]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/daemon.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core: more exact test on the procfs special string "(deleted)"
[thirdparty/systemd.git] / man / daemon.xml
CommitLineData
64aba792
LP		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
5<!--
6 This file is part of systemd.
7
8 Copyright 2010 Lennart Poettering
9
10 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
64aba792
LP		 13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 18 Lesser General Public License for more details.
64aba792 19
5430f7f2 20 You should have received a copy of the GNU Lesser General Public License
64aba792
LP		 21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22-->
23
62adf224 24<refentry id="daemon">
64aba792
LP		 25
26 <refentryinfo>
27 <title>daemon</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>daemon</refentrytitle>
42 <manvolnum>7</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>daemon</refname>
34511ca7 47 <refpurpose>Writing and packaging system daemons</refpurpose>
64aba792
LP		 48 </refnamediv>
49
50 <refsect1>
51 <title>Description</title>
52
53 <para>A daemon is a service process that runs in the
54 background and supervises the system or provides
55 functionality to other processes. Traditionally,
56 daemons are implemented following a scheme originating
57 in SysV Unix. Modern daemons should follow a simpler
62adf224
LP		 58 yet more powerful scheme (here called "new-style"
59 daemons), as implemented by
99ffae46
LP		 60 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>. This
61 manual page covers both schemes, and in
62 particular includes recommendations for daemons that
63 shall be included in the systemd init system.</para>
64aba792
LP		 64
65 <refsect2>
66 <title>SysV Daemons</title>
67
68 <para>When a traditional SysV daemon
69 starts, it should execute the following steps
70 as part of the initialization. Note that these
62adf224 71 steps are unnecessary for new-style daemons (see below),
436c44a5 72 and should only be implemented if compatibility
64aba792
LP		 73 with SysV is essential.</para>
74
75 <orderedlist>
76 <listitem><para>Close all open file
6db27428
ZJS		 77 descriptors except stdin, stdout,
78 stderr (i.e. the first three file
64aba792
LP		 79 descriptors 0, 1, 2). This ensures
80 that no accidentally passed file
81 descriptor stays around in the daemon
409dee2e 82 process. On Linux, this is best
64aba792
LP		 83 implemented by iterating through
84 <filename>/proc/self/fd</filename>,
85 with a fallback of iterating from file
86 descriptor 3 to the value returned by
62adf224 87 <function>getrlimit()</function> for
64aba792
LP		 88 RLIMIT_NOFILE.</para></listitem>
89
90 <listitem><para>Reset all signal
91 handlers to their default. This is
92 best done by iterating through the
93 available signals up to the limit of
94 _NSIG and resetting them to
05cc7267 95 <constant>SIG_DFL</constant>.</para></listitem>
64aba792
LP		 96
97 <listitem><para>Reset the signal mask
62adf224
LP		 98 using
99 <function>sigprocmask()</function>.</para></listitem>
64aba792 100
62adf224
LP		 101 <listitem><para>Sanitize the
102 environment block, removing or
103 resetting environment variables that
104 might negatively impact daemon
105 runtime.</para></listitem>
106
107 <listitem><para>Call <function>fork()</function>,
64aba792
LP		 108 to create a background
109 process.</para></listitem>
110
111 <listitem><para>In the child, call
62adf224
LP		 112 <function>setsid()</function> to
113 detach from any terminal and create an
114 independent session.</para></listitem>
64aba792
LP		 115
116 <listitem><para>In the child, call
62adf224 117 <function>fork()</function> again, to
409dee2e 118 ensure that the daemon can never re-acquire
62adf224 119 a terminal again.</para></listitem>
64aba792 120
62adf224 121 <listitem><para>Call <function>exit()</function> in the
64aba792
LP		 122 first child, so that only the second
123 child (the actual daemon process)
124 stays around. This ensures that the
2ab38e24 125 daemon process is re-parented to
64aba792
LP		 126 init/PID 1, as all daemons should
127 be.</para></listitem>
128
129 <listitem><para>In the daemon process,
130 connect <filename>/dev/null</filename>
6db27428
ZJS		 131 to standard input, output, and error.
