From Fedora Project Wiki

(Created page with '= NOTE = Work in progress, not even close to useful or complete. == Fedora systemd Services == This document describes the guidelines for systemd services, for use and inclusion...')
 
m (Use the new scriptlets page location to avoid a redirect.)
 
(120 intermediate revisions by 7 users not shown)
Line 1: Line 1:
= NOTE =
= Fedora systemd Services =
Work in progress, not even close to useful or complete.
This document describes the guidelines for systemd services, for use and inclusion in Fedora packages.


== Fedora systemd Services ==
== Definitions ==
This document describes the guidelines for systemd services, for use and inclusion in Fedora packages.  
 
Since systemd includes some concepts which are extensions of previous concepts, the following definitions may be useful:
 
<b>Service</b>: A process or task executed and controlled by the init system (e.g. systemd).<BR>
<b>Traditional Service</b>: A service which is explicitly started or stopped, either by the init system at boot or manually by a superuser.  In systemd, one of several types of service controlled by a <code>.service</code> file.<BR>
<b>Activated service</b>: A service that is not (or not necessarily) started explicitly by the user but start when certain other events happen or certain state becomes true.<BR>
<b>Socket-activated Service</b>: A service which is waiting for traffic across a socket before activating.  In systemd, controlled by a <code>.socket</code> file.<BR>
<b>D-Bus service</b>: A service which activates in response to a message from the D-Bus system bus.<BR>
<b>Unit file</b>: The systemd equivalent of a SysV initscript.<BR>


== Unit Files ==
== Unit Files ==
The systemd equivalent for an SysV initscript is called a Unit file.
Each package that contains software that wants/needs to start a traditional
service at boot <b>MUST</b> have a systemd unit file.
 
Ideally, systemd unit files are reusable across distributions and shipped with
the upstream packages. Please consider working with upstream to integrate the
systemd files you prepare in the upstream sources. Information for developers
on how to integrate systemd support best with their build system you may find
on http://0pointer.de/public/systemd-man/daemon.html
 
{{admon/note|Migrating from SysV Initscripts with non-standard service commands|Packages which have SysV initscripts that contain 'non-standard service commands' (commands besides start, stop, reload, force-reload, status, restart, or try-restart) must convert those commands into standalone helper scripts. Systemd does not support non-standard unit commands.}}


=== Naming ===
=== Naming ===
Unit files have a naming scheme of foobar.service. When considering what basename to use, keep the following advice in mind:


* Unit files should be named after the software implementation that they support, as opposed to the generic type of software. So, a good name would be "apache-httpd.service", and a bad name would be "httpd.service", as there are multiple httpd implementations, but only one Apache httpd.
Unit files for traditional services have a naming scheme of foobar.service. When considering what basename to use, keep in mind that we'd like to use the same service names for software across distributions. We'd also like to ship the <code>.service</code> files in the upstream packages. These desires create a few guides for naming a unit file:
* Unit files should have the same base name as the SysV initscript, so if the SysV initscript is /etc/rc.d/init.d/foobar, then the unit file must be /lib/systemd/system/foobar.service. This will enable automatic fallback in systemd: if a native unit file doesn't exist by a specific name it will fall back to the SysV file of the same service. If the SysV initscript was named poorly (e.g. httpd), then you should provide a compatibility symlink for the old SysV basename (apache-httpd.service -> httpd.service).


It is our intention to unify service names of well-known software across distributions, so that we can eventually ship the service files in the upstream packages. Hence it is a good idea to discuss service names with maintainers of the same packages in other distributions and agree on a common name.
* Follow upstream if they're already distributing a <code>.service</code> file and it's not likely to conflict with other packages.
* Look at packages in other distros or talk with the maintainers of those packages and upstream to try to come up with a common name.
* Unit files should be named after the software implementation that they support as opposed to the generic type of software. So, a good name would be <code>apache-httpd.service</code> and bad names would be <code>httpd.service</code> or <code>apache.service</code> as there are multiple httpd implementations and multiple projects produced by the apache foundation.


=== Format ===
For backwards compatibility you may also want to create a symlink from an older, name to the new name. In the above example, for instance, Fedora has always used <code>httpd</code> for the service. When creating the new <code>apache-httpd.service</code> file, also create a symlink named <code>httpd.service</code> that points at <code>apache-httpd.service</code>. Then end users that are used to using <code>service httpd</code> will have it continue to work.
Every .service file must begin with a [Unit] section:
 
=== Basic format ===
 
{{admon/note|Case Sensitivity|All fields in a unit file are case sensitive.}}
 
==== [Unit] ====
Every <code>.service</code> file must begin with a <code>[Unit]</code> section:


<pre>
<pre>
[Unit]
[Unit]
Description=A brief human readable string describing the service (not the service file!)
Description=A brief human readable string describing the service (not the .service file!)
After=syslog.target
Documentation=man:foo.service(8) man:foo.conf(5) http://www.foo.org/docs/
</pre>
</pre>


The Description= line must not exceed 80 characters, and must describe the service, and not the service file. For example, "Apache Web Server" is a good description, but "Starts and Stops the Apache Web Server" is a bad one.  
The <code>Description=</code> line must not exceed 80 characters, and must describe the service, and not the <code>.service</code> file. For example, "Apache Web Server" is a good description, but "Starts and Stops the Apache Web Server" is a bad one.
 
===== Documentation field =====


The After= line is only necessary if the service can log to syslog (most can, so if in doubt, include it).  
Systemd in Fedora 17+ has support for defining documentation in unit files via the Documentation= field (it is ignored in older releases, so it is safe to keep one systemd unit file across all branches). System administrators will be looking at the contents of the Documentation= field to determine what the service is, how to configure it, and where to locate additional documentation relating to the service. Accordingly, packagers are strongly encouraged to include any available sources in the Documentation= field which provide this information. If a man page or info page is present in the package, refer to it using "man:manpage" or "info:infofile" respectively. If the documentation is in plaintext, use "​file://path/to/file". Lastly, if no local documentation exists in the package, but it exists at a url, use the URL (with ​http://) in this field. Multiple URIs can be added to the Documentation= field, as a space separated list. For details on URI definitions and formatting, please refer to the uri(7) manpage (man uri).


Next, the .service file must have a [Service] section:
==== [Service] ====
Next, the <code>.service</code> file must have a <code>[Service]</code> section:


<pre>
<pre>
[Service]
[Service]
Type=...
Type=...
BusName=...
ExecStart=...
ExecStart=...
ExecReload=...
ExecReload=...
</pre>
</pre>


The Type= setting is very important. For D-Bus services this should be "dbus", for traditional services "forking" is usually a good idea, for services not offering any interfaces to other services "simple" is best. For "one-short" scripts "oneshot" is ideal, often combined with RemainAfterExit=. See http://0pointer.de/public/systemd-man/systemd.service.html for further discussion on the topic. Since "simple" is the default type, .service files which would normally set Type=simple may simply omit the Type line altogether.
The <code>Type=</code> setting is very important. For D-Bus services this
should be "dbus", for traditional services "forking" is usually a good idea,
for services not offering any interfaces to other services "simple" is best.
For "one-shot" scripts "oneshot" is ideal, often combined with
<code>RemainAfterExit=</code>. See
http://0pointer.de/public/systemd-man/systemd.service.html for further
discussion on the topic. Since "simple" is the default type,
<code>.service</code> files which would normally set <code>Type=simple</code> may simply
omit the <code>Type</code> line altogether.
 
<code>BusName=</code> should be set for all services connecting to D-Bus. (i.e. it is a must for those where <code>Type=dbus</code>, but might make sense otherwise, too) Omit this option if your service does not take a name on the bus.


BusName= should be set for all services connecting to D-Bus. (i.e. it is a must for those where Type=dbus, but might make sense otherwise, too) Omit this option if your service does not take a name on the bus.
<code>ExecStart=</code> is necessary for all services. This line defines the string that you would run to start the daemon, along with any necessary options.


