Difference between revisions of "Systemd"

Latest revision as of 18:11, 12 August 2018

systemd is a suite of basic building blocks for a Linux system. It provides a system and service manager that runs as PID 1 and starts the rest of the system. systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts include a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users and running containers and virtual machines, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution.

Note: For a detailed explanation of why Arch moved to systemd, see this forum post.

Basic systemctl usage

The main command used to introspect and control systemd is systemctl. Some of its uses are examining the system state and managing the system and services. See systemctl(1) for more details.

Tip:

You can use all of the following systemctl commands with the -H user@host switch to control a systemd instance on a remote machine. This will use SSH to connect to the remote systemd instance.
Plasma users can install systemd-kcm^AUR as a graphical frontend for systemctl. After installing the module will be added under System administration.

Analyzing the system state

Show system status using:

$ systemctl status

List running units:

$ systemctl

or:

$ systemctl list-units

List failed units:

$ systemctl --failed

The available unit files can be seen in /usr/lib/systemd/system/ and /etc/systemd/system/ (the latter takes precedence). List installed unit files with:

$ systemctl list-unit-files

Using units

Units can be, for example, services (.service), mount points (.mount), devices (.device) or sockets (.socket).

When using systemctl, you generally have to specify the complete name of the unit file, including its suffix, for example sshd.socket. There are however a few short forms when specifying the unit in the following systemctl commands:

If you do not specify the suffix, systemctl will assume .service. For example, netctl and netctl.service are equivalent.
Mount points will automatically be translated into the appropriate .mount unit. For example, specifying /home is equivalent to home.mount.
Similar to mount points, devices are automatically translated into the appropriate .device unit, therefore specifying /dev/sda2 is equivalent to dev-sda2.device.

See systemd.unit(5) for details.

Note: Some unit names contain an @ sign (e.g. name@string.service): this means that they are instances of a template unit, whose actual file name does not contain the string part (e.g. name@.service). string is called the instance identifier, and is similar to an argument that is passed to the template unit when called with the systemctl command: in the unit file it will substitute the %i specifier.

To be more accurate, before trying to instantiate the name@.suffix template unit, systemd will actually look for a unit with the exact name@string.suffix file name, although by convention such a "clash" happens rarely, i.e. most unit files containing an @ sign are meant to be templates. Also, if a template unit is called without an instance identifier, it will just fail, since the %i specifier cannot be substituted.

Tip:

Most of the following commands also work if multiple units are specified, see systemctl(1) for more information.
The --now switch can be used in conjunction with enable, disable, and mask to respectively start, stop, or mask immediately the unit rather than after the next boot.
A package may offer units for different purposes. If you just installed a package, pacman -Qql package | grep -Fe .service -e .socket can be used to check and find them.

Start a unit immediately:

# systemctl start unit

Stop a unit immediately:

# systemctl stop unit

Restart a unit:

# systemctl restart unit

Ask a unit to reload its configuration:

# systemctl reload unit

Show the status of a unit, including whether it is running or not:

$ systemctl status unit

Check whether a unit is already enabled or not:

$ systemctl is-enabled unit

Enable a unit to be started on bootup:

# systemctl enable unit

Enable a unit to be started on bootup and Start immediately:

# systemctl enable --now unit

Disable a unit to not start during bootup:

# systemctl disable unit

Mask a unit to make it impossible to start it (both manually and as a dependency, which makes masking dangerous):

# systemctl mask unit

Unmask a unit:

# systemctl unmask unit

Show the manual page associated with a unit (this has to be supported by the unit file):

$ systemctl help unit

Reload systemd manager configuration, scanning for new or changed units:

Note: This does not ask the changed units to reload their own configurations. See reload example above.

# systemctl daemon-reload

Power management

polkit is necessary for power management as an unprivileged user. If you are in a local systemd-logind user session and no other session is active, the following commands will work without root privileges. If not (for example, because another user is logged into a tty), systemd will automatically ask you for the root password.

Shut down and reboot the system:

$ systemctl reboot

Shut down and power-off the system:

$ systemctl poweroff

Suspend the system:

$ systemctl suspend

Put the system into hibernation:

$ systemctl hibernate

Put the system into hybrid-sleep state (or suspend-to-both):

$ systemctl hybrid-sleep

Writing unit files

The syntax of systemd's unit files is inspired by XDG Desktop Entry Specification .desktop files, which are in turn inspired by Microsoft Windows .ini files. Unit files are loaded from multiple locations (to see the full list, run systemctl show --property=UnitPath), but the main ones are (listed from lowest to highest precedence):

/usr/lib/systemd/system/: units provided by installed packages
/etc/systemd/system/: units installed by the system administrator

Note:

The load paths are completely different when running systemd in user mode.
systemd unit names may only contain ASCII alphanumeric characters, underscores and periods. All other characters must be replaced by C-style "\x2d" escapes, or employ their predefined semantics ('@', '-'). See systemd.unit(5) and systemd-escape(1) for more information.

Look at the units installed by your packages for examples, as well as the annotated example section of systemd.service(5).

Tip: Comments prepended with # may be used in unit-files as well, but only in new lines. Do not use end-line comments after systemd parameters or the unit will fail to activate.

Handling dependencies

With systemd, dependencies can be resolved by designing the unit files correctly. The most typical case is that the unit A requires the unit B to be running before A is started. In that case add Requires=B and After=B to the [Unit] section of A. If the dependency is optional, add Wants=B and After=B instead. Note that Wants= and Requires= do not imply After=, meaning that if After= is not specified, the two units will be started in parallel.

Dependencies are typically placed on services and not on #Targets. For example, network.target is pulled in by whatever service configures your network interfaces, therefore ordering your custom unit after it is sufficient since network.target is started anyway.

Service types

There are several different start-up types to consider when writing a custom service file. This is set with the Type= parameter in the [Service] section:

Type=simple (default): systemd considers the service to be started up immediately. The process must not fork. Do not use this type if other services need to be ordered on this service, unless it is socket activated.
Type=forking: systemd considers the service started up once the process forks and the parent has exited. For classic daemons use this type unless you know that it is not necessary. You should specify PIDFile= as well so systemd can keep track of the main process.
Type=oneshot: this is useful for scripts that do a single job and then exit. You may want to set RemainAfterExit=yes as well so that systemd still considers the service as active after the process has exited.
Type=notify: identical to Type=simple, but with the stipulation that the daemon will send a signal to systemd when it is ready. The reference implementation for this notification is provided by libsystemd-daemon.so.
Type=dbus: the service is considered ready when the specified BusName appears on DBus's system bus.
Type=idle: systemd will delay execution of the service binary until all jobs are dispatched. Other than that behavior is very similar to Type=simple.

