systemd

From Gentoo-en
Jump to: navigation, search
Gentoo.png
Gentoo has an official article on:


From systemd's website:

systemd is a system and service manager for Linux, compatible with SysV and LSB init scripts. systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using/ Linux cgroups, supports snapshotting and restoring of the system state, maintains mount and automount points and implements an elaborate transactional dependency-based service control logic. It can work as a drop-in replacement for sysvinit.

Installation

Kernel

The Gentoo ebuild for systemd requires at least 2.6.39 kernel.

systemd requires some non-standard kernel options to be enabled:

Linux Kernel Configuration: systemd options
General setup  --->
     [*] Control Group support
Device Drivers --->/
     Generic Driver Options  --->
          [*] Maintain a devtmpfs filesystem to mount at /dev
File systems --->
     [*] Filesystem wide access notification
     < > Kernel automounter support
     <*> Kernel automounter version 4 support (also supports v3)

(Re)build and (Re)install.

Userland

Many packages support systemd by default and are already available in the official portage tree but are (obviously) not stable yet.

Keyword required for installing systemd:

File: /etc/portage/package.keywords
sys-apps/systemd
sys-apps/dbus
sys-fs/udev
sys-kernel/linux-headers
>=sys-apps/kmod-5

Optional: if you want GTK support, then add these packages too:

File: /etc/portage/package.keywords
dev-libs/atk
dev-libs/glib
dev-lang/vala
x11-libs/gtk+:2

For desktops you can also add the following few systemd-ready packages:

File: /etc/portage/package.keywords
net-dns/avahi
net-misc/networkmanager
net-wireless/bluez
net-wireless/wpa_supplicant

Install systemd and related packages:

emerge --ask --verbose systemd

Setting services

By default systemd will start your system to allow you to login in on a tty. This means no display manager gets started, no network is set up, etc. Make sure to enable the necessary services before you reboot.

Finalizing w/ grub

Finally you will need to tell your kernel to run the init provided by systemd. If you have a kernel built by genkernel, change the real_init kernel parameter to point to /usr/lib/systemd/systemd:

File: /boot/grub/grub.conf
...
title=My Gentoo Linux
root (hd0,0)
kernel /my-genkernel... root=/dev/hda3 real_init=/usr/lib/systemd/systemd
initrd /initramfs-genkernel-x86-3.9.0-gentoo

If you have built your kernel yourself, change the init kernel parameter to point to /usr/lib/systemd/systemd:

File: /boot/grub/grub.conf
title=My Gentoo Linux
root (hd0,0)
kernel /vmlinuz.bin root=/dev/hda3 init=/usr/lib/systemd/systemd
...
Note: If you're using Initramfs the systemd start is set inside of initramfs file, not in grub/lilo config

Finalizing w/ grub 2

/etc/default/grub file gedited to have this line look like this....

File: /etc/default/grub
...
GRUB_CMDLINE_LINUX_DEFAULT="init=/usr/bin/systemd quiet"
...

Services

To list available services, run:

systemctl

To enable services (similar to what rc-update -a does):

systemctl enable foobar
or
systemctl enable foobar.service

A further list of unit files is available from http://git.overlays.gentoo.org/gitweb/?p=user/systemd.git;a=tree;f=sys-apps/systemd-units/files or from http://cgit.freedesktop.org/systemd/systemd/tree/units

You can also use systemd-love overlay

You can find a list of some packages and their openrc and systemd services in the Gentoo Wiki

Hardware related

LVM

File: /etc/systemd/system/lvm.service
[Unit]
Description=Linux Volume Manager
DefaultDependencies=no
Requires=udev-settle.service
After=udev-settle.service
Before=shutdown.target local-fs.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/pvscan --ignorelockingfailure
ExecStart=/sbin/vgscan --mknodes --ignorelockingfailure
ExecStart=/sbin/vgchange --sysinit -a ly
ExecStop=/sbin/lvchange --sysinit -a ln $(/sbin/vgs -o vg_name --noheadings --nosuffix 2> /dev/null)
ExecStop=/sbin/lvchange --sysinit -a ln
ExecStop=/sbin/vgchange --sysinit -a ln

[Install]
WantedBy=sysinit.target
systemctl enable lvm.service

microcode_ctl

File: /etc/systemd/system/microcode_ctl.service
[Unit]
Description=CPU microcode updater

