You are not logged in.

#1 2016-02-07 05:40:07

tknomanzr
BL Die Hard
From: Around the Bend
Registered: 2015-09-29
Posts: 1,029

Systemd Scripts and Tutorials.

I wanted to build a place to gather up the various systemd script and tutorials into one place for folks. I will start this topic off by linking to threads that already have systemd related stuff in them, then start posting more stuff that I have created.

Anyone is welcome to contribute. However, please keep criticisms of systemd itself relegated to Topics Going Nowhere- Yet Another Systemd Thread

First, I will start off with @HoaS's excellent tutorial on Internet Connection with Systemd-networkd. I believe at one time he had a tutorial on systemd-nspawn as well but I am unable to find it at the moment.

Journald is not setup by defaultin Debian. Journaling and Journalctl will help you get that setup.

I recently posted a method to setup Automatic update notifacations through systemd. You can find that thread at https://forums.bunsenlabs.org/viewtopic … 060#p18060

That seems to be it for the threads containing useful systemd information to date, unless HoaS is willing to resurrect his systemd-nspawn thread.

TIPS:

* When developing systemd unit files, having a terminal up with journalctl -f running is very useful for debugging service startups.
* The ArchLinux wiki has a lot of useful systemd information: https://wiki.archlinux.org/index.php/systemd
* Redhat has also posted some useful information in regard to creating systemd unit files: https://access.redhat.com/documentation … Files.html
* A basic understanding of systemctl and journalctl is needed. Here is a newby style tutorial to get you up to speed.: https://www.digitalocean.com/community/ … he-journal

Next up -- Scheduling backups with Systemd and Rsync.

Offline

#2 2016-02-07 06:11:16

tknomanzr
BL Die Hard
From: Around the Bend
Registered: 2015-09-29
Posts: 1,029

Re: Systemd Scripts and Tutorials.

So in this next installment, I have converted my backup strategy into a systemd service running on a timer for automated backups.
I needed a few files here, a service file, a timer file, a basic shell script with my rsync command, and a backup excludes file that tells rsync which files to ignore when doing backups.

/etc/systemd/system/systemd-backup.timer
First off, I created the timer file. This file will be the file that controls the service. I have it set for 12h but you may wish to set is much shorter, say 5m, while you get everything setup and tested.

[Unit]
Description=Systemd-backup Timer

[Timer]
OnUnitActiveSec=12h

[Install]
WantedBy=timers.target

/etc/systemd/system/systemd-backup.service
Next comes the systemd-backup.service file. It is pretty basic, only wanting to ensure that the network is up before it executes.

[Unit]
Description=Systemd-backup.service
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/backup

copy both of these files into /etc/systemd/system.

/usr/local/bin/backup
Next I created a backup script called backup that goes into /usr/local/bin. Here is the obfuscated code.

#!/bin/bash
	systemd-cat rsync -arvslm --ipv4 --delete --delete-excluded --exclude-from=$HOME/.config/backup/backup-excludes user@ip_address:/path/to/remote/backup/directory
exit 0

You will need to enter your host password where "password" is. Also be sure to include the username and ip address in the code that looks like user@ip_adress. /path/to/remote/backup/directory should be the path that you want your backups to go to.

One drawback to this method is the plain text password in this script. I intend to look at hashing that in some way in the future. I used to save a logfile to ~/.config/backups but have since taken it out as we will be logging through journald now.

~/.config/backup/backup-excludes
Finally, we need a exclude file. I save mine to ~/.config/backup/backup-excludes. It should look similar to this. Below, I will discuss the structure of this file.