See the systemd.service(5) man page for a more detailed explanation of the Type values.

Editing provided units

To avoid conflicts with pacman, unit files provided by packages should not be directly edited. There are two safe ways to modify a unit without touching the original file: create a new unit file which overrides the original unit or create drop-in snippets which are applied on top of the original unit. For both methods, you must reload the unit afterwards to apply your changes. This can be done either by editing the unit with systemctl edit (which reloads the unit automatically) or by reloading all units with:

# systemctl daemon-reload

Tip:

You can use systemd-delta to see which unit files have been overridden or extended and what exactly has been changed.
Use systemctl cat unit to view the content of a unit file and all associated drop-in snippets.
The default syntax highlighting for systemd unit files within Vim is the same as for INI files. However, if you want something more systemd-specific, install vim-systemd.

Replacement unit files

To replace the unit file /usr/lib/systemd/system/unit, create the file /etc/systemd/system/unit and reenable the unit to update the symlinks:

# systemctl reenable unit

Alternatively, run:

# systemctl edit --full unit

This opens /etc/systemd/system/unit in your editor (copying the installed version if it does not exist yet) and automatically reloads it when you finish editing.

Note: The replacement units will keep on being used even if Pacman updates the original units in the future. This method makes system maintenance more difficult and therefore the next approach is preferred.

Drop-in files

To create drop-in files for the unit file /usr/lib/systemd/system/unit, create the directory /etc/systemd/system/unit.d/ and place .conf files there to override or add new options. systemd will parse and apply these files on top of the original unit.

The easiest way to do this is to run:

# systemctl edit unit

This opens the file /etc/systemd/system/unit.d/override.conf in your text editor (creating it if necessary) and automatically reloads the unit when you are done editing.

Note: Not all keys can be overridden with drop-in files. For example, for changing Conflicts= a replacement file is necessary.

Revert to vendor version

To revert any changes to a unit made using systemctl edit do:

# systemctl revert unit

Examples

For example, if you simply want to add an additional dependency to a unit, you may create the following file:

/etc/systemd/system/unit.d/customdependency.conf

[Unit]
Requires=new dependency
After=new dependency

As another example, in order to replace the ExecStart directive for a unit that is not of type oneshot, create the following file:

/etc/systemd/system/unit.d/customexec.conf

[Service]
ExecStart=
ExecStart=new command

Note how ExecStart must be cleared before being re-assigned [1]. The same holds for every item that can be specified multiple times, e.g. OnCalendar for timers.

One more example to automatically restart a service:

/etc/systemd/system/unit.d/restart.conf

[Service]
Restart=always
RestartSec=30

Targets

This article or section needs language, wiki syntax or style improvements. See Help:Style for reference.

Reason: Unclear description, copy-pasted content (explicitly mentions "Fedora"). (Discuss in Talk:Systemd#Make section "Targets" more clearly)

systemd uses targets which serve a similar purpose as runlevels but act a little different. Each target is named instead of numbered and is intended to serve a specific purpose with the possibility of having multiple ones active at the same time. Some targets are implemented by inheriting all of the services of another target and adding additional services to it. There are systemd targets that mimic the common SystemVinit runlevels so you can still switch targets using the familiar telinit RUNLEVEL command.

Get current targets

The following should be used under systemd instead of running runlevel:

$ systemctl list-units --type=target

Create custom target

The runlevels that held a defined meaning under sysvinit (i.e., 0, 1, 3, 5, and 6); have a 1:1 mapping with a specific systemd target. Unfortunately, there is no good way to do the same for the user-defined runlevels like 2 and 4. If you make use of those it is suggested that you make a new named systemd target as /etc/systemd/system/your target that takes one of the existing runlevels as a base (you can look at /usr/lib/systemd/system/graphical.target as an example), make a directory /etc/systemd/system/your target.wants, and then symlink the additional services from /usr/lib/systemd/system/ that you wish to enable.

Mapping between SysV runlevels and systemd targets

SysV Runlevel	systemd Target	Notes
0	runlevel0.target, poweroff.target	Halt the system.
1, s, single	runlevel1.target, rescue.target	Single user mode.
2, 4	runlevel2.target, runlevel4.target, multi-user.target	User-defined/Site-specific runlevels. By default, identical to 3.
3	runlevel3.target, multi-user.target	Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.
5	runlevel5.target, graphical.target	Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.
6	runlevel6.target, reboot.target	Reboot
emergency	emergency.target	Emergency shell

Change current target

In systemd targets are exposed via target units. You can change them like this:

# systemctl isolate graphical.target

This will only change the current target, and has no effect on the next boot. This is equivalent to commands such as telinit 3 or telinit 5 in Sysvinit.

Change default target to boot into

The standard target is default.target, which is a symlink to graphical.target. This roughly corresponds to the old runlevel 5.

To verify the current target with systemctl:

# systemctl get-default

To change the default target to boot into, change the default.target symlink. With systemctl:

$ systemctl set-default multi-user.target

Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target.

Alternatively, append one of the following kernel parameters to your bootloader:

systemd.unit=multi-user.target (which roughly corresponds to the old runlevel 3),
systemd.unit=rescue.target (which roughly corresponds to the old runlevel 1).

Default target order

Systemd chooses the default.target according to the following order:

Kernel parameter shown above
Symlink of /etc/systemd/system/default.target
Symlink of /usr/lib/systemd/system/default.target

Temporary files

"systemd-tmpfiles creates, deletes and cleans up volatile and temporary files and directories." It reads configuration files in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/ to discover which actions to perform. Configuration files in the former directory take precedence over those in the latter directory.

Configuration files are usually provided together with service files, and they are named in the style of /usr/lib/tmpfiles.d/program.conf. For example, the Samba daemon expects the directory /run/samba to exist and to have the correct permissions. Therefore, the samba package ships with this configuration:

/usr/lib/tmpfiles.d/samba.conf

D /run/samba 0755 root root

Configuration files may also be used to write values into certain files on boot. For example, if you used /etc/rc.local to disable wakeup from USB devices with echo USBE > /proc/acpi/wakeup, you may use the following tmpfile instead:

/etc/tmpfiles.d/disable-usb-wake.conf

#    Path                  Mode UID  GID  Age Argument
w    /proc/acpi/wakeup     -    -    -    -   USBE

See the systemd-tmpfiles(8) and tmpfiles.d(5) man pages for details.

Note: This method may not work to set options in /sys since the systemd-tmpfiles-setup service may run before the appropriate device modules is loaded. In this case you could check whether the module has a parameter for the option you want to set with modinfo module and set this option with a config file in /etc/modprobe.d. Otherwise you will have to write a udev rule to set the appropriate attribute as soon as the device appears.

