Oracle Cloud Infrastructure Documentation

Service Management in Systemd

Covers systemctl workflows for starting, enabling, monitoring, and customizing systemd services.

Services in an Oracle Linux system are managed by the systemctl subcommand command.

Examples of subcommands are enable, disable, stop, start, restart, reload, and status.

For more information, see the systemctl(1) manual page.

Starting and Stopping Services

Shows the basic systemctl start and systemctl stop commands and explains how state changes persist.

To start a service, use the systemctl start command: 

sudo systemctl start sshd

To stop a service, use the systemctl stop command: 

sudo systemctl stop sshd

Changing the state of a service only lasts while the system remains at the same state.

If you stop a service and then change the system-state target to one in which the service is configured to run (for example, by rebooting the system), the service restarts. Similarly, starting a service doesn't enable the service to start following a reboot. See Enabling and Disabling Services.

Enabling and Disabling Services

Explains how to enable, disable, mask, and unmask services so they start (or stay stopped) across reboots.

You can use the systemctl command to enable or disable a service from starting when the system boots, for example: 

sudo systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

The enable command activates a service by creating a symbolic link for the lowest-level system-state target at which the service starts. In the previous example, the command creates the symbolic link httpd.service for the multi-user target.

Note

To start the service at the same time you enable it, include the --now option in the command. For example: sudo systemctl enable --now httpd

Disabling a service removes the symbolic link: 

sudo systemctl disable httpd
Removed /etc/systemd/system/multi-user.target.wants/httpd.service.

To check whether a service is enabled, use is-enabled subcommand as shown in the following examples: 

systemctl is-enabled httpd
disabled
systemctl is-enabled sshd
enabled

After running the systemctl disable command, the service can still be started or stopped by user accounts, scripts, and other processes.

However, if you need to ensure that the service can't be started inadvertently, for example, by a conflicting service, then use the systemctl mask command as follows:

sudo systemctl mask httpd
Created symlink from '/etc/systemd/system/multi-user.target.wants/httpd.service' to '/dev/null'

The mask command sets the service reference to /dev/null. If you try to start a service that has been masked, you will receive an error as shown in the following example: 

sudo systemctl start httpd
Failed to start httpd.service: Unit is masked.

To relink the service reference back to the matching service unit configuration file, use the systemctl unmask command: 

sudo systemctl unmask httpd

For more information, see the systemctl(1) manual page.

Displaying the Status of Services

Details the systemctl is-active and status commands for checking service health and control groups.

To check whether a service is running, use the is-active subcommand. The output would either be active or inactive, as shown in the following examples: 

systemctl is-active httpd
active
systemctl is-active sshd
inactive

The status subcommand provides a detailed summary of the status of a service, including a tree that displays the tasks in the control group (CGroup) that the service implements: 

systemctl status httpd
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since ...
     Docs: man:httpd.service(8)
 Main PID: 11832 (httpd)
   Status: "Started, listening on: port 80"
    Tasks: 213 (limit: 26213)
   Memory: 32.5M
   CGroup: /system.slice/httpd.service
           ├─11832 /usr/sbin/httpd -DFOREGROUND
           ├─11833 /usr/sbin/httpd -DFOREGROUND
           ├─11834 /usr/sbin/httpd -DFOREGROUND
           ├─11835 /usr/sbin/httpd -DFOREGROUND
           └─11836 /usr/sbin/httpd -DFOREGROUND

Jul 17 00:14:32 Unknown systemd[1]: Starting The Apache HTTP Server...
Jul 17 00:14:32 Unknown httpd[11832]: Server configured, listening on: port 80
Jul 17 00:14:32 Unknown systemd[1]: Started The Apache HTTP Server.

A cgroup is a collection of processes that are bound together so that you can control their access to system resources. In the example, the cgroup for the httpd service is httpd.service, which is in the system slice.

