1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-25 23:21:33 +03:00
Commit Graph

98 Commits

Author SHA1 Message Date
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Anita Zhang
cf3e57884e man: document systemd-oomd and related items 2020-10-09 02:40:19 -07:00
Lennart Poettering
037857507a man: fix xml tags 2020-08-20 13:19:01 +02:00
Benjamin Berg
29bb3d7fc4 man: Improve MemoryMin=/MemoryLow= description
The description didn't really explain how the distribution mechanism
works exactly and the relationship of leaf and slice units.

Update the documentation and also explicitly explain the expected
behaviour as it is created by the memory_recursiveprot cgroup2 mount
option.
2020-08-19 11:17:02 +02:00
Lennart Poettering
6b000af4f2 tree-wide: avoid some loaded terms
https://tools.ietf.org/html/draft-knodel-terminology-02
https://lwn.net/Articles/823224/

This gets rid of most but not occasions of these loaded terms:

1. scsi_id and friends are something that is supposed to be removed from
   our tree (see #7594)

2. The test suite defines an API used by the ubuntu CI. We can remove
   this too later, but this needs to be done in sync with the ubuntu CI.

3. In some cases the terms are part of APIs we call or where we expose
   concepts the kernel names the way it names them. (In particular all
   remaining uses of the word "slave" in our codebase are like this,
   it's used by the POSIX PTY layer, by the network subsystem, the mount
   API and the block device subsystem). Getting rid of the term in these
   contexts would mean doing some major fixes of the kernel ABI first.

Regarding the replacements: when whitelist/blacklist is used as noun we
replace with with allow list/deny list, and when used as verb with
allow-list/deny-list.
2020-06-25 09:00:19 +02:00
Lennart Poettering
92d64d1444 man: s/PROGRAMM/PROGRAM/ 2020-06-23 17:13:26 +02:00
Zbigniew Jędrzejewski-Szmek
e1a0423266 man: reword description of IPAddressDeny/Allow a bit 2020-05-26 11:13:06 +02:00
Anita Zhang
5403e15337 man: update list of supported controllers 2020-03-05 13:53:29 +09:00
Lennart Poettering
f27a21d48b man: document the limits of the block device discovery for IO cgroup options
Fixes: #14271
2020-01-17 10:08:13 +01:00
Zbigniew Jędrzejewski-Szmek
246be82bd4 man: link to specific sections of cgroups-v2 document
The document is rather huge, and a specific link is easier to consume. The form
is a bit strange because troff puts the symlink at the bottom, keyed by title,
so we need to use the same link target in all places.
2020-01-09 16:47:34 +01:00
Zbigniew Jędrzejewski-Szmek
bb6d563a50 doc: link to html versions of cgroup docs
Also stop linking to some (obsolete) v1 documentation.
2020-01-09 16:47:34 +01:00
Lennart Poettering
3a827125e7 man: stop recommending modprobe -abq in ExecStartPre= 2020-01-07 19:00:56 +01:00
Zbigniew Jędrzejewski-Szmek
f8b68539d0 man: fix a few bogus entries in directives index
When wrong element types are used, directives are sometimes placed in the wrong
section. Also, strip part of text starting with "'", which is used in a few
places and which is displayed improperly in the index.
2019-11-21 22:06:30 +01:00
Chris Down
ba79e19cb2 cgroup: docs: memory.high doc fixups
The docs just tautologically call this the "high limit". Just call it
throttling as we do in cgroup-v2.rst.
2019-09-30 14:30:14 +01:00
Chris Down
b62087d4d0 cgroup: docs: Mention unbounded protection for memory.{low,min}
I got asked why Memory{Low,Min} don't allow "infinity". They do, but the
docs don't say that like they already do for Memory{High,Max}.
2019-09-30 14:23:32 +01:00
Pavel Hrdina
047f5d63d7 cgroup: introduce support for cgroup v2 CPUSET controller
Introduce support for configuring cpus and mems for processes using
cgroup v2 CPUSET controller.  This allows users to limit which cpus
and memory NUMA nodes can be used by processes to better utilize
system resources.

The cgroup v2 interfaces to control it are cpuset.cpus and cpuset.mems
where the requested configuration is written.  However, it doesn't mean
that the requested configuration will be actually used as parent cgroup
may limit the cpus or mems as well.  In order to reflect the real
configuration cgroup v2 provides read-only files cpuset.cpus.effective
and cpuset.mems.effective which are exported to users as well.
2019-09-24 15:16:07 +02:00
Lennart Poettering
3ff668cb9a man: reword DeviceAllow= documentation
Don't claim we'd use cgroup.deny much. It's just a way to remove stuff
from device lists, which is nothing we allow users to explicitly
configure.