Timers

A timer is a unit configuration file whose name ends with .timer and encodes information about a timer controlled and supervised by systemd, for timer-based activation. See systemd/Timers.

Note: Timers can replace cron functionality to a great extent. See systemd/Timers#As a cron replacement.

Mounting

systemd is in charge of mounting the partitions and filesystems specified in /etc/fstab. The systemd-fstab-generator(8) translates all the entries in /etc/fstab into systemd units, this is performed at boot time and whenever the configuration of the system manager is reloaded.

systemd extends the usual fstab capabilities and offers additional mount options. These affect the dependencies of the mount unit, they can for example ensure that a mount is performed only once the network is up or only once another partition is mounted. The full list of specific systemd mount options, typically prefixed with x-systemd., is detailed in systemd.mount(5).

An example of these mount options in the context of automounting, which means mounting only when the resource is required rather than automatically at boot time, is provided in fstab#Automount with systemd.

Journal

systemd has its own logging system called the journal; therefore, running a syslog daemon is no longer required. To read the log, use:

# journalctl

In Arch Linux, the directory /var/log/journal/ is a part of the systemd package, and the journal (when Storage= is set to auto in /etc/systemd/journald.conf) will write to /var/log/journal/. If you or some program delete that directory, systemd will not recreate it automatically and instead will write its logs to /run/systemd/journal in a nonpersistent way. However, the folder will be recreated when you set Storage=persistent and restart systemd-journald.service (or reboot).

Systemd journal classifies messages by Priority level and Facility. Logging classification corresponds to classic Syslog protocol (RFC 5424).

Priority level

A syslog severity code (in systemd called priority) is used to mark the importance of a message RFC 5424 Section 6.2.1.

Value	Severity	Keyword	Description	Examples
0	Emergency	emerg	System is unusable	Severe Kernel BUG, systemd dumped core. This level should not be used by applications.
1	Alert	alert	Should be corrected immediately	Vital subsystem goes out of work. Data loss. `kernel: BUG: unable to handle kernel paging request at ffffc90403238ffc`.
2	Critical	crit	Critical conditions	Crashes, coredumps. Like familiar flash: `systemd-coredump[25319]: Process 25310 (plugin-containe) of user 1000 dumped core` Failure in the system primary application, like X11.
3	Error	err	Error conditions	Not severe error reported: `kernel: usb 1-3: 3:1: cannot get freq at ep 0x84`, `systemd[1]: Failed unmounting /var.`, `libvirtd[1720]: internal error: Failed to initialize a valid firewall backend`).
4	Warning	warning	May indicate that an error will occur if action is not taken.	A non-root file system has only 1GB free. `org.freedesktop. Notifications[1860]: (process:5999): Gtk-WARNING **: Locale not supported by C library. Using the fallback 'C' locale`.
5	Notice	notice	Events that are unusual, but not error conditions.	`systemd[1]: var.mount: Directory /var to mount over is not empty, mounting anyway`. `gcr-prompter[4997]: Gtk: GtkDialog mapped without a transient parent. This is discouraged`.
6	Informational	info	Normal operational messages that require no action.	`lvm[585]: 7 logical volume(s) in volume group "archvg" now active`.
7	Debug	debug	Information useful to developers for debugging the application.	`kdeinit5[1900]: powerdevil: Scheduling inhibition from ":1.14" "firefox" with cookie 13 and reason "screen"`.

If you cannot find a message on the expected priority level, also search a couple of levels above and below: these rules are recommendations, and the developer of the affected application may have a different perception of the issue's importance from yours.

Facility

A syslog facility code is used to specify the type of program that is logging the message RFC 5424 Section 6.2.1.

Facility code	Keyword	Description	Info
0	kern	kernel messages
1	user	user-level messages
2	mail	mail system	Archaic POSIX still supported and sometimes used (for more mail(1))
3	daemon	system daemons	All daemons, including systemd and its subsystems
4	auth	security/authorization messages	Also watch for different facility 10
5	syslog	messages generated internally by syslogd	For syslogd implementations (not used by systemd, see facility 3)
6	lpr	line printer subsystem (archaic subsystem)
7	news	network news subsystem (archaic subsystem)
8	uucp	UUCP subsystem (archaic subsystem)
9		clock daemon	systemd-timesyncd
10	authpriv	security/authorization messages	Also watch for different facility 4
11	ftp	FTP daemon
12	-	NTP subsystem
13	-	log audit
14	-	log alert
15	cron	scheduling daemon
16	local0	local use 0 (local0)
17	local1	local use 1 (local1)
18	local2	local use 2 (local2)
19	local3	local use 3 (local3)
20	local4	local use 4 (local4)
21	local5	local use 5 (local5)
22	local6	local use 6 (local6)
23	local7	local use 7 (local7)

So, useful facilities to watch: 0,1,3,4,9,10,15.

Filtering output

journalctl allows you to filter the output by specific fields. Be aware that if there are many messages to display or filtering of large time span has to be done, the output of this command can be delayed for quite some time.

Tip: While the journal is stored in a binary format, the content of stored messages is not modified. This means it is viewable with strings, for example for recovery in an environment which does not have systemd installed. Example command:

$ strings /mnt/arch/var/log/journal/af4967d77fba44c6b093d0e9862f6ddd/system.journal | grep -i message

Examples:

Show all messages from this boot:
```
# journalctl -b
```
However, often one is interested in messages not from the current, but from the previous boot (e.g. if an unrecoverable system crash happened). This is possible through optional offset parameter of the -b flag: journalctl -b -0 shows messages from the current boot, journalctl -b -1 from the previous boot, journalctl -b -2 from the second previous and so on – you can see the list of boots with their numbers by using journalctl --list-boots. See journalctl(1) for full description, the semantics is much more powerful.
Show all messages from date (and optional time):
```
# journalctl --since="2012-10-30 18:17:16"
```
Show all messages since 20 minutes ago:
```
# journalctl --since "20 min ago"
```
Follow new messages:
```
# journalctl -f
```
Show all messages by a specific executable:
```
# journalctl /usr/lib/systemd/systemd
```
Show all messages by a specific process:
```
# journalctl _PID=1
```
Show all messages by a specific unit:
```
# journalctl -u man-db.service
```
Show kernel ring buffer:
```
# journalctl -k
```
Show only error, critical, and alert priority messages
```
# journalctl -p err..alert
```
Numbers also can be used, journalctl -p 3..1. If single number/keyword used, journalctl -p 3 - all higher priority levels also included.
Show auth.log equivalent by filtering on syslog facility:
```
# journalctl SYSLOG_FACILITY=10
```
If your journal directory (by default located under /var/log/journal) contains huge amount of log data then journalctl can take several minutes in filtering output. You can speed it up significantly by using --file option to force journalctl to look only into most recent journal:
```
# journalctl --file /var/log/journal/*/system.journal -f
```

See journalctl(1), systemd.journal-fields(7), or Lennart's blog post for details.