[Service]
Type=oneshot
ExecStart=/usr/sbin/microcode_ctl -qu -f /lib/firmware/microcode.dat

[Install]
WantedBy=multi-user.target
systemctl enable microcode_ctl.service

radeon-power_profile

File: /etc/systemd/system/radeon-power_profile.service
[Unit]
Description=Radeon Power Profile

[Service]
Type=oneshot
ExecStart=/usr/local/sbin/radeon-power_profile low

[Install]
WantedBy=multi-user.target
File: /usr/local/sbin/radeon-power_profile
#!/bin/sh

EXEC_NAME=`basename $0`;

TARGET="/sys/class/drm/card0/device/power_profile"
CURRENT_PROFILE=`cat ${TARGET}`

append_profile() {
        local PROFILE=$1
        echo -n "  ${PROFILE}"
        if [ "x${CURRENT_PROFILE}x" == "x${PROFILE}x" ]; then
                echo -n " (current)"
        fi
        echo
}

if [ $# != 1 ]; then
        echo "usage: ${EXEC_NAME} <profile>"
        echo
        echo "Valid profiles:"
        for AVAILABLE_PROFILE in low high default auto; do
                append_profile ${AVAILABLE_PROFILE}
        done
        exit 0
fi

PROFILE="$1"

if [ "x${PROFILE}x" == "xlowx" ] || [ "x${PROFILE}x" == "xhighx" ] || [ "x${PROFILE}x" == "xautox" ] || [ "x${PROFILE}x" == "xdefaultx" ]; then
        echo "${PROFILE}" > ${TARGET}
else
        logger "[${EXEC_NAME}] WARN: Invalid power_profile '${PROFILE}'"
        exit 1
fi

exit 0
systemctl enable radeon-power_profile.service

ALSA

alsa-utils already provides systemd service files. They are enabled automatically when installed.

Network

netctl

net-misc/netctl can be used for network configuration of various types in simple manner. Netctl is borrowed from Arch Linux and provides units for systemd. User should create a network profile for each desired network interface in /etc/netctl (use examples in /etc/netctl/examples) and then activate it with:

netctl enable <profile name>

More information can be found in [1].

DHCPCD

As of 5.2.12-r1, dhcpcd ebuild installs dhcpcd.service unit file.

wpa_supplicant

As of 0.7.3-r3, wpa_supplicant ebuild provides two systemd units:

  • wpa_supplicant.service for NetworkManager users (using D-Bus),
  • wpa_supplicant@.service for plain wpa_supplicant users.

The latter one should be enabled as wpa_supplicant@wlan0.service, where wlan0 shall be replaced by your wireless interface.


network manager

systemctl enable NetworkManager.service

This will also allow the networkmanager-applet in gnome 3 to appear.

wicd

File: /etc/systemd/system/wicd.service
[Unit]
Description=Wicd Network Manager

[Service]
Type=dbus
BusName=org.wicd.daemon
ExecStart=/usr/sbin/wicd -f

[Install]
WantedBy=network.target
systemctl enable wicd.service

dnsmasq

File: /etc/systemd/system/dnsmasq.service
[Unit]
Description=dnsmasq service
After=network.target

[Service]
ExecStartPre=/usr/sbin/dnsmasq --test
ExecStart=/usr/sbin/dnsmasq -d -u dnsmasq -g dnsmasq
ExecReload=/bin/kill -s HUP $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

munge

See http://code.google.com/p/munge/issues/detail?id=11

File: /etc/systemd/system/munged.service
[Unit]
Description=Start/Stop the MUNGE authentication service.
After=syslog.target auditd.service 

[Service]
Type=forking
User=munge
# Start up will fail if /etc/munge/munge.key does not exist
# A fresh key can be generated with /usr/sbin/create-munge-key
ExecStartPre=/usr/bin/test -r /etc/munge/munge.key
ExecStart=/usr/sbin/munged 
ExecReload=/bin/kill -HUP $MAINPID
PIDFile=/var/run/munge/munged.pid