Also, extend documentation when wildcards may be used, and when not.
2019-07-31 16:06:15 +02:00
Lennart Poettering
00d85bbb60 man: document the modprobe hack for DeviceAllow= 2019-07-23 13:30:56 +02:00
Kai Lüke
fab347489f bpf-firewall: custom BPF programs through IP(Ingress|Egress)FilterPath=
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.

Closes https://github.com/systemd/systemd/issues/10227
2019-06-25 09:56:16 +02:00
Chris Down
acdb4b5236 cgroup: Polish hierarchically aware protection docs a bit
I missed adding a section in `systemd.resource-control` about
DefaultMemoryMin in #12332.

Also, add a NEWS entry going over the general concept.
2019-05-08 12:06:32 +01:00
Chris Down
c52db42b78 cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow
In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).

This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow
value.

Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).

Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.

After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.
2019-04-12 17:23:58 +02:00
Lennart Poettering
ef81ce6e80 man: clarify which addresses are affected by IPAddressAllow=/IPAddressDeny=
For ingress traffic it's the source address of IP packets we check, for
egress traffic it's the destination address. Mention that.
2019-03-29 16:17:55 +01:00
Zbigniew Jędrzejewski-Szmek
3a54a15760 man: use same header for all files
The "include" files had type "book" for some raeason. I don't think this
is meaningful. Let's just use the same everywhere.

$ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n  "http^gms' man/*.xml
2019-03-14 14:42:05 +01:00
Zbigniew Jędrzejewski-Szmek
0307f79171 man: standarize on one-line license header
No need to waste space, and uniformity is good.

$ perl -i -0pe 's|\n+<!--\s*SPDX-License-Identifier: LGPL-2.1..\s*-->|\n<!-- SPDX-License-Identifier: LGPL-2.1+ -->|gms' man/*.xml
2019-03-14 14:29:37 +01:00
Filipe Brandenburger
10f2864111 core: add CPUQuotaPeriodSec=
This new setting allows configuration of CFS period on the CPU cgroup, instead
of using a hardcoded default of 100ms.

Tested:
- Legacy cgroup + Unified cgroup
- systemctl set-property
- systemctl show
- Confirmed that the cgroup settings (such as cpu.cfs_period_ns) were set
  appropriately, including updating the CPU quota (cpu.cfs_quota_ns) when
  CPUQuotaPeriodSec= is updated.
- Checked that clamping works properly when either period or (quota * period)
  are below the resolution of 1ms, or if period is above the max of 1s.
2019-02-14 11:04:42 -08:00
Yu Watanabe
d1698b82e6 man: add referecne to systemd-system.conf 2019-02-01 12:31:51 +01:00
Chris Down
c72703e26d cgroup: Add DisableControllers= directive to disable controller in subtree
Some controllers (like the CPU controller) have a performance cost that
is non-trivial on certain workloads. While this can be mitigated and
improved to an extent, there will for some controllers always be some
overheads associated with the benefits gained from the controller.
Inside Facebook, the fix applied has been to disable the CPU controller
forcibly with `cgroup_disable=cpu` on the kernel command line.

This presents a problem: to disable or reenable the controller, a reboot
is required, but this is quite cumbersome and slow to do for many
thousands of machines, especially machines where disabling/enabling a
stateful service on a machine is a matter of several minutes.

Currently systemd provides some configuration knobs for these in the
form of `[Default]CPUAccounting`, `[Default]MemoryAccounting`, and the
like. The limitation of these is that Default*Accounting is overrideable
by individual services, of which any one could decide to reenable a
controller within the hierarchy at any point just by using a controller
feature implicitly (eg. `CPUWeight`), even if the use of that CPU
feature could just be opportunistic. Since many services are provided by
the distribution, or by upstream teams at a particular organisation,
it's not a sustainable solution to simply try to find and remove
offending directives from these units.

This commit presents a more direct solution -- a DisableControllers=
directive that forcibly disallows a controller from being enabled within
a subtree.
2018-12-03 15:40:31 +00:00
Lennart Poettering
077c40bc52 man: link Delegate= documentation up with the markdown docs 2018-11-26 18:43:23 +01:00
Lennart Poettering
964c4eda5b man: also use "yes"/"no" rather than "true"/"false" in man pages
We usually use yes/no in all our unit files, do the same in the man
pages.