132 </para></listitem>
64aba792
LP		 133
134 <listitem><para>In the daemon process,
135 reset the umask to 0, so that the file
62adf224 136 modes passed to <function>open()</function>, <function>mkdir()</function> and
64aba792
LP		 137 suchlike directly control the access
138 mode of the created files and
139 directories.</para></listitem>
140
141 <listitem><para>In the daemon process,
142 change the current directory to the
143 root directory (/), in order to avoid
144 that the daemon involuntarily
145 blocks mount points from being
146 unmounted.</para></listitem>
147
62adf224
LP		 148 <listitem><para>In the daemon process,
149 write the daemon PID (as returned by
150 <function>getpid()</function>) to a
151 PID file, for example
152 <filename>/var/run/foobar.pid</filename>
409dee2e 153 (for a hypothetical daemon "foobar")
62adf224
LP		 154 to ensure that the daemon cannot be
155 started more than once. This must be
156 implemented in race-free fashion so
157 that the PID file is only updated when
409dee2e 158 it is verified at the same time that
62adf224
LP		 159 the PID previously stored in the PID
160 file no longer exists or belongs to a
409dee2e 161 foreign process. Commonly, some kind of
62adf224
LP		 162 file locking is employed to implement
163 this logic.</para></listitem>
164
64aba792
LP		 165 <listitem><para>In the daemon process,
166 drop privileges, if possible and
167 applicable.</para></listitem>
168
169 <listitem><para>From the daemon
409dee2e 170 process, notify the original process
64aba792
LP		 171 started that initialization is
172 complete. This can be implemented via
173 an unnamed pipe or similar
174 communication channel that is created
62adf224
LP		 175 before the first
176 <function>fork()</function> and hence
177 available in both the original and the
178 daemon process.</para></listitem>
64aba792 179
62adf224
LP		 180 <listitem><para>Call
181 <function>exit()</function> in the
64aba792
LP		 182 original process. The process that
183 invoked the daemon must be able to
c5315881 184 rely on that this
62adf224
LP		 185 <function>exit()</function> happens
186 after initialization is complete and
187 all external communication channels
c5315881 188 are established and
64aba792
LP		 189 accessible.</para></listitem>
190 </orderedlist>
191
62adf224
LP		 192 <para>The BSD <function>daemon()</function> function should not be
193 used, as it implements only a subset of these steps.</para>
64aba792
LP		 194
195 <para>A daemon that needs to provide
196 compatibility with SysV systems should
197 implement the scheme pointed out
198 above. However, it is recommended to make this
c5315881 199 behavior optional and configurable via a
409dee2e 200 command line argument to ease debugging as
64aba792
LP		 201 well as to simplify integration into systems
202 using systemd.</para>
203 </refsect2>
204
205 <refsect2>
206 <title>New-Style Daemons</title>
207
208 <para>Modern services for Linux should be
209 implemented as new-style daemons. This makes it
210 easier to supervise and control them at
211 runtime and simplifies their
212 implementation.</para>
213
409dee2e 214 <para>For developing a new-style daemon, none
64aba792
LP		 215 of the initialization steps recommended for
216 SysV daemons need to be implemented. New-style
217 init systems such as systemd make all of them
218 redundant. Moreover, since some of these steps
219 interfere with process monitoring, file
220 descriptor passing and other functionality of
409dee2e 221 the init system, it is recommended not to
64aba792
LP		 222 execute them when run as new-style
223 service.</para>
224
62adf224 225 <para>Note that new-style init systems
6db27428
ZJS		 226 guarantee execution of daemon processes in a
227 clean process context: it is guaranteed that
62adf224
LP		 228 the environment block is sanitized, that the
229 signal handlers and mask is reset and that no
230 left-over file descriptors are passed. Daemons
6db27428
ZJS		 231 will be executed in their own session, with
232 standard input/output/error connected to
62adf224 233 <filename>/dev/null</filename> unless
6db27428
ZJS		 234 otherwise configured. The umask is reset.
