systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management systemd and config management Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf systemd.conf November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015 November 6, 2015
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
systemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config managementsystemd and config management
• Sysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.eu
• FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004• systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010systemd user since 2010
IntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionLicensed under a Creative Commons Attribution-2.0 License
The A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMSThe A of C(L)AMS
• AAAAAAAAAAAAAAAAAutomation reduces human mistakes• CCCCCCCCCCCCCCCCContinuous Integration/Delivery• RRRRRRRRRRRRRRRRReproducable build• RRRRRRRRRRRRRRRRReproducable infrastructure• Infrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as Code
Infrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as CodeInfrastructure as Code
• AAAAAAAAAAAAAAAAAutomate your infrastructure with code• MMMMMMMMMMMMMMMMModel your infrastructure• MMMMMMMMMMMMMMMMMonitoring, security, applications andbackups are part of the process
• SSSSSSSSSSSSSSSSScripts are not IaC
IaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practicesIaC best practices
• RRRRRRRRRRRRRRRRRun tests against that code• PPPPPPPPPPPPPPPPPut it under version control• DDDDDDDDDDDDDDDDDeploy with CI/CD: dev, uat, prodenvironments…
Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?Which world is this?
• LLLLLLLLLLLLLLLLLinux distributions are different• IIIIIIIIIIIIIIIIInit systems, File hierarchy• EEEEEEEEEEEEEEEEEven between different releases of the samedistro
• CCCCCCCCCCCCCCCCConfiguration manegement tools try toabstract that
systemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picturesystemd in that picture
what people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people seewhat people see
• bbbbbbbbbbbbbbbbbefore: distinction between distributions• nnnnnnnnnnnnnnnnnow: distinction between distributions andsystemd or not
• tttttttttttttttttomorrow: it will be hard to provide the allthe features of systemd to old distros
systemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distrossystemd hit majors distros
• RRRRRRRRRRRRRRRRReaching Debian Stable and RHEL 7• CCCCCCCCCCCCCCCCConfig management needs to learn it• IIIIIIIIIIIIIIIIIt brings lots of new patterns
• SSSSSSSSSSSSSSSSServices are basic resources in traditional IT• sssssssssssssssssystemd changes a lot of things in that area• ssssssssssssssssservices are now part of the "units" concept
• WWWWWWWWWWWWWWWWWritten from scratch or templates• DDDDDDDDDDDDDDDDDifferent patterns• SSSSSSSSSSSSSSSSSometimes very long, hard to read
Changing old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scriptsChanging old init scripts
Here is the rule:Packaged files go in /lib. Config
management tools override in /etc.
No conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor filesNo conflict with vendor files
• CCCCCCCCCCCCCCCCCan be overriden in /etc/systemd/system• NNNNNNNNNNNNNNNNNot afraid of package updates• PPPPPPPPPPPPPPPPPartial override possible
daemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetdaemon-reload in Puppetfile {
Prevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to startPrevent a service to start
• CCCCCCCCCCCCCCCCClassic init allows to disable services• CCCCCCCCCCCCCCCCConfigmgmt tools do not care• ccccccccccccccccchmod 000 /etc/init.d/mysqld
• sssssssssssssssssystemctl daemon-reload• DDDDDDDDDDDDDDDDDone. It can't be started anymore
masking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppetmasking in Puppet
tmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemdtmpfiles before systemd
/usr/sbin/tmpwatch "$flags" 30d /var/tmpfor d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/
cat?}; doif [ −d "$d" ]; then
/usr/sbin/tmpwatch "$flags" −f 30d "$d"fi
done
tmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemd
tmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemdtmpfiles with systemd
• AAAAAAAAAAAAAAAAAgain, simple text files• CCCCCCCCCCCCCCCCCan be overwritten in /etc• YYYYYYYYYYYYYYYYYet another command to launch
tmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppettmpfiles with systemd and Puppetaugeas {
TimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersTimersLicensed under a Creative Commons Attribution 2.0 License
• NNNNNNNNNNNNNNNNNo one reads those mails• DDDDDDDDDDDDDDDDDo not keep track of exit code• HHHHHHHHHHHHHHHHHard to read that crontab• HHHHHHHHHHHHHHHHHow to reproduce the script?
• DDDDDDDDDDDDDDDDDescribe the job in a service file• AAAAAAAAAAAAAAAAAdd a timer file• EEEEEEEEEEEEEEEEEnable/start the timer service
Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?Why is it better?
• EEEEEEEEEEEEEEEEEasy to reproduce (launch the service unit)• LLLLLLLLLLLLLLLLLogs go to the journal, isolated by unit• AAAAAAAAAAAAAAAAAll the advantages of systemd units
NetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingNetworkingLicensed under a Creative Commons Attribution-ShareAlike 2.0 License
systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…systemd is complex…
• IIIIIIIIIIIIIIIIIt drags in a bunch of new pattern• IIIIIIIIIIIIIIIIIt supports a lot of scenarios• IIIIIIIIIIIIIIIIIt can do really advanced things
…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks…but based on simple bricks
• IIIIIIIIIIIIIIIIIni-like file format• EEEEEEEEEEEEEEEEEasy to read, to change• CCCCCCCCCCCCCCCCConfig management tools have all the basebricks to manage that
There are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprisesThere are surprises
You need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rulesYou need to know the rules
• TTTTTTTTTTTTTTTTTake time to learn how this works• TTTTTTTTTTTTTTTTThere is a gap between systemd devs andsysadmins
• TTTTTTTTTTTTTTTTThere are new non-obvious patterns forsysadmins
• CCCCCCCCCCCCCCCCChef goes a lot further• hhhhhhhhhhhhhhhhhttps://github.com/nathwill/chef-systemd
A Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gapsA Story of gaps
• Gap between systemd and configmgmttools
• Gap between systemd community andcfgmgmt tools community