From Fedora Project Wiki
| (30 intermediate revisions by the same user not shown) | |||
| Line 9: | Line 9: | ||
== Systemd unit changes == | == Systemd unit changes == | ||
{{admon/important| | {{admon/important|The lower level cgroup configuration options as in ControlGroup* as well as "DefaultControllers* are being deprecated!!!}} | ||
== Introduction of slice unit == | == Introduction of slice unit == | ||
| Line 16: | Line 16: | ||
The .slice is the root of the hierarchy. It does not contain services directly, but is used to set defaults for the whole tree. | The .slice is the root of the hierarchy. It does not contain services directly, but is used to set defaults for the whole tree. | ||
The machine.slice contains virtual machines and containers registered with systemd-machined and is where all running VMs/containers are located by default. | |||
<pre> | |||
/sys/fs/cgroup/ | |||
`-- systemd | |||
|-- machine.slice | |||
|... | |||
</pre> | |||
The system.slice contains services started by systemd and is where all system services are located by default. | The system.slice contains services started by systemd and is where all system services are located by default. | ||
<pre> | |||
/sys/fs/cgroup/ | |||
`-- systemd | |||
|-- machine.slice | |||
|... | |||
|-- system.slice | |||
|... | |||
</pre> | |||
The user.slice contains user processes and services started on behalf of the user, including the per-user systemd instance and is where all logged in users are located by default. | The user.slice contains user processes and services started on behalf of the user, including the per-user systemd instance and is where all logged in users are located by default. | ||
<pre> | |||
/sys/fs/cgroup/ | |||
The higher level cgroup option which are | `-- systemd | ||
|-- machine.slice | |||
|... | |||
|-- system.slice | |||
|... | |||
`-- user.slice | |||
</pre> | |||
The higher level cgroup option which are available and can be used in the following type units slice.slice, scope.scope, service.service, socket.socket, mount.mount, swap.swap are... | |||
<pre> | |||
CPUAccounting= | CPUAccounting= | ||
CPUShares= | CPUShares= | ||
| Line 38: | Line 68: | ||
DevicePolicy= | DevicePolicy= | ||
Slice= | Slice= | ||
</pre> | |||
{{admon/note|Usage of any of the following higher level cgroup options for one or more of the following unit options might also implicitly turn it on for all units contained in the same slice and for all its parent slices and the units contained therein.}} | |||
<pre> | |||
CPUAccounting= | CPUAccounting= | ||
CPUShares= | CPUShares= | ||
| Line 51: | Line 83: | ||
BlockIOReadBandwidth= | BlockIOReadBandwidth= | ||
BlockIOWriteBandwidth= | BlockIOWriteBandwidth= | ||
</pre> | |||
{{admon/tip|To disable this behaviour set corresponding resource accounting entry to no.}} | |||
== Introduction of scopes unit == | |||
Scope units are not configured via unit configuration files, but are only created programmatically using the bus interfaces of systemd. | |||
They are named similar to filenames. | |||
A unit whose name ends in ".scope" refers to a scope unit. | |||
Scopes units manage a set of system processes. | |||
Unlike service units, scope units manage externally created processes, and do not fork off processes on its own. | |||
{{admon/tip|systemd-run --scope <command> may be used to launch a command in a new scope unit from the command line.}} | |||
Default setup | == Default system setup == | ||
<pre> | <pre> | ||
/sys/fs/cgroup/ | /sys/fs/cgroup/ | ||
| Line 130: | Line 164: | ||
</pre> | </pre> | ||
Slices for customers | == Slices for infrastructure/isp/customers == | ||
<pre> | <pre> | ||
| Line 139: | Line 173: | ||
|-- machine.slice | |-- machine.slice | ||
| |-- machine- | | |-- machine-web-customer.slice | ||
| | |-- machine- | | | |-- machine-web-development.scope | ||
| | | `-- system.slice | | | | `-- system.slice | ||
| | | |-- | | | | |-- httpd.service | ||