235 </para>
62adf224 236
64aba792
LP		 237 <para>It is recommended for new-style daemons
238 to implement the following:</para>
239
240 <orderedlist>
05cc7267 241 <listitem><para>If <constant>SIGTERM</constant> is
64aba792
LP		 242 received, shut down the daemon and
243 exit cleanly.</para></listitem>
244
05cc7267 245 <listitem><para>If <constant>SIGHUP</constant> is received,
64aba792
LP		 246 reload the configuration files, if
247 this applies.</para></listitem>
248
249 <listitem><para>Provide a correct exit
250 code from the main daemon process, as
251 this is used by the init system to
252 detect service errors and problems. It
253 is recommended to follow the exit code
62adf224
LP		 254 scheme as defined in the <ulink
255 url="http://refspecs.freestandards.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
256 recommendations for SysV init
257 scripts</ulink>.</para></listitem>
64aba792 258
64aba792 259 <listitem><para>If possible and
409dee2e 260 applicable, expose the daemon's control
64aba792
LP		 261 interface via the D-Bus IPC system and
262 grab a bus name as last step of
263 initialization.</para></listitem>
264
99ffae46
LP		 265 <listitem><para>For integration in
266 systemd, provide a
267 <filename>.service</filename> unit
268 file that carries information about
269 starting, stopping and otherwise
270 maintaining the daemon. See
271 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
272 for details.</para></listitem>
273
274 <listitem><para>As much as possible,
c5315881 275 rely on the init system's
99ffae46
LP		 276 functionality to limit the access of
277 the daemon to files, services and
409dee2e 278 other resources, i.e. in the case of
99ffae46
LP		 279 systemd, rely on systemd's resource
280 limit control instead of implementing
281 your own, rely on systemd's privilege
282 dropping code instead of implementing
283 it in the daemon, and similar. See
284 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
285 for the available
286 controls.</para></listitem>
287
64aba792 288 <listitem><para>If D-Bus is used, make
409dee2e 289 your daemon bus-activatable by
64aba792
LP		 290 supplying a D-Bus service activation
291 configuration file. This has multiple
292 advantages: your daemon may be started
293 lazily on-demand; it may be started in
294 parallel to other daemons requiring it
295 -- which maximizes parallelization and
296 boot-up speed; your daemon can be
409dee2e 297 restarted on failure without losing
64aba792 298 any bus requests, as the bus queues
62adf224
LP		 299 requests for activatable services. See
300 below for details.</para></listitem>
64aba792
LP		 301
302 <listitem><para>If your daemon
303 provides services to other local
304 processes or remote clients via a
305 socket, it should be made
306 socket-activatable following the
307 scheme pointed out below. Like D-Bus
409dee2e 308 activation, this enables on-demand
64aba792 309 starting of services as well as it
436c44a5 310 allows improved parallelization of
64aba792 311 service start-up. Also, for state-less
409dee2e 312 protocols (such as syslog, DNS), a
64aba792
LP		 313 daemon implementing socket-based
314 activation can be restarted without
62adf224
LP		 315 losing a single request. See below for
316 details.</para></listitem>
64aba792 317
409dee2e 318 <listitem><para>If applicable, a daemon
64aba792 319 should notify the init system about
62adf224
LP		 320 startup completion or status updates
321 via the
322 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
64aba792
LP		 323 interface.</para></listitem>
324
325 <listitem><para>Instead of using the
62adf224 326 <function>syslog()</function> call to log directly to the
346bce1f 327 system syslog service, a new-style daemon may
6db27428 328 choose to simply log to standard error via
62adf224 329 <function>fprintf()</function>, which is then forwarded to
64aba792 330 syslog by the init system. If log
409dee2e 331 priorities are necessary, these can be
64aba792
LP		 332 encoded by prefixing individual log
333 lines with strings like "&lt;4&gt;"
334 (for log priority 4 "WARNING" in the
335 syslog priority scheme), following a
336 similar style as the Linux kernel's
62adf224
LP		 337 <function>printk()</function> priority system. In fact,
338 using this style of logging also
339 enables the init system to optionally
340 direct all application logging to the
341 kernel log buffer (kmsg), as
342 accessible via
343 <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. This
344 kind of logging may be enabled by
345 setting
346 <varname>StandardError=syslog</varname>
409dee2e 347 in the service unit file. For details,
62adf224 348 see
cb07866b 349 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
62adf224
LP		 350 and
351 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
64aba792
LP		 352
353 </orderedlist>
62adf224
LP		 354
355 <para>These recommendations are similar but
356 not identical to the <ulink
357 url="http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/LaunchOnDemandDaemons.html#//apple_ref/doc/uid/TP40001762-104738">Apple
