LPI 101-500 – 107.2: Automate system administration tasks by scheduling jobs
- cron, crontab
This chapter deals with the recurring automatic execution of tasks. For example, it would of course make sense to regularly back up certain petitions, for example, the home petition. But we all know it. We don’t always think about it and neglect the whole thing more often. Or another example on server systems that run 24 hours a day, it might make sense to delete certain log files regularly or to save them accordingly if they are important and everything is automated. And that’s what this chapter is about. Let’s take a look at cron first. cron is a demon that can automate recurring tasks, so called cron jobs. cron runs in the background and regularly checks the etsy cron tab file and the two directories at Ccron D and Varspool chron.
Now I might briefly show you the directories that are important. We will go into the files in a moment. cdsc Chrome, D. Please keep that in mind for the exam. Sorry, of course. And this directory should be noted, and the other one that should be noted is the directory VAR spool Chrome. The tasks to be performed accordingly are saved in tabular form in the appropriate files. And the system wide file, which can only be edited by root, is the etsy Chrome top file. We will take a quick look at C Chrome, tap the opc chrome chrome top file have a total of seven columns. So here 123456 and seven. And you definitely have to know them for the exam.
Otherwise you can hardly use chronop. And it is guaranteed to be guaranteed to be important for the exam, but it’s also guaranteed to be important for your daily work as a system administrator. Let’s take a look at the columns. The first five columns are all including time information on the far left here, at this point, we find the minutes, then we find the hours, then the day, then the month, and here the day of the week. This is followed by the user under whom the job is running. And finally, the command that is being executed. In the first example here, this line here, the minutes are 17. Otherwise we see only stars.
This means that every month, every day, at 17 minutes, after every hour, a job is executed. So these stars, or asterisks basically means everything. So here, at this point, asterisk at hour means every hour, incidentally, dom, is called day of month. You can see here day of Week, month, and here, day of Month. This column here, it is a new version of the Chronap file. In old versions, you don’t have these explanations. Here you only have, at this point, dom. And here I have Dow for day of week, M-O-N for month, eight for hour and M for minute. So again we have day of week, every day of week. Here we have the month every month, every day of month.
So one to 31 every hour, but not every minute. But in that case minute 17. So 17 minutes after every hour. Then, so to speak, the user Root executes this script here. In the second example, minutes are 25 and hours are six, otherwise stars. This means that every month, every day, every day of month, every day of week at 625 the corresponding job is running. In the third example we see 47 four minutes, six 4 hours, and here seven for the weekday. Otherwise only stars. So days of the week are also marked here by numbers. As in this case, Sunday is zero and at the same time also seven. In principle you can remember it like this the weeks starts on Monday, monday is one, Tuesday is two, Wednesday three, thursday is four, Friday is five, Saturday is six and Sunday is seven.
But if you now say I want to start my week on Sunday, you can also say Sunday is zero and Monday it starts again with one. So remember, Sunday is zero and seven at the same time. For this example, however, it means that this job is executed here by root every Sunday at 647. In the last example, we have a job that starts every first day of the month. You will see day of month, every first day of the month, the first of the month. And at 652 the roots job is started here. And this is the job. Instead of numbers for the days of the week, the first three letters of the English names can also be used. For example, mo n for Monday, T-U-E for Tuesday, S-O-N for Sunday and so on.
So instead of seven, if we could have written some, the result would have been the same. It is also possible to use digits with commas or hyphens. So for example, at 20 after and then say two to six. Here, for example, this means that at 223 20 and 425 20 and 620, the corresponding script would then be executed. We also have the option of here two comma, six, so to speak. So at 252 and at 652 and so on. That’s how you can deal with it. I recommend looking at the main page again. There are certainly a few more examples here, but I think it’s just important that you understand the columns here, the numbers and what they mean. You have to know how many columns this file has.
What do these individual columns mean? So minutes, hours and so on, and how to set it up accordingly. If you want to execute a command or execute a script at a certain time, the cron Demon basically reads in the FTSE chronop file and also does what is in the corresponding table, as we have just looked at here. Now let’s get out of the file. In addition, Chron also accesses the etsy chrome D directory. We are going in now. cd at C chrome D and in here are certain chron scripts that were set by other programs. If Program A would like to use Chrome Jobs automatically, this program cannot edit the etsy Chrome tab file because this program is not root, but simply stores its corresponding file in the etsy Chrome D folder.
Let’s just take a look at one of these files. Maybe this one here, the last one. I have no idea what that is, to be honest. But let’s take a quick look, and we see that the same table is available here, in same table as in at the Chrome tab, with here minutes, hours and so on. The heading is missing here, but I think it should be clear what that means by now. And in the end, of course, only one command is executed here in this case. And this is what the individual scripts look like in the end, which are then in here. But I don’t think it’s important what’s in here for the exam, because that should be different with every distribution and with the programs that you have installed.
