mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-11 05:17:44 +03:00
1485 lines
73 KiB
XML
1485 lines
73 KiB
XML
<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
|
||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||
<!ENTITY % entities SYSTEM "custom-entities.ent" >
|
||
%entities;
|
||
]>
|
||
|
||
<!--
|
||
This file is part of systemd.
|
||
|
||
Copyright 2010 Lennart Poettering
|
||
|
||
systemd is free software; you can redistribute it and/or modify it
|
||
under the terms of the GNU Lesser General Public License as published by
|
||
the Free Software Foundation; either version 2.1 of the License, or
|
||
(at your option) any later version.
|
||
|
||
systemd is distributed in the hope that it will be useful, but
|
||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
Lesser General Public License for more details.
|
||
|
||
You should have received a copy of the GNU Lesser General Public License
|
||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||
-->
|
||
|
||
<refentry id="systemd.unit">
|
||
|
||
<refentryinfo>
|
||
<title>systemd.unit</title>
|
||
<productname>systemd</productname>
|
||
|
||
<authorgroup>
|
||
<author>
|
||
<contrib>Developer</contrib>
|
||
<firstname>Lennart</firstname>
|
||
<surname>Poettering</surname>
|
||
<email>lennart@poettering.net</email>
|
||
</author>
|
||
</authorgroup>
|
||
</refentryinfo>
|
||
|
||
<refmeta>
|
||
<refentrytitle>systemd.unit</refentrytitle>
|
||
<manvolnum>5</manvolnum>
|
||
</refmeta>
|
||
|
||
<refnamediv>
|
||
<refname>systemd.unit</refname>
|
||
<refpurpose>Unit configuration</refpurpose>
|
||
</refnamediv>
|
||
|
||
<refsynopsisdiv>
|
||
<para><filename><replaceable>service</replaceable>.service</filename>,
|
||
<filename><replaceable>socket</replaceable>.socket</filename>,
|
||
<filename><replaceable>device</replaceable>.device</filename>,
|
||
<filename><replaceable>mount</replaceable>.mount</filename>,
|
||
<filename><replaceable>automount</replaceable>.automount</filename>,
|
||
<filename><replaceable>swap</replaceable>.swap</filename>,
|
||
<filename><replaceable>target</replaceable>.target</filename>,
|
||
<filename><replaceable>path</replaceable>.path</filename>,
|
||
<filename><replaceable>timer</replaceable>.timer</filename>,
|
||
<filename><replaceable>slice</replaceable>.slice</filename>,
|
||
<filename><replaceable>scope</replaceable>.scope</filename></para>
|
||
|
||
<para><literallayout><filename>/etc/systemd/system/*</filename>
|
||
<filename>/run/systemd/system/*</filename>
|
||
<filename>/usr/lib/systemd/system/*</filename>
|
||
<filename>…</filename>
|
||
</literallayout></para>
|
||
|
||
<para><literallayout><filename>~/.config/systemd/user/*</filename>
|
||
<filename>/etc/systemd/user/*</filename>
|
||
<filename>$XDG_RUNTIME_DIR/systemd/user/*</filename>
|
||
<filename>/run/systemd/user/*</filename>
|
||
<filename>~/.local/share/systemd/user/*</filename>
|
||
<filename>/usr/lib/systemd/user/*</filename>
|
||
<filename>…</filename>
|
||
</literallayout></para>
|
||
</refsynopsisdiv>
|
||
|
||
<refsect1>
|
||
<title>Description</title>
|
||
|
||
<para>A unit configuration file encodes information about a
|
||
service, a socket, a device, a mount point, an automount point, a
|
||
swap file or partition, a start-up target, a watched file system
|
||
path, a timer controlled and supervised by
|
||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
a resource management slice or
|
||
a group of externally created processes. The syntax is inspired by
|
||
<ulink
|
||
url="http://standards.freedesktop.org/desktop-entry-spec/latest/">XDG
|
||
Desktop Entry Specification</ulink> <filename>.desktop</filename>
|
||
files, which are in turn inspired by Microsoft Windows
|
||
<filename>.ini</filename> files.</para>
|
||
|
||
<para>This man page lists the common configuration options of all
|
||
the unit types. These options need to be configured in the [Unit]
|
||
or [Install] sections of the unit files.</para>
|
||
|
||
<para>In addition to the generic [Unit] and [Install] sections
|
||
described here, each unit may have a type-specific section, e.g.
|
||
[Service] for a service unit. See the respective man pages for
|
||
more information:
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||
</para>
|
||
|
||
<para>Various settings are allowed to be specified more than once,
|
||
in which case the interpretation depends on the setting. Often,
|
||
multiple settings form a list, and setting to an empty value
|
||
"resets", which means that previous assignments are ignored. When
|
||
this is allowed, it is mentioned in the description of the
|
||
setting. Note that using multiple assignments to the same value
|
||
makes the unit file incompatible with parsers for the XDG
|
||
<filename>.desktop</filename> file format.</para>
|
||
|
||
<para>Unit files are loaded from a set of paths determined during
|
||
compilation, described in the next section.</para>
|
||
|
||
<para>Unit files may contain additional options on top of those
|
||
listed here. If systemd encounters an unknown option, it will
|
||
write a warning log message but continue loading the unit. If an
|
||
option or section name is prefixed with <option>X-</option>, it is
|
||
ignored completely by systemd. Options within an ignored section
|
||
do not need the prefix. Applications may use this to include
|
||
additional information in the unit files.</para>
|
||
|
||
<para>Boolean arguments used in unit files can be written in
|
||
various formats. For positive settings the strings
|
||
<option>1</option>, <option>yes</option>, <option>true</option>
|
||
and <option>on</option> are equivalent. For negative settings, the
|
||
strings <option>0</option>, <option>no</option>,
|
||
<option>false</option> and <option>off</option> are
|
||
equivalent.</para>
|
||
|
||
<para>Time span values encoded in unit files can be written in
|
||
various formats. A stand-alone number specifies a time in seconds.
|
||
If suffixed with a time unit, the unit is honored. A concatenation
|
||
of multiple values with units is supported, in which case the
|
||
values are added up. Example: "50" refers to 50 seconds; "2min
|
||
200ms" refers to 2 minutes plus 200 milliseconds, i.e. 120200ms.
|
||
The following time units are understood: s, min, h, d, w, ms, us.