ExecStart= is necessary for all services. This line defines the string that you would run to start the service daemon, along with any necessary options.
<code>ExecReload=</code> should be specified for all services supporting reload. It is highly recommended to add code here that synchronously reloads the configuration file here (i.e. <code>/bin/kill -HUP $MAINPID</code> is usually a poor choice, due to its asynchronous nature). Omit this option if your service does not support reloading.


ExecReload= should be specified for all services supporting reload. It is highly recommended to add code here that synchronously reloads the configuration file here (i.e. /bin/kill -HUP $MAINPID is usually a poor choice, due to its asynchronous nature). Omit this option if your service does not support reloading.


Finally, the .service file must have an [Install] section:
==== [Install] ====
Finally, the <code>.service</code> file should have an <code>[Install]</code> section:


<pre>
<pre>
Line 54: Line 89:
</pre>
</pre>


The recommended parameters for WantedBy are either multi-user.target (for most system services) or graphical.target (for services related to the UI).
The recommended parameters for <code>WantedBy=</code> are either <code>graphical.target</code> (services related to the graphical user interface) or <code>multi-user.target</code> (for everything else).  When the user (or our scriptlets) invoke <code>systemctl enable</code> the service will be set to start in these targets.


For more information regarding these options see http://0pointer.de/public/systemd-man/systemd.unit.html and http://0pointer.de/public/systemd-man/systemd.service.html
For more information regarding these options see http://0pointer.de/public/systemd-man/systemd.unit.html and http://0pointer.de/public/systemd-man/systemd.service.html


Strictly speaking ExecStart= (in the [Service] section) is the only option really necessary for a .service file. However, in Fedora you must add the other options mentioned here (as applicable).
=== EnvironmentFiles and support for /etc/sysconfig files ===


=== Support for /etc/sysconfig files ===
The <code>EnvironmentFiles=</code> line in the <code>[Service]</code> section of <code>.service</code> files is used to support loading environment variables that can be used in unit files. For instance, if your sysv-initscript used a file in /etc/sysconfig to set command line options, you can use <code>EnvironmentFiles=</code> like so:
If your service supports /etc/sysconfig files, then you must use
 
Use EnvironmentFile= to support /etc/sysconfig files. You may then refer to variables set in sysconfig files with ${FOOBAR} and $FOOBAR, in the ExecStart= lines (and related lines). (${FOOBAR} expands the variable into one word, $FOOBAR splits up the variable value at whitespace into multiple words) /etc/rc.d/init.d. A rpm macro exists for this directory, <code>%_initddir</code>. Note: The <code>%_initddir</code> macro does not exist on Fedora 9 or older releases, or on RHEL 5 or older. For those releases, you should use the deprecated <code>%_initrddir</code> macro.
 
 
 
=== Filesystem locations ==
Packages with Systemd unit files '''must''' put them into %{_unitdir}. %{_unitdir} evaluates to /lib/systemd/system/ on all Fedora systems. Unit files are architecture independent (hence, not %{_lib}) and needed early in the boot process.
 
 
 
Use EnvironmentFile= to support /etc/sysconfig files. You may then refer to variables set in sysconfig files with ${FOOBAR} and $FOOBAR, in the ExecStart= lines (and related lines). (${FOOBAR} expands the variable into one word, $FOOBAR splits up the variable value at whitespace into multiple words) /etc/rc.d/init.d. A rpm macro exists for this directory, <code>%_initddir</code>. Note: The <code>%_initddir</code> macro does not exist on Fedora 9 or older releases, or on RHEL 5 or older. For those releases, you should use the deprecated <code>%_initrddir</code> macro.
 
 
== Initscript packaging ==
Initscripts must not be marked as %config files.
 
Although init files live in /etc, they are scripts to be executed, not configured.  Any configuration should be made available through /etc/sysconfig/<service> rather than in the init script itself.  A valid exception to this rule would be existing packages where configuration is still done via the init file.  In this case, the init file could be marked as %config following the rules from the [[Packaging/Guidelines#Config|  Configuration files]]  section to preserve a users configuration upon upgrade, hopefully so that the user can migrate said configuration to a new /etc/sysconfig/<service> config file.
 
Init scripts should also have 0755 permissions.
 
{{Anchor|InitscriptScriptlets}}
=== Initscripts in spec file scriptlets ===


Example:
<pre>
<pre>
Requires(post): chkconfig
[Service]
Requires(preun): chkconfig
Type=forking
# This is for /sbin/service
EnvironmentFile=-/etc/sysconfig/httpd
Requires(preun): initscripts
ExecStart=/usr/sbin/httpd $OPTIONS
...
ExecReload=/usr/sbin/httpd $OPTIONS -k restart
%post
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add <script>
 
%preun
if [ $1 = 0 ] ; then
    /sbin/service <script> stop >/dev/null 2>&1
    /sbin/chkconfig --del <script>
fi
</pre>
</pre>


'if [ $1 = 0 ] ' checks that this is the actual deinstallation of
You may then refer to variables set in the <code>/etc/sysconfig/httpd</code> file with
the package, as opposed to just removing the old package on upgrade.
<code>${FOOBAR}</code> and <code>$FOOBAR</code>, in the <code>ExecStart=</code>
These statements stop the service, and remove the /etc/rc*.d links.
lines (and related lines). (<code>${FOOBAR}</code> expands the variable into
one word, <code>$FOOBAR</code> splits up the variable value at whitespace into
multiple words)


<pre>
The "-" on the <code>EnvironmentFile=</code> line ensures that no error messages is generated if the environment file does not exist. Since many of these files were optional in sysvinit, you should include the "-" when using this directive.
# This is for /sbin/service
Requires(postun): initscripts
...
%postun
if [ "$1" -ge "1" ] ; then
    /sbin/service <script> condrestart >/dev/null 2>&1 || :
fi
</pre>
 
'if [ "$1" -ge "1" ]  checks that this is an upgrade of the package.
If so, restart the service if it's running. (This may not be appropriate
for all services.)


=== Why don't we.... ===
=== Fields to avoid ===
For most services, we do not want to use requirement dependencies in the
<code>[Unit]</code> section, such as <code>Requires=</code> or
<code>Wants=</code>. Instead exclusively use ordering dependencies: <code>Before=</code> and
<code>After=</code>. This is used to implement loose coupling: if someone asks two services
to start at the same time, systemd will properly order their startup but not
make it strictly necessary to run one if the other is started.


* run 'chkconfig <service> on'?
If you use a requirement dependency, use <code>Wants=</code> rather than
<code>Requires=</code>, to make things a little bit more robust. If you use a
requirement dependency in almost all cases you should also add an ordering
dependency, as ordering and requirement dependencies are orthogonal in systemd.


If a service should be enabled by default, make this the default
Here's an example of this common case:
in the init script. Doing otherwise will cause the service to be
# A web application needs postgresql to store its data.
turned on on upgrades if the user explicitly disabled it.
# It is set to start <code>After</code> postgresql.  On startup, the web application does not start until postgresql does.
# Once running, the system administrator needs to restart postgresql due to a config tweak.
# Since only <code>After</code> was used, the web application may be temporarily unable to serve some requests but it does not need to restart in order to serve pages after the database comes back up.


Note that the default for most network-listening scripts is
Avoid referring to <code>runlevelX.target</code> units in all lines taking unit names (such as <code>WantedBy</code>), these are legacy names existing for compatibility with SysV only.
off. This is done for better security. We have multiple tools
that can enable services, including GUIs.


* start the service after installation?
Avoid <code>Names=</code> (in the <code>[Unit]</code> section). Usually it is a
better idea to symlink an additional name in the file system. Note that a name
listed in <code>Names=</code> is only useful when a service file is already loaded. However,
systemd loads only the service files actually referred to in another loaded
service, and uses the filenames during the search. Hence a name in <code>Names=</code> is
not useful as a search key, but a symlink in the file system is. Also do not
put a (redundant) <code>Names=foobar.service</code> line into a file called <code>foobar.service</code>.
We want to keep our service files short.