- /home/bob
- /bin/**
- /dev/**
- /lib/**
- /lib64/**
- /lost+found
- /media/**
- /mnt/**
- /opt/**
- /proc/**
- /root
- /run/**
- /sbin/**
- /srv/**
- /sys/**
- /tmp/**
- /usr/**
- /etc/.pwd.lock
- /etc/group-
- /etc/gshadow
- /etc/gshadow-
- /etc/passwd-
- /etc/shadow
- /etc/shadow-
- /etc/subgid-
- /etc/subuid-
- /etc/sudoers
- /etc/polkit-1/localauthority
- /etc/default/cacerts
- /etc/exim4/passwd.client
- /etc/iscsi/**
- /etc/ssl
- /etc/mail/**
- /etc/security/**
- /etc/ssh/**
- /etc/sudoers.d/**
- /var/cache/apt/archives/partial/**
- /var/cache/apt/archives/lock
- /var/backups/**
- /var/cache/**
- /var/lib/**
- /var/local/**
- /var/log/**
- /var/mail/**
- /var/opt/**
- /var/run/**
- /var/spool/**
- /var/tmp/**
- /home/tknomanzr/.config/google-chrome/**
- /home/tknomanzr/.thumbnails/**
- /home/tknomanzr/Downloads/**
- /home/tknomanzr/deb-spawn/**
- /home/tknomanzr/remote
- /home/tknomanzr/Videos/**
- /home/tknomanzr/Music/**
- /home/tknomanzr/Pictures/**
- /home/tknomanzr/.ssh/**
- /home/tknomanzr/.cache/**
- /home/tknomanzr/.dbus/**
- /home/.Trash-0
- /home/lost+found
_*
+ /var/log/apt/history.log
+ /var/cache/apt/

First off, any entry that starts off with /home/tknomanzr should be changed to reflect your personal home directory. Unfortunately, my tests indicate that rsync wont parse $HOME or ~, so the home has to be hard-coded. Second, exclude any additional user home directories, providing you don't want to back them up also. The rest of the entries should be fairly self-explanatory.

I don't backup media directories such as Music and Videos because I already save everything remotely. Be sure if you mount sshfs shares to exclude their mount points as well. I sshfs to the same server that my backups go to so I can end up with some weird recursion if I forget that.

I have excluded a number of files and directories that throw out permissions errors when attempting to rsync them. They won't stop the backup but the extra spam in the logs is annoying.

Be sure to do your excludes  first and any includes below the _* An entry preceded by - is an exclude and + is an include.

When done, start journalctl -f in a separate terminal to monitor your service starts and start your backup services.

sudo systemctl start systemd-backup.service
sudo systemctl start systemd-backup.timer

You might continue to monitor the journal for awhile and ensure that everything is running as planned. Once satisfied with the results, you might consider changing your systemd-backup.timer file to some longer duration such as 12h or 24h.

IMPORTANT
ssh is not going to let you use a key stored in your home directory to run rsync. In order for this script to succeed, you will need to run /usr/local/bin/backup as root and setup a keyfile when prompted.

One final note, I may eventually come up with a script that assists setting all of this up. All files are published to My Github, along with a README that should explain the setup.

Changes
I was able to drop the dependency on sshpass and use ssh-agent to establish the rsync connection. For reference on how to properly setup ssh-agent to act as a keyring for ssh/rsync/sshfs, refer to this walkthrough by @xaos52. https://forums.bunsenlabs.org/viewtopic … 426#p18426

Last edited by tknomanzr (2016-02-16 05:27:40)

Offline

#3 2016-02-07 09:34:16

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Systemd Scripts and Tutorials.

Excellent guide, thanks for this!

tknomanzr wrote:

I believe at one time he had a tutorial on systemd-nspawn as well

No, I would just refer to the most excellent ArchWiki page:
https://wiki.archlinux.org/index.php/Systemd-nspawn

It really is as simple as:

systemd-npawn -bD /target

(the "b" flag is only needed if the system is to be booted, without it a shell is opened in $target)

It's easier to use than `chroot` big_smile

EDIT:
[off-topic]
Pro tip: using `systemd-nspawn` instead of `arch-chroot` when installing Arch allows the use of `localectl`, `timedatectl`, etc to set things up smile
[/off-topic]

Last edited by Head_on_a_Stick (2016-02-07 17:50:49)


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#4 2016-02-07 17:08:43

Horizon_Brave
Operating System: Linux-Nettrix
Registered: 2015-10-18
Posts: 1,473

Re: Systemd Scripts and Tutorials.

