1. Managing Core System Configuration
  2. Working With System Services

2 Working With System Services

WARNING:

Oracle Linux 7 is now in Extended Support. See Oracle Linux Extended Support and Oracle Open Source Support Policies for more information.

Migrate applications and data to Oracle Linux 8 or Oracle Linux 9 as soon as possible.

This chapter describes how to manage system processes, services, and resources on a running Oracle Linux system. Information about how to change the systemd target for a system, as well as how to configure the services that are available for a target is also provided.

About the systemd Service Manager

The systemd service manager replaces the Upstart init daemon in Oracle Linux 7, while also providing backward compatibility for legacy Oracle Linux 6 service scripts. The systemd service manager offers the following benefits over the init daemon:

  • Services are started in parallel wherever possible by using socket-based activation and D-Bus.

  • Daemons can be started on demand.

  • Processes are tracked by using control groups (cgroups).

  • Snapshotting of the system state and restoration of the system state from a snapshot is supported.

  • mount points can be configured as systemd targets.

The systemd process is the first process that starts after the system boots and is the final process that is running when the system shuts down. systemd controls the final stages of booting and prepares the system for use. systemd also speeds up booting by loading services concurrently.

systemd enables you to manage various types of units on a system, including services (name .service) and targets (name .target), devices (name .device), file system mount points (name .mount), and sockets (name .socket).

For example, the following command instructs the system to mount the temporary file system (tmpfs) on /tmp at boot time: 

sudo systemctl enable tmp.mount

About System-State Targets

The systemd service manager defines system-state targets that allow you to start a system with only those services that are required for a specific purpose. For example, a server can run more efficiently with multi-user.target, because it does not run the X Window System at that run level. You should perform diagnostics, backups, and upgrades with rescue.target only when root can use the system. Each run level defines the services that systemd stops or starts. For example, systemd starts network services for multi-user.target and the X Window System for graphical.target; whereas, it stops both of these services for rescue.target.

The following table describes commonly used system-state targets and their equivalent run-level targets, where compatibility with Oracle Linux 6 run levels is required.

Table 2-1 System-State Targets and Equivalent Run-Level Targets

System-State Targets Equivalent Run-Level Targets Description

graphical.target

runlevel5.target

Set up a multi-user system with networking and display manager.

multi-user.target

runlevel2.target

runlevel3.target

runlevel4.target

Set up a non-graphical multi-user system with networking.

poweroff.target

runlevel0.target

Shut down and power off the system.

reboot.target

runlevel6.target

Shut down and reboot the system.

rescue.target

runlevel1.target

Set up a rescue shell.

The runlevel* targets are implemented as symbolic links.

The nearest equivalent systemd target to the Oracle Linux 6 run levels 2, 3, and 4 is multi-user.target.

For more information, see the systemd.target(5) manual page.

Displaying the Default and Active System-State Targets

To display the default system-state target, use the systemctl get-default command: 

sudo systemctl get-default
graphical.target

To display the currently active targets on a system, use the systemctl list-units command: 

sudo systemctl list-units --type target
UNIT                LOAD   ACTIVE SUB    DESCRIPTION
basic.target        loaded active active Basic System
cryptsetup.target   loaded active active Encrypted Volumes
getty.target        loaded active active Login Prompts
graphical.target    loaded active active Graphical Interface
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target     loaded active active Local File Systems
multi-user.target   loaded active active Multi-User System
network.target      loaded active active Network
nfs.target          loaded active active Network File System Server
paths.target        loaded active active Paths
remote-fs.target    loaded active active Remote File Systems
slices.target       loaded active active Slices
sockets.target      loaded active active Sockets
sound.target        loaded active active Sound Card
swap.target         loaded active active Swap
sysinit.target      loaded active active System Initialization
timers.target       loaded active active Timers

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

17 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

The previous example output for a system with the graphical target active shows that this target depends on 16 other active targets, including network and sound to support networking and sound.

