导火索,事情的起因其实是因为我们的
java程序测试环境长时间不使用,导致/tmp目录下的记录pid文件被删除了,然后就发现了linux的系统自动删除功能,然后就有了这篇深入探讨(装逼)的文章
正题开始
CentOS7的/tmp目录自动清理规则
CentOS6以下系统(含)使用watchtmp + cron来实现定时清理临时文件的效果(这个结果是百度的,没有确认,因为系统脚本上7了,8也出来了),这点在CentOS7发生了变化,在CentOS7下,系统使用systemd管理易变与临时文件:
一、清理工具systemd-tmpfiles
提到这个工具就不得不提系统相关systemd-tmpfiles的服务
简单点,直接链接(敷衍了事):
systemd-tmpfiles工具的使用介绍 在文档中对clean的解释有点一脸懵逼:
--create
创建及写入所有 f, F, w, d, D, v, p, L, c, b, m 标记的文件与目录。 所有 z, Z, t, T, a, A 标记的文件与目录都将被设置相应的 属主/属组、权限、安全标签。
这里贴下配置文件的简单介绍
配置文件格式
配置文件的格式是每行对应一个路径,包含如下字段: 类型, 路径, 权限, 属主, 属组, 寿命, 参数
#Type Path Mode UID GID Age Argument
d /run/user 0755 root root 10d -
L /tmp/foobar - - - - /dev/null
上面create说的就是Tpye(类型),具体的看配置文件链接简介
systemd-tmpfiles 服务介绍
官网原文:
Red Hat Enterprise Linux (and Fedora as well) provides a more structured and configurable method to manage temporary directories and files: systemd-tmpfiles.
Once a Red Hat-like system boots up, a special unit file is executed: systemd-tmpfiles-setup, this unit will execute the systemd-tmpfile --create --remove command.
红帽和fedora都为了方便管理/tmp目录,提供了系统级别的定时任务清理,简单的就是创建删除命令。
不废话,甩链接Managing temporary files
看了官网,有下面几个服务
systemd-tmpfiles, systemd-tmpfiles-setup.service, systemd-tmpfiles-setup-dev.service, systemd-tmpfiles-clean.service, systemd-tmpfiles-clean.timer — 创建、删除、清理 易变文件与临时文件
systemd-tmpfiles [OPTIONS...] [CONFIGFILE...]
systemd-tmpfiles-setup.service 创建
systemd-tmpfiles-setup-dev.service 创建
systemd-tmpfiles-clean.service 清理
systemd-tmpfiles-clean.timer 定时清理
就是三个服务systemd-tmpfiles-setup.service,systemd-tmpfiles-setup-dev.service,systemd-tmpfiles-clean.service(最后一个有点不一样,容我后面再细讲)
开始我很纳闷,我查看了我的服务器,只有两个进程活跃,以为是同事干掉的,不死心再看别的机器,懵了。确实只有两个服务活动的。别急,继续往下看
systemd服务介绍
systemctl 入门学习
systemctl 入门学习,说起来惭愧,虽然是个运维,但centos7的systemctl这块没有耐心的学习过
官网的服务介绍
[root@freddy ~]# systemctl status systemd-tmpfiles-setup.service
● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-setup.service; static; vendor preset: disabled)
Active: active (exited) since Thu 2016-08-18 20:06:04 CEST; 2 weeks 2 days ago
Docs: man:tmpfiles.d(5)
man:systemd-tmpfiles(8)
Main PID: 1007 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 512)
CGroup: /system.slice/systemd-tmpfiles-setup.service
Aug 18 20:06:04 freddy systemd[1]: Starting Create Volatile Files and Directories...
Aug 18 20:06:04 freddy systemd[1]: Started Create Volatile Files and Directories.
[root@freddy ~]# cat /usr/lib/systemd/system/systemd-tmpfiles-setup.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Create Volatile Files and Directories
Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
DefaultDependencies=no
Conflicts=shutdown.target
After=local-fs.target systemd-sysusers.service
Before=sysinit.target shutdown.target
RefuseManualStop=yes
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev
看到[Service]最后的ExecStart,执行命令令/usr/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev,即读取所有配置文件,执行创建/清理指定的目录(具体的目录要看配置文件,但这个没有使用clean参数)。
定时任务服务介绍Scheduled cleaning
默认情况下只有开机启动的时候(at boot time)会执行清理,别的情况下怎么办?系统提供了定时任务
我刚开始看别的文章CentOS7的/tmp目录自动清理规则 他就讲有三个目录,我当时就一个一个的status的查看,但最后的clean服务没有启动,我看了好几台生产机器都是一样,没有清理服务,逻辑上不通,所以有了这篇文章(无奈,国内好多都是cp)
看下官网提供的守护进程unit
[root@freddy ~]# systemctl status systemd-tmpfiles-clean.timer
● systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories
Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-clean.timer; static; vendor preset: disabled)
Active: active (waiting) since Thu 2016-08-18 20:06:04 CEST; 2 weeks 2 days ago
Docs: man:tmpfiles.d(5)
man:systemd-tmpfiles(8)
Aug 18 20:06:04 freddy systemd[1]: Started Daily Cleanup of Temporary Directories.