Tip: By default, journalctl truncates lines longer than screen width, but in some cases, it may be better to enable wrapping instead of truncating. This can be controlled by the SYSTEMD_LESS environment variable, which contains options passed to less (the default pager) and defaults to FRSXMK (see less(1) and journalctl(1) for details).

By omitting the S option, the output will be wrapped instead of truncated. For example, start journalctl as follows:

$ SYSTEMD_LESS=FRXMK journalctl

If you would like to set this behaviour as default, export the variable from ~/.bashrc or ~/.zshrc.

Journal size limit

If the journal is persistent (non-volatile), its size limit is set to a default value of 10% of the size of the underlying file system but capped to 4 GiB. For example, with /var/log/journal/ located on a 20 GiB partition, journal data may take up to 2 GiB. On a 50 GiB partition, it would max at 4 GiB.

The maximum size of the persistent journal can be controlled by uncommenting and changing the following:

/etc/systemd/journald.conf

SystemMaxUse=50M

It is also possible to use the drop-in snippets configuration override mechanism rather than editing the global configuration file. In this case do not forget to place the overrides under the [Journal] header:

/etc/systemd/journald.conf.d/00-journal-size.conf

[Journal]
SystemMaxUse=50M

Restart the systemd-journald.service after changing this setting to immediately apply the new limit.

See journald.conf(5) for more info.

Clean journal files manually

Journal files can be globally removed from /var/log/journal/ using e.g. rm, or can be trimmed according to various criteria using journalctl. Examples:

Remove archived journal files until the disk space they use falls below 100M:
```
# journalctl --vacuum-size=100M
```
Make all journal files contain no data older than 2 weeks.
```
# journalctl --vacuum-time=2weeks
```

See journalctl(1) for more info.

Journald in conjunction with syslog

Compatibility with a classic, non-journald aware syslog implementation can be provided by letting systemd forward all messages via the socket /run/systemd/journal/syslog. To make the syslog daemon work with the journal, it has to bind to this socket instead of /dev/log (official announcement).

The default journald.conf for forwarding to the socket is ForwardToSyslog=no to avoid system overhead, because rsyslog or syslog-ng pull the messages from the journal by itself.

See Syslog-ng#Overview and Syslog-ng#syslog-ng and systemd journal, or rsyslog respectively, for details on configuration.

Forward journald to /dev/tty12

Create a drop-in directory /etc/systemd/journald.conf.d and create a fw-tty12.conf file in it:

/etc/systemd/journald.conf.d/fw-tty12.conf

[Journal]
ForwardToConsole=yes
TTYPath=/dev/tty12
MaxLevelConsole=info

Then restart systemd-journald.service.

Specify a different journal to view

There may be a need to check the logs of another system that is dead in the water, like booting from a live system to recover a production system. In such case, one can mount the disk in e.g. /mnt, and specify the journal path via -D/--directory, like so:

$ journalctl -D /mnt/var/log/journal -xe

Tips and tricks

Running services after the network is up

To delay a service after the network is up, include the following dependencies in the .service file:

/etc/systemd/system/foo.service

[Unit]
...
Wants=network-online.target
After=network-online.target
...

The network wait service of the particular application that manages the network, must also be enabled so that network-online.target properly reflects the network status.

For the ones using NetworkManager, enable NetworkManager-wait-online.service.
If using systemd-networkd, systemd-networkd-wait-online.service is by default enabled automatically whenever systemd-networkd.service has been enabled; check this is the case with systemctl is-enabled systemd-networkd-wait-online.service, there is no other action needed.

For more detailed explanations see Running services after the network is up in the systemd wiki.

Enable installed units by default

This article or section needs expansion.

Reason: How does it work with instantiated units? (Discuss in Talk:Systemd#)

Arch Linux ships with /usr/lib/systemd/system-preset/99-default.preset containing disable *. This causes systemctl preset to disable all units by default, such that when a new package is installed, the user must manually enable the unit.

If this behavior is not desired, simply create a symlink from /etc/systemd/system-preset/99-default.preset to /dev/null in order to override the configuration file. This will cause systemctl preset to enable all units that get installed—regardless of unit type—unless specified in another file in one systemctl preset's configuration directories. User units are not affected. See systemd.preset(5) for more information.

Note: Enabling all units by default may cause problems with packages that contain two or more mutually exclusive units. systemctl preset is designed to be used by distributions and spins or system administrators. In the case where two conflicting units would be enabled, you should explicitly specify which one is to be disabled in a preset configuration file as specified in the manpage for systemd.preset.

Sandboxing application environments

A unit file can be created as a sandbox to isolate applications and their processes within a hardened virtual environment. systemd leverages namespaces, white-/blacklisting of Capabilities, and control groups to container processes through an extensive execution environment configuration.

The enhancement of an existing systemd unit file with application sandboxing typically requires trial-and-error tests accompanied by the generous use of strace, stderr and journalctl error logging and output facilities. You may want to first search upstream documentation for already done tests to base trials on.

Some examples on how sandboxing with systemd can be deployed:

CapabilityBoundingSet defines a whitelisted set of allowed capabilities, but may also be used to blacklist a specific capability for a unit.
- The CAP_SYS_ADM capability, for example, which should be one of the goals of a secure sandbox: CapabilityBoundingSet=~ CAP_SYS_ADM

Troubleshooting

Investigating systemd errors

As an example, we will investigate an error with systemd-modules-load service:

1. Lets find the systemd services which fail to start at boot time:

$ systemctl --state=failed

systemd-modules-load.service   loaded failed failed  Load Kernel Modules

Another way is to live log systemd messages:

$ journalctl -fp err

2. Ok, we found a problem with systemd-modules-load service. We want to know more:

$ systemctl status systemd-modules-load

systemd-modules-load.service - Load Kernel Modules
   Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static)
   Active: failed (Result: exit-code) since So 2013-08-25 11:48:13 CEST; 32s ago
     Docs: man:systemd-modules-load.service(8).
           man:modules-load.d(5)
  Process: 15630 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=1/FAILURE)

If the Process ID is not listed, just restart the failed service with systemctl restart systemd-modules-load

3. Now we have the process id (PID) to investigate this error in depth. Enter the following command with the current Process ID (here: 15630):

$ journalctl _PID=15630

-- Logs begin at Sa 2013-05-25 10:31:12 CEST, end at So 2013-08-25 11:51:17 CEST. --
Aug 25 11:48:13 mypc systemd-modules-load[15630]: Failed to find module 'blacklist usblp'
Aug 25 11:48:13 mypc systemd-modules-load[15630]: Failed to find module 'install usblp /bin/false'

4. We see that some of the kernel module configs have wrong settings. Therefore we have a look at these settings in /etc/modules-load.d/:

$ ls -Al /etc/modules-load.d/

...
-rw-r--r--   1 root root    79  1. Dez 2012  blacklist.conf
-rw-r--r--   1 root root     1  2. Mär 14:30 encrypt.conf
-rw-r--r--   1 root root     3  5. Dez 2012  printing.conf
-rw-r--r--   1 root root     6 14. Jul 11:01 realtek.conf
-rw-r--r--   1 root root    65  2. Jun 23:01 virtualbox.conf
...