[Install]
WantedBy=multi-user.target

Core services

dcron

File: /etc/systemd/system/dcron.service
[Unit]
Description=dcron

[Service]
ExecStart=/usr/sbin/crond
Type=forking

[Install]
WantedBy=multi-user.target

fcron

File: /etc/systemd/system/fcron.service
[Unit]
Description=fcron service

[Service]
ExecStart=/usr/sbin/fcron -f -y

[Install]
WantedBy=multi-user.target

hwclock

File: /etc/systemd/system/hwclock.service
[Unit]
Description=hwclock

[Service]
Type=oneshot
ExecStart=/sbin/hwclock --hctosys --localtime
ExecStop=/sbin/hwclock --systohc --localtime

[Install]
WantedBy=multi-user.target
systemctl enable hwclock.service

loadkeys

File: /etc/systemd/system/loadkeys.service
[Unit]
Description=Loads keymap in console (dvorak in example)
DefaultDependencies=no
Before=sysinit.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/loadkeys -q /usr/share/keymaps/i386/dvorak/dvorak.map.gz

[Install]
WantedBy=multi-user.target
systemctl enable loadkeys.service


metalog

File: /etc/systemd/system/metalog.service
[Unit]
Description=System Logger Daemon

[Service]
ExecStart=/usr/sbin/metalog
File: /etc/systemd/system/metalog.socket
[Unit]
Description=Syslog Socket

[Socket]
ListenDatagram=/dev/log

[Install]
WantedBy=sockets.target
systemctl enable metalog.socket

ntp-client

File: /etc/systemd/system/ntp-client.service
[Unit]
Description=NTP client
After=hwclock.service

[Service]
Type=oneshot
ExecStart=/usr/sbin/ntpdate -s -b -u 0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org

[Install]
WantedBy=multi-user.target
systemctl enable ntp-client.service

Display managers

KDM

File: /etc/systemd/system/kdm.service
[Unit]
Description=KDM Display Manager
Conflicts=getty@tty1.service
After=systemd-user-sessions.service getty@tty1.service plymouth-quit.service

[Service]
ExecStart=/usr/bin/kdm -nodaemon
Restart=always
IgnoreSIGPIPE=no

[Install]
Alias=display-manager.service
systemctl enable kdm.service

XDM/GDM

Versions of gdm >= 3.4 already provide a gdm.service, so to enable this:

systemctl enable gdm.service

Versions of gdm before 3.4 require creating an xdm.service file executing Gdm:

File: /etc/systemd/system/xdm.service
[Unit]
Description=X-Window Display Manager
After=systemd-user-sessions.service

[Service]
ExecStart=/usr/bin/gdm

[Install]
Alias=display-manager.service
systemctl enable xdm.service

Earlier versions may require creating an xdm.service file:

File: /etc/systemd/system/xdm.service
[Unit]
Description=X-Window Display Manager
After=systemd-user-sessions.service

[Service]
ExecStart=/usr/bin/xdm -nodaemon

[Install]
Alias=display-manager.service
systemctl enable xdm.service

(or quite possibly just 'systemctl enable xdm.service' as there is already a xdm.service file located @ /usr/lib64/systemd/system/xdm.service)

lightdm

File: /etc/systemd/system/xdm.service
[Unit]
Description=X-Window Display Manager
After=systemd-user-sessions.service

[Service]
ExecStart=/usr/sbin/lightdm

[Install]
Alias=display-manager.service
systemctl enable xdm.service

this is a rough start, and requires the user to login and run

systemctl start xdm

startx

File: /etc/systemd/system/startx.service
[Unit]
Description=Startx

[Service]
#User=bob #uncomment this to run startx as desired user (in example bob), otherwise it will run startx as root
ExecStart=/usr/bin/startx

[Install]
WantedBy=graphical.target

Daemons and servers

Asterisk

File: /etc/systemd/system/asterisk.service
[Unit]
Description=Asterisk PBX and telephony daemon.
After=network.target

[Service]
Type=simple
Environment=HOME=/var/lib/asterisk
WorkingDirectory=/var/lib/asterisk
User=asterisk
Group=asterisk
PIDFile=/run/asterisk/asterisk.pid
ExecStart=/usr/sbin/asterisk -C /etc/asterisk/asterisk.conf
ExecStop=/usr/sbin/asterisk -rx 'core stop now'
ExecReload=/usr/sbin/asterisk -rx 'core reload'

