This topic is intended to provide an overview of the various systemd configuration targets / mechanisms for possible inclusion / handling by MiQ. High level systemd concepts and specific parsing strategies are explored below. Any thoughts / comments on further systemd integration are welcome.
Systemd exposes many various OS subsystems and management interfaces in a unified
manner. System metadata can be extracted from a systemd based system
by parsing unit files and/or issuing relevant systemd querying commands.
A ‘unit’ is basic building block which config is applied
Each unit residing on a system has its own config file.
The unit type is denoted by that file’s suffix.
systemd unit types:
- service - a controlled / supervised process
- socket - ipc, network socket, file system fifo
- device - sysfs / udev device
- mount - filesystem mount point
- automount - filesystem automount point
- swap - swap device / file
- target - unit group / synchronization point
- path - filesystem path
- timer - delayed unit activator
- snapshot - dynamic snapshot of systemd runtime state
- slice - cgroup based process heirarchy
- scope - external process management
Unit config may be parsed via the same logic regardless of type
(with a few exceptions), though type based semantics are required
to interpret / handle config values.
At a base level systemd provides config options to specify
various dependencies between units, and to activate / deactivate
them based on various conditions
.service units correspond to processes which may be managed in various
persistent and non-persistent manners. The unit config contains
the commands neccessary to manage the lifecycle of these processes
and to monitor them for state changes.
.socket units manage system level network and file sockets, each of which
needs to map to a corresponding service that is activated upon incoming
Parameters to the unit config include socket options and event handling.
Device units are automatically created from udev devices tagged with
’systemd’, and can be used to define dependencies with other units.
Devices may optionally be configured via systemd unit files and/or directly
via udev (the recommended way).
.mount units control mount points, both the device being mounted and
where it being mounted to. systemd will autocreate units for entries
Options specify parameters to mount.
.automount units define/map to a .mount unit to automatically mount
.swap units operate similarily to .mount units by specifying linux swap
space from managed devices. As with mount points, swap entries in fstab
will automatically be converted to .swap units
Targets are simply named groups of dependencies used to organize and
synchronize unit activation. Classic SysV init run levels have been
converted to systemd targets.
snapshots / slices
These are special units which operate under their own rules and not
configured via unit config files.
Snapshots are dynamic, containing the systemd runtime state.
Scopes manage sets of system processes created by the systemd bus interfaces.
Systemd treats many various units specially including
- runlevel2, runlevel3, runlevel4, runlevel5, default, multi-user, graphical .target - sysv init runlevels and symlinks
- suspend, hibernate, halt, shutdown, poweroff, ctrl-alt-del .target - activated on various system state events
- sockets, timers .target - targets which sets up all sockets and timers
- getty.target - target that activates local tty instances
- & many more
Systemd provides various other ansillary services to manage various system administration tasks in a compatible manner.
These are configured via parameterized dbus commands issued from their corresponding service unit file.
Each is listed below with their respecitve management target:
- hostnamed - hostname and related machine metadata
- journald - system logging data
- localed - system locale and keyboard mapping
- logind - user logins and sessions
- machined - virtual machines and containers
- modules-load - kernel module loader
- random-seed - system random seed
- shutdownd - shutdown process
- suspend - suspend process
- timedated - system time and related settings
- udevd - kernel device uevents
firewalld is an independent service, managed by systemd, used to control and modify
firewall rules on a live system. Rules may be specified via command line management
utilities and/or via the /etc/firewalld and /usr/lib/firewalld directories (the former
is given priority over the later).
Under these directories:
- services - contains firewall rules required by various system services, these may open/close ports, setup nat/masquerading, + all specifiy all the traditional firewall configuration
- zones - defines trust levels for network connections and the services whose rules to be activated at those levels
Each of these directories contain xml config files which can be parsed to retrieve
the firewall configuration.