File: feature-systemd.xml

package info (click to toggle)
cockpit 239-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 67,268 kB
  • sloc: javascript: 245,474; ansic: 72,273; python: 23,634; xml: 6,155; sh: 2,919; makefile: 923; sed: 5
file content (124 lines) | stat: -rw-r--r-- 5,283 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
<?xml version="1.0"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<chapter id="feature-systemd">
  <title>systemd</title>

  <para>Cockpit uses
    <ulink url="https://www.freedesktop.org/wiki/Software/systemd/">systemd</ulink>
    and the DBus APIs it provides to configure and monitor core aspects of the system.
    Use of alternate system APIs are not currently implemented.</para>

  <para>For non root users, systemd controls access to its APIs via
    <link linkend="privileges">Policy Kit</link> and a user logged into Cockpit will have
    the same permissions as they do from the command line.</para>

  <para>Cockpit retrieves information about the host and changes the hostname via the
    <code>hostnamed</code> daemon. To perform similar tasks from the command line use the
    <ulink url="https://www.freedesktop.org/software/systemd/man/hostnamectl.html"><code>hostnamectl</code></ulink>
    command:</para>

<programlisting>
$ <command>hostnamectl</command>
   Static hostname: pink.example.com
   Pretty hostname: Pink
         Icon name: computer-desktop
           Chassis: desktop
        Machine ID: ef00b79be229463cbb844c3e715de96c
           Boot ID: 934983d64d34465cb5a8383b5a89ad8c
  Operating System: Fedora 22 (Twenty Two)
       CPE OS Name: cpe:/o:fedoraproject:fedora:22
            Kernel: Linux 4.0.4-301.fc22.x86_64
      Architecture: x86-64
</programlisting>

  <para>Cockpit configures the system time and time zone via the <code>timedated</code> daemon.
    To perform similar tasks from the command line use the
    <ulink url="https://www.freedesktop.org/software/systemd/man/timedatectl.html"><code>timedatectl</code></ulink>
    command:</para>

<programlisting>
$ <command>timedatectl list-timezones</command>
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
...
</programlisting>

  <para>Cockpit can manage the list of NTP servers used by
    <code>systemd-timesyncd</code> by putting its own file into
    <code>/etc/systemd/timesyncd.conf.d/</code>.  Note that
    <code>systemd-timesyncd</code> is not always enabled, depending on
    the configuration of the machine.  In that case, Cockpit disabled the
    UI for managing the list of NTP servers. In some cases use of
    <code>ntpd</code> can cause the <code>timedated</code> daemon to
    behave inconsistently with regards to time synchronization.</para>

  <para>Cockpit reboots or powers down the machine by using the
    <ulink url="https://www.freedesktop.org/software/systemd/man/shutdown.html"><code>shutdown</code></ulink>
    command. To perform similar tasks from the command line, run it directly:</para>

<programlisting>
$ <command>sudo shutdown +15</command>
Shutdown scheduled for Sa 2015-09-26 15:49:40 CEST, use 'shutdown -c' to cancel.
</programlisting>

  <para>Cockpit manages system services and sockets via systemd. To perform similar tasks from the
    command line use the
    <ulink url="https://www.freedesktop.org/software/systemd/man/systemctl.html"><code>systemctl</code></ulink>
    command:</para>

<programlisting>
$ <command>systemctl status cockpit</command>
● cockpit.service - Cockpit Web Service
   Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static; vendor preset: disabled)
  Drop-In: /etc/systemd/system/cockpit.service.d
           └─debug.conf
   Active: active (running) since Sa 2015-09-26 13:28:02 CEST; 2h 7min ago
     Docs: man:cockpit-ws(8)
 Main PID: 6957 (cockpit-ws)
   Memory: 1.8M
   CGroup: /system.slice/cockpit.service
           ├─ 6957 /usr/libexec/cockpit-ws
           └─29598 /usr/bin/ssh-agent
</programlisting>

  <para>In order to customize who can perform various actions in system,
    <link linkend="privileges-polkit">create polkit rules</link> with the following
    actions and details:</para>

  <variablelist>
    <varlistentry>
      <term><option>org.freedesktop.systemd1.manage-units</option></term>
      <listitem><para>Permission to manage system services or other units.
        Details available: <code>unit</code>, <code>verb</code></para></listitem>
    </varlistentry>
    <varlistentry>
      <term><option>org.freedesktop.systemd1.manage-unit-files</option></term>
      <listitem><para>Permission to manage system services or other unit files.</para></listitem>
    </varlistentry>
    <varlistentry>
      <term><option>org.freedesktop.systemd1.reload-daemon</option></term>
      <listitem><para>Permission to reload the systemd state.</para></listitem>
    </varlistentry>
  </variablelist>

  <para>For example, placing the following polkit rule to
    <filename>/etc/polkit-1.rules.d/10-http.rule</filename> allows all users in the
    <code>operators</code> group start, stop, and restart the Apache HTTP service:</para>

<programlisting>
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units") {
        if (subject.isInGroup("operators") &amp;&amp; action.lookup("unit") == "httpd.service") {
            var verb = action.lookup("verb");
            if (verb == "start" || verb == "stop" || verb == "restart") {
                return polkit.Result.YES;
            }
        }
    }
});
</programlisting>

</chapter>