1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
|
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd.generator" xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd.generator</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>systemd.generator</refentrytitle>
<manvolnum>7</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd.generator</refname>
<refpurpose>systemd unit generators</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command index='false'>/path/to/generator</command>
<arg choice="plain"><replaceable>normal-dir</replaceable></arg>
<arg choice="opt"><replaceable>early-dir</replaceable></arg>
<arg choice="opt"><replaceable>late-dir</replaceable></arg>
</cmdsynopsis>
<para><simplelist>
<member><filename>/run/systemd/system-generators/*</filename></member>
<member><filename>/etc/systemd/system-generators/*</filename></member>
<member><filename>/usr/local/lib/systemd/system-generators/*</filename></member>
<member><filename>&SYSTEM_GENERATOR_DIR;/*</filename></member>
</simplelist></para>
<para><simplelist>
<member><filename>/run/systemd/user-generators/*</filename></member>
<member><filename>/etc/systemd/user-generators/*</filename></member>
<member><filename>/usr/local/lib/systemd/user-generators/*</filename></member>
<member><filename>&USER_GENERATOR_DIR;/*</filename></member>
</simplelist></para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>Generators are small executables placed in <filename>&SYSTEM_GENERATOR_DIR;/</filename> and other
directories listed above.
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> will execute
these binaries very early at bootup and at configuration reload time — before unit files are
loaded. Their main purpose is to convert configuration and execution context parameters that are not
native to the service manager into dynamically generated unit files, symlinks or unit file drop-ins, so
that they can extend the unit file hierarchy the service manager subsequently loads and operates
on.</para>
<para><command>systemd</command> will call each generator with three directory paths that are to be used
for generator output. In these three directories, generators may dynamically generate unit files (regular
ones, instances, as well as templates), unit file <filename>.d/</filename> drop-ins, and create symbolic
links to unit files to add additional dependencies, create aliases, or instantiate existing templates.
Those directories are included in the unit load path, allowing generated configuration to extend or
override existing definitions. For tests, generators may be called with just one argument; the generator
should assume that all three paths are the same in that case.</para>
<para>Generators executed by the system manager are invoked in a sandbox with a private writable
<filename>/tmp/</filename> directory and where most of the file system is read-only except for the
generator output directories.</para>
<para>Directory paths for generator output differ by priority: <filename>…/generator.early</filename> has
priority higher than the admin configuration in <filename>/etc/</filename>, while
<filename>…/generator</filename> has lower priority than <filename>/etc/</filename> but higher than
vendor configuration in <filename>/usr/</filename>, and <filename>…/generator.late</filename> has
priority lower than all other configuration. See the next section and the discussion of unit load paths
and unit overriding in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
<para>Generators are loaded from a set of paths determined during compilation, as listed above. System
and user generators are loaded from directories with names ending in
<filename>system-generators/</filename> and <filename>user-generators/</filename>,
respectively. Generators found in directories listed earlier override the ones with the same name in
directories lower in the list <xi:include href="standard-conf.xml" xpointer="usr-local-footnote" />.
A symlink to <filename>/dev/null</filename> or an empty file can be used to mask a generator, thereby
preventing it from running. Please note that the order of the two directories with the highest priority
is reversed with respect to the unit load path, and generators in <filename>/run/</filename> overwrite
those in <filename>/etc/</filename>.</para>
<para>After installing new generators or updating the configuration, <command>systemctl
daemon-reload</command> may be executed. This will delete the previous configuration created by
generators, re-run all generators, and cause <command>systemd</command> to reload units from disk. See
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more
information.
</para>
</refsect1>
<refsect1>
<title>Output directories</title>
<para>Generators are invoked with three arguments: paths to directories where generators can place their
generated unit files or symlinks. By default, those paths are runtime directories that are included in the
search path of <command>systemd</command>, but a generator may be called with different paths for
debugging purposes. If only one argument is provided, the generator should use the same directory as the
three output paths.</para>
<orderedlist>
<listitem>
<para><parameter>normal-dir</parameter></para>
<para>In normal use this is <filename>/run/systemd/generator</filename> in case of the system
generators and <filename>$XDG_RUNTIME_DIR/systemd/generator</filename> in case of the user
generators. Unit files placed in this directory take precedence over vendor unit configuration but
not over native user/administrator unit configuration.
