Linux系統提供各種系統服務(如進程管理、登錄、syslog、cron等)和網絡服務。
Linux支持不同的方法來管理服務(啟動、停止、重啟、在系統啟動時的自動啟動等),通常通過流程或服務管理器。
大多數現代Linux發行版現在使用相同的進程管理器:systemd。
systemctl命令是管理systemd的主要工具
Systemd是Linux的系統和服務管理器;
init進程的替代品,與SysV和LSB init腳本兼容。
systemctl將顯示所有已加載的systemd單元
(有關systemd單元的更多信息,請閱讀systemd文檔)的列表,包括服務,並顯示它們的狀態(是否處於活動狀態)
systemct
要列出系統上所有已加載的服務(無論是活動的,運行的,退出的還是失敗的,請使用 list-units子命令和--type開關,其值為service。
//鍵入systemctl -- ##補充tab鍵就會出現下面的參數列表
[root@etcd2 conf]# systemctl -- --after --full --no-block --quiet --system --all --global --no-legend --recursive --type --before --help --no-pager --reverse --version --defaults --host --no-reload --root --fail --ignore-dependencies --no-wall --runtime --failed --kill-who --privileged --signal --force --no-ask-password --property --state [root@etcd2 conf]# systemctl -- --after --full --no-block --quiet --system --all --global --no-legend --recursive --type --before --help --no-pager --reverse --version --defaults --host --no-reload --root --fail --ignore-dependencies --no-wall --runtime --failed --kill-who --privileged --signal --force --no-ask-password --property --state
//tab鍵補全就會顯示下面的命令列表
[root@etcd2 conf]# systemctl list-
list-dependencies list-jobs list-sockets list-timers list-unit-files list-units
[root@etcd2 conf]# systemctl --version
systemd 219
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
[root@ht8 ~]# systemctl list-units --type=service UNIT LOAD ACTIVE SUB DESCRIPTION abrt-ccpp.service loaded active exited Install ABRT coredump hook abrt-oops.service loaded active running ABRT kernel log watcher abrtd.service loaded active running ABRT Automated Bug Reporting Tool atd.service loaded active running Job spooling tools auditd.service loaded active running Security Auditing Service calico-node.service loaded active running calico node ● cloud-set-guest-password.service loaded failed failed SYSV: Password Download Client crond.service loaded active running Command Scheduler dbus.service loaded active running D-Bus System Message Bus docker.service loaded active running Docker Application Container Engine getty@tty1.service loaded active running Getty on tty1 gssproxy.service loaded active running GSSAPI Proxy Daemon irqbalance.service loaded active running irqbalance daemon kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel kube-proxy.service loaded active running Kubernetes Kube-Proxy Server kubelet.service loaded active running Kubernetes Kubelet Server libstoragemgmt.service loaded active running libstoragemgmt plug-in server daemon lvm2-lvmetad.service loaded active running LVM2 metadata daemon lvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress p lvm2-pvscan@8:0.service loaded active exited LVM2 PV scan on device 8:0 lvm2-pvscan@8:18.service loaded active exited LVM2 PV scan on device 8:18 network.service loaded active exited LSB: Bring up/down networking NetworkManager-wait-online.service loaded active exited Network Manager Wait Online NetworkManager.service loaded active running Network Manager 或者 [root@ht8 ~]# systemctl --type=service UNIT LOAD ACTIVE SUB DESCRIPTION abrt-ccpp.service loaded active exited Install ABRT coredump hook abrt-oops.service loaded active running ABRT kernel log watcher abrtd.service loaded active running ABRT Automated Bug Reporting Tool atd.service loaded active running Job spooling tools auditd.service loaded active running Security Auditing Service calico-node.service loaded active running calico node ● cloud-set-guest-password.service loaded failed failed SYSV: Password Download Client crond.service loaded active running Command Scheduler dbus.service loaded active running D-Bus System Message Bus docker.service loaded active running Docker Application Container Engine getty@tty1.service loaded active running Getty on tty1 gssproxy.service loaded active running GSSAPI Proxy Daemon irqbalance.service loaded active running irqbalance daemon kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel kube-proxy.service loaded active running Kubernetes Kube-Proxy Server kubelet.service loaded active running Kubernetes Kubelet Server libstoragemgmt.service loaded active running libstoragemgmt plug-in server daemon lvm2-lvmetad.service loaded active running LVM2 metadata daemon lvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress p lvm2-pvscan@8:0.service loaded active exited LVM2 PV scan on device 8:0 lvm2-pvscan@8:18.service loaded active exited LVM2 PV scan on device 8:18 network.service loaded active exited LSB: Bring up/down networking NetworkManager-wait-online.service loaded active exited Network Manager Wait Online NetworkManager.service loaded active running Network Manager lines 1-25
