working with systemd
Working with Systemd
Understanding
Systemd
[root@server1 ~]# systemctl -t help
Available unit types:
service
socket
target
device
mount
automount
snapshot
timer
swap
path
slice
scope
files
- The system default unit files are in
/usr/lib/systemd/system.
- System-specific modifications (overriding the defaults) are in
/etc/systemd/system.
Service Units
- [Unit]
which describes the unit and defines dependencies. This section also contains the important After statement, and optionally the Before statement. These statements define dependencies between different units. The Before statement relates to another unit that is started after this unit. The after unit refers to a unit that needs to be started before this unit can be started.
- [Service]
, in which there is a description on how to start and stop the service and request status installation. Normally, you can expect an ExecStart line, which indicates how to start the unit, or an ExecStop line, which indicates how to stop the unit.
- [Install]
, in which the wants are taken care of. You’ll read more about this in the next section, “Understanding Target Units.”
Example
Vsftpd Unit File
[Unit]
Description=Vsftpd ftp daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
[Install]
WantedBy=multi-user.target
Mount Unit File
[Unit]
Description=Temporary Directory
Documentation=man:hier(7)
Documentation=http://www.freedesktop.org/wiki/Software/systemd/
APIFileSystems
DefaultDependencies=no
Conflicts=umount.target
Before=local-fs.target umount.target
[Mount]
What=tmpfs
Where=/tmp
Type=tmpfs
Options=mode=1777,strictatime
# Make 'systemctl enable tmp.mount' work:
[Install]
WantedBy=local-fs.target
Socket Unit File
[Unit]
Description=Virtual machine lock manager socket
[Socket]
ListenStream=/var/run/libvirt/virtlockd-sock
[Install]
WantedBy=multi-user.target
systemctl show sshd
Target Units
The unit files are used to build the functionality that is needed on your server. To make it possible to load them in the right order and at the right moment, a specific type of unit is used: the target unit.A simple definition of a target unit is “a group of units.”
The Multi-user.target File
[root@server202 system]# cat multi-user.target
...
[Unit]
Description=Multi-User System
Documentation=man:systemd.special(7)
Requires=basic.target
Conflicts=rescue.service rescue.target
After=basic.target rescue.service rescue.target
AllowIsolate=yes
[Install]
Alias=default.target
Wants
Wants in systemd define which units systemd wants when starting a specific target. Wants are created when systemd units are enabled, and this happens by creating a symbolic link in the /etc/systemd/system directory.
Managing
Units Through Systemd
Requesting Current Unit Status with systemctl status
[root@server202 system]# systemctl status vsftpd
vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled)
Active: active (running) since Sun 2014-09-28 08:42:59 EDT; 2s ago
Process: 34468 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
(code=exited, status=0/SUCCESS)
Main PID: 34469 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─34469 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Sep 28 08:42:59 server202.example.com systemd[1]: Starting Vsftpd ftp
daemon...
Sep 28 08:42:59 server202.example.com systemd[1]: Started Vsftpd ftp
daemon.
Hint: Some lines were ellipsized, use -l to show in full.