A nice visualization for those who like to see a graphical "stack" of how systemd is split up:

Systemd_components_svg.jpg

The utilities at the top being our userspace applications that we interface with to control the lower layers..


"I have not failed, I have found 10,000 ways that will not work" -Edison

Offline

#5 2016-02-15 02:19:45

tknomanzr
BL Die Hard
From: Around the Bend
Registered: 2015-09-29
Posts: 1,029

Re: Systemd Scripts and Tutorials.

I finally was able to get sshfs shares to automount in systemd today. I will admit, the setup was fairly convoluted. This particular setup probably needs a helper script to make it easier to setup.
First, I will post the three files I created, then attempt to do a walk-through on how to get everything running
You can get all of these files from https://github.com/tknomanzr/scripts/tr … ount_media

/etc/systemd/system/home-tknomanzr-remote.mount
[Unit]
After=remote-fs-pre.target
Wants=remote-fs-pre.target
Conflicts=umount.target
Before=umount.target

[Mount]
What=HOST_or_IP:/path/to/share
Where=/home/tknomanzr/remote
Type=fuse.sshfs
Options=users,noatime,async,defaults,idmap=user,IdentityFile=/home/user/.ssh/id_rsa,uid=1000,gid=100,umask=2,allow_other,follow_symlinks,reconnect,default_permissions
DirectoryMode=0775

[Install]
WantedBy=remote-fs.target
/etc/systemd/system/home-tknomanzr-remote.automount
[Automount]
Where=/home/tknomanzr/remote
DirectoryMode=0775

[Install]
WantedBy=multi-user.target
/etc/systemd/system/killsshfs.service
[Unit]
After=network.target

[Service]
RemainAfterExit=yes
ExecStart=-/bin/true
ExecStop=-/usr/bin/pkill sshfs

[Install]
WantedBy=multiuser.target

REQUIRED:
systemd
sshfs
ssh
fuse

Useage:

Create the following files or get them from my github account, then copy them to /etc/systemd/system:

sudo cp home-tknomanzr-remote.automount /etc/systemd/system
sudo cp home-tknomanzr-remote.mount /etc/systemd/system
sudo cp killsshfs.service /etc/systemd/system

Edit this line in home-tknomanzr-remote.mount
What=HOST_or_IP:/path/to/share
to the hostname or IP of your ssh share.
The part after the colon should be some valid path on the ssh server.
Also, be sure it is not a symlink or you will get an error about it not being a directory when you attempt to start the service.
Additionally, edit home-tknomanzr-remote.automount
Where=path/to/mountpoint

Next, be sure this IdentityFile=/home/user/.ssh/id_rsa points to the ssh key that you want to connect with.

Be aware that automounting will not work if the ssh key has a password set on it. If necessary, generate a new key with ssh-keygen and be sure not to enter a password when prompted. Use ssh-copy-id to move it over to your ssh server, like so:

ssh-copy-id -i ~/.ssh/id_rsa username@ip

where id_rsa is the key you want to connect with.

Now rename the home-tknomanzr-remote.automount and home-tknomanzr-remote.mount files to reflect the path you specified in the Where= directive in /etc/systemd/system/home-tknomanzr-remote.mount
So for instance if you wanted to mount the sshfs share into /home/bob/Public
Where=/home/bob/Public
then:

sudo mv /etc/systemd/system/home-tknomanzr-remote.mount /etc/systemd/system/home-bob-Public.mount

similarly, rename the automount file:

sudo mv /etc/systemd/system/home-tknomanzr-remote.automount /etc/systemd/system/home-bob-Public.automount

Finally enable and start the services, you should use the files you specified
with the mv commands above:

sudo systemctl enable your_mount.automount
sudo systemctl enable your_mount.mount
sudo systemctl enable killsshfs.service
sudo systemctl start killsshfs.service

Then, see if the mount point will start:

sudo systemctl start your_mount.mount

I am not sure how to get the value in SSH_AUTH_SOCK from within the .mount unit file, so am stuck using an ssh key without a password on it. I realize this is a very rough draft and a helper script would probably go a long way toward setting things up without the numerous obstacles I had to figure out. The killsshfs.service file is entirely optional but sshfs tends to hang on shutdown or restart without it.

