The global Systemd configuration is stored in the /etc/systemd directory.
To get the current release of Systemd, type:
# systemctl --version systemd 208 +PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ
Note: The RHEL 7.2Â release bringsÂ an upgrade of Systemd to version 219 (already available for pre-RHEL 7.2 here).
# systemctl --version systemd 219 +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
Systemd primary task is to manage the boot process and provides information about it.
# systemd-analyze Startup finished in 422ms (kernel) + 2.722s (initrd) + 9.674s (userspace) = 12.820s
To get the time spent by each task during the boot process, type:
# systemd-analyze blame 7.029s network.service 2.241s plymouth-start.service 1.293s kdump.service 1.156s plymouth-quit-wait.service 1.048s firewalld.service 632ms postfix.service 621ms tuned.service 460ms iprupdate.service 446ms iprinit.service 344ms accounts-daemon.service ... 7ms systemd-update-utmp-runlevel.service 5ms systemd-random-seed.service 5ms sys-kernel-config.mount
Seth Jennings created a short video about the systemd-analyze blame command.
To get the list of the critical chain of tasks during the boot process (any additional delay of these tasks would cause an increase of the overall boot time), type:
# systemd-analyze critical-chain The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. multi-user.target @6.167s ââmariadb.service @2.661s +3.505s âânetwork.target @2.649s âânetwork.service @2.168s +478ms ââNetworkManager.service @1.993s +174ms ââfirewalld.service @826ms +1.162s ââbasic.target @822ms ââsockets.target @821ms ââdbus.socket @820ms ââsysinit.target @813ms ââsystemd-update-utmp.service @806ms +6ms ââauditd.service @747ms +58ms ââlocal-fs.target @742ms ââboot.mount @709ms +32ms ââsystemd-fsck@dev-disk-by\x2duuid-497a43ab\x2d33b0\x2 ââdev-disk-by\x2duuid-497a43ab\x2d33b0\x2d4153\x2d9f
To get the list of the critical chain for a particular service (here firewalld), type:
# systemd-analyze critical-chain firewalld.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. firewalld.service +1.162s ââbasic.target @822ms ââsockets.target @821ms ââdbus.socket @820ms ââsysinit.target @813ms ââsystemd-update-utmp.service @806ms +6ms ââauditd.service @747ms +58ms ââlocal-fs.target @742ms ââboot.mount @709ms +32ms ââsystemd-fsck@dev-disk-by\x2duuid-497a43ab\x2d33b0\x2d4153\x2d9 ââdev-disk-by\x2duuid-497a43ab\x2d33b0\x2d4153\x2d9f8d\x2d7788
To get the list of the critical chain for a particular target (here basic.target), type:
# systemd-analyze critical-chain basic.target | grep target basic.target @822ms ââsockets.target @821ms ââsysinit.target @813ms ââlocal-fs.target @742ms
To get the list of the dependencies, type:
# systemctl list-dependencies default.target ââabrt-ccpp.service ââabrt-oops.service ... ââtuned.service ââbasic.target â ââfirewalld.service â ââmicrocode.service ... ââgetty.target â ââgetty@tty1.service â ââserial-getty@ttyS0.service ââremote-fs.target
To get the list of dependencies for a particular service (here sshd), type:
# systemctl list-dependencies sshd.service
To get the list of dependencies for a particular target (here graphical.target), type:
# systemctl list-dependencies graphical.target | grep target graphical.target ââmulti-user.target ââbasic.target â ââpaths.target â ââslices.target â ââsockets.target â ââsysinit.target â â ââcryptsetup.target â â ââlocal-fs.target â â ââswap.target â ââtimers.target ââgetty.target ââremote-fs.target
To get the list of targets that need a particular target (here multi-user.target), type:
# systemctl list-dependencies --reverse multi-user.target multi-user.target ââgraphical.target
You can get other information about dependencies by typing the following commands (here for sshd):
# systemctl show sshd | grep Requires Requires=basic.target # systemctl show sshd | grep Wants Wants=sshd-keygen.service system.slice
In addition, Systemd handles the system event log through Journald.
