[systemd-devel] Last question about systemd before my presentation

Mantas Mikulėnas grawity at gmail.com
Thu Dec 5 03:02:28 PST 2013


On Dec 5, 2013 11:27 AM, "Cecil Westerhof" <Cecil.Westerhof at snow.nl> wrote:
>
> On 12/05/2013 10:08 AM, Mantas Mikulėnas wrote:
>>
>>  > One of the problems mentioned is that services can be started only
>> when they are used for the first time. As I understood it, you can make
>> sure that a service is always loaded, so that there is no waiting time
>> the first time it is called.
>>
>> This is not a problem. This is a configuration choice. If the service
>> supports activation, you *can* let it be activated if that suits you,
>> but you can also configure it to be started on boot as any other service
>> (i.e. make multi-user.target depend on the service directly).
>
>
> OK, when I use:
> [Install]
> WantedBy=multi-user.target
>
> What I did until now, the service is just started.
>
> When I do not use it, only a socket is made and it is started the first
time it is used.
>
> Correct?

Mostly, yes. All units of all types can have an [Install] section for
'systemctl enable', they can be permanently enabled if the package installs
them to foobar.target.wants/, etc. (For example, sockets usually have
WantedBy=sockets.target)

In other words, you're correct but should remember that a .socket has to be
enabled too, just like any other unit.

>
>
> When a service is started because it was used (loaded on the first use),
does it keeps running, or is it unloaded after some time? Or can this be
configured?

systemd has no way of knowing when the service becomes idle, therefore the
service itself must be programmed to exit when unneeded.

(Meanwhile, with inetd-style aka Accept=yes services, there is exactly one
instance per connection, so if there are no connections, there aren't any
instances either.)

>
>
>
>>  > I understood you could deny a service network connection. How is this
>> done? Until no I could not find it. Is it possible to limit the
>> bandwidth a service is allowed to use?
>>
>> PrivateNetwork=yes will create a dedicated net namespace for that
>> service, which does not have any network interfaces by default.
>> (Relevant man pages: clone, unshare, setns, nsenter; LXC also uses this.)
>
>
> OK, it is an on/off switch. There is not a possibility to limit the
bandwidth?

It might be possible, by moving a virtual interface (veth) into the same
namespace, then bridging it with eth0, and setting up traffic shaping or
something. But network namespaces are meant to provide separation, so extra
features probably were not part of the original design... (Does LXC support
this?)

>
>
> Met vriendelijke groet,
>
>
>
> Cecil Westerhof
> Engineer
> mobiel +31 - 6 - 25 00 38 81
>
> --
>
> Snow B.V.
> Unix Specialists
> De Ooyen 11
> 4191 PB Geldermalsen
>
> http://www.snow.nl
> tel. +31 - 345 - 65 66 66
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20131205/ac993711/attachment.html>


More information about the systemd-devel mailing list