Last edited by tknomanzr (2016-02-15 02:31:51)

Offline

#6 2016-02-15 07:42:26

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: Systemd Scripts and Tutorials.

tknomanzr wrote:

I am not sure how to get the value in SSH_AUTH_SOCK from within the .mount unit file,

The problem is that SSH_AUTH_SOCK is only known after ssh-agent is started, which is part of starting the user session, and that  happens after the system services are started.

I think you should look into moving the automount to the systemd user services and have it start after ssh-agent has been started.

Offline

#7 2016-02-15 08:46:25

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Systemd Scripts and Tutorials.

xaos52 wrote:

moving the automount to the systemd user services

+1

Then you can call:

systemctl --user import-environment SSH_AUTH_SOCK

To set the environmental variable for that user's unit files wink

See systemctl(1)


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#8 2016-02-16 01:49:44

tknomanzr
BL Die Hard
From: Around the Bend
Registered: 2015-09-29
Posts: 1,029

Re: Systemd Scripts and Tutorials.

I will look into this and post back if I can figure it out. I went that direction at one point and ended up going back to systemctl --system. What I built is pretty much what is posted on the Arch forums, fiddled with til I could get it to work.

So, a couple of quick questions:

1.  Will I be able to build a .mount file from systemctl --user? Or would it need to be my sshfs wrapper script written up as a .service file?
2. At some point I lost sound for over an hour yesterday as I built this. Will I need to configure PulseAudio somehow if I bring user level stuff into systemd?

It may end up, before I re-write this, that I get a container running so I am not running the risk of blowing up my development machine while I tinker with this stuff. I am thinking the basic Debian install, get wifi running in the container, then task-sel the additional base packages, then see if I can get the BL netinstall script to get BL up and running inside a container.

Addendum: I forgot I will also have to get x running inside the container as well. I think I need to work on this soon as I can see the benefit of having a test bed running while I tinker around. Once tested, then I can move it to bare metal and see how it works.

Last edited by tknomanzr (2016-02-16 01:54:03)

Offline

#9 2016-02-16 05:29:04

tknomanzr
BL Die Hard
From: Around the Bend
Registered: 2015-09-29
Posts: 1,029

Re: Systemd Scripts and Tutorials.

Added a small change to the systemd-backup setup. I was able to drop the dependency for sshpass with a properly configured ssh-agent for the host I rsync too. The Original post on the topic should now reflect that change, along with a link to @xoas52's walkthrough on setting up ssh-agent. Changes are pushed to my github.

Last edited by tknomanzr (2016-02-16 05:30:42)

Offline

#10 2016-02-16 08:43:09

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Systemd Scripts and Tutorials.

tknomanzr wrote:

1.  Will I be able to build a .mount file from systemctl --user? Or would it need to be my sshfs wrapper script written up as a .service file?

I don't know, sorry.

Are you sure systemd doesn't try to mount this stuff itself using remote-fs.target?

I will have a look through the man pages tonight, I've never used sshfs so I'm a bit ignorant of that TBH.


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#11 2016-02-16 19:52:31

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Systemd Scripts and Tutorials.

Just to clarify my earlier post: systemd unit files do not import any environmental variables, they must all be set explicitly.

This can be done with systemctl(1) or it can be specified in the unit file under the [Service] section, like this:

Environment="$VARIABLE=$VALUE"

To view the current systemd environment block, use:

systemctl show-environment

See the "Environment Commands" section of the systemctl man page for more on this.

Unfortunately, I don't know enough about sshfs shares to make any salient comments about that sad


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

Board footer

Powered by FluxBB