五、服务控制
添加http服务到防火墙当中
[root@via Desktop]# firewall-cmd --add-service=http
Error: COMMAND_FAILED: '/sbin/iptables -w2 -A IN_public_allow -t filter -m tcp -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT'
failed: iptables: No chain/target/match by that name.
Failed to apply rules. A firewall reload might solve the issue if the firewall has been modified using ip*tables or ebtables.
[root@via Desktop]# systemctl reload firewalld.service
[root@via Desktop]# firewall-cmd --add-service=http
FirewallD is not running
[root@via Desktop]# systemctl start firewalld.service
[root@via Desktop]# firewall-cmd --add-service=http
success
[root@via Desktop]#
[Unit]
Unit部分主要是对这个服务的说明,内容包括Description和After,Description用于描述服务,After用于描述服务类别
[Service]
Service部分是服务的关键,是服务的一些具体运行参数的设置,这里Type=forking是后台运行的形式,PIDFile为存放PID的文件路径,ExecStart为服务的具体运行命令,ExecReload为重载命令,ExecStop为停止命令,注意:[Service]部分的启动、重启、停止命令全部要求使用绝对路径,使用相对路径则会报错!
[Install]
Install部分是服务安装的相关设置,可设置为多用户的. 注意: 如果服务没有Install段落,一般意味着应该通过其它服务自动调用它们 使用systemd时,可通过正确编写单元配置文件来解决其依赖关系。典型的情况是,服务A要求服务B在A启动之前运行。在此情况下,向服务A配置文件中的 [Unit] 段添加 Requires=B 和 After=B 即可
分析系统状态:
| 命令 | 含义 |
|---|---|
| systemctl 或systemctl list-units | #输出激活的单元 |
| systemctl list-units --type=service | #列出active状态的服务 |
| systemctl list-unit-files | 列出所有已安装服务 |
| systemctl --failed | #显示启动失败的服务 |
| systemd-cgls | 以树形列出正在运行的进程 |
- 所有可用的单元文件存放在 /usr/lib/systemd/system/ 和 /etc/systemd/system/ 目录(后者优先级更高)
使用单元:
一个单元可以是系统服务(.service)、挂载点(.mount)、sockets(.sockets)。 使用 systemctl 控制单元时,通常需要使用单元文件的全名,包括扩展名(例如 sshd.service)。但是有些单元可以在systemctl中使用简写方式。如果无扩展名,systemctl 默认把扩展名当作 .service。例如sshd和sshd.service 是等价的。 挂载点会自动转化为相应的 .mount 单元。例如 /home 等价于 home.mount。 设备会自动转化为相应的 .device 单元,所以 /dev/sda2 等价于 dev-sda2.device。
| 命令 | 含义 |
|---|---|
| systemctl start <单元> | #立即启动单元 |
| systemctl stop <单元> | #立即停止单元 |
| systemctl restart <单元> | #重启单元 |
| systemctl reload <单元> | #重新读取单元配置 |
| systemctl status <单元> | #输出单元运行状态 |
| systemctl is-enabled <单元> | #检查单元是否配置为自动启动 |
| systemctl enable <单元> | #开机自动启动单元 |
| systemctl disable <单元> | #取消开机自动激活单元 |
| systemctl is-active<单元> | #查看单元是不是正在运行 |
| systemctl daemon-reload | #重新载入 systemd,扫描新的或有变动的单元 |
电源管理:
| 命令 | 含义 |
|---|---|
| systemctl reboot | #重启 |
| systemctl poweroff | #退出系统并停止电源 |
| 命令 | 含义 |
|---|---|
| systemctl is-enabled servicename.service | #查询服务是否开机启动 |
| systemctl enable *.service | #开机运行服 |
| systemctl disable *.service | #取消开机运行 |
| systemctl start *.service | #启动服务 |
| systemctl stop *.service | #停止服务 |
| systemctl restart *.service | #重启服务 |
| systemctl reload *.service | #重新加载服务配置文件 |
| systemctl status *.service | #查询服务运行状态 |
| systemctl mask *.service | #禁用指定服务 |
| systemctl unmask *.service | #激活指用服务 |
注:*代表某个服务的名字,如http的服务名为httpd
案例
[root@via ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) //enabled开机启动
Active: active (running) since Fri 2016-07-08 10:33:05 CST; 57min ago
Docs: man:sshd(8) //active是处于激活状态,正在运行当中
man:sshd_config(5)
Main PID: 1193 (sshd) //进程号,PID
CGroup: /system.slice/sshd.service
└─1193 /usr/sbin/sshd -D //印象当中在学习Samba时候接触过,后面有“-D”
Jul 08 10:33:05 via systemd[1]: Started OpenSSH server daemon.
