1
00:00:06,690 --> 00:00:09,420
- Alright, so the first
thing I wanna talk about

2
00:00:09,420 --> 00:00:11,970
in this lesson about
advanced systemd features,

3
00:00:11,970 --> 00:00:14,193
is how to modify systemd units.

4
00:00:15,840 --> 00:00:18,750
So, you can edit systemd units.

5
00:00:18,750 --> 00:00:21,270
If you want to know what
you can put in there,

6
00:00:21,270 --> 00:00:24,900
start by using systemctl show on the unit,

7
00:00:24,900 --> 00:00:28,380
and that'll show you all the
different unit parameters.

8
00:00:28,380 --> 00:00:31,080
And once you've decided
what you want to edit,

9
00:00:31,080 --> 00:00:32,520
you can change the settings using

10
00:00:32,520 --> 00:00:35,760
systemctl edit unit.type,

11
00:00:35,760 --> 00:00:38,040
where unit.type is the name of your unit.

12
00:00:38,040 --> 00:00:41,433
So that can be sshd.service
or whatever you want.

13
00:00:42,750 --> 00:00:44,400
And after saving changes,

14
00:00:44,400 --> 00:00:47,490
you might want to do
systemctl daemon-reload

15
00:00:47,490 --> 00:00:50,370
to update systemd and
ensure that systemd knows

16
00:00:50,370 --> 00:00:52,770
about all the most recent changes.

17
00:00:52,770 --> 00:00:54,120
But in many cases,

18
00:00:54,120 --> 00:00:56,613
that's not even required anymore nowadays.

19
00:00:57,750 --> 00:01:00,810
And next, use systemctl restart unit

20
00:01:00,810 --> 00:01:03,720
to restart the unit with new settings.

21
00:01:03,720 --> 00:01:05,490
If you don't like the default editor,

22
00:01:05,490 --> 00:01:09,060
you can also use the EDITOR
or SYSTEMD_EDITOR variable

23
00:01:09,060 --> 00:01:10,980
to change the default editor.

24
00:01:10,980 --> 00:01:12,213
Let's go check this out.

25
00:01:14,250 --> 00:01:16,680
So if you want to edit,
it's a good start to use

26
00:01:16,680 --> 00:01:21,300
systemctl show on the unit
that you want to edit.

27
00:01:21,300 --> 00:01:23,670
sshd.service, for instance.

28
00:01:23,670 --> 00:01:26,460
And there you see all
the different parameters

29
00:01:26,460 --> 00:01:28,110
that can be set.

30
00:01:28,110 --> 00:01:30,423
And let's just pick
out a random parameter.

31
00:01:31,710 --> 00:01:33,333
Delegate=no.

32
00:01:34,650 --> 00:01:35,610
You might be wondering,

33
00:01:35,610 --> 00:01:38,130
what is this Delegate=no all about?

34
00:01:38,130 --> 00:01:40,230
Well, in order to figure that out,

35
00:01:40,230 --> 00:01:45,230
use man on systemd.directives.

36
00:01:46,650 --> 00:01:50,310
systemd.directives is
a very useful man page,

37
00:01:50,310 --> 00:01:52,830
because all the different
directives that you can use

38
00:01:52,830 --> 00:01:56,880
in all of your systemd unit
files are documented in here.

39
00:01:56,880 --> 00:01:59,973
So let's look up Delegate.

40
00:02:01,350 --> 00:02:02,250
And there we can see

41
00:02:02,250 --> 00:02:07,250
that Delegate is in
systemd.resource-control,

42
00:02:07,290 --> 00:02:09,030
which is another man page.

43
00:02:09,030 --> 00:02:14,030
So, man systemd.resource-control,

44
00:02:14,250 --> 00:02:17,373
and there we are going
to look up Delegate.

45
00:02:19,590 --> 00:02:21,510
And there we can see the explanation

46
00:02:21,510 --> 00:02:25,440
for the delegation parameter.

47
00:02:25,440 --> 00:02:28,500
I don't wanna read everything
that we have right here.

48
00:02:28,500 --> 00:02:29,790
I just want to show you,

49
00:02:29,790 --> 00:02:33,510
if you find any parameter that
requires more information,

50
00:02:33,510 --> 00:02:34,710
this is how you do it.

51
00:02:34,710 --> 00:02:36,630
man systemd.directives,

52
00:02:36,630 --> 00:02:38,976
it's the most important thing to do.

53
00:02:38,976 --> 00:02:39,809
Good.

54
00:02:39,809 --> 00:02:43,863
Now, once you have decided
that you want to edit a unit,

55
00:02:44,790 --> 00:02:47,430
then you use systemctl edit.

56
00:02:47,430 --> 00:02:50,430
But wouldn't it make sense before editing,

57
00:02:50,430 --> 00:02:52,200
to show what's inside?

58
00:02:52,200 --> 00:02:54,070
So systemctl cat

59
00:02:55,230 --> 00:02:57,810
sshd.service

60
00:02:57,810 --> 00:02:59,913
is showing the current configuration.

61
00:03:00,780 --> 00:03:03,690
And in this current
configuration you can see

62
00:03:03,690 --> 00:03:06,960
all the different parameters
that currently apply.

63
00:03:06,960 --> 00:03:08,130
And you know what?

64
00:03:08,130 --> 00:03:10,290
I want to apply memory limitations.

65
00:03:10,290 --> 00:03:11,770
So let's get back

66
00:03:14,490 --> 00:03:16,650
to systemctl show.

67
00:03:16,650 --> 00:03:21,030
And in systemctl show, didn't
we have anything like memory?

68
00:03:21,030 --> 00:03:22,263
And there we go.

69
00:03:23,160 --> 00:03:24,370
We have

70
00:03:27,286 --> 00:03:28,646
MemoryMax.

71
00:03:28,646 --> 00:03:30,270
MemoryMax=infinity.

72
00:03:30,270 --> 00:03:31,950
I don't wanna set infinity.

73
00:03:31,950 --> 00:03:34,290
I want to set MemoryMax to 4 megabytes,

74
00:03:34,290 --> 00:03:35,610
or something like that.

75
00:03:35,610 --> 00:03:36,840
How do we get there?

76
00:03:36,840 --> 00:03:41,253
Well, man systemd.directives,

77
00:03:43,140 --> 00:03:46,773
MemoryMax, or just memory.

78
00:03:48,180 --> 00:03:50,730
That's a lot of memory related parameters.

79
00:03:50,730 --> 00:03:51,563
There we go.

80
00:03:51,563 --> 00:03:52,740
MemoryMax.

81
00:03:52,740 --> 00:03:56,460
And that is in systemd.resource-control.

82
00:03:56,460 --> 00:03:59,820
So, back to resource-control,

83
00:03:59,820 --> 00:04:02,790
and let's look at MemoryMax.

84
00:04:02,790 --> 00:04:03,723
And,

85
00:04:05,490 --> 00:04:06,323
there we go.

86
00:04:06,323 --> 00:04:10,440
MemoryMax is, and there we can
see the value in bytes, or,

87
00:04:10,440 --> 00:04:12,300
and this is what I was looking for,

88
00:04:12,300 --> 00:04:15,540
suffixed by K or M or G or T.

89
00:04:15,540 --> 00:04:16,680
Well that's perfect.

90
00:04:16,680 --> 00:04:21,680
I want it to be suffixed
by M for megabytes.

91
00:04:23,940 --> 00:04:25,530
So now we can get back.

92
00:04:25,530 --> 00:04:29,260
And finally we can use systemctl edit

93
00:04:30,270 --> 00:04:33,090
sshd.service.

94
00:04:33,090 --> 00:04:35,130
And here we have the default editor.

95
00:04:35,130 --> 00:04:36,450
Hoo, that is nano.

96
00:04:36,450 --> 00:04:39,330
I don't like nano as a default editor,

97
00:04:39,330 --> 00:04:41,310
but for now I'll deal with it,

98
00:04:41,310 --> 00:04:44,670
because I wanna focus on this MemoryMax,

99
00:04:44,670 --> 00:04:46,530
which is a parameter of the service.

100
00:04:46,530 --> 00:04:51,180
So I am going to put the
modification at the location

101
00:04:51,180 --> 00:04:54,390
where the editor is indicating.

102
00:04:54,390 --> 00:04:56,260
So MemoryMax=4M.

103
00:04:59,790 --> 00:05:03,753
4 megabytes should be
more than enough for SSH.

104
00:05:04,620 --> 00:05:08,700
Now that I've made my change,
I can use Control + X.

105
00:05:08,700 --> 00:05:10,920
And save modified buffer? Yes.

106
00:05:10,920 --> 00:05:15,810
And I'm pressing Enter to
create the override file.

107
00:05:15,810 --> 00:05:19,170
Now what is going on when
you use systemctl edit?

108
00:05:19,170 --> 00:05:21,039
Well, that is what we will find if we use

109
00:05:21,039 --> 00:05:24,873
systemctl cat again on sshd.service.

110
00:05:25,890 --> 00:05:29,100
Let me put that on top of the
screen for better readability.

111
00:05:29,100 --> 00:05:31,380
Here we can see the default configuration

112
00:05:31,380 --> 00:05:34,920
from /usr/lib/systemd/system/sshd.service.

113
00:05:34,920 --> 00:05:36,240
And what is happening?

114
00:05:36,240 --> 00:05:38,880
Well, when you use systemctl edit,

115
00:05:38,880 --> 00:05:41,010
you create an override file.

116
00:05:41,010 --> 00:05:43,493
And the override file is in

117
00:05:43,493 --> 00:05:48,270
/etc/systemd/system/sshd.service.d

118
00:05:48,270 --> 00:05:49,103
in this case.

119
00:05:49,103 --> 00:05:49,936
And you know what?

120
00:05:49,936 --> 00:05:51,570
They are both going to be merged.

121
00:05:51,570 --> 00:05:55,590
So at this point, my sshd.service

122
00:05:55,590 --> 00:05:59,703
has a maximum memory
setting of 4 megabytes.

123
00:06:00,900 --> 00:06:02,610
If you really want to do it decently,

124
00:06:02,610 --> 00:06:06,000
you should consider daemon-reload
and restart unit.type.

125
00:06:06,000 --> 00:06:07,620
Is it necessary?

126
00:06:07,620 --> 00:06:09,000
Let's figure it out.

127
00:06:09,000 --> 00:06:12,640
systemctl status on sshd.service

128
00:06:13,950 --> 00:06:16,590
And what do we see?

129
00:06:16,590 --> 00:06:19,680
Well, we see that by using systemctl edit

130
00:06:19,680 --> 00:06:21,450
on modern versions of systemd,

131
00:06:21,450 --> 00:06:23,730
you don't have to restart anything.

132
00:06:23,730 --> 00:06:25,620
It is automatically picked up.

133
00:06:25,620 --> 00:06:26,453
And at this moment,

134
00:06:26,453 --> 00:06:30,633
my sshd process cannot
go beyond 4 megabytes.

135
00:06:31,620 --> 00:06:33,060
And that is how you can apply

136
00:06:33,060 --> 00:06:35,550
the so-called cgroups on systemd.

137
00:06:35,550 --> 00:06:37,830
More about cgroups later.

138
00:06:37,830 --> 00:06:41,430
But there is one thing that
I want to fix right now.

139
00:06:41,430 --> 00:06:43,360
And that is export

140
00:06:45,360 --> 00:06:49,563
EDITOR=/usr/bin/vim.

141
00:06:50,790 --> 00:06:53,130
And now if we do the edit thing again,

142
00:06:53,130 --> 00:06:54,960
there we have a real editor.

143
00:06:54,960 --> 00:06:56,160
That's a matter of taste.

144
00:06:56,160 --> 00:06:57,810
You are allowed to disagree.

145
00:06:57,810 --> 00:06:59,880
And if you want to do
your edits with nano,

146
00:06:59,880 --> 00:07:01,053
that's perfectly fine.