summaryrefslogtreecommitdiffstats
path: root/man/systemd.generator.xml
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 20:49:52 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 20:49:52 +0000
commit55944e5e40b1be2afc4855d8d2baf4b73d1876b5 (patch)
tree33f869f55a1b149e9b7c2b7e201867ca5dd52992 /man/systemd.generator.xml
parentInitial commit. (diff)
downloadsystemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.tar.xz
systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.zip
Adding upstream version 255.4.upstream/255.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/systemd.generator.xml')
-rw-r--r--man/systemd.generator.xml403
1 files changed, 403 insertions, 0 deletions
diff --git a/man/systemd.generator.xml b/man/systemd.generator.xml
new file mode 100644
index 0000000..b216ef9
--- /dev/null
+++ b/man/systemd.generator.xml
@@ -0,0 +1,403 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY % entities SYSTEM "custom-entities.ent" >
+%entities;
+]>
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+
+<refentry id="systemd.generator" xmlns:xi="http://www.w3.org/2001/XInclude">
+ <refentryinfo>
+ <title>systemd.generator</title>
+ <productname>systemd</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>systemd.generator</refentrytitle>
+ <manvolnum>7</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>systemd.generator</refname>
+ <refpurpose>systemd unit generators</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command index='false'>/path/to/generator</command>
+ <arg choice="plain"><replaceable>normal-dir</replaceable></arg>
+ <arg choice="option"><replaceable>early-dir</replaceable></arg>
+ <arg choice="option"><replaceable>late-dir</replaceable></arg>
+ </cmdsynopsis>
+
+ <para>
+ <literallayout><filename>/run/systemd/system-generators/*</filename>
+<filename>/etc/systemd/system-generators/*</filename>
+<filename>/usr/local/lib/systemd/system-generators/*</filename>
+<filename>&SYSTEM_GENERATOR_DIR;/*</filename></literallayout>
+ </para>
+
+ <para>
+ <literallayout><filename>/run/systemd/user-generators/*</filename>
+<filename>/etc/systemd/user-generators/*</filename>
+<filename>/usr/local/lib/systemd/user-generators/*</filename>
+<filename>&USER_GENERATOR_DIR;/*</filename></literallayout>
+ </para>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+ <para>Generators are small executables placed in <filename>&SYSTEM_GENERATOR_DIR;/</filename> and other
+ directories listed above.
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> will execute
+ these binaries very early at bootup and at configuration reload time — before unit files are
+ loaded. Their main purpose is to convert configuration and execution context parameters that are not
+ native to the service manager into dynamically generated unit files, symlinks or unit file drop-ins, so
+ that they can extend the unit file hierarchy the service manager subsequently loads and operates
+ on.</para>
+
+ <para><command>systemd</command> will call each generator with three directory paths that are to be used
+ for generator output. In these three directories, generators may dynamically generate unit files (regular
+ ones, instances, as well as templates), unit file <filename>.d/</filename> drop-ins, and create symbolic
+ links to unit files to add additional dependencies, create aliases, or instantiate existing templates.