To display the status of all targets on the system, specify the --all option: 

sudo systemctl list-units --type target --all
UNIT                   LOAD   ACTIVE   SUB    DESCRIPTION
basic.target           loaded active   active Basic System
cryptsetup.target      loaded active   active Encrypted Volumes
emergency.target       loaded inactive dead   Emergency Mode
final.target           loaded inactive dead   Final Step
getty.target           loaded active   active Login Prompts
graphical.target       loaded active   active Graphical Interface
local-fs-pre.target    loaded active   active Local File Systems (Pre)
local-fs.target        loaded active   active Local File Systems
multi-user.target      loaded active   active Multi-User System
network-online.target  loaded inactive dead   Network is Online
network.target         loaded active   active Network
nfs.target             loaded active   active Network File System Server
nss-lookup.target      loaded inactive dead   Host and Network Name Lookups
nss-user-lookup.target loaded inactive dead   User and Group Name Lookups
paths.target           loaded active   active Paths
remote-fs-pre.target   loaded inactive dead   Remote File Systems (Pre)
remote-fs.target       loaded active   active Remote File Systems
rescue.target          loaded inactive dead   Rescue Mode
shutdown.target        loaded inactive dead   Shutdown
slices.target          loaded active   active Slices
sockets.target         loaded active   active Sockets
sound.target           loaded active   active Sound Card
swap.target            loaded active   active Swap
sysinit.target         loaded active   active System Initialization
syslog.target          not-found inactive dead   syslog.target
time-sync.target       loaded inactive dead   System Time Synchronized
timers.target          loaded active   active Timers
umount.target          loaded inactive dead   Unmount All Filesystems

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

28 loaded units listed.
To show all installed unit files use 'systemctl list-unit-files'.

For more information, see the systemctl(1) and systemd.target(5) manual pages.

Changing the Default and Active System-State Targets

Use the systemctl set-default command to change the default system-state target: 

sudo systemctl set-default multi-user.target
sudo rm '/etc/systemd/system/default.target'
sudo ln -s '/usr/lib/systemd/system/multi-user.target' '/etc/systemd/system/default.target'

Note:

This command changes the target to which the default target is linked, but does not change the state of the system.

To change the currently active system target, use the systemctl isolate command: 

sudo systemctl isolate multi-user.target

Listing all of the targets shows that the graphical and sound targets are not active: 

sudo systemctl list-units --type target --all
UNIT                   LOAD   ACTIVE   SUB    DESCRIPTION
basic.target           loaded active   active Basic System
cryptsetup.target      loaded active   active Encrypted Volumes
emergency.target       loaded inactive dead   Emergency Mode
final.target           loaded inactive dead   Final Step
getty.target           loaded active   active Login Prompts
graphical.target       loaded inactive dead   Graphical Interface
local-fs-pre.target    loaded active   active Local File Systems (Pre)
local-fs.target        loaded active   active Local File Systems
multi-user.target      loaded active   active Multi-User System
network-online.target  loaded inactive dead   Network is Online
network.target         loaded active   active Network
nfs.target             loaded active   active Network File System Server
nss-lookup.target      loaded inactive dead   Host and Network Name Lookups
nss-user-lookup.target loaded inactive dead   User and Group Name Lookups
paths.target           loaded active   active Paths
remote-fs-pre.target   loaded inactive dead   Remote File Systems (Pre)
remote-fs.target       loaded active   active Remote File Systems
rescue.target          loaded inactive dead   Rescue Mode
shutdown.target        loaded inactive dead   Shutdown
slices.target          loaded active   active Slices
sockets.target         loaded active   active Sockets
sound.target           loaded inactive dead   Sound Card
swap.target            loaded active   active Swap
sysinit.target         loaded active   active System Initialization
syslog.target          not-found inactive dead   syslog.target
time-sync.target       loaded inactive dead   System Time Synchronized
timers.target          loaded active   active Timers
umount.target          loaded inactive dead   Unmount All Filesystems

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

28 loaded units listed.
To show all installed unit files use 'systemctl list-unit-files'.

For more information, see the systemctl(1) manual page.

Shutting Down, Suspending, and Rebooting the System

The following list describes the systemctl commands that are used to shut down, reboot, or otherwise suspend the operation of a system:

  • systemctl halt: Halt the system.

  • systemctl hibernate: Put the system into hibernation.

  • systemctl hybrid-sleep: Put the system into hibernation and suspend its operration.

  • systemctl poweroff: Halt and power off the system.

  • systemctl reboot: Reboot the system.

  • systemctl suspend: Suspend the system.

For more information, see the systemctl(1) manual page.