5. The Failed to find module 'blacklist usblp' error message might be related to a wrong setting inside of blacklist.conf. Lets deactivate it with inserting a trailing # before each option we found via step 3:

/etc/modules-load.d/blacklist.conf

# blacklist usblp
# install usblp /bin/false

6. Now, try to start systemd-modules-load:

$ systemctl start systemd-modules-load

If it was successful, this should not prompt anything. If you see any error, go back to step 3 and use the new PID for solving the errors left.

If everything is ok, you can verify that the service was started successfully with:

$ systemctl status systemd-modules-load

systemd-modules-load.service - Load Kernel Modules
   Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static)
   Active: active (exited) since So 2013-08-25 12:22:31 CEST; 34s ago
     Docs: man:systemd-modules-load.service(8)
           man:modules-load.d(5)
 Process: 19005 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=0/SUCCESS)
Aug 25 12:22:31 mypc systemd[1]: Started Load Kernel Modules.

Diagnosing boot problems

systemd has several options for diagnosing problems with the boot process. See boot debugging for more general instructions and options to capture boot messages before systemd takes over the boot process. Also see the systemd debugging documentation.

Diagnosing a service

If some systemd service misbehaves or you want to get more information about what is happening, set the SYSTEMD_LOG_LEVEL environment variable to debug. For example, to run the systemd-networkd daemon in debug mode:

Add a drop-in file for the service adding the two lines:

[Service]
Environment=SYSTEMD_LOG_LEVEL=debug

Or equivalently, set the environment variable manually:

# SYSTEMD_LOG_LEVEL=debug /lib/systemd/systemd-networkd

then restart systemd-networkd and watch the journal for the service with the -f/--follow option.

Shutdown/reboot takes terribly long

If the shutdown process takes a very long time (or seems to freeze) most likely a service not exiting is to blame. systemd waits some time for each service to exit before trying to kill it. To find out if you are affected, see this article.

Short lived processes do not seem to log any output

If journalctl -u foounit does not show any output for a short lived service, look at the PID instead. For example, if systemd-modules-load.service fails, and systemctl status systemd-modules-load shows that it ran as PID 123, then you might be able to see output in the journal for that PID, i.e. journalctl -b _PID=123. Metadata fields for the journal such as _SYSTEMD_UNIT and _COMM are collected asynchronously and rely on the /proc directory for the process existing. Fixing this requires fixing the kernel to provide this data via a socket connection, similar to SCM_CREDENTIALS. In short, it is a bug. Keep in mind that immediately failed services might not print anything to the journal as per design of systemd.

Boot time increasing over time

After using systemd-analyze a number of users have noticed that their boot time has increased significantly in comparison with what it used to be. After using systemd-analyze blame NetworkManager is being reported as taking an unusually large amount of time to start.

The problem for some users has been due to /var/log/journal becoming too large. This may have other impacts on performance, such as for systemctl status or journalctl. As such the solution is to remove every file within the folder (ideally making a backup of it somewhere, at least temporarily) and then setting a journal file size limit as described in #Journal size limit.

systemd-tmpfiles-setup.service fails to start at boot

Starting with systemd 219, /usr/lib/tmpfiles.d/systemd.conf specifies ACL attributes for directories under /var/log/journal and, therefore, requires ACL support to be enabled for the filesystem the journal resides on.

See Access Control Lists#Enabling ACL for instructions on how to enable ACL on the filesystem that houses /var/log/journal.

systemd version printed on boot is not the same as installed package version

You need to regenerate your initramfs and the versions should match.

Tip: A pacman hook can be used to automatically regenerate the initramfs every time systemd is upgraded. See this forum thread and Pacman#Hooks.

Disable emergency mode on remote machine

You may want to disable emergency mode on a remote machine, for example, a virtual machine hosted at Azure or Google Cloud. It is because if emergency mode is triggered, the machine will be blocked from connecting to network.