+ Those directories are included in the unit load path, allowing generated configuration to extend or
+ override existing definitions. For tests, generators may be called with just one argument; the generator
+ should assume that all three paths are the same in that case.</para>
+
+ <para>Directory paths for generator output differ by priority: <filename>…/generator.early</filename> has
+ priority higher than the admin configuration in <filename>/etc/</filename>, while
+ <filename>…/generator</filename> has lower priority than <filename>/etc/</filename> but higher than
+ vendor configuration in <filename>/usr/</filename>, and <filename>…/generator.late</filename> has
+ priority lower than all other configuration. See the next section and the discussion of unit load paths
+ and unit overriding in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ </para>
+
+ <para>Generators are loaded from a set of paths determined during compilation, as listed above. System
+ and user generators are loaded from directories with names ending in
+ <filename>system-generators/</filename> and <filename>user-generators/</filename>,
+ respectively. Generators found in directories listed earlier override the ones with the same name in
+ directories lower in the list. A symlink to <filename>/dev/null</filename> or an empty file can be used
+ to mask a generator, thereby preventing it from running. Please note that the order of the two
+ directories with the highest priority is reversed with respect to the unit load path, and generators in
+ <filename>/run/</filename> overwrite those in <filename>/etc/</filename>.</para>
+
+ <para>After installing new generators or updating the configuration, <command>systemctl
+ daemon-reload</command> may be executed. This will delete the previous configuration created by
+ generators, re-run all generators, and cause <command>systemd</command> to reload units from disk. See
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more
+ information.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Output directories</title>
+
+ <para>Generators are invoked with three arguments: paths to directories where generators can place their
+ generated unit files or symlinks. By default those paths are runtime directories that are included in the
+ search path of <command>systemd</command>, but a generator may be called with different paths for
+ debugging purposes. If only one argument is provided, the generator should use the same directory as the
+ three output paths.</para>
+
+ <orderedlist>
+ <listitem>
+ <para><parameter>normal-dir</parameter></para>
+ <para>In normal use this is <filename>/run/systemd/generator</filename> in case of the system
+ generators and <filename>$XDG_RUNTIME_DIR/systemd/generator</filename> in case of the user
+ generators. Unit files placed in this directory take precedence over vendor unit configuration but
+ not over native user/administrator unit configuration.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para><parameter>early-dir</parameter></para>
+ <para>In normal use this is <filename>/run/systemd/generator.early</filename> in case of the system
+ generators and <filename>$XDG_RUNTIME_DIR/systemd/generator.early</filename> in case of the user
+ generators. Unit files placed in this directory override unit files in <filename>/usr/</filename>,
+ <filename>/run/</filename> and <filename>/etc/</filename>. This means that unit files placed in this
+ directory take precedence over all normal configuration, both vendor and user/administrator.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter>late-dir</parameter></para>
+ <para>In normal use this is <filename>/run/systemd/generator.late</filename> in case of the system
+ generators and <filename>$XDG_RUNTIME_DIR/systemd/generator.late</filename> in case of the user
+ generators. This directory may be used to extend the unit file tree without overriding any other unit
+ files. Any native configuration files supplied by the vendor or user/administrator take
+ precedence.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>Note: generators <emphasis>must not</emphasis> write to other locations or otherwise make changes
+ to system state. Generator output is supposed to last only until the next
+ <command>daemon-reload</command> or <command>daemon-reexec</command>; if the generator is replaced
+ or masked, its effects should vanish.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Environment</title>
+
+ <para>The service manager sets a number of environment variables when invoking generator
+ executables. They carry information about the execution context of the generator, in order to simplify
+ conditionalizing generators to specific environments. The following environment variables are set:</para>
+
+ <variablelist class='environment-variables'>
+ <varlistentry>
+ <term><varname>$SYSTEMD_SCOPE</varname></term>
+
+ <listitem><para>If the generator is invoked from the system service manager this variable is set to
+ <literal>system</literal>; if invoked from the per-user service manager it is set to
+ <literal>user</literal>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>$SYSTEMD_IN_INITRD</varname></term>
+
+ <listitem><para>If the generator is run as part of an initrd this is set to <literal>1</literal>. If
+ it is run from the regular host (i.e. after the transition from initrd to host) it is set to