要列出所有已加載但處於活動狀態的服務,包括正在運行的服務和已退出的服務,可以添加--state選項,其值為active,如下所示。
[root@ht8 ~]# systemctl list-units --type=service --state=active UNIT LOAD ACTIVE SUB DESCRIPTION abrt-ccpp.service loaded active exited Install ABRT coredump hook abrt-oops.service loaded active running ABRT kernel log watcher abrtd.service loaded active running ABRT Automated Bug Reporting Tool atd.service loaded active running Job spooling tools auditd.service loaded active running Security Auditing Service calico-node.service loaded active running calico node crond.service loaded active running Command Scheduler dbus.service loaded active running D-Bus System Message Bus docker.service loaded active running Docker Application Container Engine getty@tty1.service loaded active running Getty on tty1 gssproxy.service loaded active running GSSAPI Proxy Daemon irqbalance.service loaded active running irqbalance daemon kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel kube-proxy.service loaded active running Kubernetes Kube-Proxy Server kubelet.service loaded active running Kubernetes Kubelet Server libstoragemgmt.service loaded active running libstoragemgmt plug-in server daemon lvm2-lvmetad.service loaded active running LVM2 metadata daemon lvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress pol lvm2-pvscan@8:0.service loaded active exited LVM2 PV scan on device 8:0 lvm2-pvscan@8:18.service loaded active exited LVM2 PV scan on device 8:18 network.service loaded active exited LSB: Bring up/down networking NetworkManager-wait-online.service loaded active exited Network Manager Wait Online NetworkManager.service loaded active running Network Manager nginx-proxy.service loaded active running kubernetes apiserver docker wrapper lines 1-25
如果要快速瀏覽所有正在運行的服務(即所有已加載和正在運行的服務),請運行以下命令。
systemctl命令 說明 systemctl 列出所有的系統服務 [root@etcd2 system]# systemctl UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats File System Automoun sys-devices-pci0000:00-0000:00:07.1-ata1-host0-target0:0:0-0:0:0:0-block-sr0.device loaded active plugged VMware_Virtual_IDE_CDROM sys-devices-pci0000:00-0000:00:07.1-ata1-host0-target0:0:1-0:0:1:0-block-sda-sda1.device loaded active plugged VMware_Virtual_IDE_ sys-devices-pci0000:00-0000:00:07.1-ata1-host0-target0:0:1-0:0:1:0-block-sda-sda2.device loaded active plugged LVM PV dJcKYm-10WN- sys-devices-pci0000:00-0000:00:07.1-ata1-host0-target0:0:1-0:0:1:0-block-sda.device loaded active plugged VMware_Virtual_IDE_Hard_ sys-devices-pci0000:00-0000:00:15.0-0000:03:00.0-host2-port\x2d2:0-end_device\x2d2:0-target2:0:0-2:0:0:0-block-sdb.device loaded act .... //列出所有啟動unit [root@etcd2 system]# systemctl list-units UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats File System Automoun sys-devices-pci0000:00-0000:00:07.1-ata1-host0-target0:0:0-0:0:0:0-block-sr0.device loaded active plugged VMware_Virtual_IDE_CDROM sys-devices-pci0000:00-0000:00:07.1-ata1-host0-target0:0:1-0:0:1:0-block-sda-sda1.device loaded active plugged VMware_Virtual_IDE_ sys-devices-pci0000:00-0000:00:07.1-ata1-host0-target0:0:1-0:0:1:0-block-sda-sda2.device loaded active plugged LVM PV dJcKYm-10WN- ..... //列出所有啟動文件 [root@etcd2 system]# systemctl list-unit-files UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-fs-nfsd.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount disabled var-lib-nfs-rpc_pipefs.mount static brandbot.path disabled systemd-ask-password-console.path static systemd-ask-password-plymouth.path static systemd-ask-password-wall.path static session-153.scope static ... // 列出所有service類型的unit [root@etcd2 system]# systemctl list-units --type=service --all UNIT LOAD ACTIVE SUB DESCRIPTION abrt-ccpp.service loaded active exited Install ABRT coredump hook abrt-oops.service loaded active running ABRT kernel log watcher abrt-vmcore.service loaded inactive dead Harvest vmcores for ABRT abrt-xorg.service loaded inactive dead ABRT Xorg log