Hey folks, do you know what I’m seeing ? My “/etc/inittab” has no command, no one !

[root@localhost ~]# head -1 /etc/inittab
# inittab is no longer used when using systemd.

We must understand that “systemd” is from now the tool we have to use …

systemd

Which release ?

[root@localhost ~]# systemctl --version
systemd 208
+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ

sshd example

I’m using an SSH session to acces to my Linux server, how ssd has been started ?

[root@localhost ~]# systemctl list-units -t service -all | head -1 ; systemctl list-units -t service -all | grep sshd
                    UNIT   LOAD     ACTIVE  SUB     DESCRIPTION
sshd-keygen.service loaded inactive dead    OpenSSH Server Key Generation
sshd.service        loaded active   running OpenSSH server daemon

My conclusion : “sshd” has been started  by “systemd” …

Here is the configuration file :

[root@localhost ~]# find /etc/systemd/system -name "sshd*" -ls
67786899 0 lrwxrwxrwx 1 root root 36 Nov 26 15:32 /etc/systemd/system/multi-user.target.wants/sshd.service -> /usr/lib/systemd/system/sshd.service

I display the contents :

[root@localhost ~]# cat /usr/lib/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target

How “sshd” has been started by “systemd” ?

[root@localhost ~]# systemd-analyze critical-chain sshd.service
The time after the unit is active or started is printed after the "@" character.
The time the unit takes to start is printed after the "+" character.
sshd.service @41.479s
└─network.target @41.471s
  └─network.service @31.417s +10.044s
    └─basic.target @31.415s
      └─paths.target @31.415s
        └─brandbot.path @31.414s
          └─sysinit.target @31.394s
            └─systemd-update-utmp.service @31.344s +48ms
              └─auditd.service @30.965s +372ms
                └─systemd-tmpfiles-setup.service @30.835s +124ms
                  └─rhel-import-state.service @30.542s +290ms
                    └─local-fs.target @30.540s
                      └─boot.mount @7.928s +22.609s
                        └─dev-disk-by\x2duuid-fa252476\x2d2558\x2d4c3d\x2d945b\x2de2481cf26d18.device @7.926s

“sshd” service has been started “After” both network.target and sshd-keygen.service (now dead)

Here the dependencies tree :

[root@localhost ~]# systemctl list-dependencies sshd.service
sshd.service
├─sshd-keygen.service
├─system.slice
└─basic.target
  ├─firewalld.service
  ├─microcode.service
  ├─rhel-autorelabel-mark.service
  ├─rhel-autorelabel.service
  ├─rhel-configure.service
  ├─rhel-dmesg.service
  ├─rhel-loadmodules.service
  ├─paths.target
  ├─slices.target
  │ ├─-.slice
  │ └─system.slice
  ├─sockets.target
  │ ├─dbus.socket
  │ ├─dm-event.socket
  │ ├─systemd-initctl.socket
  │ ├─systemd-journald.socket
  │ ├─systemd-shutdownd.socket
  │ ├─systemd-udevd-control.socket
  │ └─systemd-udevd-kernel.socket
  ├─sysinit.target
  │ ├─dev-hugepages.mount
  │ ├─dev-mqueue.mount
  │ ├─kmod-static-nodes.service
  │ ├─lvm2-lvmetad.socket
  │ ├─lvm2-monitor.service
  │ ├─plymouth-read-write.service
  │ ├─plymouth-start.service
  │ ├─proc-sys-fs-binfmt_misc.automount
  │ ├─sys-fs-fuse-connections.mount
  │ ├─sys-kernel-config.mount
  │ ├─sys-kernel-debug.mount
  │ ├─systemd-ask-password-console.path
  │ ├─systemd-binfmt.service
  │ ├─systemd-journal-flush.service
  │ ├─systemd-journald.service
  │ ├─systemd-modules-load.service
  │ ├─systemd-random-seed.service
  │ ├─systemd-sysctl.service
  │ ├─systemd-tmpfiles-setup-dev.service
  │ ├─systemd-tmpfiles-setup.service
  │ ├─systemd-udev-trigger.service
  │ ├─systemd-udevd.service
  │ ├─systemd-update-utmp.service
  │ ├─systemd-vconsole-setup.service
  │ ├─cryptsetup.target
  │ ├─local-fs.target
  │ │ ├─-.mount
  │ │ ├─boot.mount
  │ │ ├─rhel-import-state.service
  │ │ ├─rhel-readonly.service
  │ │ └─systemd-remount-fs.service
  │ └─swap.target
  │   ├─dev-centos-swap.swap
  │   ├─dev-disk-by\x2did-dm\x2dname\x2dcentos\x2dswap.swap
  │   ├─dev-disk-by\x2did-dm\x2duuid\x2dLVM\x2de2iuNTE9WXaMI9jCSzNwykXUT8Z7biV0L6F7DYvlQ7PsjUPtBrOBobJOw9qsmwXw.swap
  │   ├─dev-disk-by\x2duuid-2397216e\x2d4f52\x2d4c3c\x2dbe3f\x2de530b7292d78.swap
  │   ├─dev-dm\x2d1.swap
  │   ├─dev-mapper-centos\x2dswap.swap
  │   └─dev-mapper-centos\x2dswap.swap
  └─timers.target
    └─systemd-tmpfiles-clean.timer