| | | |-- systemd-journald.service | | | | |-- systemd-journald.service | ||
| Line 153: | Line 187: | ||
| | | | | | | | ||
| | |-- machine- | | | |-- machine-web-staging.scope | ||
| | | `-- system.slice | | | | `-- system.slice | ||
| | | |-- | | | | |-- httpd.service | ||
| | | |-- systemd-journald.service | | | | |-- systemd-journald.service | ||
| Line 165: | Line 199: | ||
| | | | | | | | ||
| | `-- machine- | | | `-- machine-web-production.scope | ||
| | `-- system.slice | | | `-- system.slice | ||
| | |-- | | | |-- httpd.service | ||
| | |-- systemd-journald.service | | | |-- systemd-journald.service | ||
| Line 177: | Line 211: | ||
| | | | | | ||
| `-- machine- | | `-- machine-postgresql-customer.slice | ||
| |-- machine- | | |-- machine-postgresql.slice | ||
| | | `-- machine-postgresql.scope | ||
| | | `-- system.slice | ||
| | | |-- postgresql.service | ||
| | | |-- systemd-journald.service | ||
| | | `-- ... | ||
| | | | ||
| | |-- system.slice | ||
| | | |-- systemd-journald.service | ||
| | | |-- systemd-udevd.service | ||
| | | `-- ... | ||
| | | | ||
`-- user.slice | |||
</pre> | |||
== Introduction of systemd-machined == | |||
systemd-machined is an virtual machine and container registration manager | |||
== Sample setup cases == | |||
TODO something in the line of... | |||
Demo 1 create machine containers which will then run application within it | |||
Basics | |||
<pre> | |||
# btrfs subvolume create /containers/container01.example.com | |||
</pre> | |||
Install minimal package set into the OS container being created | |||
<pre> | |||
# yum -y --releasever=rawhide --nogpg --installroot=/containers/container01.example.com --disablerepo='*' --enablerepo=fedora install systemd passwd yum fedora-release vim-minimal procps-ng | |||
</pre> | |||
Set the password for the root user | |||
<pre> | |||
# chroot /containers/container01.example.com/ su - root -c ". ~/.bash_profile; passwd" | |||
</pre> | |||
Spawn the container and set the machine hostname | |||
<pre> | |||
# systemd-nspawn -jbD /containers/example.com/ -M container01.example.com | |||
</pre> | |||
Demo 2 create application containers | |||
Demo 3 create users session container | |||
Latest revision as of 12:06, 22 August 2013
Systemd cgroups changes
Per-controller hierarchies are going away ( in other words the cgroups tree can no longer be considered a shared resource )and is being replaced by an single kernel cgroup hierarchy which will allow controllers to be individually enabled for each cgroup with the hierarchies the controllers see always being subtrees of the full single hierarchy.
This hierarchy is a private property of systemd as in systemd will set it up, systemd will maintain it, systemd will rearrange it.
Other software that wants to make use of cgroups can only do so through systemd's APIs.
Systemd unit changes
The lower level cgroup configuration options as in ControlGroup* as well as "DefaultControllers* are being deprecated!!!
Introduction of slice unit
There are four .slice units which form the basis of the hierarchy for assignment of resources for services, users, and virtual machines or containers.
The .slice is the root of the hierarchy. It does not contain services directly, but is used to set defaults for the whole tree.
The machine.slice contains virtual machines and containers registered with systemd-machined and is where all running VMs/containers are located by default.
/sys/fs/cgroup/
`-- systemd
|-- machine.slice
|...
The system.slice contains services started by systemd and is where all system services are located by default.
/sys/fs/cgroup/
`-- systemd
|-- machine.slice
|...
|-- system.slice
|...
The user.slice contains user processes and services started on behalf of the user, including the per-user systemd instance and is where all logged in users are located by default.
/sys/fs/cgroup/
`-- systemd
|-- machine.slice
|...
|-- system.slice
|...