To get the content of the Systemd journal, type:
Note: It is possible to add aÂ specific user to the systemd-journal groupÂ to view journals without switching to root.
To get all the events related to the crond process in the journal, type:
# journalctl /sbin/crond
Note: You can replace /sbin/crond by `which crond`.
To get all the events related to a specific service (here chronyd), type:
# journalctl --unit=chronyd
Note1: You can also type: # journalctl -u chronyd
To get all the events since the last boot, type:
# journalctl -b
To get all the events that appeared today in the journal, type:
# journalctl --since=today
To get all the events with a syslog priority of err, type:
# journalctl -p err
To get all the events concerning the kernel, type:
# journalctl -k
To get the 10 last events and wait for any new one (like âtail -f /var/log/messagesâ), type:
# journalctl -f
With the RHEL 7.2 release, to get the list of the recent boots, type:
# journalctl --list-boots
By default, Journald logs are stored in the /run/log/journal directory and disappear after a reboot.
# mkdir /var/log/journal # systemd-tmpfiles --create --prefix /var/log/journal # echo "SystemMaxUse=50M" >> /etc/systemd/journald.conf # systemctl restart systemd-journald
Note1: The systemd-tmpfiles command is required to correctly set up permissions on the /var/log/journal directory (see details here).
To displayÂ the disk space used by Journald at any time, type:
# journalctl --disk-usage Journals take up 8.0M on disk.
Note: With RHEL 7.2 and the 219 Systemd version, two new options have been added: âvacuum-size=1M and âvacuum-time=1day. They reduce the space used by archived journal files respectively to 1 MB or to the last 24 hours. These restrictions may be combined. They only operate on archived, not on active journal files.
Additional information about Journald is available in the Lennart Poetteringâs blog or Lennart Poetteringâs video (44min: the first ten minutes are very interesting concerning security issues).
Systemd organizes processes in control groups. For example, all the processes started by an apache webserver will be in the same control group, CGI scripts included.
To get the full hierarchy of control groups, type:
# systemd-cgls ââuser.slice â ââuser-1000.slice â ââsession-1.scope â ââ2889 gdm-session-worker [pam/gdm-password] â ââ2899 /usr/bin/gnome-keyring-daemon --daemonize --login â ââ2901 gnome-session --session gnome-classic . . ââiprupdate.service ââ785 /sbin/iprupdate --daemon
To get the list of control group ordered by CPU, memory and disk I/O load, type:
# systemd-cgtop Path Tasks %CPU Memory Input/s Output/s / 213 3.9 829.7M - - /system.slice 1 - - - - /system.slice/ModemManager.service 1 - - - -
To kill all the processes associated with an apache server (CGI scripts included), type:
# systemctl kill httpd
To put resource limits on a service (here 500 CPUShares), type:
# systemctl set-property httpd.service CPUShares=500
Note1: The change is written into the service unit file. Use the âruntime option to avoid this behavior.
To get the current CPUShares service value, type:
# systemctl show -p CPUShares httpd.service CPUShares=500
# systemctl show httpd.service | grep CPUShares CPUShares=500
Go to the CGroup page for a more detailed discussion on this topic.
Systemd deals with all the aspects of the service management. The systemctl command replaces the chkconfig and the service commands. The old commands are now a link to the systemctl command.
To activate the NTP service at boot, type:
# systemctl enable ntpd
Note1: You should specify ntpd.service but by default the .service suffix will be added.
To deactivate it, start it, stop it, restart it, reload it, type:
# systemctl disable ntpd # systemctl start ntpd # systemctl stop ntpd # systemctl restart ntpd # systemctl reload ntpd
Note1: The reload option is not available for all the services.