</para>
</listitem>
<listitem>
<para><parameter>early-dir</parameter></para>
<para>In normal use this is <filename>/run/systemd/generator.early</filename> in case of the system
generators and <filename>$XDG_RUNTIME_DIR/systemd/generator.early</filename> in case of the user
generators. Unit files placed in this directory override unit files in <filename>/usr/</filename>,
<filename>/run/</filename> and <filename>/etc/</filename>. This means that unit files placed in this
directory take precedence over all normal configuration, both vendor and user/administrator.</para>
</listitem>
<listitem>
<para><parameter>late-dir</parameter></para>
<para>In normal use this is <filename>/run/systemd/generator.late</filename> in case of the system
generators and <filename>$XDG_RUNTIME_DIR/systemd/generator.late</filename> in case of the user
generators. This directory may be used to extend the unit file tree without overriding any other unit
files. Any native configuration files supplied by the vendor or user/administrator take
precedence.</para>
</listitem>
</orderedlist>
<para>Note: generators <emphasis>must not</emphasis> write to other locations or otherwise make changes
to system state. Generator output is supposed to last only until the next
<command>daemon-reload</command> or <command>daemon-reexec</command>; if the generator is replaced
or masked, its effects should vanish.</para>
</refsect1>
<refsect1>
<title>Environment</title>
<para>The service manager sets a number of environment variables when invoking generator
executables. They carry information about the execution context of the generator, in order to simplify
conditionalizing generators to specific environments. The following environment variables are set:</para>
<variablelist class='environment-variables'>
<varlistentry>
<term><varname>$SYSTEMD_SCOPE</varname></term>
<listitem><para>If the generator is invoked from the system service manager this variable is set to
<literal>system</literal>; if invoked from the per-user service manager it is set to
<literal>user</literal>.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>$SYSTEMD_IN_INITRD</varname></term>
<listitem><para>If the generator is run as part of an initrd this is set to <literal>1</literal>. If
it is run from the regular host (i.e. after the transition from initrd to host) it is set to
<literal>0</literal>. This environment variable is only set for system generators.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>$SYSTEMD_SOFT_REBOOTS_COUNT</varname></term>
<listitem><para>If the system has soft-rebooted, this variable is set to the count of soft-reboots.
This environment variable is only set for system generators.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>$SYSTEMD_FIRST_BOOT</varname></term>
<listitem><para>If this boot-up cycle is considered a "first boot", this is set to
<literal>1</literal>; if it is a subsequent, regular boot it is set to <literal>0</literal>. For
details see the documentation of <varname>ConditionFirstBoot=</varname> in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This
environment variable is only set for system generators.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>$SYSTEMD_VIRTUALIZATION</varname></term>
<listitem><para>If the service manager is run in a virtualized environment,
<varname>$SYSTEMD_VIRTUALIZATION</varname> is set to a pair of strings, separated by a colon. The
first string is either <literal>vm</literal> or <literal>container</literal>, categorizing the type
of virtualization. The second string identifies the implementation of the virtualization
technology. If no virtualization is detected this variable will not be set. This data is identical to
what
<citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
detects and reports, and uses the same vocabulary of virtualization implementation
identifiers.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>$SYSTEMD_ARCHITECTURE</varname></term>
<listitem><para>This variable is set to a short identifier of the reported architecture of the
system. For details about defined values, see documentation of
<varname>ConditionArchitecture=</varname> in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>$CREDENTIALS_DIRECTORY</varname></term>
<term><varname>$ENCRYPTED_CREDENTIALS_DIRECTORY</varname></term>
<listitem><para>If set, refers to the directory system credentials have been placed in. Credentials
passed into the system in plaintext form will be placed in <varname>$CREDENTIALS_DIRECTORY</varname>,
and those passed in in encrypted form will be placed in
<varname>$ENCRYPTED_CREDENTIALS_DIRECTORY</varname>. Use the
<citerefentry><refentrytitle>systemd-creds</refentrytitle><manvolnum>1</manvolnum></citerefentry>
command to automatically decrypt/authenticate credentials passed in, if needed. Specifically, use the
<command>systemd-creds --system cat</command> command.</para>
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>$SYSTEMD_CONFIDENTIAL_VIRTUALIZATION</varname></term>
<listitem><para>If the service manager is run in a confidential virtualized environment,
<varname>$SYSTEMD_CONFIDENTIAL_VIRTUALIZATION</varname> is set to a string that identifies
the confidential virtualization hardware technology. If no confidential virtualization is
detected this variable will not be set. This data is identical to what
<citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
detects and reports, and uses the same vocabulary of confidential virtualization
technology identifiers.</para>
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Notes about writing generators</title>
<itemizedlist>
<listitem>
<para>All generators are executed in parallel. That means all executables are started at the very
same time and need to be able to cope with this parallelism.
</para>
</listitem>
<listitem>
<para>Generators are run very early at boot and cannot rely on any external services. They may not
talk to any other process. That includes simple things such as logging to <citerefentry
project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>, or
<command>systemd</command> itself (this means: no
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>)!
Non-essential file systems like <filename>/var/</filename> and <filename>/home/</filename> are
mounted after generators have run. Generators can however rely on the most basic kernel functionality
to be available, as well as mounted <filename>/sys/</filename>, <filename>/proc/</filename>,
<filename>/dev/</filename>, <filename>/usr/</filename> and <filename>/run/</filename> file systems.