Installations can be in changeroots, in an installer context, or
Unit files should avoid using <code>StandardOutput=</code> or <code>StandardError=</code>. The default is the right choice for almost all cases, and using the default allows users to change global defaults in /etc/systemd/system.conf.
in other situations where you don't want the services started.


== Initscript template ==
=== Example Unit file ===
Below is the template for Fedora SysV-style initscripts. The sections are explained in detail below.
This is an example systemd unit <code>.service</code> file for ABRT:


<pre>
<pre>
#!/bin/sh
[Unit]
#
Description=ABRT Automated Bug Reporting Tool
# <daemonname> <summary>
#
# chkconfig:  <default runlevel(s)> <start> <stop>
# description: <description, split multiple lines with \
#              a backslash>


### BEGIN INIT INFO
[Service]
# Provides:
Type=dbus
# Required-Start:
BusName=com.redhat.abrt
# Required-Stop:
ExecStart=/usr/sbin/abrtd -d -s
# Should-Start:
# Should-Stop:
# Default-Start:
# Default-Stop:
# Short-Description:
# Description:     
### END INIT INFO


# Source function library.
[Install]
. /etc/rc.d/init.d/functions
WantedBy=multi-user.target
 
exec="/path/to/<daemonname>"
prog="<service name>"
config="<path to major config file>"
 
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
 
lockfile=/var/lock/subsys/$prog
 
start() {
    [ -x $exec ] || exit 5
    [ -f $config ] || exit 6
    echo -n $"Starting $prog: "
    # if not running, start it up here, usually something like "daemon $exec"
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}
 
stop() {
    echo -n $"Stopping $prog: "
    # stop it here, often "killproc $prog"
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}
 
restart() {
    stop
    start
}
 
reload() {
    restart
}
 
force_reload() {
    restart
}
 
rh_status() {
    # run checks to determine if the service is running or use generic status
    status $prog
}
 
rh_status_q() {
    rh_status >/dev/null 2>&1
}
 
 
case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
        restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
        exit 2
esac
exit $?
</pre>
</pre>


== Chkconfig Header ==
== Activation ==
Every Fedora SysV-style initscript must contain a chkconfig header. This header is composed of two parts, a "# chkconfig:" line, and a "# description:" line.
Systemd allows for three forms of activated services: [[#Hardware activation]], [[#Socket activation]], and [[#DBus activation]].


=== # chkconfig: line ===
=== Hardware activation ===
The <code>chkconfig: </code> line in a SysV-style initscript is used to determine the runlevels in which the service should be started by default. It is also used to set the "priority", or order in which the services are started within a runlevel. All Fedora SysV-style initscripts must have this line.
Hardware activation occurs when a service is installed but only turns on if a certain type of hardware is installed.  Enabling of the service is normally done with a udev rule.  At this time we do not have further guidance on how to write those udev rules.  The service itself installs its <code>.service</code> files in the normal places and are installed by the normal [[Packaging:ScriptletSnippets#Systemd | systemd scriptlets]].  These services should never be enabled by the package as they will be enabled by udev.


<pre>
=== Socket activation ===
# chkconfig: <startlevellist> <startpriority> <endpriority>
Socket activation occurs when a service allows systemd to listen for
</pre>
connections to a specific socket and, when systemd receives a connection on
 
that socket, it starts the service.  To do this, the upstream source needs to
* <startlevellist> is a list of the runlevels for which the service should be started by default. Only services which are really required for a vital system should define runlevels here. If no runlevels are defined, a <code>-</code> should be used in place of the runlevels list.
have some minor coding work to let systemd listen for connections on the socket
* <startpriority> is the "priority" weight for starting the service. Services are started in numerical order, starting at 0.
and there needs to be a <code>.socket</code> file in
* <endpriority> is the "priority" weight for stopping the service. Services are stopped in numerical order, starting at 0. By default, you should set the <endpriority> equal to 100 - <startpriority>.
<code>%{_lib}/systemd/system/</code> that tells systemd to listen to that
 
socket and what to start when a connection is received. This is similar in
For example:
function to inetd and some, but not all, services coded to work with inetd will
<pre>
work with socket activation.
# chkconfig: 2345 20 80
</pre>


This means that the service will start by default on runlevels 2, 3, 4, and 5, with a startup priority of 20, and a shutdown priority of 80.
{{admon/note||
Currently we do not have guidance on how to write socket files as this is something that needs upstream code and they can add a proper <code>.socket</code> file at the same time.}}


More commonly, the service is off by default on all runlevels, which looks like this:
However, socket activation can also be used to allow parallel startup of services.  If a service supports systemd socket activation as described above and we additionally start it explicitly on boot, then systemd will start it but allow things that depend on it to startup at the same time.  If the dependent service makes a request to the socket activatable service before it has come up, then systemd will cause the request to wait until the socket activatable service has come up and can process the request.  To achieve this effect, the service must be socket activatable as described above, the <code>.service</code> file for the service needs to have a <code>Wants=</code> line for the <code>.socket</code>, and the service must autostart.
<pre>
# chkconfig: - 20 80
</pre>
=== # description: line ===
The second line in the chkconfig header contains a description for the service. All Fedora SysV-style initscripts must have this line.


<pre>
Note that certain socket activated services (notably network listening ones) require FESCo approval - see [[Packaging:DefaultServices]] for details.  Once you have permission, you can package the <code>.socket</code> file and use the systemd scriptlets that enable the service by default.  You need to also check the <code>.service</code> file to make sure it has a <code>Wants=</code> entry on the <code>.socket</code> file as that ensures that starting the service will also inform systemd of the socket.
# description: <description of service>
</pre>


The description of service may be more than one line long, continued with '\' characters.  The initial comment and following whitespace on any additional lines are ignored, but should be used.
=== Timer activation ===


For example:
All packages with timed execution which already depend on systemd (for example
<pre>
because they contain systemd units) must use timer units instead of cron jobs,
# description: Saves and restores system entropy pool for \
with no dependency or requirements on a crontab.
#              higher quality random number generation.
</pre>


== LSB Header ==
Packages which do not already depend or require systemd must not use timer units
LSB Headers are not required for Fedora SysV-style initscripts, but they may be used. There is no requirement in the LSB certification for any system scripts to be LSB compliant, and it can cause issues with ordering.
but instead depend and have requirement on crontabs, to avoid introducing
unnecessary new dependencies on systemd directly.


If LSB Headers are used in a Fedora SysV-style initscript, it must follow these guidelines.
=== DBus activation ===
In order to allow parallel startup of a D-Bus service and its consumers it is essential that D-Bus services can be bus activated and the D-Bus activation request is forwarded from the D-Bus system bus to systemd so that you end up with only a single instance of the service, even if a service is triggered by both boot-up and activation.  If historically your D-Bus service was not bus-activated but started via a SysV init script, it should be updated to use bus activation.  This may be implemented by dropping a D-Bus <code>.service</code> file in <code>/usr/share/dbus-1/system-services/</code> and use the <code>SystemdService=</code> directive therein to redirect the activation to systemd.


