Unit]:定义与Unit类型无关的通用选项;用于提供unit的描述信息、 unit行为及依赖关系等

[Service]:与特定类型相关的专用选项;此处为Service类型

[Install]:定义由“systemctl enable”以及"systemctl disable“命令在实现服务启用或禁用时用到的一些选项

    Unit段的常用选项:

 Description:描述信息

 After:定义unit的启动次序,表示当前unit应该晚于哪些unit启动,其功能与Before相反

 Requires:依赖到的其它units,强依赖,被依赖的units无法激活时,当前unit也无法激活

 Wants:依赖到的其它units,弱依赖

 Conflicts:定义units间的冲突关系

   Service段的常用选项

 Type:定义影响ExecStart及相关参数的功能的unit进程启动类型

simple:默认值,这个daemon主要由ExecStart接的指令串来启动,启动后常驻于内存中

forking:由ExecStart启动的程序透过spawns延伸出其他子程序来作为此daemon的主要服务。原生父程序在启动结束后就会终止

oneshot:与simple类似,不过这个程序在工作完毕后就结束了,不会常驻在内存中

dbus:与simple类似,但这个daemon必须要在取得一个D-Bus的名称后,才会继续运作.因此通常也要同时设定BusNname= 才行

notify:在启动完成后会发送一个通知消息。还需要配合NotifyAccess 来让 Systemd 接收消息

idle:与simple类似,要执行这个daemon必须要所有的工作都顺利执行完毕后才会执行。这类的daemon通常是开机到最后才执行即可的服务

    EnvironmentFile:环境配置文件

 ExecStart:指明启动unit要运行命令或脚本的绝对路径

 ExecStartPre: ExecStart前运行

 ExecStartPost: ExecStart后运行

 ExecStop:指明停止unit要运行的命令或脚本

 Restart:当设定Restart=1 时,则当次daemon服务意外终止后,会再次自动启动此服务

    Install段的常用选项:

Alias:别名,可使用systemctl command Alias.service
RequiredBy:被哪些units所依赖,强依赖
WantedBy:被哪些units所依赖,弱依赖

Also:安装本服务的时候还要安装别的相关服务

注意:对于新创建的unit文件,或者修改了的unit文件,要通知systemd重载此配置文件,而后可以选择重启

    systemctl daemon-reload

设置内核参数

设置内核参数,只影响当次启动
 启动时,在linux16行后添加systemd.unit=desired.target
 systemd.unit=emergency.target
 systemd.unit=recure.target

 recure.target 比emergency 支持更多的功能,例如日志等

启动排错

           文件系统损坏

先尝试自动修复,失败则进入emergency shell,提示用户修复

 在/etc/fstab不存在对应的设备和UUID

等一段时间,如不可用,进入emergency shell

 在/etc/fstab不存在对应挂载点

systemd 尝试创建挂载点,否则提示进入emergency shell.

 在/etc/fstab不正确的挂载选项

提示进入emergency shell

破解CentOS7的root口令

    方法1

 启动时任意键暂停启动
 按e键进入编辑模式
 将光标移动linux16开始的行,添加内核参数rd.break
 按ctrl-x启动
 mount –o remount,rw /sysroot
 chroot /sysroot
 passwd root
 touch /.autorelabel
 exit

 reboot

   方法2

 启动时任意键暂停启动
 按e键进入编辑模式

 将光标移动linux16开始的行,改为rw init=/sysroot/bin/sh
 按ctrl-x启动
 chroot /sysroot
 passwd root

 touch /.autorelabel
 exit

 reboot

修复GRUB2

   GRUB“the Grand Unified Bootloader”

引导提示时可以使用命令行界面

可从文件系统引导

 主要配置文件 /boot/grub2/grub.cfg

 修复配置文件

grub2-mkconfig > /boot/grub2/grub.cfg

 修复grub

grub2-install /dev/sda BIOS环境

grub2-install UEFI环境

  调整默认启动内核

vim /etc/default/grub

GRUB_DEFAULT=0

 

你可能感兴趣的:(linux基础)