Slices divide the cgroups on a system into different categories. To display the slice and cgroup hierarchy, use the systemd-cgls command: 

systemd-cgls
Control group /:
-.slice
├─user.slice
│ └─user-1000.slice
│   ├─user@1000.service
│   │ └─init.scope
│   │   ├─6488 /usr/lib/systemd/systemd --user
│   │   └─6492 (sd-pam)
│   └─session-7.scope
│     ├─6484 sshd: root [priv]
│     ├─6498 sshd: root@pts/0
│     ├─6499 -bash
│     ├─6524 sudo systemd-cgls
│     ├─6526 systemd-cgls
│     └─6527 less
├─init.scope
│ └─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 16
└─system.slice
  ├─rngd.service
  │ └─1266 /sbin/rngd -f --fill-watermark=0
  ├─irqbalance.service
  │ └─1247 /usr/sbin/irqbalance --foreground
  ├─libstoragemgmt.service
  │ └─1201 /usr/bin/lsmd -d
  ├─systemd-udevd.service
  │ └─1060 /usr/lib/systemd/systemd-udevd
  ├─polkit.service
  │ └─1241 /usr/lib/polkit-1/polkitd --no-debug
  ├─chronyd.service
  │ └─1249 /usr/sbin/chronyd
  ├─auditd.service
  │ ├─1152 /sbin/auditd
  │ └─1154 /usr/sbin/sedispatch
  ├─tuned.service
  │ └─1382 /usr/libexec/platform-python -Es /usr/sbin/tuned -l -P
  ├─systemd-journald.service
  │ └─1027 /usr/lib/systemd/systemd-journald
  ├─atd.service
  │ └─1812 /usr/sbin/atd -f
  ├─sshd.service
  │ └─1781 /usr/sbin/sshd

The system.slice contains services and other system processes. user.slice contains user processes, which run within transient cgroups called scopes.

In the example, the processes for the user with ID 1000 are running in the scope session-7.scope under the slice /user.slice/user-1000.slice.

You can use the systemctl command to limit the CPU, I/O, memory, and other resources that are available to the processes in service and scope cgroups. See Controlling Access to System Resources.

For more information, see the systemctl(1) and systemd-cgls(1) manual pages. Also see Using Systemd to Manage Control Groups.

Controlling Access to System Resources

Shows how to use systemctl set-property and systemd-run to assign CPU and memory limits to services and scopes.

Use the systemctl command to control a cgroup's access to system resources, for example: 

sudo systemctl [--runtime] set-property httpd CPUShares=512 MemoryLimit=1G

CPUShare controls access to CPU resources. As the default value is 1024, a value of 512 halves the access to CPU time that the processes in the cgroup have. Similarly, MemoryLimit controls the maximum amount of memory that the cgroup can use.

Note

You don't need to specify the .service extension to the name of a service.

If you specify the --runtime option, the setting doesn't persist across system reboots.

Alternatively, you can change the resource settings for a service under the [Service] heading in the service's configuration file in /usr/lib/systemd/system. After editing the file, make systemd reload its configuration files and then restart the service: 

sudo systemctl daemon-reload
sudo systemctl restart service

You can run general commands within scopes and use systemctl to control the access that these transient cgroups have to system resources. To run a command within in a scope, use the systemd-run command: 

sudo systemd-run --scope --unit=group_name.scope [--slice=slice_name]

If you don't want to create the group under the default system slice, you can specify another slice or the name of a new slice. The following example runs a command named mymonitor in mymon.scope under myslice.slice: 

sudo systemd-run --scope --unit=mymon.scope --slice=myslice mymonitor
Running as unit mymon.scope.
Note

If you don't specify the --scope option, the control group is a created as a service rather than as a scope.

You can then use systemctl to control the access that a scope has to system resources in the same way as for a service. However, unlike a service, you must specify the .scope extension, for example: 

sudo systemctl --runtime set-property mymon.scope CPUShares=256

For more information see Using Systemd to Manage Control Groups and the systemctl(1), systemd-cgls(1), and systemd.resource-control(5) manual pages.

Creating a User-Based systemd Service

In addition to the system-wide systemd files, systemd enables you to create user-based services that you can run from a user level without requiring root access and privileges. These user-based services are under user control and are configurable independent of system services.