How to display “sshd” event log ?

Stop “greping” lines in “/var/log/message*” files (“syslog” daemon), prefer “journalctl” :

[root@localhost ~]# journalctl $(which sshd)
-- Logs begin at Mon 2015-11-30 11:20:03 CET, end at Mon 2015-11-30 16:01:02 CET. --
Nov 30 11:20:57 localhost.localdomain sshd[1217]: Server listening on 0.0.0.0 port 22.
Nov 30 11:20:57 localhost.localdomain sshd[1217]: Server listening on :: port 22.
Nov 30 11:40:08 localhost.localdomain sshd[2361]: Accepted password for root from 192.168.1.34 port 51503 ssh2
Nov 30 11:40:08 localhost.localdomain sshd[2361]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 30 12:13:24 localhost.localdomain sshd[2361]: pam_unix(sshd:session): session closed for user root
Nov 30 13:52:37 localhost.localdomain sshd[2726]: Accepted password for root from 192.168.1.34 port 51144 ssh2
Nov 30 13:52:37 localhost.localdomain sshd[2726]: pam_unix(sshd:session): session opened for user root by (uid=0)

I can resume sshd.service knowledge in one command

[root@localhost ~]# systemctl status sshd
sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
   Active: active (running) since Mon 2015-11-30 11:20:57 CET; 5h 40min ago
 Main PID: 1217 (sshd)
   CGroup: /system.slice/sshd.service
           └─1217 /usr/sbin/sshd -D

Nov 30 11:20:57 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
Nov 30 11:20:57 localhost.localdomain sshd[1217]: Server listening on 0.0.0.0 port 22.
Nov 30 11:20:57 localhost.localdomain sshd[1217]: Server listening on :: port 22.
Nov 30 11:40:08 localhost.localdomain sshd[2361]: Accepted password for root from 192.168.1.34 port 51503 ssh2
Nov 30 13:52:37 localhost.localdomain sshd[2726]: Accepted password for root from 192.168.1.34 port 51144 ssh2
Nov 30 14:54:29 localhost.localdomain sshd[2787]: Accepted password for root from 192.168.1.34 port 54124 ssh2

System control group

Each service has its own cgroup.

Here are all control groups :

[root@localhost ~]# cat /proc/self/cgroup
10:hugetlb:/
9:perf_event:/
8:blkio:/
7:net_cls:/
6:freezer:/
5:devices:/
4:memory:/
3:cpuacct,cpu:/
2:cpuset:/
1:name=systemd:/user.slice/user-0.slice/session-6.scope

Display control group for sshd :

[root@localhost ~]# ps xawf -eo pid,user,cgroup,args | grep ssh[d]
 1217 root 1:name=systemd:/system.slic /usr/sbin/sshd -D
 2787 root 1:name=systemd:/user.slice/ \_ sshd: root@pts/0

Have a look in this pseudo filesystem, and read this file :

[root@localhost ~]# cat /sys/fs/cgroup/systemd/system.slice/sshd.service/tasks
1217

Create your own service

In this exmple, we will create a new service named “sshdcounter”. This service will count every second count “sshd” instances and write the value in “/tmp/sshdcounter.log”.

