How to remove systemd's service in yocto? - service

I want to delete unnecessary systemd services. I tried a few method in my custom layer, but nothing is working. Is there another way?
layer.conf
PACKAGECONFIG_remove_pn-systemd = " timesyncd connman nfs-server bluetooth psplash-basic atd"
recipes-core/systemd/systemd_%.bbappend
PACKAGECONFIG_remove = "timesyncd connman nfs-server bluetooth psplash-basic atd"

If I understand correctly, these packageconfigs aren't in systemd recipe, you can only remove packageconfig that are in this list systemd_239.bb

'bitbake -e systemd' should tell you the final value of PACKAGECONFIG, and how it was formed.

Related

How do I mask serail-getty#ttyAMA0 service in yocto

I am trying to mask the serial-getty#ttyAMA0 service from within a Recipe.
How Can I achieve this?
I tried creating a initscripts bbappend file with this addition as shown below
pkg_postinst_${PN}{
systemctl mask serial-getty#ttyAMA0.service
}
But this gives me an error. Could not invoke Dnf
I have run out of Ideas
Correct solution is to control SERIAL_CONSOLES variable in local.conf. systemd-serialgetty parses it and creates corresponding systemd service files. Simple
SERIAL_CONSOLES = ""
can do the trick for you.

nginx-ingress within kuberntes / how to enable and use geoip?

Just realized that geoip was present by default within the nginx-ingress in the context of kubernetes; that is, looked around, being new into nginx geoip, I don't have much clue about how to benefit from this
Firstly, is there any declarative setup to effectively have it working ? A configmap setup, or so ?
Secondly, how such info is passed from the nginx-ingress to an app ? Is the info present in the headers ? is there any extra setup to apply ?
thanks a lot for any experienced input; best
Find usefull documentation about how to configure Geoip2 for nginx ingress kubernetes deployment.
Example Nginx Configuration ConfigMap
You will find the expected ConfigMap name at the nginx controller container entrypoint or environment variables. Furthermore you can override this name, the way to do so will depend on your nginx installation/deployment method.
ConfiMap Nginx supported configurations
You will find there a listed all the supported configs/properties plus a sort description about them and how to use them.
For this specific question, the property to configure Geoip2 is "use-geoip2" (link below)
Enable GeoIP2
remark: you will need a license and add a flag at nginx entry command providing it
The nginx_http_geoip_module module creates variables with values depending on the client IP address, using the precompiled MaxMind databases.
This module is not built by default, it should be enabled with the --with-http_geoip_module configuration parameter.
The module analyze headers, next connect to defined database, fetch the localization information and offers a variables regarding to them like
country or city of connection origin. Some examples:
$geoip_country_code - two-letter country code
$geoip_city - city name
$geoip_postal_code - postal code

Disable a standard systemd service in Yocto build

I need to start my own systemd service, let's call it custom.service. I know how to write a recipe for it to be added and enabled on boot:
SYSTEMD_SERVICE_${PN} = "custom.service"
SYSTEMD_AUTO_ENABLE_${PN} = "enable"
However, it conflicts with one of the default systemd services - systemd-timesyncd.service.
Is there a nice preferred way to disable that default systemd service in my bitbake file even though the systemd_XX.bb actually enables it?
I can create a systemd_%.bbappend file to modify the systemd settings, but I can't locate the place where one service can be disabled leaving all others enabled.
The working solution I found is to remove the timesyncd altogether using
PACKAGECONFIG_remove = "timesyncd"
But I wonder if this is a appropriate way and if there is a way to just disable it, but leave in the system.
How about adding a .bbappend recipe for the conflicting service you want disabled. In it, you would add:
SYSTEMD_AUTO_ENABLE_${PN} = "disable"
If the system runs fine with the other package removed, then removing the package is a preferred solution. Fewer packages means a simpler system.
Usually you would set SYSTEMD_AUTO_ENABLE_${PN} = "disable" and that would let the service be part of image but disabled on boot. However for systemd which provides a lot of default service units this may not be a solution you might want to deploy. You could surgically delete the symlink in etc which will ensure that service is not started automatically on boot but the .service file is still part of image. So add following to systemd_%.bbappend file in your layer
do_install_append() {
rm -rf ${D}${sysconfdir}/systemd/system/sysinit.target.wants/systemd-timesyncd.service
}
There are other ways to disable this e.g. using systemd presets as described here
Use the systemd.preset — Service enablement presets and in particular following steps.
Create a .bbappend file meta-xxx/recipes-core/systemd/systemd_%.bbappend with this content:
do_configure_append() {
#disabling autostart of systemd-timesyncd
sed -i -e "s/enable systemd-timesyncd.service/disable systemd-timesyncd.service/g" ${S}/presets/90-systemd.preset
}
In my yocto-based Linux distribution (yocto zeus release) above steps are enough to disable the service which remains installed.
In the output distribution previous steps modify the file /lib/systemd/system-preset/90-systemd.preset.
After the modification, in that file, appear the row: disable systemd-timesyncd.service and this row substitutes the raw: enable systemd-timesyncd.service
At this link there are some information about the topic: systemd.preset — Service enablement presets.
Other useful.
I was not able to use SYSTEMD_AUTO_ENABLE_${PN} = "disable" in this context.
For other recipes (for example dnsmasq_2.82.bb) the previous assignment works correctly and I have used it to enable (or disable) a service in the yocto distribution.
I think the "official" way to do this is to have something like this somewhere in your project:
PACKAGECONFIG_append_pn-systemd = "--disable-timesyncd"
This does basically the same you already suggested. To simply not enable the service you have to do it manually since you can modify the auto enable only per recipe.