It is just important to know that there is the etsy Chrome D folder and that there are scripts in it that are processed by Chrome. The etsy Chrome tab that we just looked at should only be used for system critical jobs and or system services. For this, you also need root writes in any case. So a normal user can of course not edit this file. Otherwise, every linux user can create their own chron jobs. For this, however, the etsy Chrome tab file is not accessed. But we use the chronop command and with chronop and the option E, for example, you can edit or create your own Chrome top tables. This is then stored in the Varspool Chrome directory.
So I mentioned it here. The Chrome tabs that a normal user creates for themselves are stored here. Again, for repetition. We might simulate the whole thing with a simple example. Get out of this file here. And now I use Chrome Tap e. And because that is the first time that I use Chron tap e on this machine, I asked which editor I want to use. I would use the second one, Vimbasic. And here I’m in my own chronop table. Now, in principle, this is almost the same as the one in the etsy Chrome top file. The only difference is that the column is omitted for the user. So the user column is committed normally in the etsy chronop file. It is here.
So we see here minutes, hours, day of month and day of week. And the command the user folds away. You don’t need it, of course, because in this case it is my personal table, and other users, of course, have no access to it. Okay, let’s look at the clock. It is now 23:00 and two minutes. So this is German time in the Us. It just changed here. I don’t know why it changed. Okay, 22 and two minutes in us. It should be 10:00 p. m. And two minutes. I want a folder called Chrome Top Test to be created in my home directory in five minutes. Or, let me say, in three minutes. For this, I enter the following. Here I use five minutes. So 23 and three minutes. So now I would use this one minutes.
It is eight minutes hours, it’s 23. And then day of month, day of week. And the command should be Mkdr home manual. And then chrome top Test. I’ll leave this file now and take a look. I have no here. And see, I have no chronop test directory. It does not exist. And well, accordingly, I would now stop the video very briefly, and then let’s see if it was created automatically in three minutes. Now it’s 23 and eight minutes. You see, here, I’ve done nothing. Here is no Chrome Top Test Directory. Now I try it again. And here we have our Chrome Top Test Directory. So the chrono worked wonderfully. And so, in principle, every user can set their own Chronjob.
- cron.allow and cron.deny
You can also use Chrometop L to display your current Chrome top configuration. So it’s basically the output of the file that I have just created. In the last lesson. With chrome top e with chrome tap r we can delete the current chrome top configuration. Again, we will see if it worked. Chrome Top L. And yes, there is no Chrome Tab anymore. Accordingly, it is deleted. Again, with Chron, we can determine relatively easy who is allowed to use Chrome tab and who is not. There are two files for this. One file is called Cron. Allow. So allow. The other one is chron deny. Both of them are located in the Etsy folder, of course, and the file names already say it. The users who are allowed to use Chron Tap should be in the Chron Allow file.
And the users who are not allowed to use Chron tab should be in the Etsy Chron Deny file. So let’s have a look at Etsy. And let’s search for files with Cron in the name. And here you can see I have chron daily directory. I have a cron monthly directory. I have a cron etsy cron d directory, and I have a cron tab here. And here I have a Cron Weekly directory, but I don’t have a Cron Allow or a Cron Deny file. And as you can see, I can set up Cron jobs with Chron tab without any problems. From this, you can already deduce that if neither of the two files is available, then every user can use Chrome tab. The files are actually just files that only contain the relevant users. So no configurations or anything else.
There is a user in each line, and there is actually nothing more. At this point, we might just create a Chron Deny file. The important thing is that the file must be in the Etsy folder, otherwise it won’t work. By the way, in various literatures, it is stated that the file belong in the Etsy Chrome D folder. But the self experiment with me has shown that it doesn’t work. The main page of Cron or chronop also says, in my case, that these files must be under Etsy. So that’s just a side note. I will now create the Cron Deny file. Okay, I’m already in the Etsy folder and pseudovichrony. And of course, it’s still empty now. And here I really don’t have to add anything more than my name.Here’s my name.
That’s it. And now I will try to use chronop, and I get the message that I don’t have the permission to use chronop. You, my name, are not allowed to use this program chronop C chronap for more information logical, because I am now in the Cron Deny file. And that is, of course, the point of the file. What happens now if we create another file, the Cron Allow file that doesn’t exist at the moment. And my username is there, too. We will just try it out. So pseudovi and here I put my name also in. So now I’m trying to use chrome top again. And this time we see it works. I can use Chron tap again. This means that the Cron Allow takes precedence over Chron deny. Important to remember for the exam. But even if the files are empty, they are important.
