[systemd-devel] Per user limit defaults in systemd.conf

[Joshua Miller]

Is there a way to set per-user defaults for values in systemd.conf?  e.g.
I'd like to set DefaultLimitMEMLOCK for the 'app' user (User=app), such
that all units run as User=app get the setting.

I'm looking for a way to do what's done via pam_limits per limits.conf
 (e.g. `username   hardnofile  512`)

Thanks!
Joshua Miller
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] User/Group overrides in a templated service triggered via timer

[Kevin P. Fleming]

Ahh, you're right. I do not 'enable' my timer-activated service units,
since 'enable' just processes the WantedBy/similar specifications to
create symlinks.

On Mon, Aug 31, 2020 at 4:50 PM Konstantin Ryabitsev
 wrote:
>
> On Mon, Aug 31, 2020 at 04:49:32PM -0400, Kevin P. Fleming wrote:
> > Yes, to get the instance-named symlink created.
>
> Wouldn't that execute the service on boot, or does that not apply to
> oneshot items?
>
> -K
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] User/Group overrides in a templated service triggered via timer

[Konstantin Ryabitsev]

On Mon, Aug 31, 2020 at 04:20:13PM -0400, Kevin P. Fleming wrote:
> Did you also create an instance of the timer with the same instance
> suffix? I've got a configuration working like that and it works fine.
> If you don't want to do that, you can explicitly configure the name of
> the service to be triggered (in the timer unit) instead of relying on
> the timer/service names matching.

Responding to myself, it seems that my problem was that I created the 
drop-in conf file as:

/etc/systemd/system/grok-fsck@foo.d/10-runas.conf

However, for the override to properly apply, it needed to be in:

/etc/systemd/system/grok-fsck@foo.service.d/10-runas.conf

I think without the "service" part in the directory name it was not 
properly found by the timer-triggered service run.

-K
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] User/Group overrides in a templated service triggered via timer

[Konstantin Ryabitsev]

On Mon, Aug 31, 2020 at 04:49:32PM -0400, Kevin P. Fleming wrote:
> Yes, to get the instance-named symlink created.

Wouldn't that execute the service on boot, or does that not apply to 
oneshot items?

-K
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] User/Group overrides in a templated service triggered via timer

[Kevin P. Fleming]

Yes, to get the instance-named symlink created.

On Mon, Aug 31, 2020 at 4:36 PM Konstantin Ryabitsev
 wrote:
>
> On Mon, Aug 31, 2020 at 04:20:13PM -0400, Kevin P. Fleming wrote:
> > Did you also create an instance of the timer with the same instance
> > suffix? I've got a configuration working like that and it works fine.
> > If you don't want to do that, you can explicitly configure the name of
> > the service to be triggered (in the timer unit) instead of relying on
> > the timer/service names matching.
>
> Ah, hmm... So, I enable and start grok-fsck@foo.timer -- do I need to
> enable (but not start) grok-fsck@foo.service as well?
>
> -K
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] User/Group overrides in a templated service triggered via timer

[Konstantin Ryabitsev]

On Mon, Aug 31, 2020 at 04:20:13PM -0400, Kevin P. Fleming wrote:
> Did you also create an instance of the timer with the same instance
> suffix? I've got a configuration working like that and it works fine.
> If you don't want to do that, you can explicitly configure the name of
> the service to be triggered (in the timer unit) instead of relying on
> the timer/service names matching.

Ah, hmm... So, I enable and start grok-fsck@foo.timer -- do I need to 
enable (but not start) grok-fsck@foo.service as well?

-K
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] User/Group overrides in a templated service triggered via timer

[Kevin P. Fleming]

Did you also create an instance of the timer with the same instance
suffix? I've got a configuration working like that and it works fine.
If you don't want to do that, you can explicitly configure the name of
the service to be triggered (in the timer unit) instead of relying on
the timer/service names matching.

