[systemd-devel] [ANNOUNCE] systemd 205

Lennart Poettering lennart at poettering.net
Wed Jul 3 09:44:25 PDT 2013


Let this one be known as the "dynamic" release, where things became
dynamic! Or call it the "cgroups" release, where we took possession of
the cgroup tree!

This release introduces a number of major new concepts, such as
transient units, scopes and slices, which turn systemd into something
that is far more dynamic than it ever was (this is primarily made
visible in the new "systemd-run" tool, which I invite you to play around
with). With this release the systemd binary now does *all* cgroup
management (be it as the host's PID1, a session manager, or the PID 1 of
a container), and logind and nspawn simply defer their cgroup work. All
objects showing up in the cgroup tree are now objects managed by systemd
itself. The APIs for this are not documented yet, but will be soon. This
brings our systemd userspace much closer to the unified single-writer
cgroup hierarchy that Tejun has being working towards from the kernel

Given that most of the documentation for this is still missing I expect
another release soon. Also, there are some other white spots
still. Given the lack of documentation this is probably not the release
you want to ship your distro with.



        * Two new unit types have been introduced:

          Scope units are very similar to service units, however, are
          created out of pre-existing processes -- instead of PID 1
          forking off the processes. By using scope units it is
          possible for system services and applications to group their
          own child processes (worker processes) in a powerful way
          which then maybe used to organize them, or kill them
          together, or apply resource limits on them.

          Slice units may be used to partition system resources in an
          hierarchial fashion and then assign other units to them. By
          default there are now three slices: system.slice (for all
          system services), user.slice (for all user sessions),
          machine.slice (for VMs and containers).

          Slices and scopes have been introduced primarily in
          context of the work to move cgroup handling to a
          single-writer scheme, where only PID 1
          creates/removes/manages cgroups.

        * There's a new concept of "transient" units. In contrast to
          normal units these units are created via an API at runtime,
          not from configuration from disk. More specifically this
          means it is now possible to run arbitrary programs as
          independent services, with all execution parameters passed
          in via bus APIs rather than read from disk. Transient units
          make systemd substantially more dynamic then it ever was,
          and useful as a general batch manager.

        * logind has been updated to make use of scope and slice units
          for managing user sessions. As a user logs in he will get
          his own private slice unit, to which all sessions are added
          as scope units. We also added support for automatically
          adding an instance of user at .service for the user into the
          slice. Effectively logind will no longer create cgroup
          hierarchies on its own now, it will defer entirely to PID 1
          for this by means of scope, service and slice units. Since
          user sessions this way become entities managed by PID 1
          the output of "systemctl" is now a lot more comprehensive.

        * A new mini-daemon "systemd-machined" has been added which
          may be used by virtualization managers to register local
          VMs/containers. nspawn has been updated accordingly, and
          libvirt will be updated shortly. machined will collect a bit
          of meta information about the VMs/containers, and assign
          them their own scope unit (see above). The collected
          meta-data is then made available via the "machinectl" tool,
          and exposed in "ps" and similar tools. machined/machinectl
          is compile-time optional.

        * As discussed earlier, the low-level cgroup configuration
          options ControlGroup=, ControlGroupModify=,
          ControlGroupPersistent=, ControlGroupAttribute= have been
          removed. Please use high-level attribute settings instead as
          well as slice units.

        * A new bus call SetUnitProperties() has been added to alter
          various runtime parameters of a unit. This is primarily
          useful to alter cgroup parameters dynamically in a nice way,
          but will be extended later on to make more properties
          modifiable at runtime. systemctl gained a new set-properties
          command that wraps this call.

        * A new tool "systemd-run" has been added which can be used to
          run arbitrary command lines as transient services or scopes,
          while configuring a number of settings via the command
          line. This tool is currently very basic, however already
          very useful. We plan to extend this tool to even allow
          queuing of execution jobs with time triggers from the
          command line, similar in fashion to "at".

        * nspawn will now inform the user explicitly that kernels with
          audit enabled break containers, and suggest the user to turn
          off audit.

        * Support for detecting the IMA and AppArmor security
          frameworks with ConditionSecurity= has been added.

        * journalctl gained a new "-k" switch for showing only kernel
          messages, mimicking dmesg output; in addition to "--user"
          and "--system" switches for showing only user's own logs
          and system logs.

        * systemd-delta can now show information about drop-in
          snippets extending unit files.

        * libsystemd-bus has been substantially updated but is still
          not available as public API.

        * systemd will now look for the "debug" argument on the kernel
          command line and enable debug logging, similar to
          "systemd.log_level=debug" already did before.

        * "systemctl set-default", "systemctl get-default" has been
          added to configure the default.target symlink, which
          controls what to boot into by default.

        * "systemctl set-log-level" has been added as a convenient
          way to raise and lower systemd logging threshold.

        * "systemd-analyze plot" will now show the time the various
          generators needed for execution, as well as information
          about the unit file loading.

        * libsystemd-journal gained a new sd_journal_open_files() call
          for opening specific journal files. journactl also gained a
          new switch to expose this new functionality. Previously we
          only supported opening all files from a directory, or all
          files from the system, as opening individual files only is
          racy due to journal file rotation.

        * systemd gained the new DefaultEnvironment= setting in
          /etc/systemd/system.conf to set environment variables for
          all services.

        * If a privileged process logs a journal message with the
          OBJECT_PID= field set, then journald will automatically
          augment this with additional OBJECT_UID=, OBJECT_GID=,
          OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
          system services want to log events about specific client
          processes. journactl/systemctl has been updated to make use
          of this information if all log messages regarding a specific
          unit is requested.

        Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
        Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
        Reisner, David Coppa, David King, David Strauss, Eelco
        Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
        Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
        Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
        Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
        Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
        Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
        Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
        Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
        Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
        Łukasz Stelmach, 장동준


Lennart Poettering - Red Hat, Inc.

More information about the systemd-devel mailing list