+ <literal>0</literal>. This environment variable is only set for system generators.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>$SYSTEMD_FIRST_BOOT</varname></term>
+
+ <listitem><para>If this boot-up cycle is considered a "first boot", this is set to
+ <literal>1</literal>; if it is a subsequent, regular boot it is set to <literal>0</literal>. For
+ details see the documentation of <varname>ConditionFirstBoot=</varname> in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This
+ environment variable is only set for system generators.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>$SYSTEMD_VIRTUALIZATION</varname></term>
+
+ <listitem><para>If the service manager is run in a virtualized environment,
+ <varname>$SYSTEMD_VIRTUALIZATION</varname> is set to a pair of strings, separated by a colon. The
+ first string is either <literal>vm</literal> or <literal>container</literal>, categorizing the type
+ of virtualization. The second string identifies the implementation of the virtualization
+ technology. If no virtualization is detected this variable will not be set. This data is identical to
+ what
+ <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ detects and reports, and uses the same vocabulary of virtualization implementation
+ identifiers.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>$SYSTEMD_ARCHITECTURE</varname></term>
+
+ <listitem><para>This variable is set to a short identifier of the reported architecture of the
+ system. For details about defined values, see documentation of
+ <varname>ConditionArchitecture=</varname> in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>$CREDENTIALS_DIRECTORY</varname></term>
+ <term><varname>$ENCRYPTED_CREDENTIALS_DIRECTORY</varname></term>
+
+ <listitem><para>If set, refers to the directory system credentials have been placed in. Credentials
+ passed into the system in plaintext form will be placed in <varname>$CREDENTIALS_DIRECTORY</varname>,
+ and those passed in in encrypted form will be placed in
+ <varname>$ENCRYPTED_CREDENTIALS_DIRECTORY</varname>. Use the
+ <citerefentry><refentrytitle>systemd-creds</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ command to automatically decrypt/authenticate credentials passed in, if needed. Specifically, use the
+ <command>systemd-creds --system cat</command> command.</para>
+
+ <xi:include href="version-info.xml" xpointer="v254"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>$SYSTEMD_CONFIDENTIAL_VIRTUALIZATION</varname></term>
+
+ <listitem><para>If the service manager is run in a confidential virtualized environment,
+ <varname>$SYSTEMD_CONFIDENTIAL_VIRTUALIZATION</varname> is set to a string that identifies
+ the confidential virtualization hardware technology. If no confidential virtualization is
+ detected this variable will not be set. This data is identical to what
+ <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ detects and reports, and uses the same vocabulary of confidential virtualization
+ technology identifiers.</para>
+
+ <xi:include href="version-info.xml" xpointer="v254"/></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Notes about writing generators</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>All generators are executed in parallel. That means all executables are started at the very
+ same time and need to be able to cope with this parallelism.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>Generators are run very early at boot and cannot rely on any external services. They may not
+ talk to any other process. That includes simple things such as logging to <citerefentry
+ project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>, or
+ <command>systemd</command> itself (this means: no
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>)!
+ Non-essential file systems like <filename>/var/</filename> and <filename>/home/</filename> are
+ mounted after generators have run. Generators can however rely on the most basic kernel functionality
+ to be available, as well as mounted <filename>/sys/</filename>, <filename>/proc/</filename>,
+ <filename>/dev/</filename>, <filename>/usr/</filename> and <filename>/run/</filename> file systems.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>Units written by generators are removed when the configuration is reloaded. That means the
+ lifetime of the generated units is closely bound to the reload cycles of <command>systemd</command>
+ itself.</para>
+ </listitem>
+
+ <listitem>
+ <para>Generators should only be used to generate unit files, <filename>.d/*.conf</filename> drop-ins
+ for them and symlinks to them, not any other kind of non-unit related configuration. Due to the
+ lifecycle logic mentioned above, generators are not a good fit to generate dynamic configuration for
+ other services. If you need to generate dynamic configuration for other services, do so in normal
+ services you order before the service in question.</para>
+
+ <para>Note that using the <varname>StandardInputData=</varname>/<varname>StandardInputText=</varname>
+ settings of service unit files (see
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>), it
+ is possible to make arbitrary input data (including daemon-specific configuration) part of the unit
+ definitions, which often might be sufficient to embed data or configuration for other programs into