[root@freddy ~]# cat /usr/lib/systemd/system/systemd-tmpfiles-clean.timer
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Daily Cleanup of Temporary Directories
Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
[Timer]
OnBootSec=15min
OnUnitActiveSec=1d
这个定时任务是控制clean的任务,开机后15分钟会一直运行,之后是每24小时执行一次,该命令仅仅清理指定的目录
timer是systemctl的一个定时任务,跟cron一样,不过是自己独有的方法。systemd-tmpfiles-clean.timer 表示定时执行systemd-tmpfiles-clean服务的/usr/bin/systemd-tmpfiles --clean命令。这样一来,怎么清理的就一目了然
二、配置文件参数和简单使用
上面已经介绍了配置的格式,这里再贴下配置文件。
配置文件中文翻译链接
相关的配置文件也有3个地方:
/etc/tmpfiles.d/*.conf
/run/tmpfiles.d/*.conf
/usr/lib/tmpfiles.d/*.conf
查看了对应的文件,发现在/usr/lib/tmpfiles.d/*.conf下有很多conf文件,都对应的不同应用(目录)的清理规则
/tmp目录的清理规则主要取决于/usr/lib/tmpfiles.d/tmp.conf文件的设定,默认的配置内容为:
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# Clear tmp directories separately, to make them easier to override
v /tmp 1777 root root 10d # 清理/tmp下10天前的目录和文件
v /var/tmp 1777 root root 30d # 清理/var/tmp下30天前的目录和文件
# Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-*
X /tmp/systemd-private-%b-*/tmp
x /var/tmp/systemd-private-%b-*
X /var/tmp/systemd-private-%b-*/tmp
我们可以配置这个文件,比如你不想让系统自动清理/tmp下以tomcat开头的目录,那么增加下面这条内容到配置文件中即可:
x /tmp/tomcat.*
简单理解,定时清理时忽略该目录
附非常规功能配置文件的编写
其实也是抄的官网的
Directory creation
[root@freddy ~]# cat /usr/lib/tmpfiles.d/httpd.conf
d /run/httpd 710 root apache
d /run/httpd/htcacheclean 700 apache apache
创建 /run/httpd 和 /run/httpd/htcacheclean,如果创建失败,需要给权限,uid gid
File removal
[root@freddy ~]# cat /usr/lib/tmpfiles.d/rpm.conf
r /var/lib/rpm/__db.*
In this example, systemd will periodically clean up RPM database library files.
Symlink creation and recursive file copy
[root@freddy ~]# cat /usr/lib/tmpfiles.d/etc.conf
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
L /etc/os-release - - - - ../usr/lib/os-release
L /etc/localtime - - - - ../usr/share/zoneinfo/UTC
L+ /etc/mtab - - - - ../proc/self/mounts
C /etc/nsswitch.conf - - - -
C /etc/pam.d - - - -
In this example, systemd will ensure the creation of symbolic links for /etc/os-release, /etc/localtime and /etc/mtab.
If suffixed with '+', and a file already exists where the symlink is to be created, the file will be removed and be replaced by the symlink.
Lastly ,”C” types for files/directories /etc/nsswitch.conf and /etc/pam.d, quoting the tmpfiles.d manual section:
Recursively copy a file or directory, if the destination files or directories do not exist yet. Note that this command will not descend into subdirectories if the destination directory already exists. Instead, the entire copy operation is skipped. If the argument is omitted, files from the source directory /usr/share/factory/ with the same name are copied. Does not follow symlinks.
Time option usage
[root@freddy ~]# cat /usr/lib/tmpfiles.d/cups.conf
# See tmpfiles.d(5) for details
d /run/cups 0755 root lp -
d /run/cups/certs 0511 lp sys -
d /var/spool/cups/tmp - - - 30d
Finally, in this example, you can see the usage of Time options. Each file older than 30 days on /var/spool/cups/tmp will be deleted.
Note that the Time option designates that a file will be considered unused only if atime, mtime and ctime are all older than the specified time.
If you want to dig more on the available configuration types, just type “man 5 tmpfiles.d” on your shell, and in case you want to test just one configuration file at a time, you can place it as an argument to the systemd-tmpfiles command.
感言:文章开始只是为了笔记,后来想发到掘金上,再看看文章结构不是很清晰,再改。又把逻辑顺序理清楚了。改了好几版,此时此刻:
Mon Oct 28 08:36:59 CST 2019,希望能对有帮助~