The LSB Header is composed of the following sections:
{{admon/note|.service|systemd and D-Bus both use the <code>.service</code> file
* <code># Provides:</code>
suffix but they are different things. In a systemd driven init process, the
* <code># Required-Start:</code>
D-Bus <code>.service</code> file will often refer to the systemd <code>.service</code> file for the same
* <code># Required-Stop:</code>
program with the <code>SystemdService</code> directive.}}
* <code># Should-Start:</code>
* <code># Should-Stop:</code>
* <code># Default-Start:</code>
* <code># Default-Stop:</code>
* <code># Short-Description:</code>
* <code># Description:</code>


=== Boundary Comments ===
Here's an example for a D-Bus bus-activable service. The ConsoleKit bus activation file /usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service:
The LSB Header is bounded by comments, specifically, the beginning of the header is marked with:
<pre>
### BEGIN INIT INFO
</pre>


The end of the LSB Header is marked with:
<pre>
<pre>
### END INIT INFO
[D-BUS Service]
Name=org.freedesktop.ConsoleKit
Exec=/usr/sbin/console-kit-daemon --no-daemon
User=root
SystemdService=console-kit-daemon.service
</pre>
</pre>


All LSB Header entries must have these boundary comments.
And the matching systemd unit file /lib/systemd/system/console-kit-daemon.service:
 
=== Facility Names ===
 
Boot facilities are used to indicate dependencies in initialization scripts. Facility names are assigned to scripts by the Provides: keyword. Facility names that begin with a dollar sign ('$') are reserved system facility names. Facility names are only recognized in the context of the initscript comment block (LSB Header) and are not available in the body of the init script. In particular, the use of the leading '$' character does not imply system facility names are subject to shell variable expansion, since they appear inside comments.
 
LSB compliant init implementations are supposed to provide the following system facility names:
 
* $local_fs:: all local file systems are mounted
* $network:: basic networking support is available. Example: a server program could listen on a socket.
* $named:: IP name-to-address translation, using the interfaces described in this specification, are available to the level the system normally provides them. Example: if a DNS query daemon normally provides this facility, then that daemon has been started.
* $portmap:: daemons providing SunRPC/ONCRPC portmapping service as defined in RFC 1833: Binding Protocols for ONC RPC Version 2 (if present) are running.
* $remote_fs:: all remote file systems are available. In some configurations, file systems such as /usr may be remote. Many applications that require $local_fs will probably also require $remote_fs.
* $syslog:: system logger is operational.
* $time:: the system time has been set, for example by using a network-based time program such as ntp or rdate, or via the hardware Real Time Clock.
 
Other (non-system) facilities may be defined in the <code># Provides:</code> line in the LSB Header.
 
=== # Provides: line ===
The <code># Provides:</code> line in the LSB Header lists any boot facilities that this service provides. Other services can reference these boot facilities in their <code># Required-Start:</code> and <code># Required-Stop:</code> lines.


<pre>
<pre>
# Provides: boot_facility_1 [boot_facility_2...]
[Unit]
</pre>
Description=Console Manager


When an initscript is run with a start argument, the boot facility or facilities specified by the Provides keyword shall be deemed present and hence init scripts which require those boot facilities should be started later. When an initscript is run with a stop argument, the boot facilities specified by the Provides keyword are deemed no longer present.
[Service]
 
Type=dbus
In Fedora, a <code># Provides:</code> line listing the name of the service that the initscript starts is not needed as the name of the service is implicitly Provided.
BusName=org.freedesktop.ConsoleKit
 
ExecStart=/usr/sbin/console-kit-daemon --no-daemon
=== # Required-Start: line ===
The <code># Required-Start:</code> line in the LSB Header lists any boot facilities which must be available during startup of this service.
 
<pre>
# Required-Start: boot_facility_1 [boot_facility_2...]
</pre>
</pre>


This line is optional, if an initscript has no need for requiring other boot facilities before starting, it should be omitted.
As you can see <code>SystemdService=</code> is used in the D-Bus activation file to bind the systemd service to the D-Bus service.


=== # Required-Stop: line ===
Traditionally, bus activated D-Bus services could not be disabled without
The <code># Required-Stop:</code> line in the LSB Header lists any boot facilities which should '''NOT''' be stopped before shutting down this service.
uninstalling them entirely.  systemd allows you to disable services by making
D-Bus invoke an alias systemd service name (that can be created or removed to
enable/disable activation) as an intermediary for the real service.


<pre>
You can easily implement disabling by directing the D-Bus service to an alias
# Required-Stop: boot_facility_1 [boot_facility_2...]
name of the real service file (in the filesystem this shows up as a symlink
</pre>
placed in /etc/systemd/system to the real service file). This alias is then
 
controlled via "systemctl enable" and "systemctl disable". It is a good idea
This line is optional, if an initscript has no need for requiring that other boot facilities must be stopped only after it has shutdown, then the line should be omitted.
(though technically not necessary) to name this alias name after the D-Bus bus
 
name of the service, prefixed with "dbus-". Example for Avahi, a service that
=== # Should-Start: line ===
the admin might need to disable: set
The <code># Should-Start:</code> line in the LSB Header lists any facilities, which, if present, should be available during startup of this service. The intent is to allow for "optional" dependencies which do not cause the service to fail if a facility is not available.
<code>SystemdService=dbus-org.freedesktop.Avahi.service</code> instead of
<code>SystemdService=avahi-daemon.service</code> in the D-Bus activation file, and then make
<code>dbus-org.freedesktop.Avahi.service</code> an optional alias of avahi-daemon.service
that can be controlled via the <code>Alias=</code> directive in the <code>[Install]</code> section of the
systemd service file. This directive is then read by "systemctl enable" and
"systemctl disable" to create resp. remove a symlink to make the service
available resp. unavailable under this additional name. A full example for the
Avahi case:


Here is the D-Bus .service file for Avahi (/usr/share/dbus-1/system-services/org.freedesktop.Avahi.service):
<pre>
<pre>
# Should-Start: boot_facility_1 [boot_facility_2...]
[D-BUS Service]
</pre>
Name=org.freedesktop.Avahi
 
SystemdService=dbus-org.freedesktop.Avahi.service
This line is optional, if an initscript has no use for starting other optional dependencies before hand, it should be omitted.
 
=== # Should-Stop: line ===
The <code># Should-Stop:</code> line in the LSB Header lists any facilities, which, if present, should only be stopped after shutting down this service. The intent is to allow for "optional" dependencies which do not cause the service to fail if a facility is not available.


<pre>
# This service should not be bus activated if systemd isn't running,
# Should-Stop: boot_facility_1 [boot_facility_2...]
# so that activation won't conflict with the init script startup.
Exec=/bin/false
</pre>
</pre>


This line is optional, if an initscript has no use for preventing other optional dependencies from stopping until after it has shutdown, the line should be omitted.
Here is the Avahi systemd unit <code>.service</code> file (/lib/systemd/system/avahi-daemon.service):
 
=== How LSB Provides actually work in Fedora ===
Fedora uses chkconfig for script enablement (chkconfig --add) and script activation/deactivation (chkconfig on/chkconfig off). When these tasks occur, the LSB dependencies are read, and the start and stop priorities of the scripts are then adjusted to satisfy those dependencies.
 
What this means:
 
* LSB header dependencies are honored (albeit in a static mechanism)
* If you use LSB headers, your start and stop priority may end up being different than what is in the <code># chkconfig:</code> line
 
=== # Default-Start: line ===
The <code># Default-Start:</code> line in the LSB Header lists the runlevels for which the service will be enabled by default. These runlevels are space-separated, unlike the Chkconfig header.


<pre>
<pre>
# Default-Start: run_level_1 [run_level_2...]
[Unit]
</pre>
Description=Avahi mDNS/DNS-SD Stack
Requires=avahi-daemon.socket


Each Fedora SysV-style initscript which needs to start by default in any runlevel must include this line in the LSB Header, and it must match the list of runlevels defined for startup in the Chkconfig header. Only services which are really required for a vital system should define runlevels here. If the service does not start by default in any runlevel, this line should be omitted.
[Service]
Type=dbus
BusName=org.freedesktop.Avahi
ExecStart=/usr/sbin/avahi-daemon -s
ExecReload=/usr/sbin/avahi-daemon -r
NotifyAccess=main


For example, if a service starts by default in runlevels 3, 4, and 5 only, the LSB Header in the initscript would specify:
[Install]
 
WantedBy=multi-user.target
<pre>
Also=avahi-daemon.socket
# Default-Start: 3 4 5
Alias=dbus-org.freedesktop.Avahi.service
</pre>
</pre>


More commonly, the service does not start by default in any runlevel. In this case, the line should be omitted.
The <code>Alias=</code> line ensures that the existance of the /etc/systemd/system/dbus-org.freedesktop.Avahi.service symlink can be controlled by "systemctl enable" and "systemctl disable".


