You can set up Twistlock to be managed by systemd. Under systemd, you can start and stop Twistlock containers with systemctl. In previous releases, the only option for managing Twistlock containers was docker commands, such as docker start and docker stop.

This feature is useful when you have a standard set of deployment automation tools built around systemd, and you want to leverage them to manage Twistlock.

1. Installing Twistlock as a systemd service

By default, Twistlock containers (Console and Defender) are managed with docker commands. If you want to use systemd, enable the feature in twistlock.cfg before installing Twistlock.

Procedure

  1. Open twistlock.cfg for editing.

  2. Set the SYSTEMD_ENABLED flag to true.

    #### systemd configuration ###
    # Installs Twistlock as systemd service
    SYSTEMD_ENABLED=true
  3. Save twistlock.cfg, then Install Twistlock.

    After installing Twistlock, Console and Defender services are automatically enabled and started.

  4. Verify Twistlock services are running:

    $ systemctl status twistlock-console
    $ systemctl status twistlock-defender

2. Starting and stopping Twistlock containers

Use systemctl to start and stop Twistlock containers.

To start Console:

$ systemctl start twistlock-console.service

To start Defender:

$ systemctl start twistlock-defender.service

To stop Console:

$ systemctl stop twistlock-console.service

To stop Defender:

$ systemctl stop twistlock-defender.service

Run systemctl status to see the state of a Twistlock service. For example, to see the status of Console on your host, run the following command:

$ systemctl status twistlock-console

To see the status of all Twistlock services:

$ systemctl status twistlock-*

3. Decommissioning Defender

When you decommission a Defender on a host, Twistlock stops the Defender container and removes the container image. To completely remove Twistlock from the host, you must manually remove the systemd unit file:

$ sudo systemctl disable twistlock-defender.service
$ sudo rm -rf /lib/systemd/system/twistlock-defender.service
$ sudo systemctl daemon-reload