watcher abrtd.service loaded active running ABRT Automated Bug Reporting Tool atd.service loaded active running Job spooling tools auditd.service loaded active running Security Auditing Service auth-rpcgss-module.service loaded inactive dead Kernel Module supporting RPCSEC_GSS brandbot.service loaded inactive dead Flexible Branding Service calico-node.service loaded active running calico node ● cloud-set-guest-password.service loaded failed failed SYSV: Password Download Client ... //列出 kube-proxy的服務 [root@etcd2 system]# systemctl list-units --type=service --all | grep kube-proxy kube-proxy.service loaded active running Kubernetes Kube-Proxy Server //列出所有target [root@etcd2 system]# systemctl list-units --type=target --all UNIT LOAD ACTIVE SUB DESCRIPTION basic.target loaded active active Basic System cryptsetup.target loaded active active Encrypted Volumes emergency.target loaded inactive dead Emergency Mode final.target loaded inactive dead Final Step getty.target loaded active active Login Prompts graphical.target loaded inactive dead Graphical Interface local-fs-pre.target loaded active active Local File Systems (Pre) local-fs.target loaded active active Local File Systems multi-user.target loaded active active Multi-User System .... [root@etcd2 system]# systemctl list-units --type=service --all UNIT LOAD ACTIVE SUB DESCRIPTION abrt-ccpp.service loaded active exited Install ABRT coredump hook abrt-oops.service loaded active running ABRT kernel log watcher abrt-vmcore.service loaded inactive dead Harvest vmcores for ABRT abrt-xorg.service loaded inactive dead ABRT Xorg log watcher abrtd.service loaded active running ABRT Automated Bug Reporting Tool atd.service loaded active running Job spooling tools [root@ht8 ~]# systemctl list-units --type=service --state=running UNIT LOAD ACTIVE SUB DESCRIPTION abrt-oops.service loaded active running ABRT kernel log watcher abrtd.service loaded active running ABRT Automated Bug Reporting Tool atd.service loaded active running Job spooling tools auditd.service loaded active running Security Auditing Service calico-node.service loaded active running calico node crond.service loaded active running Command Scheduler dbus.service loaded active running D-Bus System Message Bus docker.service loaded active running Docker Application Container Engine getty@tty1.service loaded active running Getty on tty1 gssproxy.service loaded active running GSSAPI Proxy Daemon irqbalance.service loaded active running irqbalance daemon kube-proxy.service loaded active running Kubernetes Kube-Proxy Server kubelet.service loaded active running Kubernetes Kubelet Server libstoragemgmt.service loaded active running libstoragemgmt plug-in server daemon lvm2-lvmetad.service loaded active running LVM2 metadata daemon NetworkManager.service loaded active running Network Manager nginx-proxy.service loaded active running kubernetes apiserver docker wrapper ntpd.service loaded active running Network Time Service polkit.service loaded active running Authorization Manager postfix.service loaded active running Postfix Mail Transport Agent rngd.service loaded active running Hardware RNG Entropy Gatherer Daemon rpcbind.service loaded active running RPC bind service rsyslog.service loaded active running System Logging Service loaded active running Network Time Service
一、service常用管理,kube-proxy服務為例
k8s注冊到系統的服務一般有 kube-apiserver.service kube-controller-manager.service kubelet.service kube-proxy.service kube-scheduler.service nginx-proxy.service //cni網絡 calico-node.service //引擎 docker.service //時間對於很多應用,例如:打卡,社交等必須的 ntpd.service ntpdate.service 下面是常用操作 // 開機啟動 [root@ht23 net.d]#systemctl enable kube-proxy.service //關閉開機啟動 [root@ht23 net.d]#systemctl disable kube-proxy.service //啟動服務 [root@ht23 net.d]#systemctl start kube-proxy.service //停止服務 [root@ht23 net.d]#systemctl stop kube-proxy.service // 重啟服務 [root@ht23 net.d]#systemctl restart kube-proxy.service
//查看服務狀態
[root@ht23 net.d]# systemctl status kube-proxy.service
//查看服務是否激活狀態 [root@ht23 net.d]#systemctl is-active kube-proxy.service active //查看是否開機啟動 [root@ht23 net.d]#systemctl is-enabled kube-proxy.service enabled //殺死服務進程 systemctl kill kube-proxy.service
二、服務啟動的配置文件,下面以自建的kube-proxy.service為例
配置文件主要都放在 /usr/lib/systemd/system 或/lib/systemd/system 目錄.