=== # Default-Stop: line ===
Note that the creation/removal of the alias symlinks should be done with "systemctl enable" and "systemctl disable" only. You should not create these symlinks manually.
The <code># Default-Stop:</code> line in the LSB Header lists the runlevels for which the service will not be started by default. These runlevels are space-separated, and must contain all of the numeric runlevels not used in the <code># Default-Start:</code> line.


<pre>
In general, it is also recommended to supply native systemd units for all services that are already bus activatable, so that these services can be controlled and supervised centrally like any other service with tools such as systemctl. A similar logic like the one shown above should apply.
# Default-Stop: run_level_1 [run_level_2...]
</pre>


Each Fedora SysV-style initscript which needs to start by default in any runlevel must include this line in the LSB Header (if the <code># Default-Start:</code> line is present, then there must also be a <code># Default-Stop:</code> line.). If the service does not start by default in any runlevel, this line should be omitted.
See the D-Bus documentation for more information about bus activation: http://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-starting-services
 
For example, if a service starts by default in runlevels 3, 4, and 5 only, then the <code># Default-Stop:</code> line in the LSB Header must specify runlevels 0, 1, 2, and 6:


== Automatic restarting ==
If you package a long-running service, please consider enabling systemd's automatic restart feature for it, to improve reliability by making sure the system automatically attempts recovering a failing daemon. Please use
<pre>
<pre>
# Default-Stop: 0 1 2 6
[Service]
...
Restart=on-failure
</pre>
</pre>
 
or
Note that the runlevels must be explicitly set in the <code># Default-Stop:</code> line, there are no automatic default settings derived from the <code># Default-Start:</code> line.
 
=== # Short-Description: line ===
The <code># Short-Description:</code> line in the LSB Header provides a brief summary of the actions of the init script. This must be no longer than a single, 80 character line of text.
 
<pre>
<pre>
# Short-Description: This service is a mail server.
[Service]
...
Restart=on-abnormal
</pre>
</pre>
in your unit's <code>.service</code> file for this.


All Fedora SysV-style initscripts must contain the <code># Short-Description:</code> line in the LSB Header. It can be considered roughly equivalent to the <code>Summary:</code> field in an RPM spec file.
The former will tell systemd to restart the daemon as soon as it fails regardless of the precise reason. It's a good choice for most long-running services. Some daemons require a way to escape constant restarting by exiting with any non-zero exit code. For those services use <code>Restart=on-abnormal</code>, which will still restart the daemon when it fails "abnormally", on unclean signal, core dump, timeout or watchdog exits, but not on unclean exit codes. It is recommended to to enable automatic restarts for all long-running services, but which setting is the right one, and whether it is useful at all depends on the specific service. Please consult the <code>systemd.service(5)</code> man page for more information on the various settings.


=== # Description: line ===
== Private devices and networking ==
The <code># Description:</code> line in the LSB Header provides a more complete description of the actions of the initscript. It may span mulitple lines, where each continuation line must begin with a '#' followed by tab character or a '#' followed by at least two space characters. The multiline description is terminated by the first line that does not match this criteria.


Example:
If you package a long-running system service, please consider enabling systemd's <code>PrivateDevices=</code> and <code>PrivateNetwork=</code> settings for it, in order to improve security and minimize the attack surface.
<pre>
# Description: Bluetooth services for service discovery, authentication,
#              Human Interface Devices, etc.
</pre>


All Fedora SysV-style initscripts must contain the <code># Description:</code> line in the LSB Header. It can be considered roughly equivalent to the <code>%description</code> section in an RPM spec file. It must contain the same text as the <code># description:</code> line in the chkconfig header.
When <code>PrivateDevices=yes</code> is set in the [Service] section of a systemd service unit file, the processes run for the service will run in a private file system namespace where /dev is replaced by a minimal version that only includes the device nodes /dev/null, /dev/zero, /dev/full, /dev/urandom, /dev/random, /dev/tty as well as the submounts /dev/shm, /dev/pts, /dev/mqueue, /dev/hugepages, and the /dev/stdout, /dev/stderr, /dev/stdin symlinks. No device nodes for physical devices will be included, however. Furthermore, the CAP_MKNOD capability is removed. Finally, the "devices" cgroup controller is used to ensure that no access to device nodes except the listed ones is possible. This is an efficient way to take away physical device access for services, thus minimizing the attack surface.


=== LSB Header Example ===
When <code>PrivateNetwork=yes</code> is set in the [Service] section of a systemd service unit file, the processes run for the service will run in a private network namespace whith a private loopback network interface, and no other network devices. Network communication between host and service can not be initiated. This is an efficient way to take away network access for services, thus minimizing the attack surface.
Here is a complete LSB Header to illustrate the correct use of the LSB Headers:


<pre>
By default both switches default to "no".
### BEGIN INIT INFO
# Provides: OurDB
# Required-Start: $local_fs $network $remote_fs
# Required-Stop: $local_fs $network $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop OurDB
# Description: OurDB is a very fast and reliable database
#              engine used for illustrating init scripts
### END INIT INFO
</pre>


LSB Headers are not required for Fedora SysV-style initscripts, but if it is used in the initscript, then <code>#Provides:</code>, <code># Short-Description:</code>, and <code># Description:</code> are required to be present.
Note that <code>PrivateDevices=yes</code> should not be used for:


== Initialization of Environment Variables ==
* Services that actually require physical device access
Since initscripts may be run manually by a system administrator with non-standard environment variable values for PATH, USER, LOGNAME, etc., init scripts should not depend on the values of these environment variables. They should be set to known/default values if they are needed.
* Services which may be used to execute arbitrary user or administrator supplied programs (such as cron, ...). We shouldn't limit what people can do with these services.
* This option creates a new file system namespace where mount/umount propagation is turned off back into the host. This means that mounts made by the service will stay private to the service. Thus this option should not be used by services which shall be able to establish mounts in the host.


== Required Actions ==
Note that <code>PrivateNetwork=yes</code> should not be used for:
All SysV-style initscripts in Fedora must have implementations of the following actions:


* start: starts the service
* Services that actually require network access (with the exception of daemons only needing socket activation)
* stop: stops the service
* Services which may be used to execute arbitrary user or administrator supplied programs. (see above)
* restart: stop and restart the service if the service is already running, otherwise just start the service
* Services which might need to resolve non-system user and group names. Since on some setups resolving non-system users might require network access to an LDAP or NIS server, enabling this option on might break resolving of these user names. Note however that system users/groups are always resolvable even without network access. Hence it is safe to enable this option for daemons which just need to resolve their own system user or group name.
* condrestart (and try-restart): restart the service if the service is already running, if not, do nothing
* This also disconnects the AF_UNIX abstract namespace from the host (In case you wonder what this refers to: sockets listed in /proc/net/unix that start with an @ are in the abstract namespace, those which start in / are in the file system namespace). This means that services which listen or connect to AF_UNIX sockets in the abstract namespaces might break. AF_UNIX sockets in the file system continue to work correctly even with PrivateNetwork?=yes. We strongly recommend anyway to stop using abstract namespace AF_UNIX sockets, as they bring very little benefit these days. If your package uses them please consider moving them into the file system into a subdirectory in /run (system services) or $XDG_RUNTIME_DIR (user services).
* reload: reload the configuration of the service without actually stopping and restarting the service (if the service does not support this, do nothing)
* This also disconnects the AF_NETLINK and AF_AUDIT socket families from the host. For services requiring auditing, that need to subscribe to network configuration changes, or want to subscribe to hardware devices coming and going (udev) PrivateNetwork?=yes cannot be used hence.
* force-reload: reload the configuration of the service and restart it so that it takes effect
* status: print the current status of the service
* usage: by default, if the initscript is run without any action, it should list a "usage message" that has all actions (intended for use)