Systemd Status Overview
| Status | Description |
|---|---|
| Loaded | The unit file has been processed and the unit is active. |
| Active(running) | Running with one or more active processes. |
| Active(exited) | Successfully completed a one-time configuration. |
| Active(waiting) | Running and waiting for an event. |
| Inactive | Not running. |
| Enabled | Will be started at boot time. |
| Disabled | Will not be started at boot time. |
| Static | This unit can not be enabled but may be started by another unit automatically. |
Systemctl Unit Overview Commands
| Command | Description |
|---|---|
| systemctl --type=service | Shows only service units |
| systemctl list-units --type=service | Shows all active service units (same result as the previous command) |
| systemctl list-units --type=service --all | Shows inactive service units as well as active service units |
| systemctl --failed --type=service | Shows all services that have failed |
| systemctl status -l your.service | Shows detailed status information about services |
Dependencies
Showing Unit Dependencies
[root@server1 ~]# systemctl list-dependencies vsftpd
vsftpd.service
├─system.slice
└─basic.target
├─alsa-restore.service
├─alsa-state.service
├─firewalld.service
├─microcode.service
├─rhel-autorelabel-mark.service
├─rhel-autorelabel.service
├─rhel-configure.service
├─rhel-dmesg.service
├─rhel-loadmodules.service
├─paths.target
├─slices.target
│ ├─-.slice
│ └─system.slice
├─sockets.target
│ ├─avahi-daemon.socket
│ ├─cups.socket
│ ├─dbus.socket
│ ├─dm-event.socket
│ ├─iscsid.socket
│ ├─iscsiuio.socket
│ ├─lvm2-lvmetad.socket
│ ├─rpcbind.socket
│ ├─systemd-initctl.socket
│ ├─systemd-journald.socket
│ ├─systemd-shutdownd.socket
│ ├─systemd-udevd-control.socket
│ └─systemd-udevd-kernel.socket
├─sysinit.target
│ ├─dev-hugepages.mount
│ ├─dev-mqueue.mount
│ ├─dmraid-activation.service
│ ├─iscsi.service
Apart from dependencies
include
Mount and umount units that cannot be loaded together
The network and NetworkManager service
The iptables and the firewalld service
The cronyd and ntpd service
systemctl mask
- Open a root shell and type systemctl status firewalld . Next type systemctl status iptables . If one of the services is active, do not load it again in the next step.
- Type systemctl start firewalld and systemctl start iptables to load both services. You will see that iptables refuses to start; this is because the firewalld service is already activated.
- Type cat /usr/lib/systemd/system/firewalld.service . Notice the conflicts setting. Type cat /usr/lib/systemd/system/iptables.service . Notice that this unit does not have a conflicts line.
- Unload both services by using systemctl stop firewalld followed by systemctl stop iptables . Notice that it is not really necessary to stop the iptables service because it has failed to load, but we really need to make sure that it is not loaded at all before continuing.
- Type systemctl mask iptables and look at what is happening: A symbolic link to /dev/null is created for /etc/systemd/system/iptables.service (as you can see in the output of the following command example). Because the unit files in /etc/systemd have precedence over the files in /usr/lib/systemd, this makes it impossible to start the iptables service by accident: [root@server202 system]# systemctl mask iptables ln -s '/dev/null' '/etc/systemd/system/iptables.service'
- Type systemctl start iptables . You’ll see an error message indicating that this service is masked and for that reason cannot be started.
- Type systemctl enable iptables . Notice that no error message is shown and it looks as if it is working all right. Restart your server using systemctl reboot (or just reboot ).
- After restart, type systemctl status -l iptables . You’ll see that it is inactive and that the loaded status is indicated as masked: [root@server202 ~]# systemctl status -l iptables iptables.service Loaded: masked (/dev/null) Active: inactive (dead)
Systemd Targets
- Type systemctl status vsftpd . If the service has not yet been enabled, the Loaded line will show that it currently is disabled: [root@server202 ~]# systemctl status vsftpd vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled) Active: inactive (dead)
- Type ls /etc/systemd/system/multi-user.target.wants . You’ll see symbolic links that are taking care of starting the different services on your machine. You can also see that the vsftpd.service link does not exist.
- Type systemctl enable vsftpd . The command shows you that it is creating a symbolic link for the file /usr/lib/systemd/system/vsftpd.service to the direc- tory /etc/systemd/system/multi-user.target.wants . So basically, when you enable a systemd unit file, on the background a symbolic link is created.
Isolating Targets
- poweroff.target - runlevel 0
- rescue.target - runlevel 1
- multi-user.target - runlevel 3
- graphical.target - runlevel 5
- reboot.target - runlevel 6