PrivateTmp=true

[Install]
WantedBy=multi-user.target

Bind

File: /etc/systemd/system/named.service
[Unit]
Description=Berkeley Internet Name Domain (DNS)
After=network.target

[Service]
Type=forking
PIDFile=/run/named/named.pid
ExecStartPre=/usr/sbin/named-checkconf -z /etc/bind/named.conf
ExecStart=/usr/sbin/named -u named $OPTIONS

[Install]
WantedBy=multi-user.target
systemctl enable named.service
systemctl start named


Samba

File: /etc/systemd/system/smbd.service
[Unit]
Description=Samba SMB/CIFS server
After=network.target nmbd.service winbindd.service

[Service]
Type=forking
PIDFile=/var/run/samba/smbd.pid
ExecStart=/usr/sbin/smbd -D 
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

NMBD

File: /etc/systemd/system/nmbd.service
[Unit]
Description=Samba NetBIOS name server
After=network.target

[Service]
Type=forking
PIDFile=/var/run/samba/nmbd.pid
ExecStart=/usr/sbin/nmbd -D 
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
File: /etc/tmpfiles.d/nmbd.conf
D /var/run/samba 0755 root root

Winbind

File: /etc/systemd/system/winbindd.service
[Unit]
Description=Samba Winbind daemon
After=network.target nmbd.service

[Service]
Type=forking
PIDFile=/var/run/samba/winbindd.pid
ExecStart=/usr/sbin/winbindd -D 
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

CUPS

Starting with cups 1.5.2-r20 the necessary socket, path and service files are provided by the ebuild.

distccd

File: /etc/systemd/system/distccd.service
[Unit]
Description=distcc

[Service]
ExecStart=/usr/bin/distccd --user distcc --daemon --no-detach --port 3632 --log-level info --allow 192.168.1.0/24 --listen 192.168.1.111 -N 15 

[Install]
WantedBy=multi-user.target

lighttpd

File: /etc/systemd/system/lighttpd.service
[Unit]
Description=Lighttpd Daemon
After=network.target

[Service]
ExecStartPre=/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf
ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
File: /etc/tmpfiles.d/lighttpd.conf
d /var/run/lighttpd 0750 lighttpd lighttpd -
systemctl enable lighttpd.service
systemctl start lighttpd.service

MySQL

File: /etc/systemd/system/mysqld.service
[Unit]
Description=MySQL database server
After=syslog.target
After=network.target

[Service]
User=mysql
Group=mysql

ExecStart=/usr/sbin/mysqld --pid-file=/var/run/mysqld/mysqld.pid
ExecStop=/bin/kill -15 $MAINPID
PIDFile=/var/run/mysqld/mysqld.pid

# We rely on systemd, not mysqld_safe, to restart mysqld if it dies
Restart=always

# Place temp files in a secure directory, not /tmp
PrivateTmp=true

[Install]
WantedBy=multi-user.target
File: /etc/tmpfiles.d/mysqld.conf
# systemd tmpfile settings for mysql
# See tmpfiles.d(5) for details

d /var/run/mysqld 0755 mysql mysql -
systemctl enable mysqld.service

PostgreSQL

This starts PostgreSQL.

File: /etc/tmpfiles.d/postgresql.conf
d /run/postgres 0700 postgres postgres -
File: /etc/systemd/system/postgresql@.service
[Unit]
Description=Initializing Postgresql %i Database

[Service]
User=postgres
Group=postgres

EnvironmentFile=/etc/conf.d/postgresql-%I

PermissionsStartOnly=true

ExecStartPre=/bin/mkdir /run/postgresql -p
ExecStartPre=/bin/chown postgres:postgres /run/postgresql
ExecStart=-/bin/sh -c "/usr/lib/postgresql-%I/bin/postgres -D /etc/postgresql-%I --data-directory=/var/lib/postgresql/%I/data"

[Install]
WantedBy=multi-user.target

NFS

Implements the functions of /etc/init.d/nfs, /etc/init.d/nfsmount and helper services.

File: /etc/modules-load.d/nfs.conf
sunrpc
nfs

The following is only necessary if you are running a NFS server.