# systemctl mask emergency.service
# systemctl mask emergency.target

@@ Line 1: / Line 1: @@
 {{Lowercase title}}
 [[Category:Daemons and system services]]
-[[Category:Boot process]]
+[[Category:Init]]
+[[ar:Systemd]]
+[[de:Systemd]]
+[[el:Systemd]]
 [[es:Systemd]]
+[[fa:Systemd]]
 [[fr:Systemd]]
 [[it:Systemd]]
+[[ja:Systemd]]
+[[pt:Systemd]]
 [[ru:Systemd]]
-[[zh-CN:Systemd]]
+[[zh-hans:Systemd]]
-{{Article summary start}}
+[[zh-hant:Systemd]]
-{{Article summary text|Covers how to install and configure systemd.}}
+{{Related articles start}}
-{{Article summary heading|Related}}
+{{Related|systemd/User}}
-{{Article summary wiki|systemd/User}}
+{{Related|systemd/Timers}}
-{{Article summary wiki|systemd/Services}}
+{{Related|systemd FAQ}}
-{{Article summary wiki|systemd FAQ}}
+{{Related|init}}
-{{Article summary wiki|init Rosetta}}
+{{Related|Daemons}}
-{{Article summary wiki|udev}}
+{{Related|udev}}
-{{Article summary end}}
+{{Related|Improving performance/Boot process}}
+{{Related|Allow users to shutdown}}
+{{Related articles end}}
 From the [http://freedesktop.org/wiki/Software/systemd project web page]:
-'''''systemd''' is a system and service manager for Linux, compatible with SysV and LSB init scripts. '''systemd''' provides aggressive parallelization capabilities, uses socket and [[D-Bus]] activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux [[cgroups|control groups]], supports snapshotting and restoring of the system state, maintains mount and automount points and implements an elaborate transactional dependency-based service control logic. It can work as a drop-in replacement for [[SysVinit|sysvinit]].''
+:''systemd'' is a suite of basic building blocks for a Linux system. It provides a system and service manager that runs as PID 1 and starts the rest of the system. systemd provides aggressive parallelization capabilities, uses socket and [[D-Bus]] activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux [[control groups]], maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. ''systemd'' supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts include a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users and running containers and virtual machines, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution.
-{{Note|1=For a detailed explanation as to why Arch has moved to systemd, see [https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530 this forum post].}}
+{{Note|1=For a detailed explanation of why Arch moved to ''systemd'', see [https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530 this forum post].}}
-See also the [[Wikipedia:Systemd|Wikipedia article]].
+== Basic systemctl usage  ==
-== Things to consider before you switch ==
+The main command used to introspect and control ''systemd'' is ''systemctl''. Some of its uses are examining the system state and managing the system and services. See {{man|1|systemctl}} for more details.
-* It is highly recommended to switch to the new '''initscripts''' configuration system described in the [[rc.conf|rc.conf article]]. Once you have this configuration established, you will have done most of the work needed to make the switch to systemd.
+{{Tip|
-* Do [http://freedesktop.org/wiki/Software/systemd/ some reading] about systemd.
+* You can use all of the following ''systemctl'' commands with the {{ic|-H ''user''@''host''}} switch to control a ''systemd'' instance on a remote machine. This will use [[SSH]] to connect to the remote ''systemd'' instance.
-* Note the fact that systemd has a '''journal''' system that replaces '''syslog''', although the two can co-exist. See the [[#Journal|section on the journal]] below.
+* [[Plasma]] users can install {{AUR|systemd-kcm}} as a graphical frontend for ''systemctl''. After installing the module will be added under ''System administration''.}}
-* While systemd can replace some of the functionality of '''cron''', '''acpid''', or '''xinetd''', there is no need to switch away from using the traditional daemons unless you want to.
-== Installation ==
+=== Analyzing the system state ===
-Systemd can be installed side-by-side with the regular Arch Linux {{Pkg|initscripts}} package, and they can be toggled by adding/removing the {{ic|1=init=/usr/lib/systemd/systemd}} [[kernel parameters|kernel parameter]].
+Show '''system status''' using:
-=== Mixed systemd/sysvinit/initscripts installation ===
+ $ systemctl status
-It is possible to keep systemd and SysVinit both installed and using the same configuration files so you can move back and forth between them freely:
+'''List running''' units:
-# Move away from the deprecated initscripts configuration format (there should be warnings at boot) to the [[#Native configuration|native systemd configuration files]], and reboot to verify that initscipts work as expected.
+ $ systemctl
-# Install {{Pkg|systemd}} from the [[Official Repositories|official repositories]].
-# Add {{ic|1=init=/usr/lib/systemd/systemd}} to the [[kernel parameters]] in your bootloader.
-# Reboot.
-Systemd will start the daemons listed in {{ic|/etc/rc.conf}} and run {{ic|/etc/rc.local}} and {{ic|/etc/rc.local.shutdown}} on boot/shutdown respectively (see [[#Initscripts emulation]] below). If the legacy support for {{ic|DAEMONS}} in {{ic|rc.conf}} or the scripts in {{ic|rc.local}} is not needed, the corresponding service files can be masked to disable them.
+or:
-If you were starting a login manager (SLiM, GDM, etc.) using {{ic|/etc/inittab}} it will no longer start, because systemd doesn't use {{ic|inittab}}. The wiki page for the [[Login_Manager|login manager]] should tell you how to add it as a systemd service.
+ $ systemctl list-units
-{{Warning|In case you have daemons in the {{ic|DAEMONS}} array which have native systemd service files, the native service files will be used automatically. However, if the names of the rc script and the systemd service file do not match, this will not work and you should make sure that only one of the two (preferably the native one) is enabled.}}
+'''List failed''' units:
-{{Warning|Systemd is an asynchronous starting process, compared to the sequential {{ic|DAEMONS}} startup. In particular, {{ic|network}} being a legacy service, may start too late to enable interfaces which are required by other services. You are advised to move to [[netcfg]] or [[NetworkManager]] before embarking to systemd. }}
+ $ systemctl --failed
-=== Mixed systemd/initscripts installation ===
+The available unit files can be seen in {{ic|/usr/lib/systemd/system/}} and {{ic|/etc/systemd/system/}} (the latter takes precedence). '''List installed''' unit files with:
-It is possible to replace sysvinit with systemd, but keep initscripts around in case there are some rc scripts which do not yet have systemd equivalents (see [[#Initscripts emulation]] below).
+ $ systemctl list-unit-files
-# Follow the instructions for a mixed systemd/sysvinit/initscripts installation.
+=== Using units ===
-# [[#Using Units|Enable daemons]] formerly listed in {{ic|/etc/rc.conf}} with {{ic|systemctl enable ''daemonname''}}. For a translation of the daemons from {{ic|/etc/rc.conf}} to systemd services, see: [[Daemons List|List of Daemons]] and [[Systemd/Services|Services]]. Daemons that do not yet have equivalent systemd service files should be kept in the DAEMONS array so that systemd starts the legacy rc scripts.
-# Install {{Pkg|systemd-sysvcompat}}. This conflicts with {{Pkg|sysvinit}}, and will prompt you to remove it.