[root@ht23 k8snode]# ls /usr/lib/systemd/system abrt-ccpp.service lvm2-lvmpolld.service runlevel2.target abrtd.service lvm2-lvmpolld.socket runlevel2.target.wants abrt-oops.service lvm2-monitor.service runlevel3.target abrt-pstoreoops.service lvm2-pvscan@.service runlevel3.target.wants abrt-vmcore.service machine.slice runlevel4.target abrt-xorg.service machines.target runlevel4.target.wants arp-ethers.service mdadm-grow-continue@.service runlevel5.target
......
kube-proxy.service配置文件舉例:
# 查看 kube-proxy.service 服務對應的啟動配置文件
[root@ht23 net.d]# systemctl cat kube-proxy.service
# /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
EnvironmentFile=-/etc/kubernetes/conf/config
EnvironmentFile=-/etc/kubernetes/conf/proxy
ExecStart=/usr/local/bin/hyperkube proxy \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target //WantedBy:表示該服務所在的 Target(服務組)
//保存后
cp 文件--->/usr/lib/systemd/system 或/lib/systemd/system下
systemctl daemon-reload //重載配置文件
Service啟動配置文件講解
EnvironmentFile:許多軟件都有自己的環境參數文件,該字段指定文件路徑 注意:/etc/profile 或者 /etc/profile.d/ 這些文件中配置的環境變量僅對通過 pam 登錄的用戶生效,而 systemd 是不讀這些配置的。 systemd 是所有進程的父進程或祖先進程,它的環境變量會被所有的子進程所繼承,如果需要給 systemd 配置默認參數可以在 /etc/systemd/system.conf 和 /etc/systemd/user.conf 中設置。
加載優先級 system.conf 最低,可能會被其他的覆蓋。 Type:定義啟動類型。可設置:simple,exec,forking,oneshot,dbus,notify,idle simple(設置了 ExecStart= 但未設置 BusName= 時的默認值):ExecStart 字段啟動的進程為該服務的主進程 forking:ExecStart 字段的命令將以 fork() 方式啟動,此時父進程將會退出,子進程將成為主進程 ExecStart:定義啟動進程時執行的命令 上面的例子中,啟動 sshd 執行的命令是 /usr/sbin/sshd -D $OPTIONS,其中的變量 $OPTIONS 就來自 EnvironmentFile 字段指定的環境參數文件。類似的,還有如下字段: ExecReload: 重啟服務時執行的命令 ExecStop: 停止服務時執行的命令 ExecStartPre: 啟動服務之前執行的命令 ExecStartPost:啟動服務之后執行的命令 ExecStopPost: 停止服務之后執行的命令 RemainAfterExit:設為yes,表示進程退出以后,服務仍然保持執行 KillMode:定義 Systemd 如何停止服務,可以設置的值如下: control-group(默認值):當前控制組里面的所有子進程,都會被殺掉 process:只殺主進程 mixed:主進程將收到 SIGTERM 信號,子進程收到 SIGKILL 信號 none:沒有進程會被殺掉,只是執行服務的 stop 命令 Restart:定義了退出后,Systemd 的重啟方式。可以設置的值如下: no(默認值):退出后不會重啟 on-success:只有正常退出時(退出狀態碼為0),才會重啟 on-failure:非正常退出時(退出狀態碼非0),包括被信號終止和超時,才會重啟 on-abnormal:只有被信號終止和超時,才會重啟 on-abort:只有在收到沒有捕捉到的信號終止時,才會重啟 on-watchdog:超時退出,才會重啟 always:不管是什么退出原因,總是重啟 RestartSec:表示 Systemd 重啟服務之前,需要等待的秒數
關於 Target,運行級別
# 查看默認 Target
[root@etcd2 system]# systemctl get-default
multi-user.target
multi-user.target表示默認的啟動Target是multi-user.target。在這個組里的所有服務,都將開機啟動。這就是為什么 systemctl enable 命令能設置開機啟動的原因
# 查看 multi-user.target 包含的所有服務
[root@etcd2 system]# systemctl list-dependencies multi-user.target
multi-user.target
● ├─abrt-ccpp.service
● ├─abrt-oops.service
● ├─abrt-vmcore.service
● ├─abrt-xorg.service
● ├─abrtd.service
● ├─atd.service
● ├─auditd.service
● ├─brandbot.path
● ├─calico-node.service
● ├─cloud-set-guest-password.service
● ├─crond.service
● ├─dbus.service
● ├─docker.service
● ├─etcd.service
● ├─irqbalance.service
● ├─kube-apiserver.service
......