I would delete the Cron deny file at this point. So pseudo RM Cron deny and in the Cron Allow I take my name out pseudo VI cronallow just delete my name, nothing more. Save it. What happens now? And we see. I don’t have permission to use. I delete the chronallow file now. Pseudo rmfcrawnallow and now it’s working again. Why is that? Earlier we had thought that Chronallow takes precedence over Cron deny. If the file chronallow is there, you can only use the chronop users who are in it. If there is no user stored in the chronop Allow, as in this example, then our chron tab can not be used in this way you can easily completely block the use of chron tab for normal users, even for longer periods.
Simply create an empty Chron allow file and nobody can use chrona. If you or if your name is stored in the Crondeny file, of course you have no access to chrona because of Cron deny no excess. And if you are not in the Cron deny file, then you have access very easily. So I hope this has become clear. Please try it out on your system. What happens when your name is in the Cron Allow and not in the Cron Deny? What happens when your name is in the Cron Deny but not in the Cron Allow? What happens if your name is in both files? And so on. Just play a little bit with the several possibilities because questions concerning Cronallow and Cron deny are to be expected in the exam. In any case.
- anacron and at
Cron always starts its jobs at a set time. For example, we enter that data should be backed up twice a day. With the hours and minutes that we enter, we set a fixed time when this should happen. Suppose we have set it so that the data back up should run at 06:00 a. m. And at 06:00 p. m. In the early evening. If someone quits work at 05:00 p. m and turns off the computer and only turns it on again at 08:00 A. m and the next day and do the whole thing for a few weeks, then there will be no data backup during the entire time because the computer was switched off at these times, which is very important with Cron. It’s that you can also use the Anacron program.
For example, in this case Anacron is similar to Cron. This means that recurring jobs can be started automatically. However, the system does not have to run continuously here as with Chron, because here no exact time is specified in the settings. But here it works in such a way that you select whether the task should be started hourly, daily, weekly or monthly. So if, as in the scenario just described, the backup was missed at six in the morning because the computer was switched off, the backup with Anacron will start automatically when the computer is started at eight in the morning. There are four Anacron specific directories in Etsy and these are the ones we just saw.
These are chron daily, chronoughly chron monthly and chron weekly. It might be a bit confusing now because the name chron is chosen here and not Anacron, but these four folders belong to the Anacron program. You should definitely remember that for the exam, if you now have a task that should be carried out daily, then you simply place the corresponding script in the daily folder. And if you have a script that should be run every hour, then you simply copy it into the chron hourly folder and so on. This means that it is not necessary to define certain tasks in a configuration file as with Cron. Of course, there is also a configuration file at Anacron, namely the Etsy Anacron tab file.
However, this is only there to adjust periods if necessary. We can take a quick look at it. We are at the Chrome tab. Well, it looks like this and here in the first column we see the period one stands for daily, seven stands for weekly, so for seven days. And here at this point we have now at monthly you can just write 30 here for 30 days and so on. So you can basically set any numerical values for it. So if I say now I have nothing that is done on a daily basis, I only have something that is done every two days, then you just make two out of here, out of the one here, and then it is done every two days. Even it’s still called Chrome Daily.
In the second column we find the time delay in minutes of the job after the system start. In other words, the system has started up and Cron Daily would start five minutes after it started up. In the third column we find the file which the Timestamp is written when an interrom job is executed. The system always knows when a job was last executed. In the last column we find the command or the script that should be executed. Incidentally, such a script may only contain numbers, letters, minus and underscores. For example, in the file name of the script, if the file name of the script contains a period or in German it is an special characters, then the script would not be executed.
There’s nothing more to say about Anacron at this point. I think that won’t be a topic or a big topic on the exam either. At least it’s no longer in the exam specifications. But I just wanted to mention it briefly so that you know what the files Chron Daily and so on are for. So I will go out of here. Another similar program at this point would be at. The job of at is to execute certain commands at a certain point in time. At was not installed by default on my system, which is why I now install it with pseudo apt install. The at command accepts a command, but not immediately. It is only executed at a specific time. Again, we choose an extremely simple example.
We want to create a directory. For example, we have 10:00, for example, at ten five. So we first enter at, followed by the time and we get the warning that the command in bin Sh is being executed and the information is waiting for further instructions. So we enter, for example, mkdir home at example enter. And we now have the option of entering further commands, but we leave it at this point. That’s enough to show how it works. To complete the at command, we press CTRL and D like Dora, and then we can also see the job here job one at Wednesday, January 27, at ten five. So let’s see if the folder is already there. So it’s here, because we name it at example. So no such a folder here.