Jul 08 10:33:05 via systemd[1]: Starting OpenSSH server daemon...
Jul 08 10:33:06 via sshd[1193]: Server listening on 0.0.0.0 port 22.
Jul 08 10:33:06 via sshd[1193]: Server listening on :: port 22.
Jul 08 11:29:35 via sshd[9635]: Accepted password for root from 192.168.142.1 port 6552 ssh2 //11:29从192.168.142.1的6652端口登录,并且允许,这个是主机
停止sshd服务并查看
[root@via ~]# systemctl stop sshd.service
[root@via ~]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Fri 2016-07-08 11:31:30 CST; 11s ago //这里可以看到inactive,是处于未激活状态
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1193 (code=exited, status=0/SUCCESS)
Jul 08 10:33:05 via systemd[1]: Started OpenSSH ...
Jul 08 10:33:05 via systemd[1]: Starting OpenSSH...
Jul 08 10:33:06 via sshd[1193]: Server listening...
Jul 08 10:33:06 via sshd[1193]: Server listening...
Jul 08 11:29:35 via sshd[9635]: Accepted passwor...
Jul 08 11:31:29 via sshd[1193]: Received signal ...
Jul 08 11:31:29 via systemd[1]: Stopping OpenSSH...
Jul 08 11:31:30 via systemd[1]: Stopped OpenSSH ...
Hint: Some lines were ellipsized, use -l to show in full.
systemctl disable
[root@via ~]# systemctl disable sshd.service
Removed symlink /etc/systemd/system/multi-user.target.wants/sshd.service.
systemctl status
[root@via ~]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled) //disabled表示设定为开机禁止启动
Active: inactive (dead) //现在是未激活的状态
Docs: man:sshd(8)
man:sshd_config(5)
Jul 08 10:33:05 via systemd[1]: Started OpenSSH ...
Jul 08 10:33:05 via systemd[1]: Starting OpenSSH...
Jul 08 10:33:06 via sshd[1193]: Server listening...
Jul 08 10:33:06 via sshd[1193]: Server listening...
Jul 08 11:29:35 via sshd[9635]: Accepted passwor...
Jul 08 11:31:29 via sshd[1193]: Received signal ...
Jul 08 11:31:29 via systemd[1]: Stopping OpenSSH...
Jul 08 11:31:30 via systemd[1]: Stopped OpenSSH ...
Hint: Some lines were ellipsized, use -l to show in full.
systemctl enable
[root@via ~]# systemctl enable sshd
Created symlink from /etc/systemd/system/multi-user.target.wants/sshd.service to /usr/lib/systemd/system/sshd.service.
mask
[root@via ~]# systemctl mask sshd
Created symlink from /etc/systemd/system/sshd.service to /dev/null. //这里可以看出来是建立了一个软连接到/dev/null
[root@via ~]# systemctl status sshd
● sshd.service
Loaded: masked (/dev/null) //这里也能看出来,加载的是/dev/null
Active: inactive (dead)
Jul 08 10:33:05 via systemd[1]: Started OpenSSH ...
Jul 08 10:33:05 via systemd[1]: Starting OpenSSH...
Jul 08 10:33:06 via sshd[1193]: Server listening...
Jul 08 10:33:06 via sshd[1193]: Server listening...
Jul 08 11:29:35 via sshd[9635]: Accepted passwor...
Jul 08 11:31:29 via sshd[1193]: Received signal ...
Jul 08 11:31:29 via systemd[1]: Stopping OpenSSH...
Jul 08 11:31:30 via systemd[1]: Stopped OpenSSH ...
Hint: Some lines were ellipsized, use -l to show in full.
systemctl list-unit-files
[root@via ~]# systemctl list-unit-files | grep sshdanaconda-sshd.service
static
sshd-keygen.service static
sshd.service masked
[email protected] static
sshd.socket disabled
systemctl list-unit-files --type service
[root@via ~]# systemctl list-unit-files --type service | grep sshd
anaconda-sshd.service static
sshd-keygen.service static
sshd.service enabled
[email protected] static
[root@via ~]#