`-- user.slice
The higher level cgroup option which are available and can be used in the following type units slice.slice, scope.scope, service.service, socket.socket, mount.mount, swap.swap are...
CPUAccounting= CPUShares= MemoryAccounting= MemoryLimit= MemorySoftLimit= BlockIOAccounting= BlockIOWeight= BlockIODeviceWeight= BlockIOReadBandwidth= BlockIOWriteBandwidth= DeviceAllow= DevicePolicy= Slice=
Usage of any of the following higher level cgroup options for one or more of the following unit options might also implicitly turn it on for all units contained in the same slice and for all its parent slices and the units contained therein.
CPUAccounting= CPUShares= MemoryAccounting= MemoryLimit= MemorySoftLimit= BlockIOAccounting= BlockIOWeight= BlockIODeviceWeight= BlockIOReadBandwidth= BlockIOWriteBandwidth=
To disable this behaviour set corresponding resource accounting entry to no.
Introduction of scopes unit
Scope units are not configured via unit configuration files, but are only created programmatically using the bus interfaces of systemd.
They are named similar to filenames.
A unit whose name ends in ".scope" refers to a scope unit.
Scopes units manage a set of system processes.
Unlike service units, scope units manage externally created processes, and do not fork off processes on its own.
systemd-run --scope <command> may be used to launch a command in a new scope unit from the command line.
Default system setup
/sys/fs/cgroup/
`-- systemd
|-- machine.slice
| `-- machine-f20.scope
| |-- system.slice
| | |-- console-getty.service
| | |-- systemd-journald.service
| | `-- ...
| `-- user.slice
|
|-- system.slice
| |-- cups.service
| |-- ntpd.service
| |-- systemd-journald.service
| |-- systemd-udevd.service
| `-- …
|
`-- user.slice
|-- user-1000.slice
| |-- systemd-user@1000.service
| | |-- firefox.service
| | |-- gnome-shell.service
| | `-- ...
| `-- session-1.scope
|
`-- user-2702.slice
|-- systemd-user@2702.service
| `-- ...
|-- session-2.scope
`-- session-3.scope
Slices for infrastructure/isp/customers
/sys/fs/cgroup/
`-- systemd
|-- machine.slice
| |-- machine-web-customer.slice
| | |-- machine-web-development.scope
| | | `-- system.slice
| | | |-- httpd.service
| | | |-- systemd-journald.service
| | | `-- ...
| | |
| | |-- machine-web-staging.scope
| | | `-- system.slice
| | | |-- httpd.service
| | | |-- systemd-journald.service
| | | `-- ...
| | |
| | `-- machine-web-production.scope
| | `-- system.slice
| | |-- httpd.service
| | |-- systemd-journald.service
| | `-- ...
| |
| `-- machine-postgresql-customer.slice
| |-- machine-postgresql.slice
| `-- machine-postgresql.scope
| `-- system.slice
| |-- postgresql.service
| |-- systemd-journald.service
| `-- ...
|
|-- system.slice
| |-- systemd-journald.service
| |-- systemd-udevd.service
| `-- ...
|
`-- user.slice
Introduction of systemd-machined
systemd-machined is an virtual machine and container registration manager
Sample setup cases
TODO something in the line of...
Demo 1 create machine containers which will then run application within it
Basics
# btrfs subvolume create /containers/container01.example.com
Install minimal package set into the OS container being created
# yum -y --releasever=rawhide --nogpg --installroot=/containers/container01.example.com --disablerepo='*' --enablerepo=fedora install systemd passwd yum fedora-release vim-minimal procps-ng
Set the password for the root user
# chroot /containers/container01.example.com/ su - root -c ". ~/.bash_profile; passwd"
Spawn the container and set the machine hostname
# systemd-nspawn -jbD /containers/example.com/ -M container01.example.com
Demo 2 create application containers
Demo 3 create users session container