On Dec 5, 2013 11:27 AM, "Cecil Westerhof" <<a href="mailto:Cecil.Westerhof@snow.nl">Cecil.Westerhof@snow.nl</a>> wrote: > > On 12/05/2013 10:08 AM, Mantas Mikulėnas wrote: >> >> > One of the problems mentioned is that services can be started only >> when they are used for the first time. As I understood it, you can make >> sure that a service is always loaded, so that there is no waiting time >> the first time it is called. >> >> This is not a problem. This is a configuration choice. If the service >> supports activation, you *can* let it be activated if that suits you, >> but you can also configure it to be started on boot as any other service >> (i.e. make multi-user.target depend on the service directly). > > > OK, when I use: > [Install] > WantedBy=multi-user.target > > What I did until now, the service is just started. > > When I do not use it, only a socket is made and it is started the first time it is used. > > Correct? Mostly, yes. All units of all types can have an [Install] section for 'systemctl enable', they can be permanently enabled if the package installs them to foobar.target.wants/, etc. (For example, sockets usually have WantedBy=sockets.target) In other words, you're correct but should remember that a .socket has to be enabled too, just like any other unit. > > > When a service is started because it was used (loaded on the first use), does it keeps running, or is it unloaded after some time? Or can this be configured? systemd has no way of knowing when the service becomes idle, therefore the service itself must be programmed to exit when unneeded. (Meanwhile, with inetd-style aka Accept=yes services, there is exactly one instance per connection, so if there are no connections, there aren't any instances either.) > > > >> > I understood you could deny a service network connection. How is this >> done? Until no I could not find it. Is it possible to limit the >> bandwidth a service is allowed to use? >> >> PrivateNetwork=yes will create a dedicated net namespace for that >> service, which does not have any network interfaces by default. >> (Relevant man pages: clone, unshare, setns, nsenter; LXC also uses this.) > > > OK, it is an on/off switch. There is not a possibility to limit the bandwidth? It might be possible, by moving a virtual interface (veth) into the same namespace, then bridging it with eth0, and setting up traffic shaping or something. But network namespaces are meant to provide separation, so extra features probably were not part of the original design... (Does LXC support this?) > > > Met vriendelijke groet, > > > > Cecil Westerhof > Engineer > mobiel +31 - 6 - 25 00 38 81 > > -- > > Snow B.V. > Unix Specialists > De Ooyen 11 > 4191 PB Geldermalsen > > <a href="http://www.snow.nl">http://www.snow.nl</a> > tel. +31 - 345 - 65 66 66 > > _______________________________________________ > systemd-devel mailing list > <a href="mailto:systemd-devel@lists.freedesktop.org">systemd-devel@lists.freedesktop.org</a> > <a href="http://lists.freedesktop.org/mailman/listinfo/systemd-devel">http://lists.freedesktop.org/mailman/listinfo/systemd-devel</a>