Starting and Stopping Services

To start a service, use the systemctl command with the start argument: 

sudo systemctl start sshd

For legacy scripts in the /etc/init.d file that have not been ported as systemd services, you can run the script directly with the start argument, for example: 

/etc/init.d/yum-cron start

To stop a service, use the stop argument to systemctl: 

sudo systemctl stop sshd

Note:

Changing the state of a service only lasts as long as the system remains at the same state. If you stop a service and then change the system-state target to one in which the service is configured to run (for example, by rebooting the system), the service restarts. Similarly, starting a service does not enable the service to start following a reboot. See Enabling and Disabling Services for details.

The systemctl service manager supports the disable, enable, reload, restart, start, status, and stop actions for services. For other actions, you must either run the script that the service provides to support these actions; or, for legacy scripts, the /etc/init.d script with the required action argument. For legacy scripts, omitting the argument to the script displays a usage message, for example: 

/etc/init.d/yum-cron
Usage: /etc/init.d/yum-cron {start|stop|status|restart|reload|force-reload|condrestart}

For more information, see the systemctl(1) manual page.

Enabling and Disabling Services

You can use the systemctl command to enable or disable a service from starting when the system starts, for example: 

sudo systemctl enable httpd
sudo ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'

The previous command enables a service by creating a symbolic link for the lowest-level system-state target at which the service should start. In the example, the command creates the symbolic link httpd.service for the multi-user target.

Disabling a service removes the symbolic link, for example: 

sudo systemctl disable httpd
sudo rm '/etc/systemd/system/multi-user.target.wants/httpd.service'

You can use the is-enabled subcommand to check whether a service is enabled: 

sudo systemctl is-enabled httpd
disabled
sudo systemctl is-enabled nfs
enabled

After running the systemctl disable command, the service can still be started or stopped by user accounts, scripts and other processes. If that is not your desired behavior, use the systemctl mask command to disable the service completely: 

sudo systemctl mask httpd
Created symlink from '/etc/systemd/system/multi-user.target.wants/httpd.service' to '/dev/null'

If you try to run the service, you will see an error message stating that the unit has been masked because the service reference was changed to /dev/null: 

sudo systemctl start httpd
Failed to start httpd.service: Unit is masked.

To re-link the service reference back to the matching service unit configuration file, use the systemctl unmask command: 

sudo systemctl unmask httpd

For more information, see the systemctl(1) manual page.

Displaying the Status of Services

You can use the is-active subcommand to check whether a service is running (active) or not running (inactive): 

sudo systemctl is-active httpd
active
sudo systemctl is-active nfs
inactive

You can use the status action to view a detailed summary of the status of a service, including a tree of all the tasks in the control group (cgroup) that the service implements: 

sudo systemctl status httpd
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
   Active: active (running) since Mon 2014-04-28 15:02:40 BST; 1s ago
 Main PID: 6452 (httpd)
   Status: "Processing requests..."
   CGroup: /system.slice/httpd.service
           ├─6452 /usr/sbin/httpd -DFOREGROUND
           ├─6453 /usr/sbin/httpd -DFOREGROUND
           ├─6454 /usr/sbin/httpd -DFOREGROUND
           ├─6455 /usr/sbin/httpd -DFOREGROUND
           ├─6456 /usr/sbin/httpd -DFOREGROUND
           └─6457 /usr/sbin/httpd -DFOREGROUND

Apr 28 15:02:40 localhost.localdomain systemd[1]: Started The Apache HTTP Ser...
Hint: Some lines were ellipsized, use -l to show in full.

A cgroup is a collection of processes that are bound together so that you can control their access to system resources. In the previous example, the cgroup for the httpd service is httpd.service, which is in the system slice.