358 MacOS X Daemon Requirements</ulink>.</para>
64aba792
LP		 359 </refsect2>
360
99ffae46
LP		 361 </refsect1>
362 <refsect1>
363 <title>Activation</title>
364
365 <para>New-style init systems provide multiple
366 additional mechanisms to activate services, as
367 detailed below. It is common that services are
368 configured to be activated via more than one mechanism
369 at the same time. An example for systemd:
370 <filename>bluetoothd.service</filename> might get
371 activated either when Bluetooth hardware is plugged
372 in, or when an application accesses its programming
373 interfaces via D-Bus. Or, a print server daemon might
374 get activated when traffic arrives at an IPP port, or
375 when a printer is plugged in, or when a file is queued
376 in the printer spool directory. Even for services that
377 are intended to be started on system bootup
409dee2e 378 unconditionally, it is a good idea to implement some of
99ffae46 379 the various activation schemes outlined below, in
409dee2e 380 order to maximize parallelization. If a daemon
99ffae46
LP		 381 implements a D-Bus service or listening socket,
382 implementing the full bus and socket activation scheme
383 allows starting of the daemon with its clients in
384 parallel (which speeds up boot-up), since all its
385 communication channels are established already, and no
386 request is lost because client requests will be queued
387 by the bus system (in case of D-Bus) or the kernel (in
409dee2e 388 case of sockets) until the activation is
99ffae46
LP		 389 completed.</para>
390
391 <refsect2>
392 <title>Activation on Boot</title>
393
394 <para>Old-style daemons are usually activated
395 exclusively on boot (and manually by the
396 administrator) via SysV init scripts, as
397 detailed in the <ulink
398 url="http://refspecs.freestandards.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB
399 Linux Standard Base Core
400 Specification</ulink>. This method of
8f28cbcd 401 activation is supported ubiquitously on Linux
99ffae46 402 init systems, both old-style and new-style
409dee2e 403 systems. Among other issues, SysV init scripts
99ffae46
LP		 404 have the disadvantage of involving shell
405 scripts in the boot process. New-style init
406 systems generally employ updated versions of
407 activation, both during boot-up and during
408 runtime and using more minimal service
409 description files.</para>
410
411 <para>In systemd, if the developer or
e0e009c0 412 administrator wants to make sure that a service or
409dee2e 413 other unit is activated automatically on boot,
99ffae46
LP		 414 it is recommended to place a symlink to the
415 unit file in the <filename>.wants/</filename>
416 directory of either
417 <filename>multi-user.target</filename> or
418 <filename>graphical.target</filename>, which
419 are normally used as boot targets at system
420 startup. See
421 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
422 for details about the
423 <filename>.wants/</filename> directories, and
424 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>
425 for details about the two boot targets.</para>
426
427 </refsect2>
428
64aba792 429 <refsect2>
62adf224 430 <title>Socket-Based Activation</title>
99ffae46
LP		 431
432 <para>In order to maximize the possible
433 parallelization and robustness and simplify
434 configuration and development, it is
435 recommended for all new-style daemons that
436 communicate via listening sockets to employ
437 socket-based activation. In a socket-based
409dee2e 438 activation scheme, the creation and binding of
99ffae46
LP		 439 the listening socket as primary communication
440 channel of daemons to local (and sometimes
441 remote) clients is moved out of the daemon
442 code and into the init system. Based on
409dee2e 443 per-daemon configuration, the init system
99ffae46
LP		 444 installs the sockets and then hands them off
445 to the spawned process as soon as the
446 respective daemon is to be started.
409dee2e 447 Optionally, activation of the service can be
99ffae46 448 delayed until the first inbound traffic
409dee2e 449 arrives at the socket to implement on-demand
99ffae46
LP		 450 activation of daemons. However, the primary
451 advantage of this scheme is that all providers
452 and all consumers of the sockets can be
20604ebc 453 started in parallel as soon as all sockets
409dee2e 454 are established. In addition to that, daemons
99ffae46 455 can be restarted with losing only a minimal
409dee2e 456 number of client transactions, or even any
99ffae46
LP		 457 client request at all (the latter is
458 particularly true for state-less protocols,
459 such as DNS or syslog), because the socket
460 stays bound and accessible during the restart,
461 and all requests are queued while the daemon
462 cannot process them.</para>
463
464 <para>New-style daemons which support socket
465 activation must be able to receive their
409dee2e 466 sockets from the init system instead of
99ffae46
LP		 467 creating and binding them themselves. For
468 details about the programming interfaces for
409dee2e 469 this scheme provided by systemd, see
99ffae46
LP		 470 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
471 and
cb07866b 472 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>. For
99ffae46 473 details about porting existing daemons to
409dee2e
JE		 474 socket-based activation, see below. With
475 minimal effort, it is possible to implement
99ffae46
LP		 476 socket-based activation in addition to
477 traditional internal socket creation in the
478 same codebase in order to support both
479 new-style and old-style init systems from the
480 same daemon binary.</para>
481
482 <para>systemd implements socket-based
483 activation via <filename>.socket</filename>
484 units, which are described in
485 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>. When
486 configuring socket units for socket-based
409dee2e 487 activation, it is essential that all listening
99ffae46
LP		 488 sockets are pulled in by the special target
489 unit <filename>sockets.target</filename>. It
490 is recommended to place a
491 <varname>WantedBy=sockets.target</varname>
492 directive in the <literal>[Install]</literal>
409dee2e 493 section to automatically add such a
99ffae46
LP		 494 dependency on installation of a socket
495 unit. Unless
496 <varname>DefaultDependencies=no</varname> is
409dee2e 497 set, the necessary ordering dependencies are
99ffae46
LP		 498 implicitly created for all socket units. For
499 more information about
409dee2e 500 <filename>sockets.target</filename>, see
99ffae46
LP		 501 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>. It
502 is not necessary or recommended to place any
503 additional dependencies on socket units (for
504 example from
505 <filename>multi-user.target</filename> or
506 suchlike) when one is installed in
507 <filename>sockets.target</filename>.</para>
64aba792
LP		 508 </refsect2>
509
510 <refsect2>
62adf224 511 <title>Bus-Based Activation</title>
99ffae46
LP		 512
513 <para>When the D-Bus IPC system is used for
514 communication with clients, new-style daemons
515 should employ bus activation so that they are
516 automatically activated when a client
517 application accesses their IPC
518 interfaces. This is configured in D-Bus
519 service files (not to be confused with systemd
520 service unit files!). To ensure that D-Bus
521 uses systemd to start-up and maintain the
409dee2e 522 daemon, use the
99ffae46 523 <varname>SystemdService=</varname> directive
409dee2e 524 in these service files to configure the
99ffae46 525 matching systemd service for a D-Bus
409dee2e 526 service. e.g.: For a D-Bus service whose D-Bus
99ffae46
LP		 527 activation file is named
528 <filename>org.freedesktop.RealtimeKit.service</filename>,
529 make sure to set
530 <varname>SystemdService=rtkit-daemon.service</varname>
409dee2e 531 in that file to bind it to the systemd
99ffae46
LP		 532 service
533 <filename>rtkit-daemon.service</filename>. This
534 is needed to make sure that the daemon is
535 started in a race-free fashion when activated
536 via multiple mechanisms simultaneously.</para>
537 </refsect2>
538
539 <refsect2>
540 <title>Device-Based Activation</title>
541
542 <para>Often, daemons that manage a particular
543 type of hardware should be activated only when
544 the hardware of the respective kind is plugged
545 in or otherwise becomes available. In a
409dee2e 546 new-style init system, it is possible to bind
ee5762e3
LP		 547 activation to hardware plug/unplug events. In
548 systemd, kernel devices appearing in the
549 sysfs/udev device tree can be exposed as units
550 if they are tagged with the string
909f413d 551 <literal>systemd</literal>. Like any other
409dee2e
JE		 552 kind of unit, they may then pull in other units
553 when activated (i.e. plugged in) and thus
554 implement device-based activation. systemd
99ffae46
LP		 555 dependencies may be encoded in the udev
556 database via the
557 <varname>SYSTEMD_WANTS=</varname>
558 property. See
559 <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
409dee2e 560 for details. Often, it is nicer to pull in
99ffae46 561 services from devices only indirectly via
409dee2e 562 dedicated targets. Example: Instead of pulling
99ffae46
LP		 563 in <filename>bluetoothd.service</filename>
564 from all the various bluetooth dongles and
565 other hardware available, pull in
566 bluetooth.target from them and
567 <filename>bluetoothd.service</filename> from
568 that target. This provides for nicer
569 abstraction and gives administrators the
570 option to enable
571 <filename>bluetoothd.service</filename> via
572 controlling a
573 <filename>bluetooth.target.wants/</filename>
ee5762e3
LP		 574 symlink uniformly with a command like
575 <command>enable</command> of
576 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
99ffae46
LP		 577 instead of manipulating the udev
578 ruleset.</para>
64aba792
LP		 579 </refsect2>
580
581 <refsect2>
62adf224 582 <title>Path-Based Activation</title>
99ffae46
LP		 583
584 <para>Often, runtime of daemons processing
585 spool files or directories (such as a printing
586 system) can be delayed until these file system
587 objects change state, or become
588 non-empty. New-style init systems provide a
589 way to bind service activation to file system
590 changes. systemd implements this scheme via
591 path-based activation configured in
592 <filename>.path</filename> units, as outlined
593 in
594 <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
595 </refsect2>
596
597 <refsect2>
598 <title>Timer-Based Activation</title>
599
600 <para>Some daemons that implement clean-up
601 jobs that are intended to be executed in
602 regular intervals benefit from timer-based
603 activation. In systemd, this is implemented
604 via <filename>.timer</filename> units, as
605 described in
606 <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
62adf224
LP		 607 </refsect2>
608
99ffae46
LP		 609 <refsect2>
610 <title>Other Forms of Activation</title>
611
612 <para>Other forms of activation have been
613 suggested and implemented in some
409dee2e 614 systems. However, there are often simpler or
99ffae46
LP		 615 better alternatives, or they can be put
616 together of combinations of the schemes
409dee2e 617 above. Example: Sometimes, it appears useful to
99ffae46
LP		 618 start daemons or <filename>.socket</filename>
619 units when a specific IP address is configured
620 on a network interface, because network
621 sockets shall be bound to the
622 address. However, an alternative to implement
623 this is by utilizing the Linux IP_FREEBIND
624 socket option, as accessible via
625 <varname>FreeBind=yes</varname> in systemd
626 socket files (see
627 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
628 for details). This option, when enabled,
629 allows sockets to be bound to a non-local, not
630 configured IP address, and hence allows
631 bindings to a particular IP address before it
632 actually becomes available, making such an
633 explicit dependency to the configured address
634 redundant. Another often suggested trigger for
635 service activation is low system
636 load. However, here too, a more convincing
637 approach might be to make proper use of
409dee2e 638 features of the operating system, in
99ffae46
LP		 639 particular, the CPU or IO scheduler of
640 Linux. Instead of scheduling jobs from
641 userspace based on monitoring the OS
642 scheduler, it is advisable to leave the
643 scheduling of processes to the OS scheduler
644 itself. systemd provides fine-grained access
645 to the CPU and IO schedulers. If a process
646 executed by the init system shall not
647 negatively impact the amount of CPU or IO
2dddca4a 648 bandwidth available to other processes, it
99ffae46
LP		 649 should be configured with
650 <varname>CPUSchedulingPolicy=idle</varname>
651 and/or
652 <varname>IOSchedulingClass=idle</varname>. Optionally,
653 this may be combined with timer-based
654 activation to schedule background jobs during
655 runtime and with minimal impact on the system,
656 and remove it from the boot phase
657 itself.</para>
658 </refsect2>
659
660 </refsect1>
661 <refsect1>
662 <title>Integration with Systemd</title>
663
62adf224
LP		 664 <refsect2>
665 <title>Writing Systemd Unit Files</title>
666
667 <para>When writing systemd unit files, it is
668 recommended to consider the following
669 suggestions:</para>
670
671 <orderedlist>
409dee2e 672 <listitem><para>If possible, do not use
62adf224
LP		 673 the <varname>Type=forking</varname>
674 setting in service files. But if you
675 do, make sure to set the PID file path
676 using <varname>PIDFile=</varname>. See
677 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
678 for details.</para></listitem>
679
680 <listitem><para>If your daemon
681 registers a D-Bus name on the bus,
682 make sure to use
828f33e8
LP		 683 <varname>Type=dbus</varname> in the
684 service file if
62adf224
LP		 685 possible.</para></listitem>
686
687 <listitem><para>Make sure to set a
688 good human-readable description string
689 with
690 <varname>Description=</varname>.</para></listitem>
691
692 <listitem><para>Do not disable
693 <varname>DefaultDependencies=</varname>,
694 unless you really know what you do and
695 your unit is involved in early boot or
696 late system shutdown.</para></listitem>
697
698 <listitem><para>Normally, little if
699 any dependencies should need to
700 be defined explicitly. However, if you
701 do configure explicit dependencies, only refer to
702 unit names listed on
703 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>
704 or names introduced by your own
705 package to keep the unit file
706 operating
707 system-independent.</para></listitem>
708
709 <listitem><para>Make sure to include
828f33e8
LP		 710 an <literal>[Install]</literal>
711 section including installation
712 information for the unit file. See
62adf224
LP		 713 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
714 for details. To activate your service
409dee2e 715 on boot, make sure to add a
62adf224
LP		 716 <varname>WantedBy=multi-user.target</varname>
717 or
828f33e8