Howto remove syslog completely from a yocto image based on systemd

I want to generate a Yocto image that uses systemd as the unique service to control my system logs. So I just want to use journalctl tool and don't want any reference to syslog at all.
To setup a systemd image I have setup my distro as this (as explained in the Yocto documentation):
DISTRO_FEATURES_append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
VIRTUAL-RUNTIME_dev_manager = "systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = ""
However, the built image adds a rpm package called sysklogd, and the generated image runs some syslog related systemctl services:
- syslogd.service
- syslog.socket
I would like to generate and image with no reference to syslog at all. What should be the proper way to manage this issue?
Thank you in advance! :)
Add
VIRTUAL-RUNTIME_syslog = ""
in a .bb or .bbapend file. This will remove sysklogd package.
Refer file /meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb where it is defined as
VIRTUAL-RUNTIME_syslog ?= "sysklogd"
Finally I fixed my issue. First of all I removed "busybox" from my custom image following the information explained in this link:
Removing busybox completely from a Yocto generated image
After removing busybox, defining this variable (as suggested on previous answers) worked as expected:
VIRTUAL-RUNTIME_syslog = ""
Now the generated image doesn't contain any reference to syslog nor sysklogd. Thank you so much for all your support!! :-)

installing kubernetes on coreos with rkt and automated script

I'm trying to install kuberentes with rkt on my real (not virtual) coreos servers at home using the scripts at https://github.com/coreos/coreos-kubernetes/tree/master/multi-node/generic and I have some questions.
my etcd2 is using tls keys, I can't see anywhere in the script where I can define where the certificates are located.
can I supply a domain instead of IP for ADVERTISE_IP and CONTROLLER_ENDPOINT ?
when I tried to install kubernetes manually I needed start the rkt service api. it doesn't state in the documents that it needed here, does it mean that I don't need it if I use these scripts? or is it just something that's missing in the documents?
thanks!
update
Rob thank you so much for your response. I wasn't clear enough regarding etcd2. I already have etcd2 tls installed and properly configured on my coreos servers. so I configured my etcd servers in the controller-install.sh file:
export ETCD_ENDPOINTS="https://coreos-2.tux-in.com:2379,https://coreos-3.tux-in.com:2379"
but when I run the controller-install.sh script, it returns and repeat the following output:
Waiting for etcd...
Trying: https://coreos-2.tux-in.com:2379
Trying: https://coreos-3.tux-in.com:2379
Trying: https://coreos-2.tux-in.com:2379
Trying: https://coreos-3.tux-in.com:2379
...
so I was guessing it's because i didn't define etcd related tls certificates in the controller script and that is why it stuck in that faze.
on my macbook pro laptop I have the following alias configured:
alias myetcdctl="~/apps/etcd-v3.0.8-darwin-amd64/etcdctl --endpoint=https://coreos-2.tux-in.com:2379 --ca-file=/Users/ufk/Projects/coreos/tux-in/etcd/certs/certs-names/ca.pem --cert-file=/Users/ufk/Projects/coreos/tux-in/etcd/certs/certs-names/etcd1.pem --key-file=/Users/ufk/Projects/coreos/tux-in/etcd/certs/certs-names/etcd1-key.pem --timeout=10s"
so when I run myetcdctl member list I get:
8832ce6a269a7dac: name=ccff826d5f564c67abf35467306f80a0 peerURLs=https://coreos-3.tux-in.com:2380 clientURLs=https://coreos-3.tux-in.com:2379 isLeader=true
a2c0ac9708ef90fc: name=dc38bc8f20e64940b260d3f7b260430d peerURLs=https://coreos-2.tux-in.com:2380 clientURLs=https://coreos-2.tux-in.com:2379 isLeader=false
so I'm guessing that I don't really have a problem there.
any ideas?
thanks!
my etcd2 is using tls keys, I can't see anywhere in the script where I can define where the certificates are located.
These scripts don't start an etcd server. You will need to set one up manually and will be able to use TLS and as many nodes as you would like. This isn't clear in the current form of the document, I will attempt a PR to fix.
can I supply a domain instead of IP for ADVERTISE_IP and CONTROLLER_ENDPOINT ?
Only CONTROLLER_ENDPOINT be a domain name.
when I tried to install kubernetes manually I needed start the rkt service api. it doesn't state in the documents that it needed here, does it mean that I don't need it if I use these scripts? or is it just something that's missing in the documents?
These scripts include/start the rkt API service. As you can see below, it also has a Restart parameter set (source):
[Unit]
Before=kubelet.service
[Service]
ExecStart=/usr/bin/rkt api-service
Restart=always
RestartSec=10
[Install]
RequiredBy=kubelet.service