File: /etc/modules-load.d/nfs-server.conf
nfsd

The following files are necessary for all versions of NFS:

File: /etc/systemd/system/rpcbind.service
[Unit]
Description=NFS port mapping server
Requires=network.target

[Service]
EnvironmentFile=/etc/conf.d/rpcbind
ExecStart=/sbin/rpcbind $RPCBIND_OPTS
Type=forking
Restart=always
File: /etc/systemd/system/rpc.statd.service
[Unit]
Description=NFS status daemon
Requires=rpcbind.service
After=rpcbind.service
Requires=network.target

[Service]
EnvironmentFile=/etc/conf.d/nfs
ExecStart=/sbin/rpc.statd --no-notify -F $OPTS_RPC_STATD
Restart=on-failure
File: /etc/systemd/system/sm-notify.service
[Unit]
Description=NFS sm-notify
Requires=rpc.statd.service
Requires=network.target

[Service]
EnvironmentFile=/etc/conf.d/nfs
ExecStart=/usr/sbin/sm-notify -d $OPTS_SMNOTIFY
Type=oneshot
Restart=on-failure

The following files are necessary for NFSv4 only:

File: /etc/systemd/system/rpc.gssd.service
[Unit]
Description=NFS rpcsec_gss daemon
Requires=rpcbind.service
Requires=var-lib-nfs-rpc_pipefs.mount

[Service]
EnvironmentFile=/etc/conf.d/nfs
ExecStart=/usr/sbin/rpc.gssd -f $OPTS_RPC_GSSD
Restart=on-failure
File: /etc/systemd/system/var-lib-nfs-rpc_pipefs.mount
[Unit]
Description=rpc_pipefs

[Mount]
What=rpc_pipefs
Where=/var/lib/nfs/rpc_pipefs
Type=rpc_pipefs
File: /etc/systemd/system/rpc.idmapd.service
[Unit]
Description=NFSv4 ID - Name Mapper
Requires=rpcbind.service
Requires=var-lib-nfs-rpc_pipefs.mount
Requires=network.target

[Service]
EnvironmentFile=/etc/conf.d/nfs
ExecStart=/usr/sbin/rpc.idmapd -f $OPTS_RPC_IDMAPD
Restart=on-failure

To mount NFS 2 and 3 shares only use the following service file:

File: /etc/systemd/system/nfs3_client.target
[Unit]
Description=Dependencies for NFSv3 mounts
Requires=rpc.statd.service
Requires=sm-notify.service
Wants=cachefilesd.service

[Install]
WantedBy=remote-fs.target
systemctl enable nfs3_client.target

This service file pulls in the dependencies for mounting NFSv4 shares (also works for earlier versions):

File: /etc/systemd/system/nfs4_client.target
[Unit]
Description=Dependencies for NFSv4 mounts
Requires=rpc.idmapd.service
Requires=rpc.statd.service
Requires=sm-notify.service
Wants=rpc.gssd.service
Wants=cachefilesd.service

[Install]
WantedBy=remote-fs.target
systemctl enable nfs4_client.target

Service files for an NFS server are a work in progress:

File: /etc/systemd/system/rpc.mountd.service
[Unit]
Description=RPC mountd
Requires=rpc.statd.service
After=rpc.statd.service
Requires=network.target

[Service]
EnvironmentFile=/etc/conf.d/nfs
ExecStart=/usr/sbin/rpc.mountd --foreground $OPTS_RPC_MOUNTD
Restart=on-failure
File: /etc/systemd/system/nfsd.service
[Unit]
Description=NFS server
Requires=rpcbind.service rpc.statd.service rpc.mountd.service

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/nfs
ExecStart=/usr/sbin/rpc.nfsd $OPTS_RPC_NFSD
ExecStart=/usr/sbin/exportfs -r
ExecStop=/usr/sbin/exportfs -ua
ExecStop=/usr/sbin/rpc.nfsd 0

[Install]
WantedBy=multi-user.target
systemctl enable nfsd.service

ntpd

File: /etc/systemd/system/ntp.service
[Unit]
Description=ntpd

[Service]
ExecStart=/usr/sbin/ntpd -n

[Install]
WantedBy=multi-user.target
systemctl enable ntp.service


Postfix

File: /etc/systemd/system/postfix.service
[Unit]
Description=Mail Daemon
After=network.target

[Service]
Type=forking
ExecStart=/usr/sbin/postfix -c /etc/postfix start
ExecStop=/usr/sbin/postfix -c /etc/postfix stop
ExecReload=/usr/sbin/postfix -c /etc/postfix reload