A simple example

Create your configuration file “/usr/lib/systemd/system/sshdcounter.service”

[root@localhost ~]# cat /usr/lib/systemd/system/sshdcounter.service
[Unit]
Description=a new systemd example : sshd processes counter
After=sshd.service

[Service]
ExecStart=/usr/local/bin/sshdcounter.sh

Create the exec file (here : “/usr/local/bin/sshdcounter.sh”)

This is a very simple loop script :

[root@localhost ~]# cat /usr/local/bin/sshdcounter.sh
#!/bin/bash
while :
do
  sleep 1
done

Start the service :

[root@localhost ~]# systemctl start sshdcounter.service

Is the service up ?

[root@localhost ~]# systemctl status sshdcounter.service
sshdcounter.service - a new systemd example : sshd processes counter
   Loaded: loaded (/usr/lib/systemd/system/sshdcounter.service; static)
   Active: active (running) since Wed 2015-12-02 11:19:04 CET; 57s ago
 Main PID: 2887 (sshdcounter.sh)
   CGroup: /system.slice/sshdcounter.service
           ├─2887 /bin/bash /usr/local/bin/sshdcounter.sh
           └─2945 sleep 1

Dec 02 11:19:04 localhost.localdomain systemd[1]: Starting a new systemd example : sshd processes counter...
Dec 02 11:19:04 localhost.localdomain systemd[1]: Started a new systemd example : sshd processes counter.

Is my script running ?

[root@localhost ~]# ps -ef | grep sshdcounter.s[h]
root 2887 1 0 11:19 ? 00:00:00 /bin/bash /usr/local/bin/sshdcounter.sh

Stop the service :

[root@localhost ~]# systemctl stop sshdcounter.service

The service is dead :

[root@localhost ~]# systemctl status sshdcounter.service
sshdcounter.service - a new systemd example : sshd processes counter
   Loaded: loaded (/usr/lib/systemd/system/sshdcounter.service; static)
   Active: inactive (dead)

Dec 02 11:05:36 localhost.localdomain systemd[1]: sshdcounter.service: main process exited, code=exited, status=203/EXEC
Dec 02 11:05:36 localhost.localdomain systemd[1]: Unit sshdcounter.service entered failed state.
Dec 02 11:07:37 localhost.localdomain systemd[1]: Starting a new systemd example : sshd processes counter...
Dec 02 11:07:37 localhost.localdomain systemd[1]: Started a new systemd example : sshd processes counter.
Dec 02 11:09:20 localhost.localdomain systemd[1]: Stopping a new systemd example : sshd processes counter...
Dec 02 11:09:20 localhost.localdomain systemd[1]: Stopped a new systemd example : sshd processes counter.
Dec 02 11:19:04 localhost.localdomain systemd[1]: Starting a new systemd example : sshd processes counter...
Dec 02 11:19:04 localhost.localdomain systemd[1]: Started a new systemd example : sshd processes counter.
Dec 02 11:32:42 localhost.localdomain systemd[1]: Stopping a new systemd example : sshd processes counter...
Dec 02 11:32:42 localhost.localdomain systemd[1]: Stopped a new systemd example : sshd processes counter.

And the script is not running anymore :

[root@localhost ~]# ps -ef | grep sshdcounter.s[h]

To enable this service for the next reboot

Add “Install” section in “/usr/lib/systemd/system/sshdcounter.service” configuration file :

[root@localhost ~]# cat /usr/lib/systemd/system/sshdcounter.service
[Unit]
Description=a new systemd example : sshd processes counter
After=sshd.service

[Service]
ExecStart=/usr/local/bin/sshdcounter.sh

[Install]
WantedBy=multi-user.target

Enable this service :

[root@localhost ~]# systemctl enable sshdcounter.service
 ln -s '/usr/lib/systemd/system/sshdcounter.service' '/etc/systemd/system/multi-user.target.wants/sshdcounter.service'