To know if the NTP service is activated at boot, type:
# systemctl is-enabled ntpd enabled
To know if the NTP service is running, type:
# systemctl is-active ntpd inactive
To get the status of the Apache service, type:
# systemctl status httpd httpd.service - The Apache HTTP Server Â Â Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled) Â Â Active: active (running) since Tue 2014-08-21 11:48:23 CEST; 44s ago Â Main PID: 2446 (httpd) Â Â Status: "Total requests: 0; Current requests/sec: 0; Current traffic:Â Â 0 B/sec" Â Â CGroup: /system.slice/httpd.service Â Â Â Â Â Â Â Â Â Â ââ2446 /usr/sbin/httpd -DFOREGROUND Â Â Â Â Â Â Â Â Â Â ââ2447 /usr/sbin/httpd -DFOREGROUND Â Â Â Â Â Â Â Â Â Â ââ2448 /usr/sbin/httpd -DFOREGROUND Â Â Â Â Â Â Â Â Â Â ââ2449 /usr/sbin/httpd -DFOREGROUND Â Â Â Â Â Â Â Â Â Â ââ2450 /usr/sbin/httpd -DFOREGROUND Â Â Â Â Â Â Â Â Â Â ââ2451 /usr/sbin/httpd -DFOREGROUND Â Â Â Â Â Â Â Â Â Â ââ2452 /usr/sbin/httpd -DFOREGROUND Aug 21 11:48:23 server.example.com systemd: Starting The Apache HTTP Ser.... Aug 21 11:48:23 server.example.com systemd: Started The Apache HTTP Server. Hint: Some lines were ellipsized, use -l to show in full.
Note1: In the line starting with âLoaded:â, you learn that the unit configuration file named /usr/lib/systemd/system/httpd.service has been loaded by Systemd. You also learn that the service isnât started at boot time (disabled).
If you change a service configuration, you will need to reload it:
# systemctl daemon-reload
Note: The systemd-delta command displays the list of changes in the service configuration files.
To get the list of all the units (services, mount points, devices) with their status and description, type:
Note: You can use the arrow keys to move inside the unit list.
To get a more readable list, type:
# systemctl list-unit-files
To get the list of services that failed at boot, type:
# systemctl --failed
To get the status of a service (here httpd) on a remote server (here rhel7.example.com), type:
The RHEL 7.2 release brings the ability to connect as root to a container inside a host.
Note: This feature is only available for the root user, as entering containers is a privileged operation.
To get all the configuration details about a service (here httpd), type:
# systemctl show httpd Id=httpd.service Names=httpd.service Requires=basic.target Wants=system.slice Conflicts=shutdown.target Before=shutdown.target After=network.target remote-fs.target nss-lookup.target systemd-journald.socket Description=The Apache HTTP Server LoadState=loaded ActiveState=inactive ... ExecMainPID=0 ExecMainCode=0 ExecMainStatus=0
Digital Ocean provides an excellent article about Systemd unit files.
Official RedHat documentation has recently (2017) been improved about Creating and modifying Systemd unit files.
Systemd doesnât include /sbin and /bin in the PATH variable by default. If you need it, you will have to add it in your unit file like this (source):
It seems that Systemd doesnât take the ulimit values into account, you have to use aÂ LimitNOFILE statement for this purpose (see this thread).
The RHEL 7.2 release brings the systemctl cat command to display a unit file.
# systemctl cat rngd # /usr/lib/systemd/system/rngd.service [Unit] Description=Hardware RNG Entropy Gatherer Daemon [Service] ExecStart=/sbin/rngd -f [Install] WantedBy=multi-user.target
Note: The systemctl cat rngd command carries several advantages compared to a simple cat rngd.service command:
The RHEL 7.2 release also adds the systemctl edit command.
# systemctl edit httpd
Note1: The /etc/systemd/system/httpd.service.d directory is automatically created if necessary.
If you add the âfull option, it is no longer a drop-in snippet that is edited or created, itâs the unit file itself.
# systemctl edit httpd --full
Note1: Be careful when editing this way, your changes will be active right afterÂ exiting the editor.
Systemd also deals with targets. A target is a grouping mechanism allowing several services to start at the same time. The list of services associated with a particular target is stored in a directory named with the target name and the suffix â.wantsâ. In some way, targets replace run levels but they are more general. To move to maintenance mode, type:
# systemctl rescue
Note: There is also an emergency target only available when set up in the kernel boot line (systemd.unit=emergency.target) and for critical situations.