-# Remove the {{ic|1=init=...}} entry from the [[kernel parameters]] in your bootloader as {{ic|/sbin/init}} is now a symlink to systemd.
-# Reboot.
-The only difference between this and the keeping sysvinit around is that all the sysvinit binaries are replaced by symlinks to systemctl. However, the functionality should be unchanged.
+Units can be, for example, services (''.service''), mount points (''.mount''), devices (''.device'') or sockets (''.socket'').
-=== Pure systemd installation ===
+When using ''systemctl'', you generally have to specify the complete name of the unit file, including its suffix, for example {{ic|sshd.socket}}. There are however a few short forms when specifying the unit in the following ''systemctl'' commands:
-Finally, it is possible to remove {{pkg|initscripts}} and {{pkg|sysvinit}} entirely and use only systemd.
+* If you do not specify the suffix, systemctl will assume ''.service''. For example, {{ic|netctl}} and {{ic|netctl.service}} are equivalent.
+* Mount points will automatically be translated into the appropriate ''.mount'' unit. For example, specifying {{ic|/home}} is equivalent to {{ic|home.mount}}.
+* Similar to mount points, devices are automatically translated into the appropriate ''.device'' unit, therefore specifying {{ic|/dev/sda2}} is equivalent to {{ic|dev-sda2.device}}.
-# Follow the instructions for a mixed systemd/initscripts installation.
+See {{man|5|systemd.unit}} for details.
-# Make sure there are no longer any daemons being started by the DAEMONS array in {{ic|/etc/rc.conf}} and that {{ic|/etc/rc.local}} and {{ic|/etc/rc.local.shutdown}} are both empty.
-# Remove {{pkg|initscripts}} from your system.
-{{Warning|Do '''not''' remove {{pkg|systemd-sysvcompat}}, as that package is in the {{grp|base}} group.}}
+{{Note|Some unit names contain an {{ic|@}} sign (e.g. {{ic|name@''string''.service}}): this means that they are [http://0pointer.de/blog/projects/instances.html instances] of a ''template'' unit, whose actual file name does not contain the {{ic|''string''}} part (e.g. {{ic|name@.service}}). {{ic|''string''}} is called the ''instance identifier'', and is similar to an argument that is passed to the template unit when called with the ''systemctl'' command: in the unit file it will substitute the {{ic|%i}} specifier.
-=== Supplementary information ===
+To be more accurate, ''before'' trying to instantiate the {{ic|name@.suffix}} template unit, ''systemd'' will actually look for a unit with the exact {{ic|name@string.suffix}} file name, although by convention such a "clash" happens rarely, i.e. most unit files containing an {{ic|@}} sign are meant to be templates. Also, if a template unit is called without an instance identifier, it will just fail, since the {{ic|%i}} specifier cannot be substituted.
+}}
-* If you have {{ic|quiet}} in your kernel parameters, you might want to remove it for your first couple of systemd boots, to assist with identifying any issues during boot.
+{{Tip|
+* Most of the following commands also work if multiple units are specified, see {{man|1|systemctl}} for more information.
+* The {{ic|--now}} switch can be used in conjunction with {{ic|enable}}, {{ic|disable}}, and {{ic|mask}} to respectively start, stop, or mask immediately the unit rather than after the next boot.
+* A package may offer units for different purposes. If you just installed a package, {{ic|pacman -Qql ''package'' <nowiki>|</nowiki> grep -Fe .service -e .socket}} can be used to check and find them.}}
-* Adding your user to [[Users and Groups|groups]] ({{ic|optical}}, {{ic|audio}}, {{ic|scanner}}, etc.) is '''not''' necessary for most use cases with systemd. The groups can even cause some functionality to break. For example, the audio group will break fast user switching and allows applications to block software mixing. Every PAM login provides a logind session, which for a local session will give you permissions via [[Wikipedia:Access control list|POSIX ACLs]] on audio/video devices, and allow certain operations like mounting removable storage via [[udisks]].
+'''Start''' a unit immediately:
-{{Note|Systemd-logind replaced [[ConsoleKit]], which was removed from the repositories, so a system must be booted with systemd to be fully functional. See [https://www.archlinux.org/news/consolekit-replaced-by-logind/ here] for more info.}}
+ # systemctl start ''unit''
-== Native configuration ==
+'''Stop''' a unit immediately:
-{{Note|You may need to create these files. All files should have '''644''' permissions and '''root:root''' ownership.}}
+ # systemctl stop ''unit''
-=== Hostname ===
+'''Restart''' a unit:
-The hostname is configured in {{ic|/etc/hostname}}. The file should not contain the system's domain, if any. To set the hostname, do:
+ # systemctl restart ''unit''
- # hostnamectl set-hostname '''myhostname'''
+Ask a unit to '''reload''' its configuration:
-See {{ic|man 5 hostname}} and {{ic|man 1 hostnamectl}} for details.
+ # systemctl reload ''unit''
-Here is an example file:
+Show the '''status''' of a unit, including whether it is running or not:
-{{hc|/etc/hostname|
-myhostname
-}}
-=== Locale ===
+ $ systemctl status ''unit''
-The default system locale is configured in {{ic|/etc/locale.conf}}. To set the default locale, do:
+'''Check''' whether a unit is already enabled or not:
-  # localectl set-locale LANG="de_DE.utf8"
+  $ systemctl is-enabled ''unit''
-{{Note|Before you set the default locale, you first need to enable locales available to the system by uncommenting them in {{ic|/etc/locale.gen}} and then executing {{ic|locale-gen}} as root. The locale set via {{ic|localectl}} must be one of the '''uncommented''' locales in {{ic|/etc/locale.gen}}.}}
+'''Enable''' a unit to be started on '''bootup''':
-See {{ic|man 1 localectl}} and {{ic|man 5 locale.conf}} for details.
+ # systemctl enable ''unit''
-* For more information, see [[Locale]].
+'''Enable''' a unit to be started on '''bootup''' and '''Start''' immediately:
-Here is an example file:
+ # systemctl enable --now ''unit''
-{{hc|/etc/locale.conf|<nowiki>
-LANG=en_US.utf8
-</nowiki>}}
-=== Virtual console ===
+'''Disable''' a unit to not start during bootup:
-The virtual console (keyboard mapping, console font and console map) is configured in {{ic|/etc/vconsole.conf}}:
+ # systemctl disable ''unit''
-{{hc|/etc/vconsole.conf|2=
+'''Mask''' a unit to make it impossible to start it (both manually and as a dependency, which makes masking dangerous):
-KEYMAP=us
-FONT=lat9w-16
-FONT_MAP=8859-1_to_uni}}
-{{Note|As of {{pkg|systemd-194}}, the built-in ''kernel'' font and the ''us'' keymap are used if {{ic|1=KEYMAP=}} and {{ic|1=FONT=}} are empty or not set.}}
+ # systemctl mask ''unit''
-Another way to set the keyboard mapping (keymap) is doing:
+'''Unmask''' a unit:
-  # localectl set-keymap de
+  # systemctl unmask ''unit''
-This has the advantage that it will also set the same keymap for use in X11.
+Show the '''manual page''' associated with a unit (this has to be supported by the unit file):
-See {{ic|man 1 localectl}} and {{ic|man 5 vconsole.conf}} for details.
+ $ systemctl help ''unit''
-* For more information, see [[Fonts#Console fonts|console fonts]] and [[KEYMAP|keymaps]].
+'''Reload ''systemd'' ''' manager configuration, scanning for '''new or changed units''':
+{{Note|This does not ask the changed units to reload their own configurations. See {{ic|reload}} example above.}}
-=== Time zone ===
+ # systemctl daemon-reload