# shutdown.target表示關機狀態的
[root@etcd2 system]# systemctl list-dependencies shutdown.target
shutdown.target
● └─dracut-shutdown.service
# 常用的 Target 有兩個:一個是 multi-user.target,表示多用戶命令行狀態;另一個是 graphical.target,表示圖形用戶狀態,
[root@etcd2 system]# systemctl list-dependencies graphical.target //它依賴於 multi-user.target
graphical.target
● ├─cloud-set-guest-password.service
● ├─display-manager.service
● ├─network.service
● ├─systemd-update-utmp-runlevel.service
● ├─vmware-tools.service
● └─multi-user.target
● ├─abrt-ccpp.service
● ├─abrt-oops.service
● ├─abrt-vmcore.service
● ├─abrt-xorg.service
● ├─abrtd.service
● ├─atd.service
● ├─auditd.service
● ├─brandbot.path
● ├─calico-node.service
● ├─cloud-set-guest-password.service
● ├─crond.service
● ├─dbus.service
● ├─docker.service
● ├─etcd.service
● ├─irqbalance.service
● ├─kube-apiserver.service
● ├─kube-controller-manager.service
● ├─kube-proxy.service
.....
[root@etcd2 system]# systemctl status shutdown.target
● shutdown.target - Shutdown
Loaded: loaded (/usr/lib/systemd/system/shutdown.target; static; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd.special(7)
這里補充下Linux下的7個運行級別:
0:系統停機狀態,系統默認運行級別不能設置為0,否則不能正常啟動,機器關閉。 1:單用戶工作狀態,root權限,用於系統維護,禁止遠程登陸,就像Windows下的安全模式登錄。 2:多用戶狀態,沒有NFS支持。 3:完整的多用戶模式,有NFS,登陸后進入控制台命令行模式。 4:系統未使用,保留一般不用,在一些特殊情況下可以用它來做一些事情。例如在筆記本電腦的電池用盡時,可以切換到這個模式來做一些設置。 5:X11控制台,登陸后進入圖形GUI模式,XWindow系統。 6:系統正常關閉並重啟,默認運行級別不能設為6,否則不能正常啟動。運行init6機器就會重啟。
標准的Linux運行級別為3或5
運行級別原理:
1.在目錄/etc/rc.d/init.d下有許多服務器腳本程序,一般稱為服務(service)
2.在/etc/rc.d下有9個文件,rc{n}.d對應系統的7個運行級別
[root@etcd2 system]# cat /etc/rc.d/
init.d/ rc0.d/ rc1.d/ rc2.d/ rc3.d/ rc4.d/ rc5.d/ rc6.d/ rc.local
3.rc{n}.d目錄下都是一些符號鏈接文件,這些鏈接文件都指向init.d目錄下的service腳本文件,命名規則為K+nn+服務名或S+nn+服務名,其中nn為兩位數字。
4.系統會根據指定的運行級別進入對應的rcN.d目錄,並按照文件名順序檢索目錄下的鏈接文件:對於以K(Kill)開頭的文件,系統將終止對應的服;對於以S(Start)開頭的文件,系統將啟動對應的服務
5.查看運行級別用:runlevel
6.進入其它運行級別用:initN,如果init3則進入終端模式,init5則又登錄圖形GUI模式
7.另外init0為關機,init6為重啟系統
標准的Linux運行級別為3或5,如果是3的話,系統就在多用戶狀態;如果是5的話,則是運行着XWindow系統。不同的運行級別有不同的用處,也應該根據自己的不同情形來設置。例如,如果丟失了root口令,那么可以讓機器啟動進入單用戶狀態來設置。在啟動后的lilo提示符下輸入: init=/bin/shrw
這樣就可以使機器進入運行級別1,並把root文件系統掛為讀寫。它會路過所有系統認證,讓你使用passwd程序來改變root口令,然后啟動到一個新的運行級。
建完配置文件設置自啟動
# 添加或修改配置文件后,需要重新加載 systemctl daemon-reload # 設置自啟動,實質就是在 /etc/systemd/system/multi-user.target.wants/ 添加服務文件的鏈接 systemctl enable zdy
其他請查看官方手冊 https://www.freedesktop.org/software/systemd/man/systemd.service.html