[Install]
WantedBy=multi-user.target
systemctl enable postfix.service

Verynice

File: /etc/systemd/system/verynice.service
[Unit]
Description=A tool for dynamically adjusting the nice-level of processes

[Service]
Type=forking
ExecStart=/usr/sbin/verynice -d /var/run/verynice.pid
PIDFile=/var/run/verynice.pid
ExecStop=/bin/kill -15 $MAINPID

[Install]
WantedBy=multi-user.target
systemctl enable verynice.service

Openvpn

File: /etc/systemd/system/openvpn@.service
[Unit]
Description=Openvpn Service %I
Requires=network.target
After=network.target

[Service]
Type=simple
ExecStartPre=/bin/mkdir -p "/var/run/openvpn/%I"
ExecStart=/usr/sbin/openvpn --user openvpn --group openvpn --chroot /var/run/openvpn --config "/etc/openvpn/%I.conf"
ExecReload=/bin/kill -HUP $MAINPID

vsftpd

File: /etc/systemd/system/vsftpd.service
[Unit]
Description=vsftpd ftp server
After=network.target

[Service]
ExecStart=/usr/sbin/vsftpd

[Install]
WantedBy=multi-user.target
systemctl enable vsftpd.service
systemctl start vsftpd.service

nginx

File: /etc/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=syslog.target
After=network.target
After=mysql.service
After=phpfpm.service

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target
systemctl enable nginx.service
systemctl start nginx.service

php-fpm

File: /etc/systemd/system/php-fpm.service
[Unit]
Description=php-fpm fast cgi service

[Service]
Type=simple
ExecStart=/usr/bin/php-fpm -y /etc/php/fpm/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

You need also make an symlink on used php-fpm slot. For example ln -s /etc/php/fpm-php5.4 /etc/php/fpm.

renderd

File: /etc/systemd/system/renderd.service
[Unit]
Description=Rendering daemon for Openstreetmap tiles

[Service]
Type=forking
ExecStart=/usr/bin/renderd
ExecStop=/bin/kill -s QUIT $MAINPID

[Install]
WantedBy=multi-user.target
File: /etc/tmpfiles.d/renderd.conf
d /var/run/renderd 0755 root root -

Misc

iptables

File: /etc/systemd/system/iptables.service
[Unit]
Description=iptables
Before=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/iptables
ExecStart=/sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} ${IPTABLES_SAVE}
ExecStop=/usr/sbin/iptables-stop

[Install]
WantedBy=multi-user.target
File: /usr/sbin/iptables-stop
#!/bin/sh
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

iptables_proc="/proc/net/ip_tables_names"
iptables_bin="/sbin/iptables"

set_table_policy() {
	local chains table=$1 policy=$2
	case ${table} in
		nat)    return;;
		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
		filter) chains="INPUT FORWARD OUTPUT";;
		*)      chains="";;
	esac
	local chain
	for chain in ${chains} ; do
		${iptables_bin} -t ${table} -P ${chain} ${policy}
	done
}

for a in $(cat ${iptables_proc}) ; do
	${iptables_bin} -F -t $a
	${iptables_bin} -X -t $a

	set_table_policy $a DROP
done

The iptables-stop script is optional. It is basically a port of what /etc/init.d/iptables does now in the stop() method and will completely wipe your firewall settings to allow everything.


systemctl enable iptables.service
File: /etc/systemd/system/ip6tables.service
[Unit]
Description=ip6tables
Before=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/ip6tables
ExecStart=/sbin/ip6tables-restore ${SAVE_RESTORE_OPTIONS} ${IP6TABLES_SAVE}

[Install]
WantedBy=multi-user.target
systemctl enable ip6tables.service

kexec_load

File: /etc/systemd/system/kexec_load.service
[Unit]
Description=Load kexec kernel
DefaultDependencies=no
Before=shutdown.target

[Service]
Type=oneshot
ExecStart=/etc/systemd/scripts/kexec_load

[Install]
WantedBy=shutdown.target

Example /etc/systemd/scripts/kexec_load:

File: /etc/systemd/scripts/kexec_load
#!/bin/sh

/usr/sbin/kexec -l "/usr/src/linux/arch/x86/boot/bzImage" \
--append="root=/dev/sdb2 init=/bin/systemd fbcon=rotate:3 \
drm_kms_helper.poll=0 quiet"

exit 0

systemd hardcodes kexec to /sbin/kexec, while it lives under /usr/sbin/ on Gentoo so you need to copy or hardlink it to /sbin

systemctl enable kexec.target
systemctl enable kexec_load.service

rtorrent (in screen)

Automatically opens a new window in your running screen session and starts rtorrent, if a new torrent is copied into the torrents directory. Change myuser to your user.