To move to the level 3 (equivalent to the previous level 3), type:
# systemctl isolate runlevel3.target
# systemctl isolate multi-user.target
To move to the graphical level (equivalent to the previous level 5), type:
# systemctl isolate graphical.target
To set the default run level to non-graphical mode, type:
# systemctl set-default multi-user.target
To set the default run level to graphical mode, type:
# systemctl set-default graphical.target
To get the current default run level, type:
# systemctl get-default graphical.target
To stop a server, type:
# systemctl poweroff
Note: You can still use the poweroff command, a link to the systemctl command has been created (the same thing is true for the halt and reboot commands).
To reboot a server, suspend it or put it into hibernation, type:
# systemctl reboot # systemctl suspend # systemctl hibernate
In case you get boot or shutdown problems, the Systemd debugging page may help you (see also debug mode below).
Systemd can be put into debug mode by adding the following options to the kernel line:
Caution: This seriously increases the amount of logs written to disks. This would affect any central logging system you have with lots of unnecessary traffic, amplified if you have many machines running on a VM host. This is definitively not for production servers (see discussion here).
Systemdâs authors have decided to help Linux standardization among distributions. Through Systemd, changes happen in the localization of some configuration files.
To get the server hostnames, type:
# hostnamectl Static hostname: rhel7.example.com Icon name: computer-laptop Chassis: laptop Machine ID: bcdc71f1943f4d859aa37e54a422938d Boot ID: f84556924b4e4bbf9c4a82fef4ac26d0 Operating System: Red Hat Enterprise Linux Everything 7.0 (Maipo) CPE OS Name: cpe:/o:redhat:enterprise_linux:7.0:beta:everything Kernel: Linux 3.10.0-54.0.1.el7.x86_64 Architecture: x86_64
Note: There are three kinds of hostnames: static, pretty, and transient.
To assign the rhel7 hostname permanently to the server, type:
# hostnamectl set-hostname rhel7
Note: With this syntax all three hostnames (static, pretty, and transient) take the rhel7 value at the same time. However, it is possible to set the three hostnames separately by using the âpretty, âstatic, and âtransient options.
To get the current locale, virtual console keymap and X11 layout, type:
# localectl System Locale: LANG=en_US.UTF-8 VC Keymap: en_US X11 Layout: en_US
To assign the en_GB.utf8 value to the locale, type:
# localectl set-locale LANG=en_GB.utf8
To assign the en_GB value to the virtual console keymap, type:
# localectl set-keymap en_GB
To assign the en_GB value to the X11 layout, type:
# localectl set-x11-keymap en_GB
To get the current date and time, type:
# timedatectl Local time: Fri 2014-01-24 22:34:05 CET Universal time: Fri 2014-01-24 21:34:05 UTC RTC time: Fri 2014-01-24 21:34:05 Timezone: Europe/Madrid (CET, +0100) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2013-10-27 02:59:59 CEST Sun 2013-10-27 02:00:00 CET Next DST change: DST begins (the clock jumps one hour forward) at Sun 2014-03-30 01:59:59 CET Sun 2014-03-30 03:00:00 CEST
To set the current date, type:
# timedatectl set-time YYYY-MM-DD
To set the current time, type:
# timedatectl set-time HH:MM:SS
To get the list of time zones, type:
# timedatectl list-timezones
To change the time zone to America/New_York, type:
# timedatectl set-timezone America/New_York
To get the usersâ list, type:
# loginctl list-users UID USER 42 gdm 1000 tom 0 root
To get the list of all current user sessions, type:
# loginctl list-sessions SESSION UID USER SEAT 1 1000 tom seat0 1 sessions listed.
To get the properties of the user tom, type:
# loginctl show-user tom UID=1000 GID=1000 Name=tom Timestamp=Fri 2014-01-24 21:53:43 CET TimestampMonotonic=160754102 RuntimePath=/run/user/1000 Slice=user-1000.slice Display=1 State=active Sessions=1 IdleHint=no IdleSinceHint=0 IdleSinceHintMonotonic=0
We have 97 guests and no members online
Articles Most Read
Articles by Date