Triggered by:

https://github.com/systemd/systemd/pull/9824#issuecomment-420729987
2018-10-13 12:59:29 +02:00
Tejun Heo
6ae4283cb1 core: add IODeviceLatencyTargetSec
This adds support for the following proposed latency based IO control
mechanism.

  https://lkml.org/lkml/2018/6/5/428
2018-08-22 16:46:18 +02:00
Ryutaroh Matsumoto
be60dd3ec8 Various accountings are not implied by their controllers
The original manpage says "Implies BBBAccounting" many times but actually that accounting is not implied by the respective resource control in v239 with the unified cgroup hierarchy. This commit removes those false explanations.
2018-07-20 16:44:40 +02:00
Chen Qi
49bdfaba92 man/systemd.resource-control.xml: point user to correct url
cpu.cfs_quota_us is actually explained in sched-bwc.txt instead of
sched-design-CFS.txt.
2018-07-18 13:17:24 +02:00
Tejun Heo
4842263577 core: add MemoryMin
The kernel added support for a new cgroup memory controller knob memory.min in
bf8d5d52ffe8 ("memcg: introduce memory.min") which was merged during v4.18
merge window.

Add MemoryMin to support memory.min.
2018-07-12 08:21:43 +02:00
Zbigniew Jędrzejewski-Szmek
514094f933 man: drop mode line in file headers
This is already included in .dir-locals, so we don't need it
in the files themselves.
2018-07-03 01:32:25 +02:00
Lennart Poettering
30ce657e5d
Merge pull request #9301 from keszybz/man-drop-authorgroup
man: drop unused <authorgroup> tags from man sources
2018-06-14 15:29:24 +02:00
Zbigniew Jędrzejewski-Szmek
0cd41d4dff Drop my copyright headers
perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
2018-06-14 13:03:20 +02:00
Zbigniew Jędrzejewski-Szmek
fdbbee37d5 man: drop unused <authorgroup> tags from man sources
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.

Tested with F26-F29, debian unstable.

$ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
2018-06-14 12:22:18 +02:00
Lennart Poettering
96b2fb93c5 tree-wide: beautify remaining copyright statements
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
2018-06-14 10:20:21 +02:00
Lennart Poettering
818bf54632 tree-wide: drop 'This file is part of systemd' blurb
This part of the copyright blurb stems from the GPL use recommendations:

https://www.gnu.org/licenses/gpl-howto.en.html

The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.

hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
2018-06-14 10:20:20 +02:00
Zbigniew Jędrzejewski-Szmek
11a1589223 tree-wide: drop license boilerplate
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.

I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
2018-04-06 18:58:55 +02:00
Zbigniew Jędrzejewski-Szmek
2f75b05c24 man: IPAccounting for slices in now allowed
Also split that description into paragraphs by subject.
2018-02-22 14:53:55 +01:00
Lennart Poettering
99f3baa983 man: clarify that the controllers listed on Delegate= might not be the only ones 2017-11-21 11:54:08 +01:00
Zbigniew Jędrzejewski-Szmek
572eb058cf Add SPDX license identifiers to man pages 2017-11-19 19:08:15 +01:00
Zbigniew Jędrzejewski-Szmek
c12ad58c41 man: remove note about CPU controller being unmerged
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0d5936344f30aba0f6ddb92b030cb6a05168efe6

In principle we shouldn't merge this until after 4.15 is released, but the
chances of a revert upstream are low, and in that unlikely scenario we can just
revert this patch, it's a trivial documentation update after all.
2017-11-19 14:15:42 +01:00
Yu Watanabe
1bdfc7b951 core/cgroup: assigning empty string to Delegate= resets list of controllers (#7336)
Before this, assigning empty string to Delegate= makes no change to the
controller list. This is inconsistent to the other options that take list
of strings. After this, when empty string is assigned to Delegate=, the
list of controllers is reset. Such behavior is consistent to other options
and useful for drop-in configs.

Closes #7334.
2017-11-17 10:04:25 +01:00
Lennart Poettering
a9f01ad1bf man: document the new Delegate= syntax 2017-11-13 10:49:15 +01:00
Jakub Wilk
dcfaecc70a man: fix typos (#7029) 2017-10-10 21:59:03 +02:00
Daniel Mack
8d8631d4c9 man: document the new ip accounting and filting directives 2017-09-22 15:24:55 +02:00
Zbigniew Jędrzejewski-Szmek
1245e4132b man: use "filename" not "file name" by default
We settled on "filename" and "file system", so change a couple of places for
consistency. The exception is when there's an adjective before "file" that
binds more strongly then "name": "password file name", "output file name", etc.
Those cases are left intact.
2017-09-15 17:18:29 +02:00
John Lin
45f09f939b man: explicitly distinguish "implicit dependencies" and "default dependencies"
Fixes: #6793
2017-09-13 11:39:09 +08:00