+ unit files in a native fashion.</para>
+ </listitem>
+
+ <listitem>
+ <para>Since
+ <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+
+ is not available (see above), log messages have to be written to <filename>/dev/kmsg</filename>
+ instead.</para>
+ </listitem>
+
+ <listitem>
+ <para>The generator should always include its own name in a comment at the top of the generated file,
+ so that the user can easily figure out which component created or amended a particular unit.</para>
+
+ <para>The <varname>SourcePath=</varname> directive should be used in generated files to specify the
+ source configuration file they are generated from. This makes things more easily understood by the
+ user and also has the benefit that systemd can warn the user about configuration files that changed
+ on disk but have not been read yet by systemd. The <varname>SourcePath=</varname> value does not have
+ to be a file in a physical filesystem. For example, in the common case of the generator looking at
+ the kernel command line, <option>SourcePath=/proc/cmdline</option> should be used.</para>
+ </listitem>
+
+ <listitem>
+ <para>Generators may write out dynamic unit files or just hook unit files into other units with the
+ usual <filename>.wants/</filename> or <filename>.requires/</filename> symlinks. Often, it is nicer to
+ simply instantiate a template unit file from <filename>/usr/</filename> with a generator instead of
+ writing out entirely dynamic unit files. Of course, this works only if a single parameter is to be
+ used.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you are careful, you can implement generators in shell scripts. We do recommend C code
+ however, since generators are executed synchronously and hence delay the entire boot if they are
+ slow.</para>
+ </listitem>
+
+ <listitem>
+ <para>Regarding overriding semantics: there are two rules we try to follow when thinking about the
+ overriding semantics:</para>
+
+ <orderedlist numeration="lowerroman">
+ <listitem>
+ <para>User configuration should override vendor configuration. This (mostly) means that stuff
+ from <filename>/etc/</filename> should override stuff from <filename>/usr/</filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Native configuration should override non-native configuration. This (mostly) means that
+ stuff you generate should never override native unit files for the same purpose.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>Of these two rules the first rule is probably the more important one and breaks the second one
+ sometimes. Hence, when deciding whether to use argv[1], argv[2], or argv[3], your default choice
+ should probably be argv[1].</para>
+ </listitem>
+
+ <listitem>
+ <para>Instead of heading off now and writing all kind of generators for legacy configuration file
+ formats, please think twice! It is often a better idea to just deprecate old stuff instead of keeping
+ it artificially alive.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </refsect1>
+
+ <refsect1>
+ <title>Examples</title>
+ <example>
+ <title>systemd-fstab-generator</title>
+
+ <para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ converts <filename>/etc/fstab</filename> into native mount units. It uses argv[1] as location to place
+ the generated unit files in order to allow the user to override <filename>/etc/fstab</filename> with
+ their own native unit files, but also to ensure that <filename>/etc/fstab</filename> overrides any
+ vendor default from <filename>/usr/</filename>.</para>
+
+ <para>After editing <filename>/etc/fstab</filename>, the user should invoke <command>systemctl
+ daemon-reload</command>. This will re-run all generators and cause <command>systemd</command> to reload
+ units from disk. To actually mount new directories added to <filename>fstab</filename>,
+ <command>systemctl start <replaceable>/path/to/mountpoint</replaceable></command> or <command>systemctl
+ start local-fs.target</command> may be used.</para>
+ </example>
+
+ <example>
+ <title>systemd-system-update-generator</title>
+
+ <para><citerefentry><refentrytitle>systemd-system-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ temporarily redirects <filename>default.target</filename> to <filename>system-update.target</filename>,
+ if a system update is scheduled. Since this needs to override the default user configuration for
+ <filename>default.target</filename>, it uses argv[2]. For details about this logic, see
+ <citerefentry><refentrytitle>systemd.offline-updates</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+ </para>
+ </example>
+
+ <example>
+ <title>Debugging a generator</title>
+
+ <programlisting>dir=$(mktemp -d)
+SYSTEMD_LOG_LEVEL=debug &SYSTEM_GENERATOR_DIR;/systemd-fstab-generator \
+ "$dir" "$dir" "$dir"
+find $dir</programlisting>
+ </example>
+ </refsect1>
+
+ <refsect1>
+ <title>See also</title>
+
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-debug-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-getty-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-hibernate-resume-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-rc-local-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-sysv-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-xdg-autostart-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.environment-generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+</refentry>