|
||
For details see
|
||
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
||
|
||
<para>Empty lines and lines starting with # or ; are
|
||
ignored. This may be used for commenting. Lines ending
|
||
in a backslash are concatenated with the following
|
||
line while reading and the backslash is replaced by a
|
||
space character. This may be used to wrap long lines.</para>
|
||
|
||
<para>Along with a unit file <filename>foo.service</filename>, the
|
||
directory <filename>foo.service.wants/</filename> may exist. All
|
||
unit files symlinked from such a directory are implicitly added as
|
||
dependencies of type <varname>Wants=</varname> to the unit. This
|
||
is useful to hook units into the start-up of other units, without
|
||
having to modify their unit files. For details about the semantics
|
||
of <varname>Wants=</varname>, see below. The preferred way to
|
||
create symlinks in the <filename>.wants/</filename> directory of a
|
||
unit file is with the <command>enable</command> command of the
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
tool which reads information from the [Install] section of unit
|
||
files (see below). A similar functionality exists for
|
||
<varname>Requires=</varname> type dependencies as well, the
|
||
directory suffix is <filename>.requires/</filename> in this
|
||
case.</para>
|
||
|
||
<para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory
|
||
<filename>foo.service.d/</filename> may exist. All files with the suffix <literal>.conf</literal> from this
|
||
directory will be parsed after the file itself is parsed. This is useful to alter or add configuration settings for
|
||
a unit, without having to modify unit files. Each drop-in file must have appropriate section headers. Note that for
|
||
instantiated units, this logic will first look for the instance <literal>.d/</literal> subdirectory and read its
|
||
<literal>.conf</literal> files, followed by the template <literal>.d/</literal> subdirectory and the
|
||
<literal>.conf</literal> files there. Also note that settings from the <literal>[Install]</literal> section are not
|
||
honoured in drop-in unit files, and have no effect.</para>
|
||
|
||
<para>In addition to <filename>/etc/systemd/system</filename>,
|
||
the drop-in <literal>.conf</literal> files for system services
|
||
can be placed in <filename>/usr/lib/systemd/system</filename> or
|
||
<filename>/run/systemd/system</filename> directories. Drop-in
|
||
files in <filename>/etc</filename> take precedence over those in
|
||
<filename>/run</filename> which in turn take precedence over
|
||
those in <filename>/usr/lib</filename>. Drop-in files under any of
|
||
these directories take precedence over unit files wherever located.
|
||
(Of course, since <filename>/run</filename> is temporary and
|
||
<filename>/usr/lib</filename> is for vendors, it is unlikely
|
||
drop-ins should be used in either of those places.)</para>
|
||
<!-- Note that we do not document .include here, as we
|
||
consider it mostly obsolete, and want people to
|
||
use .d/ drop-ins instead. -->
|
||
|
||
<para>Some unit names reflect paths existing in the file system
|
||
namespace. Example: a device unit
|
||
<filename>dev-sda.device</filename> refers to a device with the
|
||
device node <filename noindex='true'>/dev/sda</filename> in the
|
||
file system namespace. If this applies, a special way to escape
|
||
the path name is used, so that the result is usable as part of a
|
||
filename. Basically, given a path, "/" is replaced by "-", and all
|
||
other characters which are not ASCII alphanumerics are replaced by
|
||
C-style "\x2d" escapes (except that "_" is never replaced and "."
|
||
is only replaced when it would be the first character in the
|
||
escaped path). The root directory "/" is encoded as single dash,
|
||
while otherwise the initial and ending "/" are removed from all
|
||
paths during transformation. This escaping is reversible. Properly
|
||
escaped paths can be generated using the
|
||
<citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
command.</para>
|
||
|
||
<para>Optionally, units may be instantiated from a
|
||
template file at runtime. This allows creation of
|
||
multiple units from a single configuration file. If
|
||
systemd looks for a unit configuration file, it will
|
||
first search for the literal unit name in the
|
||
file system. If that yields no success and the unit
|
||
name contains an <literal>@</literal> character, systemd will look for a
|
||
unit template that shares the same name but with the
|
||
instance string (i.e. the part between the <literal>@</literal> character
|
||
and the suffix) removed. Example: if a service
|
||
<filename>getty@tty3.service</filename> is requested
|
||
and no file by that name is found, systemd will look
|
||
for <filename>getty@.service</filename> and
|
||
instantiate a service from that configuration file if
|
||
it is found.</para>
|
||
|
||
<para>To refer to the instance string from within the
|
||
configuration file you may use the special <literal>%i</literal>
|
||
specifier in many of the configuration options. See below for
|
||
details.</para>
|
||
|
||
<para>If a unit file is empty (i.e. has the file size 0) or is
|
||
symlinked to <filename>/dev/null</filename>, its configuration
|
||
will not be loaded and it appears with a load state of
|
||
<literal>masked</literal>, and cannot be activated. Use this as an
|
||
effective way to fully disable a unit, making it impossible to
|
||
start it even manually.</para>
|
||
|
||
<para>The unit file format is covered by the
|
||
<ulink
|
||
url="http://www.freedesktop.org/wiki/Software/systemd/InterfaceStabilityPromise">Interface
|
||
Stability Promise</ulink>.</para>
|
||
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Automatic Dependencies</title>
|
||
|
||
<para>Note that while systemd offers a flexible dependency system
|
||
between units it is recommended to use this functionality only
|
||
sparingly and instead rely on techniques such as bus-based or
|
||
socket-based activation which make dependencies implicit,
|
||
resulting in a both simpler and more flexible system.</para>
|
||
|
||
<para>A number of unit dependencies are automatically established,
|
||
depending on unit configuration. On top of that, for units with
|
||
<varname>DefaultDependencies=yes</varname> (the default) a couple
|
||
of additional dependencies are added. The precise effect of
|
||
<varname>DefaultDependencies=yes</varname> depends on the unit
|
||
type (see below).</para>
|
||
|
||
<para>If <varname>DefaultDependencies=yes</varname> is set, units
|
||
that are referenced by other units of type
|
||
<filename>.target</filename> via a <varname>Wants=</varname> or
|
||
<varname>Requires=</varname> dependency might automatically gain
|
||
an <varname>Before=</varname> dependency too. See
|
||
<citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for details.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Unit File Load Path</title>
|
||
|
||
<para>Unit files are loaded from a set of paths determined during
|
||
compilation, described in the two tables below. Unit files found
|
||
in directories listed earlier override files with the same name in
|
||
directories lower in the list.</para>
|
||
|
||
<para>When the variable <varname>$SYSTEMD_UNIT_PATH</varname> is set,
|
||
the contents of this variable overrides the unit load path. If
|
||
<varname>$SYSTEMD_UNIT_PATH</varname> ends with an empty component
|
||
(<literal>:</literal>), the usual unit load path will be appended
|
||
to the contents of the variable.</para>
|
||
|
||
<table>
|
||
<title>
|
||
Load path when running in system mode (<option>--system</option>).
|
||
</title>
|
||
|
||
<tgroup cols='2'>
|
||
<colspec colname='path' />
|
||
<colspec colname='expl' />
|
||
<thead>
|
||
<row>
|
||
<entry>Path</entry>
|
||
<entry>Description</entry>
|
||
</row>
|
||
</thead>
|
||
<tbody>
|
||
<row>
|
||
<entry><filename>/etc/systemd/system</filename></entry>
|
||
<entry>Local configuration</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/system</filename></entry>
|
||
<entry>Runtime units</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/usr/lib/systemd/system</filename></entry>
|
||
<entry>Units of installed packages</entry>
|
||
</row>
|
||
</tbody>
|
||
</tgroup>
|
||
</table>
|
||
|
||
<table>
|
||
<title>
|
||
Load path when running in user mode (<option>--user</option>).
