Skip to main content

Systemd

簡介

Linux 的各項服務管理一直都是用 SysV Init Script,Systemd 是新的管理工具,在 CentOS 7 開始已經有支援。

設定上比 SysV Init 簡單許多,指令的操作差異不大。

線上教學:

支援的 Linux:

  • CentOS 7+
  • Ubuntu 16.04+

其他類似應用:

  • Supervisor
    這個被使用在 Ubuntu 9.10,Mac OS X (10.4/10.5/10.6),Solaris (10 for Intel) 及 FreeBSD 6.1。系統環境需要有 Python 2.4,但不支援 Python 3。

相關目錄:

  • /etc/systemd/system 客製的服務啟動檔位置
  • /lib/systemd/system 內建系統的服務啟動檔位置

服務設定檔

/etc/systemd/system/backup.service

[Unit]
Description=Backup daemon

[Service]
Type=simple
ExecStart=/path/to/backup

[Install]
WantedBy=multi-user.target

TIP:

multi-user.target 這是表示 Run Level 3

更多資訊可以前往 http://0pointer.de/blog/projects/systemd-for-admins-3.html

新增一個服務設定檔

/etc/systemd/system/freepbx.service

[Unit]
Description=Freepbx
After=mariadb.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start
ExecStop=/usr/sbin/fwconsole stop
 
[Install]
WantedBy=multi-user.target

將服務設為自動啟用

systemctl enable freepbx

服務管理

啟動服務

# Reload Systemd
systemctl daemon-reload

# 啟動服務
systemctl start <service-name>

# 檢查服務狀態
systemctl status <service-name>
systemctl is-active <service-name> 
systemctl is-enabled <service-name>

# 關閉服務
systemctl stop <service-name>

# 啟用:自動啟動
systemctl enable <service-name>

# 關閉:自動啟動
systemctl disable <service-name>

# 列出設為自動啟用的服務
systemctl list-unit-files --type=service --state=enabled

檢視服務清單

# list active services
systemctl list-units --type=service

# List all the running systemd services
systemctl list-units --type=service --state=running

# List all loaded systemd services including the inactive ones
systemctl list-units --all --type=service

# List all the inactive systemd services
systemctl list-units --all --type=service --state=inactive

# List all the installed systemd services
systemctl list-unit-files --type=service

# List all systemd services that will be run at each boot automatically
systemctl list-unit-files --type=service --state=enabled

關機與開機

# Halt the system
systemctl halt

# Poeroff the system
systemctl poweroff

# Reboot the system
systemctl reboot

切換開機至命令或視窗模式

# Find which target unit is used by default
# GUI mode: graphical.target
# Text mode: multi-user.target
systemctl get-default

# To change boot target to the text mode
sudo systemctl set-default multi-user.target

# To change boot target to the GUI mode
sudo systemctl set-default graphical.target

 

Journalctl

檢視系統日誌

# view journal entries for time zones
journalctl --utc

# view only errors, warnings, etc in journal logs
# Error codes
# 0: emergency
# 1: alerts
# 2: critical
# 3: errors
# 4: warning
# 5: notice
# 6: info
# 7: debug
journalctl -p 0

# When you specify the error code, it shows all messages from that code and above. 
# For example, if you specify the below command, it shows all messages with priority 2, 1 and 0
journalctl -p 2

# view journal logs for a specific boot
journalctl --list-boots

# To view a specific boot number you the first number or the boot ID as below.
journalctl -b -45
journalctl -b 8bab42c7e82440f886a3f041a7c95b98

# You can also use -x switch which can add an explanation of the systemd 
# error messages in your display. This is a lifesaver in certain situations.
journalctl -xb -p 3

# view journal logs for a specific time, date duration
journalctl --since "2020-12-04 06:00:00"
journalctl --since "2020-12-03" --until "2020-12-05 03:00:00"
journalctl --since yesterday
journalctl --since 09:00 --until "1 hour ago"

# see Kernel specific journal logs
journalctl -k

# see journal logs for a service, PID
journalctl -u NetworkManager.service

# If you do not know the service name, you can use the below 
# command to list the systemd services in your system.
systemctl list-units --type=service

# view journal logs for a user, group
id -u debugpoint
journalctl _UID=1000 --since today

# view journal logs for an executable
journalctl /usr/bin/gnome-shell --since today

Application firewalls

An application firewall, unlike a gateway (router) or system level firewall, is meant to limit the networking of a single application. It can be used to prevent a compromised service from seeing into the local network, prevent programs from calling home, plug metadata leaks, or more tightly control a program’s network access.

The systemd firewall directives is built on Linux kernel features. The required Kernel features might not be enabled in your specific environment (especially when using a custom kernel or container). Testing is key, as it is with any network filter and security solution. You should always test to verify that your firewall set up blocks and allows the traffic you specify.

其他附屬指令

coredumpctl
# 列出系統所有 core dump
coredumpctl

# 列出指定 program 的 core dump
coredumpctl dump <program-name>

# 列出指定 PID
coredumpctl dump _PID=XXX

# 分析特定 core dump 的內容
coredumpctl gdb <PID>

# 預設 core dump files 路徑
/var/lib/systemd/coredump