=== condrestart and try-restart ===
For further details see the systemd.exec(5) man page.
Fedora SysV-style initscripts must support both the '''condrestart''' and '''try-restart''' action. These two actions are intended to serve an identical purpose, and must not differ in behavior. In fact, it is highly recommended that packagers implement '''condrestart''' and '''try-restart''' as equivalent options in the case statement:


<pre>
= Packaging =
condrestart|try-restart)
    rh_status_q || exit 0
    restart
    ;;
</pre>
 
== Initscripts must be on their best behavior ==
Fedora SysV-style initscripts must behave sensibly if they are started when the service is already running, or stopped when the service is not running. They must not kill unrelated (but perhaps, similarly-named) user processes as a result of their normal actions. The best way to achieve this is to use the init-script functions provided by /etc/rc.d/init.d/functions :
 
<pre>
# Source function library.
. /etc/rc.d/init.d/functions
</pre>
 
If a service reloads its configuration automatically (as in the case of cron, for example), the reload action of the initscript must behave as if the configuration was reloaded successfully. The restart, condrestart, try-restart, reload and force-reload actions may be atomic; that is if a service is known not to be operational after a restart or reload, the script may return an error without any further action.
 
== Exit Codes for the Status Action ==
If the status action is requested, the initscript must return the correct exit status code, from this list:
 
<pre>
0: program is running or service is OK
1: program is dead and /var/run pid file exists
2: program is dead and /var/lock lock file exists
3: program is not running
4: program or service status is unknown
5-99: reserved for future LSB use
100-149: reserved for distribution use
150-199: reserved for application use
200-254: reserved
</pre>
 
Fedora does not currently define any distribution specific status codes.
 
== Exit Codes for non-Status Actions ==
For all other initscript actions, the init script must return an exit status of zero if the action was successful. In addition to straightforward success, the following situations are also to be considered successful:
 
* restarting a service (instead of reloading it) with the '''force-reload''' argument
* running '''start''' on a service already running
* running '''stop''' on a service already stopped or not running
* running '''restart''' on a service already stopped or not running
* running '''condrestart''' or '''try-restart''' on a service already stopped or not running
 
In case of an error while processing any non-Status initscript action, the initscript must print an error message and exit with the appropriate non-zero status code:
 
<pre>
1: generic or unspecified error (current practice)
2: invalid or excess argument(s)
3: unimplemented feature (for example, "reload")
4: user had insufficient privilege
5: program is not installed
6: program is not configured
7: program is not running
8-99: reserved for future LSB use
100-149: reserved for distribution use
150-199: reserved for application use
200-254: reserved
</pre>


Fedora does not currently define any distribution specific status codes.
== Filesystem locations ==
Packages with systemd unit files '''must''' put them into <code>%{_unitdir}</code>. <code>%{_unitdir}</code> evaluates to /lib/systemd/system on all Fedora systems (F-15+). Unit files are architecture independent (hence, not <code>%{_lib}</code>) and needed early in the boot process.


== Other Actions ==
Please note that in order for the <code>%{_unitdir}</code> macro to exist, your package must have:
You are not prohibited from adding other commands, but you should list all commands which you intend to be used interactively to the usage message.
 
== Functions in /etc/init.d/functions ==
Here are some commonly used functions provided by /etc/init.d/functions:
 
=== daemon function ===
Starts a daemon, if it is not already running.  Does other useful things like keeping the daemon from dumping core if it terminates unexpectedly.
<pre>
<pre>
daemon  [ --check <name> ]  [ --user <username>]
BuildRequires: systemd
        [+/-nicelevel]  program [arguments]  [&]
 
        --check <name>:
          Check that <name> is running, as opposed to simply the
          first argument passed to daemon().
        --user <username>:
          Run command as user <username>
</pre>
</pre>


=== killproc function ===
== %files section ==
Sends a signal to the program; by default it sends a SIGTERM, and if the process doesn't die, it sends a SIGKILL a few seconds later.
Systemd unit <code>.service</code> files must not be marked as <code>%config</code> files.
It also tries to remove the pidfile, if it finds one.
<pre>
killproc program [signal]
</pre>


=== pidofproc function ===
== Unit files in spec file scriptlets ==
Tries to find the pid of a program; checking likely pidfiles, and using the pidof program.  Used mainly from within other functions in this file, but also available to scripts.
Information on proper handling of unit files in spec file scriptlets can be found here: [[:Packaging:Scriptlets#Systemd]]
<pre>
pidofproc program
</pre>


=== status function ===
== Tmpfiles.d ==
Prints status information. Assumes that the program name is the same as the servicename.
tmpfiles.d is a service provided systemd in Fedora 15 and later for managing temporary files and directories for daemons. For more information on how to use Tmpfiles.d in Fedora Packages, please see: [[:Packaging:Tmpfiles.d]]


<pre>
== Why don't we.... ==
status program
</pre>
 
Note that this is different from the Status action, this is a function that is usually used when the Status action is executed:
 
<pre>
case "$1" in
 
...


  status)
* Start the service after installation?
        status hcid
        RETVAL=$?
        ;;


...
Installations can be in changeroots, in an installer context, or in other situations where you don't want the services autostarted.
</pre>

Latest revision as of 18:24, 25 January 2018

Fedora systemd Services

This document describes the guidelines for systemd services, for use and inclusion in Fedora packages.

Definitions

Since systemd includes some concepts which are extensions of previous concepts, the following definitions may be useful:

Service: A process or task executed and controlled by the init system (e.g. systemd).
Traditional Service: A service which is explicitly started or stopped, either by the init system at boot or manually by a superuser. In systemd, one of several types of service controlled by a .service file.
Activated service: A service that is not (or not necessarily) started explicitly by the user but start when certain other events happen or certain state becomes true.
Socket-activated Service: A service which is waiting for traffic across a socket before activating. In systemd, controlled by a .socket file.
D-Bus service: A service which activates in response to a message from the D-Bus system bus.
Unit file: The systemd equivalent of a SysV initscript.

Unit Files

Each package that contains software that wants/needs to start a traditional service at boot MUST have a systemd unit file.

Ideally, systemd unit files are reusable across distributions and shipped with the upstream packages. Please consider working with upstream to integrate the systemd files you prepare in the upstream sources. Information for developers on how to integrate systemd support best with their build system you may find on http://0pointer.de/public/systemd-man/daemon.html

Migrating from SysV Initscripts with non-standard service commands
Packages which have SysV initscripts that contain 'non-standard service commands' (commands besides start, stop, reload, force-reload, status, restart, or try-restart) must convert those commands into standalone helper scripts. Systemd does not support non-standard unit commands.

Naming

Unit files for traditional services have a naming scheme of foobar.service. When considering what basename to use, keep in mind that we'd like to use the same service names for software across distributions. We'd also like to ship the .service files in the upstream packages. These desires create a few guides for naming a unit file:

  • Follow upstream if they're already distributing a .service file and it's not likely to conflict with other packages.
  • Look at packages in other distros or talk with the maintainers of those packages and upstream to try to come up with a common name.
  • Unit files should be named after the software implementation that they support as opposed to the generic type of software. So, a good name would be apache-httpd.service and bad names would be httpd.service or apache.service as there are multiple httpd implementations and multiple projects produced by the apache foundation.

For backwards compatibility you may also want to create a symlink from an older, name to the new name. In the above example, for instance, Fedora has always used httpd for the service. When creating the new apache-httpd.service file, also create a symlink named httpd.service that points at apache-httpd.service. Then end users that are used to using service httpd will have it continue to work.

Basic format

Case Sensitivity
All fields in a unit file are case sensitive.

[Unit]

Every .service file must begin with a [Unit] section:

[Unit]
Description=A brief human readable string describing the service (not the .service file!)
Documentation=man:foo.service(8) man:foo.conf(5) http://www.foo.org/docs/

The Description= line must not exceed 80 characters, and must describe the service, and not the .service file. For example, "Apache Web Server" is a good description, but "Starts and Stops the Apache Web Server" is a bad one.