The following are some distinguishing features of user-based systemd services:

  • User-based systemd services are linked with a specific user account.
  • They're created under the associated user's home directory in $HOME/.config/systemd/user/.
  • After these services are enabled, they start when the associated user logs in. This behavior differs from that of enabled systemd services which start when the system boots.

This feature is especially useful when creating Podman container services. For more information about Podman, see Oracle Linux: Podman User's Guide.

To create a user based service:

  1. Create the service's unit file in the $HOME/.config/systemd/user directory, for example: 
    touch $HOME/.config/systemd/user/myservice.service
  2. Open the unit file and specify the values to the options you want to use, such as Description, ExecStart, WantedBy, and so on.
    For reference, see Configurable Options in Service Unit Files and the systemd.service(5) and systemd.unit(5) manual pages.
  3. Enable the service to start automatically when you log in. 
    systemctl --user enable myservice.service
    Note

    When you log out, the service is stopped unless the root user has enabled processes to continue to run for the user.

    See https://docs.oracle.com/en/learn/ol-systemd/ for more information.

  4. Start the service. 
    systemctl --user start myservice.service
  5. Verify that the service is running. 
    systemctl --user status myservice.service

Changing systemd Service Unit Files

Describes how to override packaged unit files and create drop-in snippets under /etc/systemd/system.

To change the configuration of systemd services, copy the files with .service, .target, .mount and .socket extensions from /usr/lib/systemd/system to /etc/systemd/system.

After you have copied the files, you can edit the versions in /etc/systemd/system.

The files in /etc/systemd/system take precedence over the versions in /usr/lib/systemd/system. Files in /etc/systemd/system aren't overwritten when you update a package that touches files in /usr/lib/systemd/system.

To revert to the default systemd configuration for a particular service, you can either rename or delete the copies in /etc/systemd/system.

Another approach for changing the configuration of a service is to create a drop-in file. With this approach, you can preserve the original unit while changing specific parameters of the unit.

Create drop-in files in /etc/systemd/system/unit_name.d/, where the unit_name.d directory is an existing unit, then give the drop-in files a .conf file extension.

For example: /etc/systemd/system/unit_name.d/name_of_drop-in.conf. systemd reads the .conf file and applies the settings to the original unit.

The following sections describe the different parts of a service unit file that you can edit and customize for a system.

About Service Unit Files

Services run based on their corresponding service unit files. A service unit file typically contains the following sections, with each section having its respective defined options that determine how a specific service runs:

[Unit]

Contains information about the service.

[UnitType]:

Contains options that are specific to the unit type of the file. For example, in a service unit file this section is titled [Service] and contains options that are specific to units of the service type, such as ExecStart or StandardOutput.

Only those unit types that offer options specific to their type have such a section.

[Install]

Contains installation information for the specific unit. The information in this section is used by the systemctl enable and systemctl disable commands.

A service unit file might contain the following configurations for a service. 

[Unit]
Description=A test service used to develop a service unit file template

[Service]
Type=simple
StandardOutput=journal
ExecStart=/usr/lib/systemd/helloworld.sh

[Install]
WantedBy=default.target

Configurable Options in Service Unit Files describes some commonly used configured options available under each section. A complete list is also available in the systemd.service(5) and systemd.unit(5) manual pages.

Configurable Options in Service Unit Files

Each of the following lists deals with a separate section of the service unit file.

Description of Options Under [Unit] Section

The following list provides a general overview of the commonly used configurable options available in the [Unit] section of service unit file:

Description

Provides information about the service. The information is displayed when you run the systemctl status command on the unit.

Documentation

Contains a space-separated list of URIs referencing documentation for this unit or its configuration.

After

Configures the unit to only run after the units listed in the option finish starting up.

In the following example, if the file var3.service has the following entry, then it's only started after units var1.service and var2.service have started:

 After=var1.service var2.service
Requires

Configures a unit to have requirement dependencies on other units. If a unit is activated, those listed in its Requires option are also activated.

Wants

A less stringent version of the Requires option. For example, a specific unit can be activated even if one of those listed in its Wants option fails to start.

Description of Options Under [Service] Section

This following list gives a general overview of the commonly used configurable options available in the [Service] section of a service unit file.

Type

Configures the process start-up type for the service unit.

By default, this parameter's value is simple, which indicates that the service's main process is that which is started by the ExecStart parameter.

Typically, if a service's type is simple, then the definition can be omitted from the file.

StandardOutput
Configures the how the service's events are logged. For example, consider a service unit file has the following entry: 
StandardOutput=journal

In the example, the value journal indicates that the events are recorded in the journal, which can be viewed by using the journalctl command.

ExecStart

Specifies the full path and command that starts the service, for example, /usr/bin/npm start.

ExecStop

Specifies the commands to run to stop the service started through ExecStart.

ExecReload

Specifies the commands to run to trigger a configuration reload in the service.

Restart

Configures whether the service is to be restarted when the service process exits, is stopped, or when a timeout is reached.

Note

This option doesn't apply when the process is stopped cleanly by a systemd operation, for example a systemctl stop or systemctl restart. In these cases, the service isn't restarted by this configuration option.
RemainAfterExit

A Boolean value that configures whether the service is to be considered active even when all of its processes have exited. The default value is no.

Description of Options Under [Install] Section

This following list gives a general overview of the commonly used configurable options available in the [Install] section of service unit file.

Alias

A space-separated list of names for a unit.

At installation time, systemctl enable creates symlinks from these names to the unit filename.

Aliases are only effective when the unit is enabled.

RequiredBy

Configures the service to be required by other units.

For example, consider a unit file var1.service that has the following configuration added to it: 

RequiredBy=var2.service var3.service

When var1.service is enabled, both var2.service and var3.service are granted a Requires dependency upon var1.service. This dependency is defined by a symbolic link that's created in the .requires folder of each dependent service (var2.service and var3.service) that points to the var1.service system unit file.

WantedBy

Specifies a list of units that are to be granted a wants dependency upon the service whose file you're editing.

For example, consider a unit file var1.service that has the following configuration added to it: 

WantedBy=var2.service var3.service

When var1.service is enabled, both var2.service and var3.service are granted a Wants dependency upon var1.service. This dependency is defined by a symbolic link that's created in the “.wants” folder of each dependent service (var2.service and var3.service) that points to the system unit file for var1.service.

Also

Lists additional units to install or remove when the unit is installed or removed.

DefaultInstance

The DefaultInstance option applies to template unit files only.

Template unit files enable the creation of multiple units from a single configuration file. The DefaultInstance option specifies the instance for which the unit is enabled if the template is enabled without any explicitly set instance.

Creating a Unit Drop-In File

You can use the systemctl edit command to automatically generate a systemd unit drop-in or unit file for any existing systemd unit. You can use the drop-in file to override base configuration for a unit or to extend the requirements for a unit file.

  1. Run the systemctl edit <unit> command to automatically generate a systemd drop-in file and to open the file in the system default editor.

    For example, to edit the cockpit.socket unit to change the port that the Cockpit web console listens on, you can do the following: 

    sudo systemctl edit cockpit.socket --drop-in=listen.conf

    The --drop-in option lets you specify the file name that's used for the drop-in file. If you don't specify this option, the default file name is set to override.conf.

    The system text editor opens and you can add the lines to override the default configuration:

    [Socket]
ListenStream=
ListenStream=443
    Note

    More configuration outside of systemd is required if you change the default listener port for Cockpit. For example, you might need to change SELinux contexts and firewall configuration.
  2. Save the drop-in file or exit.
    If you save the changes to the drop-in file, the file is automatically installed into /etc/systemd/system/<unit>.d/<drop-in.file>. If you exit out of the editor without saving changes, the file isn't created and no further updates are required.
  3. Reload the systemd daemon configuration. 
    sudo systemctl daemon-reload
  4. Restart the systemd unit that you have updated.

    For example, to restart the cockpit.socket that's used in this example, run: 

    sudo systemctl restart cockpit.socket