|
||
</title>
|
||
|
||
<tgroup cols='2'>
|
||
<colspec colname='path' />
|
||
<colspec colname='expl' />
|
||
<thead>
|
||
<row>
|
||
<entry>Path</entry>
|
||
<entry>Description</entry>
|
||
</row>
|
||
</thead>
|
||
<tbody>
|
||
<row>
|
||
<entry><filename>$XDG_CONFIG_HOME/systemd/user</filename></entry>
|
||
<entry>User configuration (only used when $XDG_CONFIG_HOME is set)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$HOME/.config/systemd/user</filename></entry>
|
||
<entry>User configuration (only used when $XDG_CONFIG_HOME is not set)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/etc/systemd/user</filename></entry>
|
||
<entry>Local configuration</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry>
|
||
<entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/run/systemd/user</filename></entry>
|
||
<entry>Runtime units</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$XDG_DATA_HOME/systemd/user</filename></entry>
|
||
<entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is set)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>$HOME/.local/share/systemd/user</filename></entry>
|
||
<entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is not set)</entry>
|
||
</row>
|
||
<row>
|
||
<entry><filename>/usr/lib/systemd/user</filename></entry>
|
||
<entry>Units of packages that have been installed system-wide</entry>
|
||
</row>
|
||
</tbody>
|
||
</tgroup>
|
||
</table>
|
||
|
||
<para>Additional units might be loaded into systemd ("linked")
|
||
from directories not on the unit load path. See the
|
||
<command>link</command> command for
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||
Also, some units are dynamically created via a
|
||
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
|
||
</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>[Unit] Section Options</title>
|
||
|
||
<para>The unit file may include a [Unit] section, which carries
|
||
generic information about the unit that is not dependent on the
|
||
type of unit:</para>
|
||
|
||
<variablelist class='unit-directives'>
|
||
|
||
<varlistentry>
|
||
<term><varname>Description=</varname></term>
|
||
<listitem><para>A free-form string describing the unit. This
|
||
is intended for use in UIs to show descriptive information
|
||
along with the unit name. The description should contain a
|
||
name that means something to the end user. <literal>Apache2
|
||
Web Server</literal> is a good example. Bad examples are
|
||
<literal>high-performance light-weight HTTP server</literal>
|
||
(too generic) or <literal>Apache2</literal> (too specific and
|
||
meaningless for people who do not know
|
||
Apache).</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Documentation=</varname></term>
|
||
<listitem><para>A space-separated list of URIs referencing
|
||
documentation for this unit or its configuration. Accepted are
|
||
only URIs of the types <literal>http://</literal>,
|
||
<literal>https://</literal>, <literal>file:</literal>,
|
||
<literal>info:</literal>, <literal>man:</literal>. For more
|
||
information about the syntax of these URIs, see <citerefentry
|
||
project='man-pages'><refentrytitle>uri</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
|
||
The URIs should be listed in order of relevance, starting with
|
||
the most relevant. It is a good idea to first reference
|
||
documentation that explains what the unit's purpose is,
|
||
followed by how it is configured, followed by any other
|
||
related documentation. This option may be specified more than
|
||
once, in which case the specified list of URIs is merged. If
|
||
the empty string is assigned to this option, the list is reset
|
||
and all prior assignments will have no
|
||
effect.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Requires=</varname></term>
|
||
|
||
<listitem><para>Configures requirement dependencies on other
|
||
units. If this unit gets activated, the units listed here will
|
||
be activated as well. If one of the other units gets
|
||
deactivated or its activation fails, this unit will be
|
||
deactivated. This option may be specified more than once or
|
||
multiple space-separated units may be specified in one option
|
||
in which case requirement dependencies for all listed names
|
||
will be created. Note that requirement dependencies do not
|
||
influence the order in which services are started or stopped.
|
||
This has to be configured independently with the
|
||
<varname>After=</varname> or <varname>Before=</varname>
|
||
options. If a unit <filename>foo.service</filename> requires a
|
||
unit <filename>bar.service</filename> as configured with
|
||
<varname>Requires=</varname> and no ordering is configured
|
||
with <varname>After=</varname> or <varname>Before=</varname>,
|
||
then both units will be started simultaneously and without any
|
||
delay between them if <filename>foo.service</filename> is
|
||
activated. Often, it is a better choice to use
|
||
<varname>Wants=</varname> instead of
|
||
<varname>Requires=</varname> in order to achieve a system that
|
||
is more robust when dealing with failing services.</para>
|
||
|
||
<para>Note that dependencies of this type may also be
|
||
configured outside of the unit configuration file by adding a
|
||
symlink to a <filename>.requires/</filename> directory
|
||
accompanying the unit file. For details, see
|
||
above.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Requisite=</varname></term>
|
||
|
||
<listitem><para>Similar to <varname>Requires=</varname>.
|
||
However, if the units listed here are not started already,
|
||
they will not be started and the transaction will fail
|
||
immediately. </para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Wants=</varname></term>
|
||
|
||
<listitem><para>A weaker version of
|
||
<varname>Requires=</varname>. Units listed in this option will
|
||
be started if the configuring unit is. However, if the listed
|
||
units fail to start or cannot be added to the transaction,
|
||
this has no impact on the validity of the transaction as a
|
||
whole. This is the recommended way to hook start-up of one
|
||
unit to the start-up of another unit.</para>
|
||
|
||
<para>Note that dependencies of this type may also be
|
||
configured outside of the unit configuration file by adding
|
||
symlinks to a <filename>.wants/</filename> directory
|
||
accompanying the unit file. For details, see
|
||
above.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>BindsTo=</varname></term>
|
||
|
||
<listitem><para>Configures requirement dependencies, very
|
||
similar in style to <varname>Requires=</varname>, however in
|
||
addition to this behavior, it also declares that this unit is
|
||
stopped when any of the units listed suddenly disappears.
|
||
Units can suddenly, unexpectedly disappear if a service
|
||
terminates on its own choice, a device is unplugged or a mount
|
||
point unmounted without involvement of
|
||
systemd.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>PartOf=</varname></term>
|
||
|
||
<listitem><para>Configures dependencies similar to
|
||
<varname>Requires=</varname>, but limited to stopping and
|
||
restarting of units. When systemd stops or restarts the units
|
||
listed here, the action is propagated to this unit. Note that
|
||
this is a one-way dependency — changes to this unit do not
|
||
affect the listed units. </para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Conflicts=</varname></term>
|
||
|
||
<listitem><para>A space-separated list of unit names.
|
||
Configures negative requirement dependencies. If a unit has a
|
||
<varname>Conflicts=</varname> setting on another unit,
|
||
starting the former will stop the latter and vice versa. Note
|
||
that this setting is independent of and orthogonal to the
|
||
<varname>After=</varname> and <varname>Before=</varname>
|
||
ordering dependencies.</para>
|
||
|
||
<para>If a unit A that conflicts with a unit B is scheduled to
|
||
be started at the same time as B, the transaction will either
|
||
fail (in case both are required part of the transaction) or be
|
||
modified to be fixed (in case one or both jobs are not a
|
||
required part of the transaction). In the latter case, the job
|
||
that is not the required will be removed, or in case both are
|
||
not required, the unit that conflicts will be started and the
|
||
unit that is conflicted is stopped.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Before=</varname></term>
|
||
<term><varname>After=</varname></term>
|
||
|
||
<listitem><para>A space-separated list of unit names.
|
||
Configures ordering dependencies between units. If a unit
|
||
<filename>foo.service</filename> contains a setting
|
||
<option>Before=bar.service</option> and both units are being
|
||
started, <filename>bar.service</filename>'s start-up is
|
||
delayed until <filename>foo.service</filename> is started up.
|
||
Note that this setting is independent of and orthogonal to the
|
||
requirement dependencies as configured by
|
||
<varname>Requires=</varname>. It is a common pattern to
|
||
include a unit name in both the <varname>After=</varname> and
|
||
<varname>Requires=</varname> option, in which case the unit
|
||
listed will be started before the unit that is configured with
|
||
these options. This option may be specified more than once, in
|
||
which case ordering dependencies for all listed names are
|
||
created. <varname>After=</varname> is the inverse of
|
||
<varname>Before=</varname>, i.e. while
|
||
<varname>After=</varname> ensures that the configured unit is
|
||
started after the listed unit finished starting up,
|
||
<varname>Before=</varname> ensures the opposite, i.e. that the
|
||
configured unit is fully started up before the listed unit is
|
||
started. Note that when two units with an ordering dependency
|
||
between them are shut down, the inverse of the start-up order
|
||
is applied. i.e. if a unit is configured with
|
||
<varname>After=</varname> on another unit, the former is
|
||
stopped before the latter if both are shut down. Given two units
|
||
with any ordering dependency between them, if one unit is shut
|
||
down and the other is started up, the shutdown is ordered
|
||
before the start-up. It doesn't matter if the ordering
|
||
dependency is <varname>After=</varname> or
|
||
<varname>Before=</varname>. It also doesn't matter which of the
|
||
two is shut down, as long as one is shut down and the other is
|
||
started up. The shutdown is ordered before the start-up in all
|
||
cases. If two units have no ordering dependencies between them,
|
||
they are shut down or started up simultaneously, and no ordering
|
||
takes place.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>OnFailure=</varname></term>
|
||
|
||
<listitem><para>A space-separated list of one or more units
|
||
that are activated when this unit enters the
|
||
<literal>failed</literal> state.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>PropagatesReloadTo=</varname></term>
|
||
<term><varname>ReloadPropagatedFrom=</varname></term>
|
||
|
||
<listitem><para>A space-separated list of one or more units
|
||
where reload requests on this unit will be propagated to, or
|
||
reload requests on the other unit will be propagated to this
|
||
unit, respectively. Issuing a reload request on a unit will
|
||
automatically also enqueue a reload request on all units that
|
||
the reload request shall be propagated to via these two
|
||
settings.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>JoinsNamespaceOf=</varname></term>
|
||
|
||
<listitem><para>For units that start processes (such as
|
||
service units), lists one or more other units whose network
|
||
and/or temporary file namespace to join. This only applies to
|
||
unit types which support the
|
||
<varname>PrivateNetwork=</varname> and
|
||
<varname>PrivateTmp=</varname> directives (see
|
||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for details). If a unit that has this setting set is started,
|
||
its processes will see the same <filename>/tmp</filename>,
|
||
<filename>/var/tmp</filename> and network namespace as one
|
||
listed unit that is started. If multiple listed units are
|
||
already started, it is not defined which namespace is joined.
|
||
Note that this setting only has an effect if
|
||
<varname>PrivateNetwork=</varname> and/or
|
||
<varname>PrivateTmp=</varname> is enabled for both the unit
|
||
that joins the namespace and the unit whose namespace is
|
||
joined.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>RequiresMountsFor=</varname></term>
|
||
|
||
<listitem><para>Takes a space-separated list of absolute
|
||
paths. Automatically adds dependencies of type
|
||
<varname>Requires=</varname> and <varname>After=</varname> for
|
||
all mount units required to access the specified path.</para>
|
||
|
||
<para>Mount points marked with <option>noauto</option> are not
|
||
mounted automatically and will be ignored for the purposes of
|
||
this option. If such a mount should be a requirement for this
|
||
unit, direct dependencies on the mount units may be added
|
||
(<varname>Requires=</varname> and <varname>After=</varname> or
|
||
some other combination). </para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>OnFailureJobMode=</varname></term>
|
||
|
||
<listitem><para>Takes a value of
|
||
<literal>fail</literal>,
|
||
<literal>replace</literal>,
|
||
<literal>replace-irreversibly</literal>,
|
||
<literal>isolate</literal>,
|
||
<literal>flush</literal>,
|
||
<literal>ignore-dependencies</literal> or
|
||
<literal>ignore-requirements</literal>. Defaults to
|
||
<literal>replace</literal>. Specifies how the units listed in
|
||
<varname>OnFailure=</varname> will be enqueued. See
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
||
<option>--job-mode=</option> option for details on the
|
||
possible values. If this is set to <literal>isolate</literal>,
|
||
only a single unit may be listed in
|
||
<varname>OnFailure=</varname>..</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>IgnoreOnIsolate=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If
|
||
<option>true</option>, this unit will not be stopped when
|
||
isolating another unit. Defaults to
|
||
<option>false</option>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>StopWhenUnneeded=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If
|
||
<option>true</option>, this unit will be stopped when it is no
|
||
longer used. Note that, in order to minimize the work to be
|
||
executed, systemd will not stop units by default unless they
|
||
are conflicting with other units, or the user explicitly
|
||
requested their shut down. If this option is set, a unit will
|
||
be automatically cleaned up if no other active unit requires
|
||
it. Defaults to <option>false</option>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>RefuseManualStart=</varname></term>
|
||
<term><varname>RefuseManualStop=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If
|
||
<option>true</option>, this unit can only be activated or
|
||
deactivated indirectly. In this case, explicit start-up or
|
||
termination requested by the user is denied, however if it is
|
||
started or stopped as a dependency of another unit, start-up
|
||
or termination will succeed. This is mostly a safety feature
|
||
to ensure that the user does not accidentally activate units
|
||
that are not intended to be activated explicitly, and not
|
||
accidentally deactivate units that are not intended to be
|
||
deactivated. These options default to
|
||
<option>false</option>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>AllowIsolate=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If
|
||
<option>true</option>, this unit may be used with the
|
||
<command>systemctl isolate</command> command. Otherwise, this
|
||
will be refused. It probably is a good idea to leave this
|
||
disabled except for target units that shall be used similar to
|
||
runlevels in SysV init systems, just as a precaution to avoid
|
||
unusable system states. This option defaults to
|
||
<option>false</option>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>DefaultDependencies=</varname></term>
|
||
|
||
<listitem><para>Takes a boolean argument. If
|
||
<option>true</option>, (the default), a few default
|
||
dependencies will implicitly be created for the unit. The
|
||
actual dependencies created depend on the unit type. For
|
||
example, for service units, these dependencies ensure that the
|
||
service is started only after basic system initialization is
|
||
completed and is properly terminated on system shutdown. See
|
||
the respective man pages for details. Generally, only services
|
||
involved with early boot or late shutdown should set this
|
||
option to <option>false</option>. It is highly recommended to
|
||
leave this option enabled for the majority of common units. If
|
||
set to <option>false</option>, this option does not disable
|
||
all implicit dependencies, just non-essential
|
||
ones.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>JobTimeoutSec=</varname></term>
|
||
<term><varname>JobTimeoutAction=</varname></term>
|
||
<term><varname>JobTimeoutRebootArgument=</varname></term>
|
||
|
||
<listitem><para>When a job for this unit is queued, a time-out may be configured. If this time limit is
|
||
reached, the job will be cancelled, the unit however will not change state or even enter the
|
||
<literal>failed</literal> mode. This value defaults to <literal>infinity</literal> (job timeouts disabled),
|
||
except for device units. NB: this timeout is independent from any unit-specific timeout (for example, the
|
||
timeout set with <varname>TimeoutStartSec=</varname> in service units) as the job timeout has no effect on the
|
||
unit itself, only on the job that might be pending for it. Or in other words: unit-specific timeouts are useful
|
||
to abort unit state changes, and revert them. The job timeout set with this option however is useful to abort
|
||
only the job waiting for the unit state to change.</para>
|
||
|
||
<para><varname>JobTimeoutAction=</varname>
|
||
optionally configures an additional
|
||
action to take when the time-out is
|
||
hit. It takes the same values as the
|
||
per-service
|
||
<varname>StartLimitAction=</varname>
|
||
setting, see
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for details. Defaults to
|
||
<option>none</option>. <varname>JobTimeoutRebootArgument=</varname>
|
||
configures an optional reboot string
|
||
to pass to the
|
||
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
|
||
system call.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>StartLimitIntervalSec=</varname></term>
|
||
<term><varname>StartLimitBurst=</varname></term>
|
||
|
||
<listitem><para>Configure unit start rate limiting. By default, units which are started more than 5 times
|
||
within 10 seconds are not permitted to start any more times until the 10 second interval ends. With these two
|
||
options, this rate limiting may be modified. Use <varname>StartLimitIntervalSec=</varname> to configure the
|
||
checking interval (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file,
|
||
set to 0 to disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many
|
||
starts per interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager
|
||
configuration file). These configuration options are particularly useful in conjunction with the service
|
||
setting <varname>Restart=</varname> (see
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); however,
|
||
they apply to all kinds of starts (including manual), not just those triggered by the
|
||
<varname>Restart=</varname> logic. Note that units which are configured for <varname>Restart=</varname> and
|
||
which reach the start limit are not attempted to be restarted anymore; however, they may still be restarted
|
||
manually at a later point, from which point on, the restart logic is again activated. Note that
|
||
<command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed,
|
||
which is useful if the administrator wants to manually start a unit and the start limit interferes with
|
||
that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit
|
||
activations with failing conditions are not counted by this rate limiting. Slice, target, device and scope
|
||
units do not enforce this setting, as they are unit types whose activation may either never fail, or may
|
||
succeed only a single time.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>StartLimitAction=</varname></term>
|
||
|
||
<listitem><para>Configure the action to take if the rate limit configured with
|
||
<varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes one of
|
||
<option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
|
||
<option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
|
||
<option>poweroff-immediate</option>. If <option>none</option> is set, hitting the rate limit will trigger no
|
||
action besides that the start will not be permitted. <option>reboot</option> causes a reboot following the
|
||
normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
|
||
<option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
|
||
cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
|
||
<option>reboot-immediate</option> causes immediate execution of the
|
||
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
|
||
might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
|
||
<option>poweroff-immediate</option> have the effect of powering down the system with similar
|
||
semantics. Defaults to <option>none</option>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>RebootArgument=</varname></term>
|
||
<listitem><para>Configure the optional argument for the
|
||
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if
|
||
<varname>StartLimitAction=</varname> or a service's <varname>FailureAction=</varname> is a reboot action. This
|
||
works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>ConditionArchitecture=</varname></term>
|
||
<term><varname>ConditionVirtualization=</varname></term>
|
||
<term><varname>ConditionHost=</varname></term>
|
||
<term><varname>ConditionKernelCommandLine=</varname></term>
|
||
<term><varname>ConditionSecurity=</varname></term>
|
||
<term><varname>ConditionCapability=</varname></term>
|
||
<term><varname>ConditionACPower=</varname></term>
|
||
<term><varname>ConditionNeedsUpdate=</varname></term>
|
||
<term><varname>ConditionFirstBoot=</varname></term>
|
||
<term><varname>ConditionPathExists=</varname></term>
|
||
<term><varname>ConditionPathExistsGlob=</varname></term>
|
||
<term><varname>ConditionPathIsDirectory=</varname></term>
|
||
<term><varname>ConditionPathIsSymbolicLink=</varname></term>
|
||
<term><varname>ConditionPathIsMountPoint=</varname></term>
|
||
<term><varname>ConditionPathIsReadWrite=</varname></term>
|
||
<term><varname>ConditionDirectoryNotEmpty=</varname></term>
|
||
<term><varname>ConditionFileNotEmpty=</varname></term>
|
||
<term><varname>ConditionFileIsExecutable=</varname></term>
|
||
|
||
<!-- We do not document ConditionNull=
|
||
here, as it is not particularly
|
||
useful and probably just
|
||
confusing. -->
|
||
|
||
<listitem><para>Before starting a unit, verify that the specified condition is true. If it is not true, the
|
||
starting of the unit will be (mostly silently) skipped, however all ordering dependencies of it are still
|
||
respected. A failing condition will not result in the unit being moved into a failure state. The condition is
|
||
checked at the time the queued start job is to be executed. Use condition expressions in order to silently skip
|
||
units that do not apply to the local running system, for example because the kernel or runtime environment
|
||
doesn't require its functionality. Use the various <varname>AssertArchitecture=</varname>,
|
||
<varname>AssertVirtualization=</varname>, … options for a similar mechanism that puts the unit in a failure
|
||
state and logs about the failed check (see below).</para>
|
||
|
||
<para><varname>ConditionArchitecture=</varname> may be used to
|
||
check whether the system is running on a specific
|
||
architecture. Takes one of
|
||
<varname>x86</varname>,
|
||
<varname>x86-64</varname>,
|
||
<varname>ppc</varname>,
|
||
<varname>ppc-le</varname>,
|
||
<varname>ppc64</varname>,
|
||
<varname>ppc64-le</varname>,
|
||
<varname>ia64</varname>,
|
||
<varname>parisc</varname>,
|
||
<varname>parisc64</varname>,
|
||
<varname>s390</varname>,
|
||
<varname>s390x</varname>,
|
||
<varname>sparc</varname>,
|
||
<varname>sparc64</varname>,
|
||
<varname>mips</varname>,
|
||
<varname>mips-le</varname>,
|
||
<varname>mips64</varname>,
|
||
<varname>mips64-le</varname>,
|
||
<varname>alpha</varname>,
|
||
<varname>arm</varname>,
|
||
<varname>arm-be</varname>,
|
||
<varname>arm64</varname>,
|
||
<varname>arm64-be</varname>,
|
||
<varname>sh</varname>,
|
||
<varname>sh64</varname>,
|
||
<varname>m86k</varname>,
|
||
<varname>tilegx</varname>,
|
||
<varname>cris</varname> to test
|
||
against a specific architecture. The architecture is
|
||
determined from the information returned by
|
||
<citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
|
||
and is thus subject to
|
||
<citerefentry><refentrytitle>personality</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
|
||
Note that a <varname>Personality=</varname> setting in the
|
||
same unit file has no effect on this condition. A special
|
||
architecture name <varname>native</varname> is mapped to the
|
||
architecture the system manager itself is compiled for. The
|
||
test may be negated by prepending an exclamation mark.</para>
|
||
|
||
<para><varname>ConditionVirtualization=</varname> may be used
|
||
to check whether the system is executed in a virtualized
|
||
environment and optionally test whether it is a specific
|
||
implementation. Takes either boolean value to check if being
|
||
executed in any virtualized environment, or one of
|
||
<varname>vm</varname> and
|
||
<varname>container</varname> to test against a generic type of
|
||
virtualization solution, or one of
|
||
<varname>qemu</varname>,
|
||
<varname>kvm</varname>,
|
||
<varname>zvm</varname>,
|
||
<varname>vmware</varname>,
|
||
<varname>microsoft</varname>,
|
||
<varname>oracle</varname>,
|
||
<varname>xen</varname>,
|
||
<varname>bochs</varname>,
|
||
<varname>uml</varname>,
|
||
<varname>openvz</varname>,
|
||
<varname>lxc</varname>,
|
||
<varname>lxc-libvirt</varname>,
|
||
<varname>systemd-nspawn</varname>,
|
||
<varname>docker</varname>,
|
||
<varname>rkt</varname> to test
|
||
against a specific implementation. See
|
||
<citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
for a full list of known virtualization technologies and their
|
||
identifiers. If multiple virtualization technologies are
|
||
nested, only the innermost is considered. The test may be
|
||
negated by prepending an exclamation mark.</para>
|
||
|
||
<para><varname>ConditionHost=</varname> may be used to match
|
||
against the hostname or machine ID of the host. This either
|
||
takes a hostname string (optionally with shell style globs)
|
||
which is tested against the locally set hostname as returned
|
||
by
|
||
<citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
|
||
or a machine ID formatted as string (see
|
||
<citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
||
The test may be negated by prepending an exclamation
|
||
mark.</para>
|
||
|
||
<para><varname>ConditionKernelCommandLine=</varname> may be
|
||
used to check whether a specific kernel command line option is
|
||
set (or if prefixed with the exclamation mark unset). The
|
||
argument must either be a single word, or an assignment (i.e.
|
||
two words, separated <literal>=</literal>). In the former case
|
||
the kernel command line is searched for the word appearing as
|
||
is, or as left hand side of an assignment. In the latter case,
|
||
the exact assignment is looked for with right and left hand
|
||
side matching.</para>
|
||
|
||
<para><varname>ConditionSecurity=</varname> may be used to
|
||
check whether the given security module is enabled on the
|
||
system. Currently, the recognized values are
|
||
<varname>selinux</varname>,
|
||
<varname>apparmor</varname>,
|
||
<varname>ima</varname>,
|
||
<varname>smack</varname> and
|
||
<varname>audit</varname>. The test may be negated by
|
||
prepending an exclamation mark.</para>
|
||
|
||
<para><varname>ConditionCapability=</varname> may be used to
|
||
check whether the given capability exists in the capability
|
||
bounding set of the service manager (i.e. this does not check
|
||
whether capability is actually available in the permitted or
|
||
effective sets, see
|
||
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||
for details). Pass a capability name such as
|
||
<literal>CAP_MKNOD</literal>, possibly prefixed with an
|
||
exclamation mark to negate the check.</para>
|
||
|
||
<para><varname>ConditionACPower=</varname> may be used to
|
||
check whether the system has AC power, or is exclusively
|
||
battery powered at the time of activation of the unit. This
|
||
takes a boolean argument. If set to <varname>true</varname>,
|
||
the condition will hold only if at least one AC connector of
|
||
the system is connected to a power source, or if no AC
|
||
connectors are known. Conversely, if set to
|
||
<varname>false</varname>, the condition will hold only if
|
||
there is at least one AC connector known and all AC connectors
|
||
are disconnected from a power source.</para>
|
||
|
||
<para><varname>ConditionNeedsUpdate=</varname> takes one of
|
||
<filename>/var</filename> or <filename>/etc</filename> as
|
||
argument, possibly prefixed with a <literal>!</literal> (for
|
||
inverting the condition). This condition may be used to
|
||
conditionalize units on whether the specified directory
|
||
requires an update because <filename>/usr</filename>'s
|
||
modification time is newer than the stamp file
|
||
<filename>.updated</filename> in the specified directory. This
|
||
is useful to implement offline updates of the vendor operating
|
||
system resources in <filename>/usr</filename> that require
|
||
updating of <filename>/etc</filename> or
|
||
<filename>/var</filename> on the next following boot. Units
|
||
making use of this condition should order themselves before
|
||
<citerefentry><refentrytitle>systemd-update-done.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||
to make sure they run before the stamp file's modification
|
||
time gets reset indicating a completed update.</para>
|
||
|
||
<para><varname>ConditionFirstBoot=</varname> takes a boolean
|
||
argument. This condition may be used to conditionalize units
|
||
on whether the system is booting up with an unpopulated
|
||
<filename>/etc</filename> directory. This may be used to
|
||
populate <filename>/etc</filename> on the first boot after
|
||
factory reset, or when a new system instances boots up for the
|
||
first time.</para>
|
||
|
||
<para>With <varname>ConditionPathExists=</varname> a file
|
||
existence condition is checked before a unit is started. If
|
||
the specified absolute path name does not exist, the condition
|
||
will fail. If the absolute path name passed to
|
||
<varname>ConditionPathExists=</varname> is prefixed with an
|
||
exclamation mark (<literal>!</literal>), the test is negated,
|
||
and the unit is only started if the path does not
|
||
exist.</para>
|
||
|
||
<para><varname>ConditionPathExistsGlob=</varname> is similar
|
||
to <varname>ConditionPathExists=</varname>, but checks for the
|
||
existence of at least one file or directory matching the
|
||
specified globbing pattern.</para>
|
||
|
||
<para><varname>ConditionPathIsDirectory=</varname> is similar
|
||
to <varname>ConditionPathExists=</varname> but verifies
|
||
whether a certain path exists and is a directory.</para>
|
||
|
||
<para><varname>ConditionPathIsSymbolicLink=</varname> is
|
||
similar to <varname>ConditionPathExists=</varname> but
|
||
verifies whether a certain path exists and is a symbolic
|
||
link.</para>
|
||
|
||
<para><varname>ConditionPathIsMountPoint=</varname> is similar
|
||
to <varname>ConditionPathExists=</varname> but verifies
|
||
whether a certain path exists and is a mount point.</para>
|
||
|
||
<para><varname>ConditionPathIsReadWrite=</varname> is similar
|
||
to <varname>ConditionPathExists=</varname> but verifies
|
||
whether the underlying file system is readable and writable
|
||
(i.e. not mounted read-only).</para>
|
||
|
||
<para><varname>ConditionDirectoryNotEmpty=</varname> is
|
||
similar to <varname>ConditionPathExists=</varname> but
|
||
verifies whether a certain path exists and is a non-empty
|
||
directory.</para>
|
||
|
||
<para><varname>ConditionFileNotEmpty=</varname> is similar to
|
||
<varname>ConditionPathExists=</varname> but verifies whether a
|
||
certain path exists and refers to a regular file with a
|
||
non-zero size.</para>
|
||
|
||
<para><varname>ConditionFileIsExecutable=</varname> is similar
|
||
to <varname>ConditionPathExists=</varname> but verifies
|
||
whether a certain path exists, is a regular file and marked
|
||
executable.</para>
|
||
|
||
<para>If multiple conditions are specified, the unit will be
|
||
executed if all of them apply (i.e. a logical AND is applied).
