Re: [systemd-devel] Last question about systemd before my presentation
On Wed, 11.12.13 16:33, Cecil Westerhof (cecil.wester...@snow.nl) wrote: On 12/05/2013 08:39 PM, Lennart Poettering wrote: When virtual machines are implementd as a service. You need to let the host define the limits per guest I suppose? Not following? You can pack as many services in a slice as you want, and you can create a tree of slices, so that you can run a couple of services against a common set of resource limits. What I mend was the following: As I understood it, there are Virtual Machine solutions that are implemented as a service. When there are several VM's running in this service and one of those should get a lot more from the processor as the rest, then it is not something that could be taken care of by systemd, but should be done by the service that provides the Virtual Machine itself. virtual machine managers which want to make use of resource management for their VMs should create scope units for them, which is oart of the cgroup rework. http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/ Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Last question about systemd before my presentation
On 12/12/2013 03:43 PM, Lennart Poettering wrote: What I mend was the following: As I understood it, there are Virtual Machine solutions that are implemented as a service. When there are several VM's running in this service and one of those should get a lot more from the processor as the rest, then it is not something that could be taken care of by systemd, but should be done by the service that provides the Virtual Machine itself. virtual machine managers which want to make use of resource management for their VMs should create scope units for them, which is oart of the cgroup rework. http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/ Thank you. I'll look into it. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Last question about systemd before my presentation
On 12/05/2013 08:39 PM, Lennart Poettering wrote: When virtual machines are implementd as a service. You need to let the host define the limits per guest I suppose? Not following? You can pack as many services in a slice as you want, and you can create a tree of slices, so that you can run a couple of services against a common set of resource limits. What I mend was the following: As I understood it, there are Virtual Machine solutions that are implemented as a service. When there are several VM's running in this service and one of those should get a lot more from the processor as the rest, then it is not something that could be taken care of by systemd, but should be done by the service that provides the Virtual Machine itself. I was told I could expect a question about this, but I did not get it. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Last question about systemd before my presentation
Partial answer: On Dec 5, 2013 8:40 AM, Cecil Westerhof cecil.wester...@snow.nl wrote: Today I am giving my presentation about systemd/journald for a not very enthusiastic public. I would like some last answers on a ‘few’ questions. I understood that you could let systemd start-up the services sequential for debugging purposes. How is that done? Is it possible to change the limits dynamically? When I change the service files and do a reload, are the new limits used, without a reboot being needed? One of the problems mentioned is that services can be started only when they are used for the first time. As I understood it, you can make sure that a service is always loaded, so that there is no waiting time the first time it is called. This is not a problem. This is a configuration choice. If the service supports activation, you *can* let it be activated if that suits you, but you can also configure it to be started on boot as any other service (i.e. make multi-user.target depend on the service directly). Note that activation benefits even boot-started services, because their sockets still become available very early, while the service's startup is still pending. Various existing services already run this way - e.g. dbus.service always starts on boot, but it is *also* activated, so all other programs can connect to it without a failure and the kernel will queue up connections. Also note that this is not new in systemd. DBus has always worked this way - if program X sends a message to DBus service Y, dbus-daemon starts Y on demand. I understood you could deny a service network connection. How is this done? Until no I could not find it. Is it possible to limit the bandwidth a service is allowed to use? PrivateNetwork=yes will create a dedicated net namespace for that service, which does not have any network interfaces by default. (Relevant man pages: clone, unshare, setns, nsenter; LXC also uses this.) When virtual machines are implementd as a service. You need to let the host define the limits per guest I suppose? How do you let a block-device be read-only for a service? Any last tips about what to share? -- Cecil Westerhof Snow B.V. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Last question about systemd before my presentation
