Actions

Linux systemd

From Ever changing code

Manage Systemd Services and Units using Systemctl

Systemctl is a systemd utility which is responsible for Controlling the systemd system and service manager.

Systemd is a collection of system management daemons, utilities and libraries which serves as a replacement of System V init daemon. Systemd functions as central management and configuration platform for UNIX like system.

In the Linux Ecosystem Systemd has been implemented on most of the standard Linux Distribution with a few exception. Systemd is the parent Process of all other daemons oftenly but not always.


Check versions, binaries and libraries

$ systemd --version #Ubuntu 18.04
systemd 237
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid
$ whereis systemd
systemd: /usr/lib/systemd /bin/systemd /etc/systemd /lib/systemd /usr/share/systemd /usr/share/man/man1/systemd.1.gz
$ whereis systemctl
systemctl: /bin/systemctl /usr/share/man/man1/systemctl.1.gz

Is systemd running?

ps -eaf | grep [s]ystemd

Analyze

Analyze systemd boot process

# systemd-analyze

Analyze time taken by each process at boot

# systemd-analyze blame

Analyze critical chain at boot

# systemd-analyze critical-chain

Important: Systemctl accepts services (.service), mount point (.mount), sockets (.socket) and devices (.device) as units

List units

systemctl list-unit-files #List all the available units
systemctl list-units      #List all running units
systemctl --failed        #List all failed units

systemctl is-enabled crond.service #Check if a Unit (cron.service) is enabled
systemctl status firewalld.service #Check whether a Unit or Service is running

List units that have drop-in overrides

$ systemd-delta 
[EXTENDED]   /lib/systemd/system/rc-local.service → /lib/systemd/system/rc-local.service.d/debian.conf
[EXTENDED]   /lib/systemd/system/user@.service → /lib/systemd/system/user@.service.d/timeout.conf
2 overridden configuration files found

Control and Manage Services Using Systemctl

List all services (including enabled and disabled)

systemctl list-unit-files --type=service


How do I start, restart, stop, reload and check the status of a service (httpd.service) in Linux

systemctl start   httpd.service
systemctl restart httpd.service
systemctl stop    httpd.service
systemctl reload  httpd.service
systemctl status  httpd.service


Note: When we use commands like start, restart, stop and reload with systemctl, we will not get any output on the terminal, only status command will print the output

How to active a service and enable or disable a service at boot time (auto start service at system boot)

systemctl is-active httpd.service
systemctl enable  httpd.service
systemctl disable httpd.service


How to mask (making it impossible to start) or unmask a service (httpd.service)

systemctl mask   httpd.service
systemctl unmask httpd.service


How to a Kill a service using systemctl command

systemctl kill   httpd
systemctl status httpd

Mount Points using systemctl

#List all system mount points
systemctl list-unit-files --type=mount

systemctl start   tmp.mount #mount
systemctl stop    tmp.mount #unmount
systemctl restart tmp.mount #re-mount?
systemctl reload  tmp.mount #re-mount?
systemctl status  tmp.mount #status

#active, enable or disable a mount point at boot time (auto mount at system boot)
systemctl is-active tmp.mount
systemctl enable    tmp.mount
systemctl disable   tmp.mount

#How to mask (making it impossible to start) or unmask a mount points in Linux
systemctl mask   tmp.mount
systemctl unmask tmp.mount

Control and Manage Sockets using systemctl

#List all available system sockets
systemctl list-unit-files --type=socket

#start, restart, stop, reload and check the status of a socket
systemctl start   cups.socket
systemctl restart cups.socket
systemctl stop    cups.socket
systemctl reload  cups.socket
systemctl status  cups.socket

#active a socket and enable or disable at boot time (auto start socket at system boot)
systemctl is-active cups.socket
systemctl enable  cups.socket
systemctl disable cups.socket

#How to mask (making it impossible to start) or unmask a socket (cups.socket)
systemctl mask   cups.socket
systemctl unmask cups.socket

CPU Utilization (Shares) of a Service

systemctl show -p CPUShares httpd.service
CPUShares=1024 #<- it's default value
systemctl set-property httpd.service CPUShares=1000 #set a CPUShare

When you set CPUShare for a service, a directory with the name of service is created (httpd.service.d) which contains a file 90-CPUShares.conf which contains the CPUShare Limit information.

Check all the configuration details of a service

systemctl show httpd

Analyze critical chain for a services

systemd-analyze critical-chain NetworkManager.service
The time after the unit is active or started is printed after the "@" character.
The time the unit takes to start is printed after the "+" character.

NetworkManager.service +215ms
└─dbus.service @4.264s
  └─basic.target @4.246s
    └─sockets.target @4.246s
      └─snapd.socket @4.243s +2ms
        └─sysinit.target @4.242s
          └─apparmor.service @1.437s +2.079s
            └─local-fs.target @1.432s
              └─run-user-1001-gvfs.mount @29.537s
                └─run-user-1001.mount @21.950s
                  └─swap.target @1.356s
                    └─dev-mapper-ubuntu\x2d\x2dvg\x2dswap_1.swap @1.345s +10ms
                      └─dev-mapper-ubuntu\x2d\x2dvg\x2dswap_1.device @1.344s

Get a list of dependencies for a service

systemctl list-dependencies NetworkManager.service
● ├─dbus.socket
● ├─system.slice
● ├─network.target
● └─sysinit.target
●   ├─apparmor.service
●   ├─blk-availability.service
●   ├─dev-hugepages.mount
●   ├─dev-mqueue.mount
●   ├─keyboard-setup.service
●   ├─kmod-static-nodes.service
●   ├─lvm2-lvmetad.socket
●   ├─lvm2-lvmpolld.socket
...

List control groups -cgls hierarchically

$ systemd-cgls
Control group /:
-.slice
├─user.slice
│ ├─user-1001.slice
│ │ ├─session-2.scope
│ │ │ ├─ 1882 gdm-session-worker [pam/gdm-password]
│ │ │ ├─ 2451 /usr/bin/gnome-keyring-daemon --daemonize --login
│ │ │ ├─ 2455 /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu gnome-session --session=ubuntu
│ │ │ ├─ 2457 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1001/gdm/Xauthority -background none -noreset -keeptty -verbose 3
│ │ │ ├─ 2513 /usr/lib/gnome-session/gnome-session-binary --session=ubuntu
│ │ │ ├─ 2592 /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu gnome-session --session=ubuntu
│ │ │ ├─ 2618 /usr/bin/gnome-shell
│ │ │ ├─ 2640 /usr/bin/pulseaudio --start --log-target=syslog
...

List control group -cgtop - CPU, memory, Input and Output sorted by

systemd-cgtop
Control Group            Tasks   %CPU   Memory  Input/s Output/s
/                         1204   98.4    10.4G        -        -
/system.slice              118      -        -        -        -
/system…anager.service       3      -        -        -        -
/system…anager.service       4      -        -        -        -
/system…daemon.service       3      -        -        -        -

Start rescue mode

$ systemctl rescue
Broadcast message from root@tecmint on pts/0 (Wed 2019-07-26 11:31:18 BST):
The system is going down to rescue mode NOW!

Enter into emergency mode

$ systemctl emergency
Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" to try again
to boot into default mode
<source lang=bash>

List current run levels in use

$ systemctl get-default
graphical.target

#Runlevel 0 : Shut down and Power off the system.
#Runlevel 1 : Rescue?Maintainance Mode.
#Runlevel 3 : multiuser, no-graphic system.
#Runlevel 4 : multiuser, no-graphic system.
#Runlevel 5 : multiuser, graphical system.
#Runlevel 6 : Shutdown and Reboot the machine.

How to start Runlevel 5 aka graphical mode

$ systemctl isolate runlevel5.target #/or
$ systemctl isolate graphical.target

Set default Runlevel

# systemctl set-default runlevel3.target #multiuser
# systemctl set-default runlevel5.target #graphical

Reboot, suspend, sleep

systemctl reboot | halt | suspend | hibernate | hybrid-sleep

Special services

systemd-networkd

It's a system service used to manage networks. It detects & configure network devices as they appear, creates virtual-network-devices.

  • creates network devices based on configuration in systemd.netdev files based on contents of [Match] section
  • flushes anyexisting network addresses & routes when bringing up device


Configuration files:

  • system network directory /usr/lib/systemd/network/
  • volatile runtime network directory /run/systemd/network/
  • local administration network directory /etc/systemd/network/
# Restart networking
systemctl restart systemd-networkd

Create networkd static network

Create a networkd drop-in unit under /etc/systemd/network. Files created manually on a filesystem require service restart.

Heredocs redirect
Static IP Enable DHCP for matching if's
vi /etc/systemd/network/10-static.network

[Match]
Name=eth2

[Network]
DNS=8.8.4.4
Address=192.168.1.10/24
Gateway=192.168.1.1
Address=192.168.1.11/24
Gateway=192.168.1.1
Address=192.168.1.12/24
Gateway=192.168.1.1
vi /etc/systemd/network/20-dhcp.network
[Match]
#any interfaces not matching previous [Match] and not beginning with eth* won't be configured
Name=eth*
[Network]
[DHCP=yes]

Debugging

mkdir -p /etc/systemd/system/systemd-networkd.service.d
vi /etc/systemd/system/systemd-networkd.service.d/10-debug.conf #create a config drop-in
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug

#Reload then restart
systemctl daemon-reload
systemctl restart systemd-networkd.service

journalctl -u -b systemd-networkd -f #-f follow
core@core-01 ~ $ journalctl -u systemd-networkd -f
-- Logs begin at Sat 2019-07-27 13:20:18 UTC. --
Jul 27 14:41:19 core-01 systemd-networkd[1239]: NDISC: No RA received before link confirmation timeout
Jul 27 14:41:19 core-01 systemd-networkd[1239]: NDISC: Invoking callback for 'timeout' event.
Jul 27 14:41:19 core-01 systemd-networkd[1239]: eth1: Configured
Jul 27 14:41:19 core-01 systemd-networkd[1239]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_33 interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=20 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
Jul 27 14:41:19 core-01 systemd-networkd[1239]: NDISC: No RA received before link confirmation timeout
Jul 27 14:41:19 core-01 systemd-networkd[1239]: NDISC: Invoking callback for 'timeout' event.
Jul 27 14:41:19 core-01 systemd-networkd[1239]: eth0: Configured
Jul 27 14:41:19 core-01 systemd-networkd[1239]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_32 interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=21 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
Jul 27 14:41:20 core-01 systemd-networkd[1239]: NDISC: Sent Router Solicitation, next solicitation in 17s

References