By the way, with the Atq command we can display which at jobs are still waiting in the background. So at Q and we see here the job we just entered is also displayed here. So we see here at this point always the job number, and it is important to know the time when it will run. And finally we have to wait for the appropriate time now. And I will stop the video briefly and see if it then creates the directory. So let me pause this and I will come back to this video in three minutes. Okay, the time has come. You see, I’m still here. I have done nothing more here. We still have not our directory at example here, but we have the time now. And let’s see again. And here you can see that we have the at example directory.
So it worked fine. If I now select at q again we see that there is no longer a job. Accordingly, everything worked as we wanted it to. Incidentally, if a time has been specified that has already passed, then at waits until the next day on which the time is reached again. We also have the option of entering a date. It could look something like like this at and then, for example and then again we say that we want a directory which should be created mkd one, two, three. And let’s end it with control plus D. And there we see a job with the number two that should be started at Friday on the second September 2022, at eleven 07:00 p. m we use Atq again to see what’s in the pipeline.
And here we have it again. Now, in this case the same information as here. Important is job number two. We can of course delete jobs that are in the queue and have not yet been executed or have been deleted. We will now use the command ATRM followed by the job number. In this case job number two. So ATRM two At Q and Etq shows that the job has now been deleted instead of the time and date. For example, time can also be set relative to the current time. For example, 80 now, plus 15 minutes. That would also work. I’m not going to do it again. Of course you can read about other options in the man page.
Of course we don’t have to go through all the options that are there. I don’t think that that’s necessary either. There are also two files at at with which you can control who is allowed to use at and who is not. These files are called At Allow and At Deny. So we already know that from the last lesson. And the handling is exactly the same as with the files Cron Allow and Cron Deny. And that’s why I wouldn’t go into it again at this point, because, as I said, that is actually completely the same. And if you are still a bit unsure, just watch the last video with Chronallow and Crondiny and work through it. You.
- systemctl and systemd-run
System D itself also has tools to automatically carry out recurring tasks. The Socalled systemd timer units are decisive for this. Corresponding files have the file extension dot timer and are located in the directories lip system D system or in user lip system D system. Let’s take a look CD lip system D system and let’s grab for timer or ll grab timer and here we now see several so called timer files. Let’s take a look at an example file. For example this one here system D temp files clean the Is system D temp files clean timer we see the description of what this file actually does, namely daily cleanup of temporary directories.
In the timer section we can see that this happens every time 15 minutes after the system is started and also once a day. 1d stands for once a day. There’s nothing more to see here, so I will leave this file and if we look again at the directory in which we are currently located, we find that there is also a service file for the system. Detempt files clean timer so let’s grab again. So here we have two files. We have our timer file and we have a service file can also have a quick look. So the service file the exact task is determined which is to be carried out in the time of file only when this happens.
So here we have the relevant information and here in this slime we can see what is happening. So system D temp file clean this command will then be executed. But that’s not so important. You don’t have to know what all this means. That’s not the point at all. I’m going out again. So let’s look at the time of files again. Here we have our time of files and we can look again at another file. For example the Anacron timer file. So here we see that the time is a little different. So we just got the message 15 minutes after the system started. And here we have something like this here, set on calendar and then a few asterisks, a few numbers.
What does that mean? We can understand it as follows first comes a weekday, which in this case is not included here at all.It was simply left out entirely. So if then the day of the week should be here before the first asterisk so Wednesday or Tuesday or something else, but at this point it’s not there at all. Then we have the year a month and a day separated by a minus. So here we have an Asterisk for year minus month, minus day and then there is minutes and then colon seconds. But we have no seconds here. And in this case it now means every weekday, because the weekday is not included here every year, every month, every day and these two dots mean from two.
So from seven to 23 30. So it should be understood from 07:30 a. m. To 11:30 p. m. . The whole thing is then carried out to list all timers that are active. Here you can use the following command system ctl list timers and then here we can see the list that we wanted to see. These are all the timers. Ten timers listed. The system D run command can be used to execute a command once time control, time controlled. For example, you can say System D run on active. Let me write it down. I think it’s better. System D run on active equals 60 mid touch and then test file.
So that’s what I do now. I have to enter my password and we see here a timer was created with this name here run u 87 dot timer. Let’s check that out with systemctl list timers. Here eleven timers. It was ten before. And here at the top is our new timer. And you can see here, 39 seconds left. So in 39 seconds the timer will be executed. So let’s wait a few seconds and then see if the corresponding file has been created. And we have to go back to my home directory now. And let’s see if there is now a file with the name Test Files. And you see here there is file test files with no content. And so it was created by this timer here.