On 12/05/2013 10:08 AM, Mantas Mikulėnas wrote: One of the problems mentioned is that services can be started only when they are used for the first time. As I understood it, you can make sure that a service is always loaded, so that there is no waiting time the first time it is called. This is not a problem. This is a configuration choice. If the service supports activation, you *can* let it be activated if that suits you, but you can also configure it to be started on boot as any other service (i.e. make multi-user.target depend on the service directly). OK, when I use: [Install] WantedBy=multi-user.target What I did until now, the service is just started. When I do not use it, only a socket is made and it is started the first time it is used. Correct? When a service is started because it was used (loaded on the first use), does it keeps running, or is it unloaded after some time? Or can this be configured? I understood you could deny a service network connection. How is this done? Until no I could not find it. Is it possible to limit the bandwidth a service is allowed to use? PrivateNetwork=yes will create a dedicated net namespace for that service, which does not have any network interfaces by default. (Relevant man pages: clone, unshare, setns, nsenter; LXC also uses this.) OK, it is an on/off switch. There is not a possibility to limit the bandwidth? Met vriendelijke groet, Cecil Westerhof Engineer mobiel +31 - 6 - 25 00 38 81 -- Snow B.V. Unix Specialists De Ooyen 11 4191 PB Geldermalsen http://www.snow.nl tel. +31 - 345 - 65 66 66 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Last question about systemd before my presentation
On Dec 5, 2013 11:27 AM, Cecil Westerhof cecil.wester...@snow.nl wrote: On 12/05/2013 10:08 AM, Mantas Mikulėnas wrote: One of the problems mentioned is that services can be started only when they are used for the first time. As I understood it, you can make sure that a service is always loaded, so that there is no waiting time the first time it is called. This is not a problem. This is a configuration choice. If the service supports activation, you *can* let it be activated if that suits you, but you can also configure it to be started on boot as any other service (i.e. make multi-user.target depend on the service directly). OK, when I use: [Install] WantedBy=multi-user.target What I did until now, the service is just started. When I do not use it, only a socket is made and it is started the first time it is used. Correct? Mostly, yes. All units of all types can have an [Install] section for 'systemctl enable', they can be permanently enabled if the package installs them to foobar.target.wants/, etc. (For example, sockets usually have WantedBy=sockets.target) In other words, you're correct but should remember that a .socket has to be enabled too, just like any other unit. When a service is started because it was used (loaded on the first use), does it keeps running, or is it unloaded after some time? Or can this be configured? systemd has no way of knowing when the service becomes idle, therefore the service itself must be programmed to exit when unneeded. (Meanwhile, with inetd-style aka Accept=yes services, there is exactly one instance per connection, so if there are no connections, there aren't any instances either.) I understood you could deny a service network connection. How is this done? Until no I could not find it. Is it possible to limit the bandwidth a service is allowed to use? PrivateNetwork=yes will create a dedicated net namespace for that service, which does not have any network interfaces by default. (Relevant man pages: clone, unshare, setns, nsenter; LXC also uses this.) OK, it is an on/off switch. There is not a possibility to limit the bandwidth? It might be possible, by moving a virtual interface (veth) into the same namespace, then bridging it with eth0, and setting up traffic shaping or something. But network namespaces are meant to provide separation, so extra features probably were not part of the original design... (Does LXC support this?) Met vriendelijke groet, Cecil Westerhof Engineer mobiel +31 - 6 - 25 00 38 81 -- Snow B.V. Unix Specialists De Ooyen 11 4191 PB Geldermalsen http://www.snow.nl tel. +31 - 345 - 65 66 66 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Last question about systemd before my presentation
On Thu, 05.12.13 07:40, Cecil Westerhof (cecil.wester...@snow.nl) wrote: Today I am giving my presentation about systemd/journald for a not very enthusiastic public. I would like some last answers on a ‘few’ questions. I understood that you could let systemd start-up the services sequential for debugging purposes. How is that done? Nope you cannot. If a service A starts up, and requests a service B and needs it for initilization you need to start that too, while you are still initializing A. There's no way around it. This is why we do not allow serialization of the startup in systemd. However, you can enable systemd.confirm_spawn=1 on the kernel cmdline and then you get a question asked each time systemd is about to start something. Is it possible to change the limits dynamically? When I change the service files and do a reload, are the new limits used, without a reboot being needed? You can change cgroup limits at runtime using systemctl set-property. Classic UNIX resource limits however are only applied when a process is started, not later on. I understood you could deny a service network connection. How is this done? Until no I could not find it. Using network namespacing. See PrivateNetwork=yes in systemd.exec(5). Is it possible to limit the bandwidth a service is allowed to use? systemd won't help you doing that. When virtual machines are implementd as a service. You need to let the host define the limits per guest I suppose? Not following? You can pack as many services in a slice as you want, and you can create a tree of slices, so that you can run a couple of services against a common set of resource limits. How do you let a block-device be read-only for a service? Using file system namespacing. See ReadOnlyDirectory= in systemd.exec(5). Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel