참고 사이트 : https://www.digitalocean.com/community/tutorials/understanding-systemd-units-and-unit-files
systemd 는 Unit 이라는 객체들을 관리한다.
유닛의 종류
.service : 서버의 어플리케이션이나 서비스를 관리하는 역할.
[Service] Section
GuessMainPID=
boolean 값을 가지며 기본값은 yes이다. Type=forking , PIDFile= 이 설정되지 않으면 동작하지 않는다.
PIDFile=
지정한 PID 파일을 가져온다. 이옵션은 Service Type=이 "forking" 인경우 사용하길 권장한다. systemd 는 메인프로세스 데몬이 시작시 PID 파일을 읽어 서비스를 수행한다.
BusName=
Type= 이 "dbus" 인경우 사용하는 하며 D-Bus 이름을 명시한다.
[Install] Section Directives
유닛파일의 마지막 부분에 해당한다. 이 섹션은 선택사항으로 활성화 또는 비활성화 된경우 동작을 정의한다.
* WantedBy= : [Unit] 섹션의 Wants= 와 유사하다.
* RequiredBy= : WantedBy= 와 아주 유사하나, 의존성들이 충족되지 않으면 실패하게 된다. 활성화 되면 . requires 로 끝나는 디렉토리가 생성된다.
directive: 지시 , 지시하는
Section: systemd.resource-control :http://www.jlemmens.nl/cgi-bin/man/man2html?5+systemd.resource-control
CPUAccounting= Turn on CPU usage accounting for this unit. Takes a boolean argument.
Note that turning on CPU accounting for one unit might also implicitly turn it on for all units contained in the same slice and for all its parent slices and the units contained therein.
The system default for this setting maybe controlled withDefaultCPUAccounting= in systemd-system.conf(5).
유닛의 CPU 사용량 을 계산하도록 한다. boolean 값을 설정한다. 기본 디폴트값은 systgemd-system.conf 파일의 withDefaultCPUAccounting= 값을 참고한다.
CPUShares=weight
, StartupCPUShares=weight
Assign the specified CPU time share weight to the processes executed. These options take an integer value and control the "cpu.shares
" control group attribute. The allowed range is 2 to 262144. Defaults to 1024. For details about this control group attribute, see sched-design-CFS.txt.
The available CPU time is split up among all units within one slice relative to their CPU time share weight.
While StartupCPUShares=
only applies to the startup phase of the system, CPUShares=
applies to normal runtime of the system, and if the former is not set also to the startup phase.
Using StartupCPUShares=
allows prioritizing specific services at boot-up differently than during normal runtime.
These options imply "CPUAccounting=true
".
프로세스가 실행될때 CPU 공유시간을 설정할수 있다. 이 설정값은 integer 값으로 "cpu.shares"라는 속성에 의해 제어된다. 가능한값은 2~262144 로 기본값은 1024이다. 자세한 사항은 sched-design-CFS.txt 을 참고한다. StartupCPUShares= 를 사용하면 부팅시 normal runtime 시보다 우선적으로 수행을한다.이 옵션은 "CPUaccounting=true"를 의미한다.
assign : 맡기다. 선임하다. 파견하다. specified : 명시된specific : 구체적인, 명확한,분명한applies to : ~에 적용되다.
phase : 단계, 단계적으로하다.
split : 분열되다. 나뉘다. 나누다.
slice : 조각, 몫
among: ~에 둘러싸인. ~의 가운데에
within : 이내에
prioritize : 우선순의를 매기다. 우선적으로 처리하다.
imply : 의미하다.
CPUQuota=
Assign the specified CPU time quota to the processes executed. Takes a percentage value, suffixed with "%". The percentage specifies how much CPU time the unit shall get at maximum, relative to the total CPU time available on one CPU. Use values > 100% for allotting CPU time on more than one CPU. This controls the "cpu.cfs_quota_us
" control group attribute. For details about this control group attribute, see sched-design-CFS.txt.
Example: CPUQuota=20%
ensures that the executed processes will never get more than 20% CPU time on one CPU.
Implies "CPUAccounting=true
".
CPU 한도 프로세스가 실행될때 CPU 사용 할당량을 지정한다. 이 속성은 "cpu.cfs_quota_us
" 컨트롤 그룹 어트리뷰트에 의해 제어된다. 자세한 사항은 sched-design-CFS.txt 파일 참고. CPUQuota=20% 의 의미는 20% 이상의 CPU 사용을 하지않도록 한다.
quota : 한도, 몫
MemoryAccounting=
Turn on process and kernel memory accounting for this unit. Takes a boolean argument. Note that turning on memory accounting for one unit will also implicitly turn it on for all units contained in the same slice and for all its parent slices and the units contained therein. The system default for this setting may be controlled with DefaultMemoryAccounting=
in systemd-system.conf(5).
유닛의 프로세스와 커널메모리를 계산한다. boolean 값을 사용 (true, false). 기본설정값은 systemd-system.conf 의 DefaultMemoryAccounting= 사용한다.
MemoryLimit=bytes
Specify the limit on maximum memory usage of the executed processes. The limit specifies how much process and kernel memory can be used by tasks in this unit. Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the special value "infinity
", no memory limit is applied. This controls the "memory.limit_in_bytes
" control group attribute. For details about this control group attribute, see memory.txt.
Implies "MemoryAccounting=true
".
최대 메모리 사용량을 지정한다. Byte 단위로 K, M, G, T 단위를 사용한다. "memory.limit_in_bytes"라는 컨트롤 그룹어트리뷰트에 의해 제어된다.
"MemoryAccounting=true"
TasksAccounting=
Turn on task accounting for this unit. Takes a boolean argument. If enabled, the system manager will keep track of the number of tasks in the unit. The number of tasks accounted this way includes both kernel threads and userspace processes, with each thread counting individually. Note that turning on tasks accounting for one unit will also implicitly turn it on for all units contained in the same slice and for all its parent slices and the units contained therein. The system default for this setting may be controlled withDefaultTasksAccounting=
in systemd-system.conf(5).
TasksMax=N
Specify the maximum number of tasks that may be created in the unit. This ensures that the number of tasks accounted for the unit (see above) stays below a specific limit. If assigned the special value "infinity
", no tasks limit is applied. This controls the "pids.max
" control group attribute. For details about this control group attribute, see pids.txt.
Implies "TasksAccounting=true
". The system default for this setting may be controlled with DefaultTasksMax=
in systemd-system.conf(5).
IOAccounting=
Turn on Block I/O accounting for this unit, if the unified control group hierarchy is used on the system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly turn it on for all units contained in the same slice and all for its parent slices and the units contained therein. The system default for this setting may be controlled withDefaultIOAccounting=
in systemd-system.conf(5).
This setting is supported only if the unified control group hierarchy is used. Use BlockIOAccounting=
on systems using the legacy control group hierarchy.
IOWeight=weight
, StartupIOWeight=weight
Set the default overall block I/O weight for the executed processes, if the unified control group hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the default block I/O weight. This controls the "io.weight
" control group attribute, which defaults to 100. For details about this control group attribute, see cgroup-v2.txt. The available I/O bandwidth is split up among all units within one slice relative to their block I/O weight.
While StartupIOWeight=
only applies to the startup phase of the system, IOWeight=
applies to the later runtime of the system, and if the former is not set also to the startup phase. This allows prioritizing specific services at boot-up differently than during runtime.
Implies "IOAccounting=true
".
This setting is supported only if the unified control group hierarchy is used. Use BlockIOWeight=
and StartupBlockIOWeight=
on systems using the legacy control group hierarchy.
IODeviceWeight=device
weight
Set the per-device overall block I/O weight for the executed processes, if the unified control group hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify the device specific weight value, between 1 and 10000. (Example: "/dev/sda 1000"). The file path may be specified as path to a block device node or as any other file, in which case the backing block device of the file system of the file is determined. This controls the "io.weight
" control group attribute, which defaults to 100. Use this option multiple times to set weights for multiple devices. For details about this control group attribute, see cgroup-v2.txt.
Implies "IOAccounting=true
".
This setting is supported only if the unified control group hierarchy is used. Use BlockIODeviceWeight=
on systems using the legacy control group hierarchy.
IOReadBandwidthMax=device
bytes
, IOWriteBandwidthMax=device
bytes
Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified control group hierarchy is used on the system. This limit is not work-conserving and the executed processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may be a path to a block device node, or as any other file in which case the backing block device of the file system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example: "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the "io.max
" control group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details about this control group attribute, see cgroup-v2.txt.
Implies "IOAccounting=true
".
This setting is supported only if the unified control group hierarchy is used. Use BlockIOAccounting=
on systems using the legacy control group hierarchy.
IOReadIOPSMax=device
IOPS
, IOWriteIOPSMax=device
IOPS
Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the unified control group hierarchy is used on the system. This limit is not work-conserving and the executed processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block device node, or as any other file in which case the backing block device of the file system of the file is used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS, GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example: "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the "io.max
" control group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about this control group attribute, see cgroup-v2.txt.
Implies "IOAccounting=true
".
This setting is supported only if the unified control group hierarchy is used.