We reboot to valid :

root@localhost ~]# shutdown -r now

Yes, it works :

[root@pc60 ~]# systemctl status sshdcounter
sshdcounter.service - a new systemd example : sshd processes counter
   Loaded: loaded (/usr/lib/systemd/system/sshdcounter.service; enabled)
   Active: active (running) since Wed 2015-12-02 11:57:24 CET; 1min 8s ago
 Main PID: 1203 (sshdcounter.sh)
   CGroup: /system.slice/sshdcounter.service
           ├─1203 /bin/bash /usr/local/bin/sshdcounter.sh
           └─2441 sleep 1

Dec 02 11:57:24 pc60.home systemd[1]: Starting a new systemd example : sshd processes counter...
Dec 02 11:57:24 pc60.home systemd[1]: Started a new systemd example : sshd processes counter.

Now, kill this process :

[root@localhost ~]# pkill -e -f /usr/local/bin/sshdcounter.sh
sshdcounter.sh killed (pid 1203)

What’s append ?

The service has not be restarted :

[root@localhost ~]# ps -ef | grep sshdcounter.s[h]

To enable this service in “respawn” style

My service is running since the boot :

[root@localhost ~]# systemctl status sshdcounter.service | sed -n '1,/^$/p'
sshdcounter.service - a new systemd example : sshd processes counter
   Loaded: loaded (/usr/lib/systemd/system/sshdcounter.service; enabled)
   Active: active (running) since Thu 2015-12-03 11:37:25 CET; 3min 15s ago
 Main PID: 1202 (sshdcounter.sh)
   CGroup: /system.slice/sshdcounter.service
           ├─1202 /bin/bash /usr/local/bin/sshdcounter.sh
           └─2573 sleep 1

If you it to be automatically restarted (like we did using “respawn” instruction in legacy “/etc/inittab”), just add “Restart=always” (“[Service]” section) in “/usr/lib/systemd/system/sshdcounter.service” configuration file :

[root@localhost ~]# cat /usr/lib/systemd/system/sshdcounter.service
[Unit]
Description=a new systemd example : sshd processes counter
After=sshd.service

[Service]
ExecStart=/usr/local/bin/sshdcounter.sh
# I want this service to be automatically restarted :
Restart=always

[Install]
WantedBy=multi-user.target

Then, inform “sysmted” about those changes :

[root@localhost ~]# systemctl daemon-reload

If you kill the process :

[root@localhost ~]# pkill -e -f /usr/local/bin/sshdcounter.sh
sshdcounter.sh killed (pid 1202)

“systemd” restarts it immediately (of course, with a new PID !!!) :

[root@localhost ~]# systemctl status sshdcounter.service | sed -n '1,/^$/p'
sshdcounter.service - a new systemd example : sshd processes counter
   Loaded: loaded (/usr/lib/systemd/system/sshdcounter.service; enabled)
   Active: active (running) since Thu 2015-12-03 11:51:28 CET; 32s ago
 Main PID: 3241 (sshdcounter.sh)
   CGroup: /system.slice/sshdcounter.service
           ├─3241 /bin/bash /usr/local/bin/sshdcounter.sh
           └─3274 sleep 1

You can ask “systemd” to send a signal to your process, for example “kill” :

[root@localhost ~]# systemctl kill -s SIGKILL sshdcounter.service

A new restart occured :

[root@localhost ~]# systemctl status sshdcounter.service | grep "Main PID"
 Main PID: 3681 (sshdcounter.sh)

Limit the resource using “cgroup” features

Here are current values (no limit) :

[root@localhost ~]# systemctl show -p CPUShares,MemoryLimit,BlockIOWeight sshdcounter.service
CPUShares=1024
BlockIOWeight=1000
MemoryLimit=18446744073709551615

To restrict those values :

[root@localhost ~]# systemctl set-property sshdcounter.service CPUShares=128 BlockIOWeight=100 MemoryLimit=512M

Here are the new values :

[root@localhost ~]# systemctl show sshdcounter.service | egrep "CPUShares|MemoryLimit|BlockIOWeight"
CPUShares=128
BlockIOWeight=100
MemoryLimit=536870912