File: /etc/systemd/system/rtorrent.service
[Unit]
Description=rtorrent Service

[Service]
Type=oneshot
ExecStart=/usr/bin/sudo -u myuser /usr/bin/screen -d -RR -X chdir /music
ExecStart=/usr/bin/sudo -u myuser /usr/bin/screen -d -RR -X screen -t rtorrent /usr/bin/rtorrent
File: /etc/systemd/system/rtorrent.path
[Unit]
Description=rtorrent watcher

[Path]
PathChanged=/home/myuser/torrents

[Install]
WantedBy=multi-user.target
systemctl enable rtorrent.path

Mediatomb

File: /etc/systemd/system/mediatomb.service
[Unit]
Description=MediaTomb Daemon
After=network.target mysql.target

[Service]
EnvironmentFile=/etc/conf.d/mediatomb
ExecStart=/usr/bin/mediatomb --logfile $MEDIATOMB_LOGFILE --user $MEDIATOMB_USER --group $MEDIATOMB_GROUP --config $MEDIATOMB_CONFIG --port $MEDIATOMB_PORT
Restart=on-abort

[Install]
WantedBy=multi-user.target
File: /etc/conf.d/mediatomb
# See the mediatomb(1) manpage for more info.

# MediaTomb Web UI port.
# NOTE: The minimum value allowed is 49152
MEDIATOMB_PORT=49152

# Run MediaTomb as this user.
# NOTE: For security reasons do not run MediaTomb as root.
MEDIATOMB_USER="mediatomb"

# Run MediaTomb as this group.
# NOTE: For security reasons do not run MediaTomb as root.
MEDIATOMB_GROUP="mediatomb"

# Path to MediaTomb config file.
MEDIATOMB_CONFIG="/etc/mediatomb/config.xml"

# Path to MediaTomb log file.
MEDIATOMB_LOGFILE="/var/log/mediatomb.log"

# Other options you want to pass to MediaTomb.
# Add "--interface ${MEDIATOMB_INTERFACE}" to bind to a named interface.
MEDIATOMB_OPTIONS=""
systemctl enable mediatomb.service

gpm

gpm is a cut and paste utility and mouse server for virtual consoles.

File: /etc/systemd/system/gpm.service
[Unit]
Description=gpm
Requires=getty.target

[Service]
EnvironmentFile=/etc/conf.d/gpm
# This use of EnvironmentFile requires $RESPONSIVENESS, 
# $REPEAT_TYPE and $APPEND to be added to $params in the conf.d/gpm file.
ExecStart=/usr/sbin/gpm -D -m $MOUSEDEV -t $MOUSE $params
Restart=always

[Install]
WantedBy=multi-user.target
systemctl enable gpm.service

HDparm

Initialize Hard drive PM parameters after suspend/restore

File: /etc/systemd/system/hdparm-pm@.service
[Unit]
Description=Initialize Hard drive PM parameters after suspend/restore
After=dev-%i.device suspend.target hibernate.target sysinit.target hybrid-sleep.target
Requires=dev-%i.device

[Service]
Type=oneshot
ExecStart=/sbin/hdparm -B 255 /dev/%i

[Install]
WantedBy=sysinit.target
WantedBy=suspend.target
WantedBy=hibernate.target
WantedBy=hybrid-sleep.target
systemctl enable hdparm-pm@.service

Troubleshooting

Unit Masking

If you have broken or unneeded units, you may can mask it, so they won't annoying in journalctl.

For example:

systemctl mask auditd.service plymouth-quit-wait.service plymouth-quit.service systemctl mask plymouth-start.service

OpenRC Compatibility

systemd doesn't initialize the OpenRC environment for you, so starting any OpenRC service will fail and complain that the service has already been started. For example:

* WARNING: lvm has already been started

Enable the OpenRC service to initialize the openrc enviornment:

systemctl enable openrc-init.service

If you get the following error message when enabling openrc-init.service:

Unit files contain no applicable installation information. Ignoring.