Slices divide the cgroups on a system into different categories. To display the slice and cgroup hierarchy, use the systemd-cgls command: 

sudo systemd-cgls
├─1 /usr/lib/systemd/systemd --system --deserialize 17
├─user.slice
│ ├─user-0.slice
│ │ └─session-3.scope
│ │   └─9313 /usr/sbin/anacron -s
│ └─user-1000.slice
│   └─session-5.scope
│     ├─15980 sshd: root [priv]    
│     ├─15983 sshd: root@pts/1     
│     ├─15984 -bash
│     ├─17605 sudo systemd-cgls
│     ├─17607 systemd-cgls
│     └─17608 less
└─system.slice
  ├─rngd.service
  │ └─1042 /sbin/rngd -f
  ├─irqbalance.service
  │ └─1067 /usr/sbin/irqbalance --foreground
  ├─libstoragemgmt.service
  │ └─1057 /usr/bin/lsmd -d
  ├─systemd-udevd.service
  │ └─24714 /usr/lib/systemd/systemd-udevd
  ├─polkit.service
  │ └─1064 /usr/lib/polkit-1/polkitd --no-debug
  ├─chronyd.service
  │ └─1078 /usr/sbin/chronyd
  ├─auditd.service
  │ └─1012 /sbin/auditd
  ├─tuned.service
  │ └─2405 /usr/bin/python2 -Es /usr/sbin/tuned -l -P
  ├─systemd-journald.service
  │ └─820 /usr/lib/systemd/systemd-journald
  ├─atd.service
  │ └─1824 /usr/sbin/atd -f
  ├─sshd.service

system.slice contains services and other system processes, while user.slice contains user processes, which run within transient cgroups called scopes. In the example, the processes for the user with ID 1000 are running in the session-5.scope scope, under the /user.slice/user-1000.slice slice.

You can use the systemctl command to limit the CPU, I/O, memory, and other resources that are available to the processes in service and scope cgroups. See Controlling Access to System Resources.

For more information, see the systemctl(1) and systemd-cgls(1) manual pages.

Controlling Access to System Resources

You use the systemctl command to control a cgroup's access to system resources, for example: 

sudo systemctl set-property httpd.service CPUShares=512 MemoryLimit=1G

CPUShare controls access to CPU resources. As the default value is 1024, a value of 512 halves the access that the processes in the cgroup have to CPU time. Similarly, MemoryLimit controls the maximum amount of memory that the cgroup can use.

Note:

You do not need to specify the .service extension to the name of a service.

If you specify the --runtime option, the setting does not persist across system reboots. 

sudo systemctl --runtime set-property httpd CPUShares=512 MemoryLimit=1G

Alternatively, you can change the resource settings for a service under the [Service] heading in the service's configuration file in /usr/lib/systemd/system. After editing the file, direct systemd to reload its configuration files and then restart the service, as shown in the following example: 

sudo systemctl daemon-reload
sudo systemctl restart service

You can run general commands within scopes and use the systemctl command to control the access that these transient cgroups have to system resources.

To run a command within in a scope, use the systemd-run command: 

sudo systemd-run --scope --unit=group_name [--slice=slice_name] command

If you do not want to create the group under the default system slice, you can specify another slice or the name of a new slice.

Note:

If you do not specify the --scope option, the control group is a created as a service rather than as a scope.

For example, run a command named mymonitor in mymon.scope under myslice.slice: 

sudo systemd-run --scope --unit=mymon --slice=myslice mymonitor
Running as unit mymon.scope.

You can then use the systemctl command to control the access that a scope has to system resources in the same way as for a service. However, unlike a service, you must specify the .scope extension, for example: 

sudo systemctl --runtime set-property mymon.scope CPUShares=256

For more information see the systemctl(1), systemd-cgls(1), and systemd.resource-control(5) manual pages.

Modifying systemd Configuration Files

If you want to change the configuration of systemd, copy the service, target, mount, socket or other file from /usr/lib/systemd/system to /etc/systemd/system and edit this copy of the original file. Note that the version of the file in /etc/systemd/system takes precedence over the version in /usr/lib/systemd/system and is not overwritten when you update a package that touches files in /usr/lib/systemd/system. To make systemd revert to using the original version of the file, either rename or delete the modified copy of the file in /etc/systemd/system.

Running systemctl on a Remote System

If the sshd service is running on a remote Oracle Linux 7 system, you can use the -H option with systemctl to control the system remotely, as shown in the following example: 

sudo systemctl -H root@10.0.0.2 status sshd

root@10.0.0.2's password: password
sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
   Active: active (running) since Fri 2014-05-23 09:27:22 BST; 5h 43min ago
  Process: 1498 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS)
 Main PID: 1524 (sshd)
   CGroup: /system.slice/sshd.service

For more information see the systemctl(1) manual page.