|
||
Condition checks can be prefixed with a pipe symbol (|) in
|
||
which case a condition becomes a triggering condition. If at
|
||
least one triggering condition is defined for a unit, then the
|
||
unit will be executed if at least one of the triggering
|
||
conditions apply and all of the non-triggering conditions. If
|
||
you prefix an argument with the pipe symbol and an exclamation
|
||
mark, the pipe symbol must be passed first, the exclamation
|
||
second. Except for
|
||
<varname>ConditionPathIsSymbolicLink=</varname>, all path
|
||
checks follow symlinks. If any of these options is assigned
|
||
the empty string, the list of conditions is reset completely,
|
||
all previous condition settings (of any kind) will have no
|
||
effect.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>AssertArchitecture=</varname></term>
|
||
<term><varname>AssertVirtualization=</varname></term>
|
||
<term><varname>AssertHost=</varname></term>
|
||
<term><varname>AssertKernelCommandLine=</varname></term>
|
||
<term><varname>AssertSecurity=</varname></term>
|
||
<term><varname>AssertCapability=</varname></term>
|
||
<term><varname>AssertACPower=</varname></term>
|
||
<term><varname>AssertNeedsUpdate=</varname></term>
|
||
<term><varname>AssertFirstBoot=</varname></term>
|
||
<term><varname>AssertPathExists=</varname></term>
|
||
<term><varname>AssertPathExistsGlob=</varname></term>
|
||
<term><varname>AssertPathIsDirectory=</varname></term>
|
||
<term><varname>AssertPathIsSymbolicLink=</varname></term>
|
||
<term><varname>AssertPathIsMountPoint=</varname></term>
|
||
<term><varname>AssertPathIsReadWrite=</varname></term>
|
||
<term><varname>AssertDirectoryNotEmpty=</varname></term>
|
||
<term><varname>AssertFileNotEmpty=</varname></term>
|
||
<term><varname>AssertFileIsExecutable=</varname></term>
|
||
|
||
<listitem><para>Similar to the <varname>ConditionArchitecture=</varname>,
|
||
<varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings add
|
||
assertion checks to the start-up of the unit. However, unlike the conditions settings, any assertion setting
|
||
that is not met results in failure of the start job (which means this is logged loudly). Use assertion
|
||
expressions for units that cannot operate when specific requirements are not met, and when this is something
|
||
the administrator or user should look into.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>SourcePath=</varname></term>
|
||
<listitem><para>A path to a configuration file this unit has
|
||
been generated from. This is primarily useful for
|
||
implementation of generator tools that convert configuration
|
||
from an external configuration file format into native unit
|
||
files. This functionality should not be used in normal
|
||
units.</para></listitem>
|
||
</varlistentry>
|
||
|
||
</variablelist>
|
||
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>[Install] Section Options</title>
|
||
|
||
<para>Unit files may include an <literal>[Install]</literal> section, which carries installation information for
|
||
the unit. This section is not interpreted by
|
||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is
|
||
used by the <command>enable</command> and <command>disable</command> commands of the
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during
|
||
installation of a unit. Note that settings in the <literal>[Install]</literal> section may not appear in
|
||
<filename>.d/*.conf</filename> unit file drop-ins (see above).</para>
|
||
|
||
<variablelist class='unit-directives'>
|
||
<varlistentry>
|
||
<term><varname>Alias=</varname></term>
|
||
|
||
<listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed
|
||
here must have the same suffix (i.e. type) as the unit file name. This option may be specified more than once,
|
||
in which case all listed names are used. At installation time, <command>systemctl enable</command> will create
|
||
symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this
|
||
setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support
|
||
aliasing.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>WantedBy=</varname></term>
|
||
<term><varname>RequiredBy=</varname></term>
|
||
|
||
<listitem><para>This option may be used more than once, or a
|
||
space-separated list of unit names may be given. A symbolic
|
||
link is created in the <filename>.wants/</filename> or
|
||
<filename>.requires/</filename> directory of each of the
|
||
listed units when this unit is installed by <command>systemctl
|
||
enable</command>. This has the effect that a dependency of
|
||
type <varname>Wants=</varname> or <varname>Requires=</varname>
|
||
is added from the listed unit to the current unit. The primary
|
||
result is that the current unit will be started when the
|
||
listed unit is started. See the description of
|
||
<varname>Wants=</varname> and <varname>Requires=</varname> in
|
||
the [Unit] section for details.</para>
|
||
|
||
<para><command>WantedBy=foo.service</command> in a service
|
||
<filename>bar.service</filename> is mostly equivalent to
|
||
<command>Alias=foo.service.wants/bar.service</command> in the
|
||
same file. In case of template units, <command>systemctl
|
||
enable</command> must be called with an instance name, and
|
||
this instance will be added to the
|
||
<filename>.wants/</filename> or
|
||
<filename>.requires/</filename> list of the listed unit. E.g.
|
||
<command>WantedBy=getty.target</command> in a service
|
||
<filename>getty@.service</filename> will result in
|
||
<command>systemctl enable getty@tty2.service</command>
|
||
creating a
|
||
<filename>getty.target.wants/getty@tty2.service</filename>
|
||
link to <filename>getty@.service</filename>.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>Also=</varname></term>
|
||
|
||
<listitem><para>Additional units to install/deinstall when
|
||
this unit is installed/deinstalled. If the user requests
|
||
installation/deinstallation of a unit with this option
|
||
configured, <command>systemctl enable</command> and
|
||
<command>systemctl disable</command> will automatically
|
||
install/uninstall units listed in this option as well.</para>
|
||
|
||
<para>This option may be used more than once, or a
|
||
space-separated list of unit names may be
|
||
given.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>DefaultInstance=</varname></term>
|
||
|
||
<listitem><para>In template unit files, this specifies for
|
||
which instance the unit shall be enabled if the template is
|
||
enabled without any explicitly set instance. This option has
|
||
no effect in non-template unit files. The specified string
|
||
must be usable as instance identifier.</para></listitem>
|
||
</varlistentry>
|
||
</variablelist>
|
||
|
||
<para>The following specifiers are interpreted in the Install
|
||
section: %n, %N, %p, %i, %U, %u, %m, %H, %b, %v. For their meaning
|
||
see the next section.
|
||
</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Specifiers</title>
|
||
|
||
<para>Many settings resolve specifiers which may be used to write
|
||
generic unit files referring to runtime or unit parameters that
|
||
are replaced when the unit files are loaded. The following
|
||
specifiers are understood:</para>
|
||
|
||
<table>
|
||
<title>Specifiers available in unit files</title>
|
||
<tgroup cols='3' align='left' colsep='1' rowsep='1'>
|
||
<colspec colname="spec" />
|
||
<colspec colname="mean" />
|
||
<colspec colname="detail" />
|
||
<thead>
|
||
<row>
|
||
<entry>Specifier</entry>
|
||
<entry>Meaning</entry>
|
||
<entry>Details</entry>
|
||
</row>
|
||
</thead>
|
||
<tbody>
|
||
<row>
|
||
<entry><literal>%n</literal></entry>
|
||
<entry>Full unit name</entry>
|
||
<entry></entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%N</literal></entry>
|
||
<entry>Unescaped full unit name</entry>
|
||
<entry>Same as <literal>%n</literal>, but with escaping undone</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%p</literal></entry>
|
||
<entry>Prefix name</entry>
|
||
<entry>For instantiated units, this refers to the string before the <literal>@</literal> character of the unit name. For non-instantiated units, this refers to the name of the unit with the type suffix removed.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%P</literal></entry>
|
||
<entry>Unescaped prefix name</entry>
|
||
<entry>Same as <literal>%p</literal>, but with escaping undone</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%i</literal></entry>
|
||
<entry>Instance name</entry>
|
||
<entry>For instantiated units: this is the string between the <literal>@</literal> character and the suffix of the unit name.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%I</literal></entry>
|
||
<entry>Unescaped instance name</entry>
|
||
<entry>Same as <literal>%i</literal>, but with escaping undone</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%f</literal></entry>
|
||
<entry>Unescaped filename</entry>
|
||
<entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%c</literal></entry>
|
||
<entry>Control group path of the unit</entry>
|
||
<entry>This path does not include the <filename>/sys/fs/cgroup/systemd/</filename> prefix.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%r</literal></entry>
|
||
<entry>Control group path of the slice the unit is placed in</entry>
|
||
<entry>This usually maps to the parent cgroup path of <literal>%c</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%R</literal></entry>
|
||
<entry>Root control group path below which slices and units are placed</entry>
|
||
<entry>For system instances, this resolves to <filename>/</filename>, except in containers, where this maps to the container's root control group path.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%t</literal></entry>
|
||
<entry>Runtime directory</entry>
|
||
<entry>This is either <filename>/run</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%u</literal></entry>
|
||
<entry>User name</entry>
|
||
<entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%U</literal></entry>
|
||
<entry>User UID</entry>
|
||
<entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%h</literal></entry>
|
||
<entry>User home directory</entry>
|
||
<entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%s</literal></entry>
|
||
<entry>User shell</entry>
|
||
<entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%m</literal></entry>
|
||
<entry>Machine ID</entry>
|
||
<entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%b</literal></entry>
|
||
<entry>Boot ID</entry>
|
||
<entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%H</literal></entry>
|
||
<entry>Host name</entry>
|
||
<entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%v</literal></entry>
|
||
<entry>Kernel release</entry>
|
||
<entry>Identical to <command>uname -r</command> output</entry>
|
||
</row>
|
||
<row>
|
||
<entry><literal>%%</literal></entry>
|
||
<entry>Single percent sign</entry>
|
||
<entry>Use <literal>%%</literal> in place of <literal>%</literal> to specify a single percent sign.</entry>
|
||
</row>
|
||
</tbody>
|
||
</tgroup>
|
||
</table>
|
||
|
||
<para>Please note that specifiers <literal>%U</literal>,
|
||
<literal>%h</literal>, <literal>%s</literal> are mostly useless
|
||
when systemd is running in system mode. PID 1 cannot query the
|
||
user account database for information, so the specifiers only work
|
||
as shortcuts for things which are already specified in a different
|
||
way in the unit file. They are fully functional when systemd is
|
||
running in <option>--user</option> mode.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Examples</title>
|
||
|
||
<example>
|
||
<title>Allowing units to be enabled</title>
|
||
|
||
<para>The following snippet (highlighted) allows a unit (e.g.
