Re: [systemd-devel] user slice changes for uid ranges
hello mantas, jeremy, all, wrt the pam script magic, i'm not a big fan, esp because it is optional. i'd rather have those users not login than that they don't have the constraints. (but obvioulsy, i really don't want to lock myself out, so i totally see what you need the optional keyword) wrt the generators, i'll have a look how those really work and what i could do with them. i like the idea that the user slice settings are only generated when needed (and maybe even cleaned upwhen there are too many old ones to avoid performance issues) searching for info on generators and user slices, i stumbled on https://github.com/systemd/systemd/issues/2556 where this was also mentioned. unfortunaltey, no examples, so if someone can share some examples, that would be great ! anyway, thanks a lot, stijn On 9/29/19 4:07 PM, Jérémy ROSEN wrote: > I don't have a complete solutions, but here are a couple of tools that you > might be able to assemble into something that work > * dropins, you could do a dropin for every existing UID that sets the > Slice= field > * generators : could be used to generate those dropins > * also note that if a unit is named a-b-c.service, systemd will look for > dropins named a-b-.service and a-.service... there might be something to do > with that, but I havn't given it much thought > > Le ven. 27 sept. 2019 à 18:28, Mantas Mikulėnas a > écrit : > >> On Fri, Sep 27, 2019 at 5:03 PM Stijn De Weirdt >> wrote: >> >>> hi all, >>> >>> i'm looking for an "easy" way to set resource limits on a group of users. >>> >>> we are lucky enough that this group of users is within a (although >>> large) high enough range, so a range of uids is ok for us. >>> >>> generating a user-.slice file for every user (or symlink them or >>> whatever) looks a bit cumbersome, and probably not really performance >>> friendly if the range is in eg 100k (possible) uids. >>> >>> e.g. if this range was 100k-200k, i was more looking for a way to do >>> e.g. user-1X.slice or user-10:20.slice >>> >> >> As far as I know there isn't a good systemd-native method for this, but >> you can dynamically set slice parameters during PAM processing, as in this >> blog post: >> https://utcc.utoronto.ca/~cks/space/blog/linux/Ubuntu1804SystemdUserLimits >> >> -- >> Mantas Mikulėnas >> ___ >> systemd-devel mailing list >> systemd-devel@lists.freedesktop.org >> https://lists.freedesktop.org/mailman/listinfo/systemd-devel > > > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] user slice changes for uid ranges
hi all, i'm looking for an "easy" way to set resource limits on a group of users. we are lucky enough that this group of users is within a (although large) high enough range, so a range of uids is ok for us. generating a user-.slice file for every user (or symlink them or whatever) looks a bit cumbersome, and probably not really performance friendly if the range is in eg 100k (possible) uids. e.g. if this range was 100k-200k, i was more looking for a way to do e.g. user-1X.slice or user-10:20.slice (i think this is different from/not covered by the templated/prefix user slice patch https://github.com/systemd/systemd/commit/5396624506e155c4bc10c0ee65b939600860ab67) many thanks for any suggestion, stijn ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] known but not-listed units
> On 01/14/2016 03:01 PM, Lennart Poettering wrote: >> We currently do not show runtime generated unit files among the output >> of "systemctl list-unit-files", but it would probably make sense > > Aren't these files auto generated on each bootup/reload/restart thus > exposing them is likely to cause confusion for administrators > ( they start fiddling with the autogenerated units as opposed to what > they are autogenerated from and wonder why those changes get lost ) > hence it would be better continuing not exposing them right? > > At least I would think generators would need to add to their generated > files "# DO NOT EDIT THIS FILE" in addition to "# Automatically > generated by $generator" to be clear on this. the unit are listed as soon as they are enabled, it's only (apparently) when a sysvinit generated unit is not enabled on any level, that it is not listed. so it is a bit confusing that sometimes it is and sometimes it isn't listed. (also the option --all does suggest that not all usable units are/will be shown). stijn > > JBG ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] known but not-listed units
hi all, i'm having following situation on a centos 7.2 system (systemd-219-19.el7) there is a sysvinit service called netconsole that is not listed as a unit or unitfile, but the unitfile was generated and systemctl seems to be able to handle the unit. the only odd issue is that this service is not enabled (chkconfig shows all levels as off). this system has otehr sysvinit services that do show up as units (but for those, at least one level is on) is this "normal"? and what sort of units exits that are not listed as units or unitfiles in general? i pasted some output below, hope this helps many thanks, stijn > [root@test2200 ~]# chkconfig --list netconsole > > Note: This output shows SysV services only and does not include native > systemd services. SysV configuration data might be overridden by native > systemd configuration. > > If you want to list systemd services use 'systemctl list-unit-files'. > To see services enabled on particular target use > 'systemctl list-dependencies [target]'. > > netconsole0:off 1:off 2:off 3:off 4:off 5:off 6:off > [root@test2200 ~]# systemctl list-units --all |grep netconsole > [root@test2200 ~]# systemctl list-unit-files --all |grep netconsole > [root@test2200 ~]# systemctl show netconsole.service |grep generator > Documentation=man:systemd-sysv-generator(8) > FragmentPath=/run/systemd/generator.late/netconsole.service > [root@test2200 ~]# systemctl status netconsole.service > ● netconsole.service - SYSV: Initializes network console logging >Loaded: loaded (/etc/rc.d/init.d/netconsole) >Active: inactive (dead) > Docs: man:systemd-sysv-generator(8) > [root@test2200 ~]# ls -l /run/systemd/generator.late/netconsole.service > -rw-r--r-- 1 root root 453 Jan 13 14:49 > /run/systemd/generator.late/netconsole.service > [root@test2200 ~]# cat /run/systemd/generator.late/netconsole.service > # Automatically generated by systemd-sysv-generator > > [Unit] > Documentation=man:systemd-sysv-generator(8) > SourcePath=/etc/rc.d/init.d/netconsole > Description=SYSV: Initializes network console logging > Before=shutdown.target > Conflicts=shutdown.target > > [Service] > Type=forking > Restart=no > TimeoutSec=5min > IgnoreSIGPIPE=no > KillMode=process > GuessMainPID=no > RemainAfterExit=yes > ExecStart=/etc/rc.d/init.d/netconsole start > ExecStop=/etc/rc.d/init.d/netconsole stop ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] known but not-listed units
>> i'm having following situation on a centos 7.2 system >> (systemd-219-19.el7) >> >> there is a sysvinit service called netconsole that is not listed as a >> unit or unitfile, but the unitfile was generated and systemctl seems to >> be able to handle the unit > > becaus enobody created a systemd-unit and there is still > "/etc/init.d/netconsole" but it is properly generated like all other sysvinit services (/run/systemd/generator.late/netconsole.service exists and is non-empty) stijn > > > > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