You may need to modify openrc-init.service to work with the latest versions of systemd where empty sections of scripts are disabled by default:

File: /lib/systemd/system/openrc-init.service
...
[Install]
WantedBy=multi-user.target

Removing only sysvinit

killall

killall = functioning

reboot

reboot = functioning

systemctl reboot

systemctl reboot = functioning

shutdown -h now

shutdown -h now = functioning

shutdown -h 60

shutdown -h 60 = functioning

halt

halt = works but fails to power off as a work around add "alias halt="shutdown -h now"" to /etc/profile.d/rc.sh & run source /etc/profile as your user and then again as root

Removing OpenRC

If you want to have a pure systemd system then you can disable the sysv USE flag globally, then unmerge sysvinit as it won't be used anymore..

Warning: If you remove sysvinit then the /etc/inittab contents are going to be ignored and init, halt, shutdown, reboot, killall5 (and a few others) commands wont be available.
Warning: Until bug 373219 is resolved, it is highly inadvisable to remove openrc since package provides a file, functions.sh, that is used by several other unrelated programs.
Warning: If you remove openrc then you cannot continue using the /etc/init.d scripts anymore, and the config files on /etc/conf.d aren't going to be used either, so you will have to create and maintain your own unit files for the missing services until upstream or Gentoo provides them.
  • Remove openrc and sysvinit
emerge -C sys-apps/openrc sys-apps/sysvinit
  • Add openrc to package.provided so portage won't complain
File: /etc/portage/profile/package.provided
sys-apps/openrc-0.6.5
emerge sys-apps/systemd-sysv-utils
Warning: halt in sys-apps-systemd-sysv-utils will just halt the system without powering it off.
  • Add a hostname
File: /etc/hostname
myhostname
  • Console and keymap settings
File: /etc/vconsole.conf
KEYMAP=us
FONT=lat9w-16
FONT_MAP=8859-1_to_uni
  • OS info
File: /etc/os-release
NAME=Gentoo
ID=gentoo
PRETTY_NAME=Gentoo GNU/Linux
ANSI_COLOR=1;34
  • Locale settings (read man locale.conf for more options )
File: /etc/locale.conf
LANG=en_US.utf8
LC_COLLATE=C

PAM support: su, sudo, screen...

If you want systemd to register your user sessions in cgroups with the optional advantages of having CPU (or other controllers) balancing between sessions, then you can add the USE flag pam to systemd and do the following:

  • Edit the session section of /etc/pam.d/system-auth
File: /etc/pam.d/system-auth
....
session     optional    pam_loginuid.so
....
-session     optional    pam_systemd.so kill-user=1 controllers=
Note: Dont add kill-user=1 if you expect daemons (e.g. screen) to remain available when the session ends.
Note: You can add a cgroup controller to the controller list like controllers=cpu if you want CPU load balancing between sessions (other controllers are also available depending of the kernel cgroup options enabled). If you don't intend to have any type of balancing (or you are using the BFS patch on your kernel) then you can leave the list empty. If this option is omitted then the default is controllers=cpu.
Warning: The current implementation of /bin/su (provided by sys-apps/shadow) in Gentoo is broken because it tries to close the PAM session after dropping root privileges (when being invoked as "su - <user>") and this leaves empty cgroups sessions around (bug report). Note that the /bin/su implementation of coreutils doesn't have this problem so other distros where the coreutils implementation is used won't have this issue.

If with systemd-39 and later your su - sessions are ending with a ...killed message and/or your sudo doesn't work anymore, here is what solved it for me. Copy the contents of the session section from /etc/pam.d/system-auth to /etc/pam.d/sudo then edit that file and /etc/pam.d/su:

File: /etc/pam.d/sudo
auth		include		system-auth
account		include		system-auth
password	include		system-auth

===> Comment the line that mentions pam_loginuid.so.
===> Leave the remaining "session" lines as they are.
...
#session		optional	pam_loginuid.so
...
File: /etc/pam.d/su
auth		include		system-auth
account		include		system-auth
password	include		system-auth

session		include		sudo

See also