BlockIOAccounting=
Turn on Block I/O accounting for this unit, if the legacy control group hierarchy is used on the system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly turn it on for all units contained in the same slice and all for its parent slices and the units contained therein. The system default for this setting may be controlled withDefaultBlockIOAccounting=
in systemd-system.conf(5).
This setting is supported only if the legacy control group hierarchy is used. Use IOAccounting=
on systems using the unified control group hierarchy.
BlockIOWeight=weight
, StartupBlockIOWeight=weight
Set the default overall block I/O weight for the executed processes, if the legacy control group hierarchy is used on the system. Takes a single weight value (between 10 and 1000) to set the default block I/O weight. This controls the "blkio.weight
" control group attribute, which defaults to 500. For details about this control group attribute, see blkio-controller.txt. The available I/O bandwidth is split up among all units within one slice relative to their block I/O weight.
While StartupBlockIOWeight=
only applies to the startup phase of the system, BlockIOWeight=
applies to the later runtime of the system, and if the former is not set also to the startup phase. This allows prioritizing specific services at boot-up differently than during runtime.
Implies "BlockIOAccounting=true
".
This setting is supported only if the legacy control group hierarchy is used. Use IOWeight=
and StartupIOWeight=
on systems using the unified control group hierarchy.
BlockIODeviceWeight=device
weight
Set the per-device overall block I/O weight for the executed processes, if the legacy control group hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify the device specific weight value, between 10 and 1000. (Example: "/dev/sda 500"). The file path may be specified as path to a block device node or as any other file, in which case the backing block device of the file system of the file is determined. This controls the "blkio.weight_device
" control group attribute, which defaults to 1000. Use this option multiple times to set weights for multiple devices. For details about this control group attribute, see blkio-controller.txt.
Implies "BlockIOAccounting=true
".
This setting is supported only if the legacy control group hierarchy is used. Use IODeviceWeight=
on systems using the unified control group hierarchy.
BlockIOReadBandwidth=device
bytes
, BlockIOWriteBandwidth=device
bytes
Set the per-device overall block I/O bandwidth limit for the executed processes, if the legacy control group hierarchy is used on the system. Takes a space-separated pair of a file path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may be a path to a block device node, or as any other file in which case the backing block device of the file system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example: "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the "blkio.throttle.read_bps_device
" and "blkio.throttle.write_bps_device
" control group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details about these control group attributes, see blkio-controller.txt.
Implies "BlockIOAccounting=true
".
This setting is supported only if the legacy control group hierarchy is used. Use IOReadBandwidthMax=
and IOWriteBandwidthMax=
on systems using the unified control group hierarchy.
DeviceAllow=
Control access to specific device nodes by the executed processes. Takes two space-separated strings: a device node specifier followed by a combination of r
, w
, m
to control reading, writing, or creation of the specific device node(s) by the unit (mknod), respectively. This controls the "devices.allow
" and "devices.deny
" control group attributes. For details about these control group attributes, see devices.txt.
The device node specifier is either a path to a device node in the file system, starting with /dev/
, or a string starting with either "char-
" or "block-
" followed by a device group name, as listed in /proc/devices
. The latter is useful to whitelist all current and future devices belonging to a specific device group at once. The device group is matched according to file name globbing rules, you may hence use the "*
" and "?
" wildcards. Examples: /dev/sda5
is a path to a device node, referring to an ATA or SCSI block device. "char-pts
" and "char-alsa
" are specifiers for all pseudo TTYs and all ALSA sound devices, respectively. "char-cpu/*
" is a specifier matching all CPU related device groups.
DevicePolicy=auto|closed|strict
Control the policy for allowing device access:
strict
means to only allow types of access that are explicitly specified.
closed
in addition, allows access to standard pseudo devices including /dev/null
, /dev/zero
, /dev/full
, /dev/random
, and /dev/urandom
.
auto
in addition, allows access to all devices if no explicit DeviceAllow=
is present. This is the default.
Slice=
The name of the slice unit to place the unit in. Defaults to system.slice
for all non-instantiated units of all unit types (except for slice units themselves see below). Instance units are by default placed in a subslice of system.slice
that is named after the template name.
This option may be used to arrange systemd units in a hierarchy of slices each of which might have resource settings applied.
For units of type slice, the only accepted value for this setting is the parent slice. Since the name of a slice unit implies the parent slice, it is hence redundant to ever set this parameter directly for slice units.
Special care should be taken when relying on the default slice assignment in templated service units that haveDefaultDependencies=no
set, see systemd.service(5), section "Automatic Dependencies" for details.
Delegate=
Turns on delegation of further resource control partitioning to processes of the unit. For unprivileged services (i.e. those using theUser=
setting), this allows processes to create a subhierarchy beneath its control group path. For privileged services and scopes, this ensures the processes will have all control group controllers enabled.