|
||
<filename>foo.service</filename>) to be enabled via
|
||
<command>systemctl enable</command>:</para>
|
||
|
||
<programlisting>[Unit]
|
||
Description=Foo
|
||
|
||
[Service]
|
||
ExecStart=/usr/sbin/foo-daemon
|
||
|
||
<emphasis>[Install]</emphasis>
|
||
<emphasis>WantedBy=multi-user.target</emphasis></programlisting>
|
||
|
||
<para>After running <command>systemctl enable</command>, a
|
||
symlink
|
||
<filename>/etc/systemd/system/multi-user.target.wants/foo.service</filename>
|
||
linking to the actual unit will be created. It tells systemd to
|
||
pull in the unit when starting
|
||
<filename>multi-user.target</filename>. The inverse
|
||
<command>systemctl disable</command> will remove that symlink
|
||
again.</para>
|
||
</example>
|
||
|
||
<example>
|
||
<title>Overriding vendor settings</title>
|
||
|
||
<para>There are two methods of overriding vendor settings in
|
||
unit files: copying the unit file from
|
||
<filename>/usr/lib/systemd/system</filename> to
|
||
<filename>/etc/systemd/system</filename> and modifying the
|
||
chosen settings. Alternatively, one can create a directory named
|
||
<filename><replaceable>unit</replaceable>.d/</filename> within
|
||
<filename>/etc/systemd/system</filename> and place a drop-in
|
||
file <filename><replaceable>name</replaceable>.conf</filename>
|
||
there that only changes the specific settings one is interested
|
||
in. Note that multiple such drop-in files are read if
|
||
present.</para>
|
||
|
||
<para>The advantage of the first method is that one easily
|
||
overrides the complete unit, the vendor unit is not parsed at
|
||
all anymore. It has the disadvantage that improvements to the
|
||
unit file by the vendor are not automatically incorporated on
|
||
updates.</para>
|
||
|
||
<para>The advantage of the second method is that one only
|
||
overrides the settings one specifically wants, where updates to
|
||
the unit by the vendor automatically apply. This has the
|
||
disadvantage that some future updates by the vendor might be
|
||
incompatible with the local changes.</para>
|
||
|
||
<para>Note that for drop-in files, if one wants to remove
|
||
entries from a setting that is parsed as a list (and is not a
|
||
dependency), such as <varname>ConditionPathExists=</varname> (or
|
||
e.g. <varname>ExecStart=</varname> in service units), one needs
|
||
to first clear the list before re-adding all entries except the
|
||
one that is to be removed. See below for an example.</para>
|
||
|
||
<para>This also applies for user instances of systemd, but with
|
||
different locations for the unit files. See the section on unit
|
||
load paths for further details.</para>
|
||
|
||
<para>Suppose there is a vendor-supplied unit
|
||
<filename>/usr/lib/systemd/system/httpd.service</filename> with
|
||
the following contents:</para>
|
||
|
||
<programlisting>[Unit]
|
||
Description=Some HTTP server
|
||
After=remote-fs.target sqldb.service
|
||
Requires=sqldb.service
|
||
AssertPathExists=/srv/webserver
|
||
|
||
[Service]
|
||
Type=notify
|
||
ExecStart=/usr/sbin/some-fancy-httpd-server
|
||
Nice=5
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target</programlisting>
|
||
|
||
<para>Now one wants to change some settings as an administrator:
|
||
firstly, in the local setup, <filename>/srv/webserver</filename>
|
||
might not exist, because the HTTP server is configured to use
|
||
<filename>/srv/www</filename> instead. Secondly, the local
|
||
configuration makes the HTTP server also depend on a memory
|
||
cache service, <filename>memcached.service</filename>, that
|
||
should be pulled in (<varname>Requires=</varname>) and also be
|
||
ordered appropriately (<varname>After=</varname>). Thirdly, in
|
||
order to harden the service a bit more, the administrator would
|
||
like to set the <varname>PrivateTmp=</varname> setting (see
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for details). And lastly, the administrator would like to reset
|
||
the niceness of the service to its default value of 0.</para>
|
||
|
||
<para>The first possibility is to copy the unit file to
|
||
<filename>/etc/systemd/system/httpd.service</filename> and
|
||
change the chosen settings:</para>
|
||
|
||
<programlisting>[Unit]
|
||
Description=Some HTTP server
|
||
After=remote-fs.target sqldb.service <emphasis>memcached.service</emphasis>
|
||
Requires=sqldb.service <emphasis>memcached.service</emphasis>
|
||
AssertPathExists=<emphasis>/srv/www</emphasis>
|
||
|
||
[Service]
|
||
Type=notify
|
||
ExecStart=/usr/sbin/some-fancy-httpd-server
|
||
<emphasis>Nice=0</emphasis>
|
||
<emphasis>PrivateTmp=yes</emphasis>
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target</programlisting>
|
||
|
||
<para>Alternatively, the administrator could create a drop-in
|
||
file
|
||
<filename>/etc/systemd/system/httpd.service.d/local.conf</filename>
|
||
with the following contents:</para>
|
||
|
||
<programlisting>[Unit]
|
||
After=memcached.service
|
||
Requires=memcached.service
|
||
# Reset all assertions and then re-add the condition we want
|
||
AssertPathExists=
|
||
AssertPathExists=/srv/www
|
||
|
||
[Service]
|
||
Nice=0
|
||
PrivateTmp=yes</programlisting>
|
||
|
||
<para>Note that dependencies (<varname>After=</varname>, etc.)
|
||
cannot be reset to an empty list, so dependencies can only be
|
||
added in drop-ins. If you want to remove dependencies, you have
|
||
to override the entire unit.</para>
|
||
|
||
</example>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>See Also</title>
|
||
<para>
|
||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
</para>
|
||
</refsect1>
|
||
|
||
</refentry>
|