Documentation field

Systemd in Fedora 17+ has support for defining documentation in unit files via the Documentation= field (it is ignored in older releases, so it is safe to keep one systemd unit file across all branches). System administrators will be looking at the contents of the Documentation= field to determine what the service is, how to configure it, and where to locate additional documentation relating to the service. Accordingly, packagers are strongly encouraged to include any available sources in the Documentation= field which provide this information. If a man page or info page is present in the package, refer to it using "man:manpage" or "info:infofile" respectively. If the documentation is in plaintext, use "​file://path/to/file". Lastly, if no local documentation exists in the package, but it exists at a url, use the URL (with ​http://) in this field. Multiple URIs can be added to the Documentation= field, as a space separated list. For details on URI definitions and formatting, please refer to the uri(7) manpage (man uri).

[Service]

Next, the .service file must have a [Service] section:

[Service]
Type=...
ExecStart=...
ExecReload=...

The Type= setting is very important. For D-Bus services this should be "dbus", for traditional services "forking" is usually a good idea, for services not offering any interfaces to other services "simple" is best. For "one-shot" scripts "oneshot" is ideal, often combined with RemainAfterExit=. See http://0pointer.de/public/systemd-man/systemd.service.html for further discussion on the topic. Since "simple" is the default type, .service files which would normally set Type=simple may simply omit the Type line altogether.

BusName= should be set for all services connecting to D-Bus. (i.e. it is a must for those where Type=dbus, but might make sense otherwise, too) Omit this option if your service does not take a name on the bus.

ExecStart= is necessary for all services. This line defines the string that you would run to start the daemon, along with any necessary options.

ExecReload= should be specified for all services supporting reload. It is highly recommended to add code here that synchronously reloads the configuration file here (i.e. /bin/kill -HUP $MAINPID is usually a poor choice, due to its asynchronous nature). Omit this option if your service does not support reloading.


[Install]

Finally, the .service file should have an [Install] section:

[Install]
WantedBy=...

The recommended parameters for WantedBy= are either graphical.target (services related to the graphical user interface) or multi-user.target (for everything else). When the user (or our scriptlets) invoke systemctl enable the service will be set to start in these targets.

For more information regarding these options see http://0pointer.de/public/systemd-man/systemd.unit.html and http://0pointer.de/public/systemd-man/systemd.service.html

EnvironmentFiles and support for /etc/sysconfig files

The EnvironmentFiles= line in the [Service] section of .service files is used to support loading environment variables that can be used in unit files. For instance, if your sysv-initscript used a file in /etc/sysconfig to set command line options, you can use EnvironmentFiles= like so:

Example:

[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/httpd
ExecStart=/usr/sbin/httpd $OPTIONS
ExecReload=/usr/sbin/httpd $OPTIONS -k restart

You may then refer to variables set in the /etc/sysconfig/httpd file with ${FOOBAR} and $FOOBAR, in the ExecStart= lines (and related lines). (${FOOBAR} expands the variable into one word, $FOOBAR splits up the variable value at whitespace into multiple words)

The "-" on the EnvironmentFile= line ensures that no error messages is generated if the environment file does not exist. Since many of these files were optional in sysvinit, you should include the "-" when using this directive.

Fields to avoid

For most services, we do not want to use requirement dependencies in the [Unit] section, such as Requires= or Wants=. Instead exclusively use ordering dependencies: Before= and After=. This is used to implement loose coupling: if someone asks two services to start at the same time, systemd will properly order their startup but not make it strictly necessary to run one if the other is started.

If you use a requirement dependency, use Wants= rather than Requires=, to make things a little bit more robust. If you use a requirement dependency in almost all cases you should also add an ordering dependency, as ordering and requirement dependencies are orthogonal in systemd.

Here's an example of this common case:

  1. A web application needs postgresql to store its data.
  2. It is set to start After postgresql. On startup, the web application does not start until postgresql does.
  3. Once running, the system administrator needs to restart postgresql due to a config tweak.
  4. Since only After was used, the web application may be temporarily unable to serve some requests but it does not need to restart in order to serve pages after the database comes back up.

Avoid referring to runlevelX.target units in all lines taking unit names (such as WantedBy), these are legacy names existing for compatibility with SysV only.

Avoid Names= (in the [Unit] section). Usually it is a better idea to symlink an additional name in the file system. Note that a name listed in Names= is only useful when a service file is already loaded. However, systemd loads only the service files actually referred to in another loaded service, and uses the filenames during the search. Hence a name in Names= is not useful as a search key, but a symlink in the file system is. Also do not put a (redundant) Names=foobar.service line into a file called foobar.service. We want to keep our service files short.

Unit files should avoid using StandardOutput= or StandardError=. The default is the right choice for almost all cases, and using the default allows users to change global defaults in /etc/systemd/system.conf.

Example Unit file

This is an example systemd unit .service file for ABRT:

[Unit]
Description=ABRT Automated Bug Reporting Tool

[Service]
Type=dbus
BusName=com.redhat.abrt
ExecStart=/usr/sbin/abrtd -d -s

[Install]
WantedBy=multi-user.target

Activation

Systemd allows for three forms of activated services: #Hardware activation, #Socket activation, and #DBus activation.

Hardware activation

Hardware activation occurs when a service is installed but only turns on if a certain type of hardware is installed. Enabling of the service is normally done with a udev rule. At this time we do not have further guidance on how to write those udev rules. The service itself installs its .service files in the normal places and are installed by the normal systemd scriptlets. These services should never be enabled by the package as they will be enabled by udev.

Socket activation

Socket activation occurs when a service allows systemd to listen for connections to a specific socket and, when systemd receives a connection on that socket, it starts the service. To do this, the upstream source needs to have some minor coding work to let systemd listen for connections on the socket and there needs to be a .socket file in %{_lib}/systemd/system/ that tells systemd to listen to that socket and what to start when a connection is received. This is similar in function to inetd and some, but not all, services coded to work with inetd will work with socket activation.

Currently we do not have guidance on how to write socket files as this is something that needs upstream code and they can add a proper .socket file at the same time.

However, socket activation can also be used to allow parallel startup of services. If a service supports systemd socket activation as described above and we additionally start it explicitly on boot, then systemd will start it but allow things that depend on it to startup at the same time. If the dependent service makes a request to the socket activatable service before it has come up, then systemd will cause the request to wait until the socket activatable service has come up and can process the request. To achieve this effect, the service must be socket activatable as described above, the .service file for the service needs to have a Wants= line for the .socket, and the service must autostart.

Note that certain socket activated services (notably network listening ones) require FESCo approval - see Packaging:DefaultServices for details. Once you have permission, you can package the .socket file and use the systemd scriptlets that enable the service by default. You need to also check the .service file to make sure it has a Wants= entry on the .socket file as that ensures that starting the service will also inform systemd of the socket.

Timer activation

All packages with timed execution which already depend on systemd (for example because they contain systemd units) must use timer units instead of cron jobs, with no dependency or requirements on a crontab.

Packages which do not already depend or require systemd must not use timer units but instead depend and have requirement on crontabs, to avoid introducing unnecessary new dependencies on systemd directly.

DBus activation

In order to allow parallel startup of a D-Bus service and its consumers it is essential that D-Bus services can be bus activated and the D-Bus activation request is forwarded from the D-Bus system bus to systemd so that you end up with only a single instance of the service, even if a service is triggered by both boot-up and activation. If historically your D-Bus service was not bus-activated but started via a SysV init script, it should be updated to use bus activation. This may be implemented by dropping a D-Bus .service file in /usr/share/dbus-1/system-services/ and use the SystemdService= directive therein to redirect the activation to systemd.

.service
systemd and D-Bus both use the .service file

suffix but they are different things. In a systemd driven init process, the D-Bus .service file will often refer to the systemd .service file for the same

program with the SystemdService directive.