To get thoses values persistent across reboot :

[root@localhost ~]# systemctl daemon-reload

That creates this tree :

[root@localhost ~]# find /etc/systemd/system/sshdcounter.service.d -ls
 99817 0 drwxr-xr-x 2 root root 84 Dec 3 13:25 /etc/systemd/system/sshdcounter.service.d
237577 4 -rw-r--r-- 1 root root 24 Dec 3 13:25 /etc/systemd/system/sshdcounter.service.d/90-CPUShares.conf
237584 4 -rw-r--r-- 1 root root 32 Dec 3 13:25 /etc/systemd/system/sshdcounter.service.d/90-MemoryLimit.conf
237576 4 -rw-r--r-- 1 root root 28 Dec 3 13:25 /etc/systemd/system/sshdcounter.service.d/90-BlockIOWeight.conf

Here are current slices into the system :

[root@localhost ~]# systemctl list-units --type=slice --all
UNIT                         LOAD   ACTIVE   SUB    DESCRIPTION
-.slice                      loaded active   active Root Slice
system-getty.slice           loaded active   active system-getty.slice
system-lvm2\x2dpvscan.slice  loaded inactive dead   system-lvm2\x2dpvscan.slice
system-systemd\x2dfsck.slice loaded inactive dead   system-systemd\x2dfsck.slice
system.slice                 loaded active   active System Slice
user-0.slice                 loaded active   active user-0.slice
user.slice                   loaded active   active User and Session Slice

LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

7 loaded units listed.
To show all installed unit files use 'systemctl list-unit-files'.

To display the current slice for our service :

[root@localhost ~]# systemctl show -p Slice sshdcounter
Slice=system.slice

But, you want to change the slice, isn’t it ?

No problem, set “Slice=slice_name” in “[Service]” section in “/usr/lib/systemd/system/sshdcounter.service” :

[root@localhost ~]# cat /usr/lib/systemd/system/sshdcounter.service
[Unit]
Description=a new systemd example : sshd processes counter
After=sshd.service

[Service]
ExecStart=/usr/local/bin/sshdcounter.sh
# I want this service to be automatically restarted :
Restart=always
# here is my new slice (for cgroups)
Slice=user.slice

[Install]
WantedBy=multi-user.target

Update “systemd” :

[root@localhost ~]# systemctl daemon-reload

Your new slice :

[root@localhost ~]# systemctl show -p Slice sshdcounter
Slice=user.slice

The current service is still running in the old slice

[root@localhost ~]# systemctl status sshdcounter | grep CGroup
   CGroup: /system.slice/sshdcounter.service

After restart :

[root@localhost ~]# systemctl restart sshdcounter.service

The service is now running in “user.slice” slice :

[root@localhost ~]# systemctl status sshdcounter | grep CGroup
 CGroup: /user.slice/sshdcounter.service

You can even restrict CPU ; memory and I/O at slice level as follows :

[root@localhost ~]# systemctl set-property user.slice CPUShares=512 MemoryLimit=1G BlockIOWeight=500

Don’t forget to reload :

[root@localhost ~]# systemctl daemon-reload

 

PDF24    Send article as PDF   

8 thoughts on “CentOS 7, why my “/etc/inittab” is empty ?

  1. I know this if off topic but I’m looking at starting my own,
    personal weblog and was curious what all is needed to get put in place?
    I’m assuming having a blog like yours would cost you a pretty penny?
    I’m not web smart so I’m not 100% certain. Any tips or advice would be greatly appreciated.
    Thanks a lot

  2. Hi there are using WordPress for your blog platform?
    I’m new to the blog world but I’m trying to get started and create my own. Do you require any html coding knowledge to make
    your own blog? Any help would be greatly appreciated!

  3. Howdy, i read your blog occasionally and that i own a similar one and so i was just curious if you get a lot of spam feedback?
    If how do you stop it, any plugin or anything you
    can advise? I have a great deal lately it’s
    driving me insane so any support is very much appreciated.

Leave a Reply

Your email address will not be published. Required fields are marked *


*