</para>
</listitem>
<listitem>
<para>Units written by generators are removed when the configuration is reloaded. That means the
lifetime of the generated units is closely bound to the reload cycles of <command>systemd</command>
itself.</para>
</listitem>
<listitem>
<para>Generators should only be used to generate unit files, <filename>.d/*.conf</filename> drop-ins
for them and symlinks to them, not any other kind of non-unit related configuration. Due to the
lifecycle logic mentioned above, generators are not a good fit to generate dynamic configuration for
other services. If you need to generate dynamic configuration for other services, do so in normal
services you order before the service in question.</para>
<para>Note that using the <varname>StandardInputData=</varname>/<varname>StandardInputText=</varname>
settings of service unit files (see
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>), it
is possible to make arbitrary input data (including daemon-specific configuration) part of the unit
definitions, which often might be sufficient to embed data or configuration for other programs into
unit files in a native fashion.</para>
</listitem>
<listitem>
<para>Since
<citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
is not available (see above), log messages have to be written to <filename>/dev/kmsg</filename>
instead.</para>
</listitem>
<listitem>
<para>The generator should always include its own name in a comment at the top of the generated file,
so that the user can easily figure out which component created or amended a particular unit.</para>
<para>The <varname>SourcePath=</varname> directive should be used in generated files to specify the
source configuration file they are generated from. This makes things more easily understood by the
user and also has the benefit that systemd can warn the user about configuration files that changed
on disk but have not been read yet by systemd. The <varname>SourcePath=</varname> value does not have
to be a file in a physical filesystem. For example, in the common case of the generator looking at
the kernel command line, <option>SourcePath=/proc/cmdline</option> should be used.</para>
</listitem>
<listitem>
<para>Generators may write out dynamic unit files or just hook unit files into other units with the
usual <filename>.wants/</filename> or <filename>.requires/</filename> symlinks. Often, it is nicer to
simply instantiate a template unit file from <filename>/usr/</filename> with a generator instead of
writing out entirely dynamic unit files. Of course, this works only if a single parameter is to be
used.</para>
</listitem>
<listitem>
<para>If you are careful, you can implement generators in shell scripts. We do recommend C code
however, since generators are executed synchronously and hence delay the entire boot if they are
slow.</para>
</listitem>
<listitem>
<para>Regarding overriding semantics: there are two rules we try to follow when thinking about the
overriding semantics:</para>
<orderedlist numeration="lowerroman">
<listitem>
<para>User configuration should override vendor configuration. This (mostly) means that stuff
from <filename>/etc/</filename> should override stuff from <filename>/usr/</filename>.</para>
</listitem>
<listitem>
<para>Native configuration should override non-native configuration. This (mostly) means that
stuff you generate should never override native unit files for the same purpose.</para>
</listitem>
</orderedlist>
<para>Of these two rules the first rule is probably the more important one and breaks the second one
sometimes. Hence, when deciding whether to use argv[1], argv[2], or argv[3], your default choice
should probably be argv[1].</para>
</listitem>
<listitem>
<para>Instead of heading off now and writing all kind of generators for legacy configuration file
formats, please think twice! It is often a better idea to just deprecate old stuff instead of keeping
it artificially alive.
</para>
</listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>Examples</title>
<example>
<title>systemd-fstab-generator</title>
<para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
converts <filename>/etc/fstab</filename> into native mount units. It uses argv[1] as location to place
the generated unit files in order to allow the user to override <filename>/etc/fstab</filename> with
their own native unit files, but also to ensure that <filename>/etc/fstab</filename> overrides any
vendor default from <filename>/usr/</filename>.</para>
<para>After editing <filename>/etc/fstab</filename>, the user should invoke <command>systemctl
daemon-reload</command>. This will re-run all generators and cause <command>systemd</command> to reload
units from disk. To actually mount new directories added to <filename>fstab</filename>,
<command>systemctl start <replaceable>/path/to/mountpoint</replaceable></command> or <command>systemctl
start local-fs.target</command> may be used.</para>
</example>
<example>
<title>systemd-system-update-generator</title>
<para><citerefentry><refentrytitle>systemd-system-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
temporarily redirects <filename>default.target</filename> to <filename>system-update.target</filename>,
if a system update is scheduled. Since this needs to override the default user configuration for
<filename>default.target</filename>, it uses argv[2]. For details about this logic, see
<citerefentry><refentrytitle>systemd.offline-updates</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
</example>
<example>
<title>Debugging a generator</title>
<programlisting>dir=$(mktemp -d)
SYSTEMD_LOG_LEVEL=debug &SYSTEM_GENERATOR_DIR;/systemd-fstab-generator \
"$dir" "$dir" "$dir"
find $dir</programlisting>
</example>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-debug-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-getty-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-hibernate-resume-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-rc-local-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-system-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-sysv-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-xdg-autostart-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.environment-generator</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>
|