Here's an example for a D-Bus bus-activable service. The ConsoleKit bus activation file /usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service:

[D-BUS Service]
Name=org.freedesktop.ConsoleKit
Exec=/usr/sbin/console-kit-daemon --no-daemon
User=root
SystemdService=console-kit-daemon.service

And the matching systemd unit file /lib/systemd/system/console-kit-daemon.service:

[Unit]
Description=Console Manager

[Service]
Type=dbus
BusName=org.freedesktop.ConsoleKit
ExecStart=/usr/sbin/console-kit-daemon --no-daemon

As you can see SystemdService= is used in the D-Bus activation file to bind the systemd service to the D-Bus service.

Traditionally, bus activated D-Bus services could not be disabled without uninstalling them entirely. systemd allows you to disable services by making D-Bus invoke an alias systemd service name (that can be created or removed to enable/disable activation) as an intermediary for the real service.

You can easily implement disabling by directing the D-Bus service to an alias name of the real service file (in the filesystem this shows up as a symlink placed in /etc/systemd/system to the real service file). This alias is then controlled via "systemctl enable" and "systemctl disable". It is a good idea (though technically not necessary) to name this alias name after the D-Bus bus name of the service, prefixed with "dbus-". Example for Avahi, a service that the admin might need to disable: set SystemdService=dbus-org.freedesktop.Avahi.service instead of SystemdService=avahi-daemon.service in the D-Bus activation file, and then make dbus-org.freedesktop.Avahi.service an optional alias of avahi-daemon.service that can be controlled via the Alias= directive in the [Install] section of the systemd service file. This directive is then read by "systemctl enable" and "systemctl disable" to create resp. remove a symlink to make the service available resp. unavailable under this additional name. A full example for the Avahi case:

Here is the D-Bus .service file for Avahi (/usr/share/dbus-1/system-services/org.freedesktop.Avahi.service):

[D-BUS Service]
Name=org.freedesktop.Avahi
SystemdService=dbus-org.freedesktop.Avahi.service

# This service should not be bus activated if systemd isn't running,
# so that activation won't conflict with the init script startup.
Exec=/bin/false

Here is the Avahi systemd unit .service file (/lib/systemd/system/avahi-daemon.service):

[Unit]
Description=Avahi mDNS/DNS-SD Stack
Requires=avahi-daemon.socket

[Service]
Type=dbus
BusName=org.freedesktop.Avahi
ExecStart=/usr/sbin/avahi-daemon -s
ExecReload=/usr/sbin/avahi-daemon -r
NotifyAccess=main

[Install]
WantedBy=multi-user.target
Also=avahi-daemon.socket
Alias=dbus-org.freedesktop.Avahi.service

The Alias= line ensures that the existance of the /etc/systemd/system/dbus-org.freedesktop.Avahi.service symlink can be controlled by "systemctl enable" and "systemctl disable".

Note that the creation/removal of the alias symlinks should be done with "systemctl enable" and "systemctl disable" only. You should not create these symlinks manually.

In general, it is also recommended to supply native systemd units for all services that are already bus activatable, so that these services can be controlled and supervised centrally like any other service with tools such as systemctl. A similar logic like the one shown above should apply.

See the D-Bus documentation for more information about bus activation: http://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-starting-services

Automatic restarting

If you package a long-running service, please consider enabling systemd's automatic restart feature for it, to improve reliability by making sure the system automatically attempts recovering a failing daemon. Please use

[Service]
...
Restart=on-failure

or

[Service]
...
Restart=on-abnormal

in your unit's .service file for this.

The former will tell systemd to restart the daemon as soon as it fails regardless of the precise reason. It's a good choice for most long-running services. Some daemons require a way to escape constant restarting by exiting with any non-zero exit code. For those services use Restart=on-abnormal, which will still restart the daemon when it fails "abnormally", on unclean signal, core dump, timeout or watchdog exits, but not on unclean exit codes. It is recommended to to enable automatic restarts for all long-running services, but which setting is the right one, and whether it is useful at all depends on the specific service. Please consult the systemd.service(5) man page for more information on the various settings.

Private devices and networking

If you package a long-running system service, please consider enabling systemd's PrivateDevices= and PrivateNetwork= settings for it, in order to improve security and minimize the attack surface.

When PrivateDevices=yes is set in the [Service] section of a systemd service unit file, the processes run for the service will run in a private file system namespace where /dev is replaced by a minimal version that only includes the device nodes /dev/null, /dev/zero, /dev/full, /dev/urandom, /dev/random, /dev/tty as well as the submounts /dev/shm, /dev/pts, /dev/mqueue, /dev/hugepages, and the /dev/stdout, /dev/stderr, /dev/stdin symlinks. No device nodes for physical devices will be included, however. Furthermore, the CAP_MKNOD capability is removed. Finally, the "devices" cgroup controller is used to ensure that no access to device nodes except the listed ones is possible. This is an efficient way to take away physical device access for services, thus minimizing the attack surface.

When PrivateNetwork=yes is set in the [Service] section of a systemd service unit file, the processes run for the service will run in a private network namespace whith a private loopback network interface, and no other network devices. Network communication between host and service can not be initiated. This is an efficient way to take away network access for services, thus minimizing the attack surface.

By default both switches default to "no".

Note that PrivateDevices=yes should not be used for:

  • Services that actually require physical device access
  • Services which may be used to execute arbitrary user or administrator supplied programs (such as cron, ...). We shouldn't limit what people can do with these services.
  • This option creates a new file system namespace where mount/umount propagation is turned off back into the host. This means that mounts made by the service will stay private to the service. Thus this option should not be used by services which shall be able to establish mounts in the host.

Note that PrivateNetwork=yes should not be used for:

  • Services that actually require network access (with the exception of daemons only needing socket activation)
  • Services which may be used to execute arbitrary user or administrator supplied programs. (see above)
  • Services which might need to resolve non-system user and group names. Since on some setups resolving non-system users might require network access to an LDAP or NIS server, enabling this option on might break resolving of these user names. Note however that system users/groups are always resolvable even without network access. Hence it is safe to enable this option for daemons which just need to resolve their own system user or group name.
  • This also disconnects the AF_UNIX abstract namespace from the host (In case you wonder what this refers to: sockets listed in /proc/net/unix that start with an @ are in the abstract namespace, those which start in / are in the file system namespace). This means that services which listen or connect to AF_UNIX sockets in the abstract namespaces might break. AF_UNIX sockets in the file system continue to work correctly even with PrivateNetwork?=yes. We strongly recommend anyway to stop using abstract namespace AF_UNIX sockets, as they bring very little benefit these days. If your package uses them please consider moving them into the file system into a subdirectory in /run (system services) or $XDG_RUNTIME_DIR (user services).
  • This also disconnects the AF_NETLINK and AF_AUDIT socket families from the host. For services requiring auditing, that need to subscribe to network configuration changes, or want to subscribe to hardware devices coming and going (udev) PrivateNetwork?=yes cannot be used hence.

For further details see the systemd.exec(5) man page.

Packaging

Filesystem locations

Packages with systemd unit files must put them into %{_unitdir}. %{_unitdir} evaluates to /lib/systemd/system on all Fedora systems (F-15+). Unit files are architecture independent (hence, not %{_lib}) and needed early in the boot process.

Please note that in order for the %{_unitdir} macro to exist, your package must have:

BuildRequires: systemd

%files section

Systemd unit .service files must not be marked as %config files.

Unit files in spec file scriptlets

Information on proper handling of unit files in spec file scriptlets can be found here: Packaging:Scriptlets#Systemd

Tmpfiles.d

tmpfiles.d is a service provided systemd in Fedora 15 and later for managing temporary files and directories for daemons. For more information on how to use Tmpfiles.d in Fedora Packages, please see: Packaging:Tmpfiles.d

Why don't we....

  • Start the service after installation?

Installations can be in changeroots, in an installer context, or in other situations where you don't want the services autostarted.