On Mon, Aug 31, 2020 at 2:19 PM Konstantin Ryabitsev
 wrote:
>
> Hi, all:
>
> I have the following templated service definition:
>
> --- grok-fsck@.service ---
> [Unit]
> Description=Grok-fsck service for %I
> Documentation=https://github.com/mricon/grokmirror
>
> [Service]
> Type=oneshot
> Environment="EXTRA_FSCK_OPTS="
> EnvironmentFile=-/etc/sysconfig/grokmirror.default
> EnvironmentFile=-/etc/sysconfig/grokmirror.%i
> ExecStart=/usr/bin/grok-fsck -c /etc/grokmirror/%i.conf ${EXTRA_FSCK_OPTS}
> IOSchedulingClass=idle
> CPUSchedulingPolicy=idle
> User=mirror
> Group=mirror
> --- end ---
>
> It has a corresponding timer:
>
> --- grok-fsck@.timer ---
> [Unit]
> Description=Grok-fsck timer for %I
> Documentation=https://github.com/mricon/grokmirror
>
> [Timer]
> OnCalendar=Sat 04:00
>
> [Install]
> WantedBy=timers.target
> --- end ---
>
> I need to be able to modify User/Group for the process, to allow running
> grok-fsck as a different user. For a regular service, I would create a
> /etc/systemd/system/grok-fsck@[foo].d/10-runas.conf:
>
> --- 10-runas.conf ---
> [Service]
> User=someotheruser
> Group=someothergroup
> --- end ---
>
> However, it doesn't appear to be working for a service triggered via a
> timer -- the process still runs as mirror/mirror.
>
> What's the best way to make this work properly?
>
> TIA,
> -K
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] User/Group overrides in a templated service triggered via timer

[Konstantin Ryabitsev]

Hi, all:

I have the following templated service definition:

--- grok-fsck@.service ---
[Unit]
Description=Grok-fsck service for %I
Documentation=https://github.com/mricon/grokmirror

[Service]
Type=oneshot
Environment="EXTRA_FSCK_OPTS="
EnvironmentFile=-/etc/sysconfig/grokmirror.default
EnvironmentFile=-/etc/sysconfig/grokmirror.%i
ExecStart=/usr/bin/grok-fsck -c /etc/grokmirror/%i.conf ${EXTRA_FSCK_OPTS}
IOSchedulingClass=idle
CPUSchedulingPolicy=idle
User=mirror
Group=mirror
--- end ---

It has a corresponding timer:

--- grok-fsck@.timer ---
[Unit]
Description=Grok-fsck timer for %I
Documentation=https://github.com/mricon/grokmirror

[Timer]
OnCalendar=Sat 04:00

[Install]
WantedBy=timers.target
--- end ---

I need to be able to modify User/Group for the process, to allow running 
grok-fsck as a different user. For a regular service, I would create a 
/etc/systemd/system/grok-fsck@[foo].d/10-runas.conf:

--- 10-runas.conf ---
[Service]
User=someotheruser
Group=someothergroup
--- end ---

However, it doesn't appear to be working for a service triggered via a 
timer -- the process still runs as mirror/mirror.

What's the best way to make this work properly?

TIA,
-K

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Any published books on systemd? A cookbook?

[Tom Browder]

On Mon, Aug 31, 2020 at 10:43 AM Arian Van Putten  wrote:
>
> I can recommend the "Systemd for Administrators" series on 
> http://0pointer.net/blog/archives.html as a good cookbook introduction to 
> systemd

Thank you, Arian.

Best regards,

-Tom
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Any published books on systemd? A cookbook?

[Arian Van Putten]

I can recommend the "Systemd for Administrators" series on
http://0pointer.net/blog/archives.html as a good cookbook introduction to
systemd

On Fri, Aug 28, 2020 at 4:47 PM Tom Browder  wrote:

> I want to create a service file that has to consider other services. I
> have looked at the man pages and probably don't have enough life expectancy
> to properly grok them.
>
> Can anyone point to a good book or cookbook for systemd?
>
> Digital Ocean has the best I've found so far. Most "recipes" seem to be
> like Github's where each reads like an old Saturday morning movie serial as
> in "you've just found out how to write one line in one file. See my next
> article on how to write the second line of another file."
>
> Best regards,
>
> -Tom
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>


-- 



*Zeta Project Germany GmbH  *l  Rosenthaler Straße 40,
10178
Berlin,

Germany




Geschäftsführer/Managing Director: Morten J. Broegger, Dylan Riley

HRB 149847 beim Handelsregister Charlottenburg, Berlin

VAT-ID DE288748675
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel