| 1 |
On Tue, Dec 25, 2012 at 7:56 AM, Joshua Murphy <poisonbl@×××××.com> wrote: |
| 2 |
> On Tue, Dec 25, 2012 at 3:01 AM, Canek Peláez Valdés <caneko@×××××.com> wrote: |
| 3 |
>> [ snip ] |
| 4 |
>> * Really simple service unit files: The service unit files are really |
| 5 |
>> small, really simple, really easy to understand/modify. Compare the 9 |
| 6 |
>> lines of sshd.service: |
| 7 |
>> |
| 8 |
>> $ cat /etc/systemd/system/sshd.service |
| 9 |
>> [Unit] |
| 10 |
>> Description=SSH Secure Shell Service |
| 11 |
>> After=syslog.target |
| 12 |
>> |
| 13 |
>> [Service] |
| 14 |
>> ExecStart=/usr/sbin/sshd -D |
| 15 |
>> |
| 16 |
>> [Install] |
| 17 |
>> WantedBy=multi-user.target |
| 18 |
>> |
| 19 |
>> with the 84 of /etc/init.d/sshd (80 without comments). |
| 20 |
>> |
| 21 |
> [snip] |
| 22 |
>> |
| 23 |
>> Hope it helps. |
| 24 |
>> |
| 25 |
>> Regards. |
| 26 |
>> -- |
| 27 |
>> Canek Peláez Valdés |
| 28 |
>> Posgrado en Ciencia e Ingeniería de la Computación |
| 29 |
>> Universidad Nacional Autónoma de México |
| 30 |
>> |
| 31 |
> |
| 32 |
> I've not yet made the leap, as the benefit of faster boot really |
| 33 |
> doesn't affect me between systems that're always on and laptops that |
| 34 |
> typically spend 75% of their time asleep, rather than ever getting |
| 35 |
> turned off, so I'm in no position to speak for or against the whole of |
| 36 |
> systemd's changes... but one issue I've had with the claimed benefits |
| 37 |
> is the reduction in size compared to startup scripts like |
| 38 |
> /etc/init.d/sshd ... based on that service declaration above, it's a |
| 39 |
> horribly unfair comparison. /etc/init.d/sshd is doing a lot more than |
| 40 |
> simply starting/stopping the service and dropping all of that |
| 41 |
> functionality, then claiming "these few lines serve the same purpose" |
| 42 |
> isn't an equal comparison. It would still be a (notable, at that) drop |
| 43 |
> in size if the shell script was redone to provide exactly the same set |
| 44 |
> of features, then compared, but that size difference wouldn't have the |
| 45 |
> same shock value as the comparison against 80+ lines. The argument |
| 46 |
> that those functions should be handled by the service rather than the |
| 47 |
> service handler is for another day, 'course. |
| 48 |
|
| 49 |
No, I think that's the interesting argument. Like you say |
| 50 |
"/etc/init.d/sshd is doing a lot more than simply starting/stopping |
| 51 |
the service"; why it should do that? That's the work of the package |
| 52 |
manager and/or the administrator. An init system should only |
| 53 |
start/stop/monitor the services; it should not be checking if the keys |
| 54 |
are generated or not, or if the config file is there or not. That |
| 55 |
should happen at install time, and if for some reason they got borked |
| 56 |
between the last reboot and this one, the system is probably fucked up |
| 57 |
anyway, and putting checks in the *init script* will not help at all. |
| 58 |
|
| 59 |
But *even* if you really want to have those checks, you can do it in |
| 60 |
systemd in a cleaner way: put the checks in an executable script, and |
| 61 |
call the script with ExecStartPre: |
| 62 |
|
| 63 |
[Unit] |
| 64 |
Description=SSH Secure Shell Service |
| 65 |
After=syslog.target |
| 66 |
|
| 67 |
[Service] |
| 68 |
ExecStartPre=/usr/local/bin/checksshd |
| 69 |
ExecStart=/usr/sbin/sshd -D |
| 70 |
|
| 71 |
[Install] |
| 72 |
WantedBy=multi-user.target |
| 73 |
|
| 74 |
There; the unit file is now 10 lines, it *still* doesn't use a |
| 75 |
Turing-complete language, you got your checks (which I believe they |
| 76 |
don't belong there, but whatever), and it will timeout if the |
| 77 |
checksshd goes into an infinite loop (30 seconds is the default |
| 78 |
timeout, I believe). |
| 79 |
|
| 80 |
That's how yo properly do more than start/stop/monitor services; the |
| 81 |
init system doesn't need to know about it, you clearly move the init |
| 82 |
system responsibility (start/stop/monitor services) from the service |
| 83 |
requirements (checking that the config files are there, or that you |
| 84 |
need to generate keys, which I repeat, I think they belong at install |
| 85 |
time), and it keeps the unit files nice and simple. |
| 86 |
|
| 87 |
Regards. |
| 88 |
-- |
| 89 |
Canek Peláez Valdés |
| 90 |
Posgrado en Ciencia e Ingeniería de la Computación |
| 91 |
Universidad Nacional Autónoma de México |
Archives