LP		 718 <varname>WantedBy=graphical.target</varname>
719 directive. To activate your socket on
720 boot, make sure to add
409dee2e 721 <varname>WantedBy=sockets.target</varname>. Usually,
828f33e8 722 you also want to make sure that when
409dee2e 723 your service is installed, your socket
828f33e8
LP		 724 is installed too, hence add
725 <varname>Also=foo.socket</varname> in
726 your service file
727 <filename>foo.service</filename>, for
728 a hypothetical program
729 <filename>foo</filename>.</para></listitem>
62adf224
LP		 730
731 </orderedlist>
64aba792
LP		 732 </refsect2>
733
734 <refsect2>
99ffae46 735 <title>Installing Systemd Service Files</title>
62adf224
LP		 736
737 <para>At the build installation time
738 (e.g. <command>make install</command> during
409dee2e 739 package build), packages are recommended to
62adf224
LP		 740 install their systemd unit files in the
741 directory returned by <command>pkg-config
742 systemd
ee5762e3 743 --variable=systemdsystemunitdir</command> (for
16dad32e 744 system services) or <command>pkg-config
ee5762e3 745 systemd
af2d49f7
LP		 746 --variable=systemduserunitdir</command>
747 (for user services). This will make the
62adf224
LP		 748 services available in the system on explicit
749 request but not activate them automatically
750 during boot. Optionally, during package
751 installation (e.g. <command>rpm -i</command>
409dee2e 752 by the administrator), symlinks should be
62adf224 753 created in the systemd configuration
ee5762e3
LP		 754 directories via the <command>enable</command>
755 command of the
756 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
409dee2e 757 tool to activate them automatically on
62adf224
LP		 758 boot.</para>
759
760 <para>Packages using
761 <citerefentry><refentrytitle>autoconf</refentrytitle><manvolnum>1</manvolnum></citerefentry>
762 are recommended to use a configure script
763 excerpt like the following to determine the
764 unit installation path during source
765 configuration:</para>
766
767 <programlisting>PKG_PROG_PKG_CONFIG
768AC_ARG_WITH([systemdsystemunitdir],
5486855f
MG		 769 AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),,
770 [with_systemdsystemunitdir=auto])
771AS_IF([test "x$with_systemdsystemunitdir" = "xyes" -o "x$with_systemdsystemunitdir" = "xauto"], [
772 def_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)
773
774 AS_IF([test "x$def_systemdsystemunitdir" = "x"],
775 [AS_IF([test "x$with_systemdsystemunitdir" = "xyes"],
776 [AC_MSG_ERROR([systemd support requested but pkg-config unable to query systemd package])])
777 with_systemdsystemunitdir=no],
778 [with_systemdsystemunitdir=$def_systemdsystemunitdir])])
779AS_IF([test "x$with_systemdsystemunitdir" != "xno"],
780 [AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])])
9fccdb0f 781AM_CONDITIONAL(HAVE_SYSTEMD, [test "x$with_systemdsystemunitdir" != "xno"])</programlisting>
62adf224
LP		 782
783 <para>This snippet allows automatic
784 installation of the unit files on systemd
785 machines, and optionally allows their
786 installation even on machines lacking
787 systemd. (Modification of this snippet for the
9f7dad77 788 user unit directory is left as an exercise for the
62adf224
LP		 789 reader.)</para>
790
791 <para>Additionally, to ensure that
792 <command>make distcheck</command> continues to
793 work, it is recommended to add the following
794 to the top-level <filename>Makefile.am</filename>
795 file in
796 <citerefentry><refentrytitle>automake</refentrytitle><manvolnum>1</manvolnum></citerefentry>-based
797 projects:</para>
798
799 <programlisting>DISTCHECK_CONFIGURE_FLAGS = \
800 --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)</programlisting>
801
802 <para>Finally, unit files should be installed in the system with an automake excerpt like the following:</para>
803
804 <programlisting>if HAVE_SYSTEMD
805systemdsystemunit_DATA = \
806 foobar.socket \
807 foobar.service
808endif</programlisting>
809
810 <para>In the
811 <citerefentry><refentrytitle>rpm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
409dee2e 812 <filename>.spec</filename> file, use snippets
8a422bb2
LP		 813 like the following to enable/disable the
814 service during
815 installation/deinstallation. This makes use of
816 the RPM macros shipped along systemd. Consult
62adf224
LP		 817 the packaging guidelines of your distribution
818 for details and the equivalent for other
8a422bb2
LP		 819 package managers.</para>
820
821 <para>At the top of the file:</para>
822
823 <programlisting>BuildRequires: systemd
824%{?systemd_requires}</programlisting>
825
826 <para>And as scriptlets, further down:</para>
62adf224
LP		 827
828 <programlisting>%post
8a422bb2 829%systemd_post foobar.service foobar.socket
62adf224
LP		 830
831%preun
8a422bb2 832%systemd_preun foobar.service foobar.socket
ee5762e3
LP		 833
834%postun
8a422bb2
LP		 835%systemd_postun</programlisting>
836
837 <para>If the service shall be restarted during
409dee2e 838 upgrades, replace the
8a422bb2
LP		 839 <literal>%postun</literal> scriptlet above
840 with the following:</para>
