@import "./support/support"; @import "./color_schemes/"; @import "./modules"; @import "./custom/custom";
Link
Sysadmin DeCal

Lab 7 - Services

Facilitator: Ryan Ma

6 min read

Table of contents

  1. Using systemd
    1. What services are running right now?
    2. Controlling Services
    3. Creating a service
    4. Debugging
    5. Crash the service!
  2. Exploration

Using systemd

What services are running right now?

On your provided virtual machine, run systemctl. You’ll see a long table of every unit known to systemd.

Let’s narrow it down to services for now. Run systemctl --type=service. Now you can see a list of all services running on your virtual machine. Each of these services is a daemon running in the background. Do you see any familiar services running?

Controlling Services

Now let’s use systemd to control a an nginx web server. Again on your virtual machine, install nginx by issuing sudo apt install nginx. Once that is done, we can tell systemd to start the service with the following: sudo systemctl start nginx. Run systemctl status nginx to ensure it is running and navigate to http://yourvm.decal.xcf.sh/ – you should be greeted by the nginx default landing page.

Now let’s make nginx listen for connections on the nonstandard port 420. Using a terminal text editor, change the following lines in /etc/nginx/sites-available/default:

listen 80 default_server;
listen [::]:80 default_server;

to:

listen 420 default_server;
listen [::]:420 default_server;

Tell systemd that nginx has changed configuration and needs reloading with: sudo systemctl reload nginx. Now, accessing http://yourvm.decal.xcf.sh/ should now give you a connection refused error and your webserver will only be accessible via http://yourvm.decal.xcf.sh:420/.

Note that not all services can be reloaded; systemd will notify you if this is the case and such services will have to be restarted instead with: sudo systemctl restart yourservice.

Finally go ahead and stop the nginx service with sudo systemctl stop nginx.

Exercise 1: What is the difference between systemctl reload yourservice and systemctl restart yourservice?

Exercise 2: Which file determines what exactly happens when systemctl reload yourservice is called on different services?

Creating a service

Let’s set up a web server and create a systemd unit for it. Make sure git is installed; if it’s not, install it using apt.

To get the code run: git clone https://github.com/0xcf/decal-labs.git

If you have already cloned the repository, go to your decal-labs directory and run git pull. The materials for this part of the lab will be in the b7 directory.

We will also need to install some dependencies. Go ahead and execute the following commands:

sudo apt update
sudo apt install build-essential make python3-virtualenv

Now run ./run. This should start up a simple web server at http://yourvm.decal.xcf.sh:5000

If you’re having issues reaching the site on your browser, try accessing it from a shell using a command like curl

Your mission, should you choose to accept it, is to write a systemd service that manages this web server. To do this, make a new unit file in /etc/systemd/system/toy.service (using sudo to give yourself privileges if necessary). Refer to the slides for an example; DigitalOcean also has a good guide on how to write systemd units. Here is a skeleton; all you need to do is fill in the values for each field.

[Unit]
Description=
Requires=
After=

[Install]
WantedBy=multi-user.target

[Service]
ExecStart=
User=

Some questions worth considering while writing this unit file are:

  • What units needs to be started before a webserver starts (Hint: network)?
  • What script should systemd run to start the webserver?
  • Units run by root as default. Is that a safe practice for web servers?

You are encouraged to experiment with other fields as suits your liking.

  • Hint: If you’re stuck, try taking a look at the unit file for nginx.
  • Hint: If you can’t find the service file, know that a certain command used to display service information for a given service will also display the unit file path

Once you have finished creating toy.service, let’s start the service and have the it start whenever our machine is booted.

sudo systemctl start toy.service
sudo systemctl enable toy.service

Debugging

You can check if the unit file succeeded by running systemctl status toy.service. If you are having issues with the unit file or the web server, check the logs for this unit by running journalctl -u toy.service. If you run into errors don’t get demoralized (it is, after all, only a decal); as a sysadmin you’ll have to become comfortable making sense of arcane error messages.

Crash the service!

One of the great benefits of using systemd to manage your services is that you don’t have to worry unnecessarily about bringing a process back up if it crashes. So let’s crash the service! You can do this by either sending a POST request with the json payload '{"crash":"true"}' to http://yourvm.decal.xcf.sh:5000/crash (Hint: use curl with the --data option) or by killing the webserver manually by sending a signal (using kill) – both will cause the unit to crash. You can verify if you succeeded by running systemctl status toy.service, and the unit should either be in an inactive or failed state, depending on how you killed it.

Now add the following the /etc/systemd/system/toy.service under the Service directive:

Restart=always
RestartSec=10

To tell systemd that the unit file has changed run sudo systemctl daemon-reload. Now start your webserver and kill it again in any way you please, and you should see that it come back online after 10 seconds! Note that you can also run daemon-reload and change a unit file while a service is running.

Exercise 3: Submit your toy.service file!

Exploration

Congratulations, you have completed the lab! This is just the tip of the iceberg when it comes to processes and services. If you want to learn more, here are some related topics you can look into.