841
842 <programlisting>%postun
843%systemd_postun_with_restart foobar.service</programlisting>
844
845 <para>Note that
846 <literal>%systemd_post</literal> and
847 <literal>%systemd_preun</literal> expect the
848 names of all units that are installed/removed
849 as arguments, separated by
850 spaces. <literal>%systemd_postun</literal>
851 expects no
852 arguments. <literal>%systemd_postun_with_restart</literal>
853 expects the units to restart as
854 arguments.</para>
828f33e8 855
6908d384
LP		 856 <para>To facilitate upgrades from a package
857 version that shipped only SysV init scripts to
858 a package version that ships both a SysV init
859 script and a native systemd service file, use
860 a fragment like the following:</para>
861
67ff6134 862 <programlisting>%triggerun -- foobar &lt; 0.47.11-1
63415a2d 863if /sbin/chkconfig --level 5 foobar ; then
d12d0e64 864 /bin/systemctl --no-reload enable foobar.service foobar.socket >/dev/null 2>&amp;1 || :
6908d384
LP		 865fi</programlisting>
866
867 <para>Where 0.47.11-1 is the first package
868 version that includes the native unit
869 file. This fragment will ensure that the first
409dee2e 870 time the unit file is installed, it will be
6908d384 871 enabled if and only if the SysV init script is
0a9962a1 872 enabled, thus making sure that the enable
6908d384
LP		 873 status is not changed. Note that
874 <command>chkconfig</command> is a command
485ccf9a 875 specific to Fedora which can be used to check
6908d384
LP		 876 whether a SysV init script is enabled. Other
877 operating systems will have to use different
878 commands here.</para>
62adf224 879 </refsect2>
64aba792
LP		 880 </refsect1>
881
99ffae46
LP		 882 <refsect1>
883 <title>Porting Existing Daemons</title>
884
885 <para>Since new-style init systems such as systemd are
409dee2e 886 compatible with traditional SysV init systems, it is
99ffae46 887 not strictly necessary to port existing daemons to the
409dee2e 888 new style. However, doing so offers additional
ad678a06 889 functionality to the daemons as well as simplifying
99ffae46
LP		 890 integration into new-style init systems.</para>
891
409dee2e 892 <para>To port an existing SysV compatible daemon, the
99ffae46
LP		 893 following steps are recommended:</para>
894
895 <orderedlist>
896 <listitem><para>If not already implemented,
897 add an optional command line switch to the
898 daemon to disable daemonization. This is
899 useful not only for using the daemon in
900 new-style init systems, but also to ease
901 debugging.</para></listitem>
902
903 <listitem><para>If the daemon offers
904 interfaces to other software running on the
74d00578 905 local system via local <constant>AF_UNIX</constant> sockets,
99ffae46 906 consider implementing socket-based activation
409dee2e 907 (see above). Usually, a minimal patch is
99ffae46
LP		 908 sufficient to implement this: Extend the
909 socket creation in the daemon code so that
910 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
911 is checked for already passed sockets
912 first. If sockets are passed (i.e. when
913 <function>sd_listen_fds()</function> returns a
914 positive value), skip the socket creation step
915 and use the passed sockets. Secondly, ensure
12f25b6e 916 that the file system socket nodes for local
74d00578 917 <constant>AF_UNIX</constant> sockets used in the socket-based
99ffae46
LP		 918 activation are not removed when the daemon
919 shuts down, if sockets have been
920 passed. Third, if the daemon normally closes
921 all remaining open file descriptors as part of
922 its initialization, the sockets passed from
923 the init system must be spared. Since
924 new-style init systems guarantee that no
925 left-over file descriptors are passed to
926 executed processes, it might be a good choice
927 to simply skip the closing of all remaining
ad678a06 928 open file descriptors if sockets are
99ffae46
LP		 929 passed.</para></listitem>
930
931 <listitem><para>Write and install a systemd
932 unit file for the service (and the sockets if
933 socket-based activation is used, as well as a
934 path unit file, if the daemon processes a
935 spool directory), see above for
936 details.</para></listitem>
937
938 <listitem><para>If the daemon exposes
939 interfaces via D-Bus, write and install a
940 D-Bus activation file for the service, see
941 above for details.</para></listitem>
942 </orderedlist>
943 </refsect1>
64aba792
LP		 944
945 <refsect1>
160cd5c9
LP		 946 <title>See Also</title>
947 <para>
948 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
cb07866b 949 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
62adf224
LP		 950 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
951 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
99ffae46
LP		 952 <citerefentry><refentrytitle>daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
953 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
160cd5c9 954 </para>
64aba792
LP		 955 </refsect1>
956
957</refentry>
Unnamed repository; edit this file 'description' to name the repository.