-The time zone is configured by creating an appropriate {{ic|/etc/localtime}} symlink, pointing to a zoneinfo file under {{ic|/usr/share/zoneinfo/}}. To do this automatically:
+=== Power management ===
- # timedatectl set-timezone America/Toronto
+[[polkit]] is necessary for power management as an unprivileged user. If you are in a local ''systemd-logind'' user session and no other session is active, the following commands will work without root privileges. If not (for example, because another user is logged into a tty), ''systemd'' will automatically ask you for the root password.
-See {{ic|man 1 timedatectl}} and {{ic|man 5 localtime}} for more details.
+Shut down and reboot the system:
-Alternatively, create the symlink yourself:
+ $ systemctl reboot
- # ln -sf ../usr/share/zoneinfo/America/Toronto /etc/localtime
+Shut down and power-off the system:
-=== Hardware clock ===
+ $ systemctl poweroff
-Systemd will use '''UTC''' for the hardware clock by default.
+Suspend the system:
-{{Tip|It is advised to have a [[NTP|Network Time Protocol daemon]] running to keep the system time synchronized with Internet time and the hardware clock.}}
+ $ systemctl suspend
-==== Hardware clock in localtime ====
+Put the system into hibernation:
-If you want to change the hardware clock to use local time ('''STRONGLY DISCOURAGED''') do:
+ $ systemctl hibernate
- # timedatectl set-local-rtc true
+Put the system into hybrid-sleep state (or suspend-to-both):
-If you want to revert to the hardware clock being in UTC, do:
+ $ systemctl hybrid-sleep
- # timedatectl set-local-rtc false
+== Writing unit files ==
-Be warned that, if the hardware clock is set to localtime, dealing with daylight saving time is messy. If the DST changes when your computer is off, your clock will be wrong on next boot ([http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html there is a lot more to it]). Recent kernels set the system time from the RTC directly on boot, assuming that the RTC is in UTC. This means that if the RTC is in local time, then the system time will first be set up wrongly and then corrected shortly afterwards on every boot. This is the root of certain weird bugs (time going backwards is rarely a good thing).
+The syntax of ''systemd'''s [http://www.freedesktop.org/software/systemd/man/systemd.unit.html unit files] is inspired by XDG Desktop Entry Specification ''.desktop'' files, which are in turn inspired by Microsoft Windows ''.ini'' files. Unit files are loaded from multiple locations (to see the full list, run {{ic|1=systemctl show --property=UnitPath}}), but the main ones are (listed from lowest to highest precedence):
-One reason for allowing the RTC to be in local time is to allow dual boot with Windows ([http://blogs.msdn.com/b/oldnewthing/archive/2004/09/02/224672.aspx which uses localtime]). However, Windows is able to deal with the RTC being in UTC with a simple [[Time#UTC in Windows|registry fix]]. There, it is recommended that Windows are changed to use UTC, rather than Linux to use localtime. If you make Windows use UTC, also remember to disable the "Internet Time Update" Windows feature, so that Windows don't mess with the hardware clock, trying to sync it with internet time. You should instead leave touching the RTC and syncing it to internet time to Linux, by enabling an [[NTP]] daemon, as suggested previously.
+* {{ic|/usr/lib/systemd/system/}}: units provided by installed packages
+* {{ic|/etc/systemd/system/}}: units installed by the system administrator
-* For more information, see [[Time]].
+{{Note|
+* The load paths are completely different when running ''systemd'' in [[systemd/User#How it works|user mode]].
+* systemd unit names may only contain ASCII alphanumeric characters, underscores and periods. All other characters must be replaced by C-style "\x2d" escapes, or employ their predefined semantics ('@', '-'). See {{man|5|systemd.unit}} and {{man|1|systemd-escape}} for more information.}}
-=== Kernel modules ===
+Look at the units installed by your packages for examples, as well as the [http://www.freedesktop.org/software/systemd/man/systemd.service.html#Examples annotated example section] of {{man|5|systemd.service}}.
-Today, all necessary module loading is handled automatically by [[udev]], so that, if you don't want/need to use any out-of-tree kernel modules, there is no need to put modules that should be loaded at boot in any config file. However, there are cases where you might want to load an extra module during the boot process, or blacklist another one for your computer to function properly.
+{{Tip|Comments prepended with {{ic|#}} may be used in unit-files as well, but only in new lines. Do not use end-line comments after ''systemd'' parameters or the unit will fail to activate.}}
-==== Extra modules to load at boot ====
+=== Handling dependencies ===
-Extra kernel modules to be loaded during boot are configured as a static list in files under {{ic|/etc/modules-load.d/}}. Each configuration file is named in the style of {{ic|/etc/modules-load.d/<program>.conf}}. Configuration files simply contain a list of kernel module names to load, separated by newlines. Empty lines and lines whose first non-whitespace character is {{ic|#}} or {{ic|;}} are ignored.
+With ''systemd'', dependencies can be resolved by designing the unit files correctly. The most typical case is that the unit ''A'' requires the unit ''B'' to be running before ''A'' is started. In that case add {{ic|1=Requires=''B''}} and {{ic|1=After=''B''}} to the {{ic|[Unit]}} section of ''A''. If the dependency is optional, add {{ic|1=Wants=''B''}} and {{ic|1=After=''B''}} instead. Note that {{ic|1=Wants=}} and {{ic|1=Requires=}} do not imply {{ic|1=After=}}, meaning that if {{ic|1=After=}} is not specified, the two units will be started in parallel.
-{{hc|/etc/modules-load.d/virtio-net.conf|
+Dependencies are typically placed on services and not on [[#Targets]]. For example, {{ic|network.target}} is pulled in by whatever service configures your network interfaces, therefore ordering your custom unit after it is sufficient since {{ic|network.target}} is started anyway.
-# Load virtio-net.ko at boot
-virtio-net}}
-See {{ic|man 5 modules-load.d}} for more details.
+=== Service types ===
-==== Blacklisting ====
+There are several different start-up types to consider when writing a custom service file. This is set with the {{ic|1=Type=}} parameter in the {{ic|[Service]}} section:
-Module blacklisting works the same way as with {{Pkg|initscripts}} since it is actually handled by {{Pkg|kmod}}. See [[Kernel modules#Blacklisting|Module Blacklisting]] for details.
+* {{ic|1=Type=simple}} (default): ''systemd'' considers the service to be started up immediately. The process must not fork. Do not use this type if other services need to be ordered on this service, unless it is socket activated.
+* {{ic|1=Type=forking}}: ''systemd'' considers the service started up once the process forks and the parent has exited. For classic daemons use this type unless you know that it is not necessary. You should specify {{ic|1=PIDFile=}} as well so ''systemd'' can keep track of the main process.
+* {{ic|1=Type=oneshot}}: this is useful for scripts that do a single job and then exit. You may want to set {{ic|1=RemainAfterExit=yes}} as well so that ''systemd'' still considers the service as active after the process has exited.
+* {{ic|1=Type=notify}}: identical to {{ic|1=Type=simple}}, but with the stipulation that the daemon will send a signal to ''systemd'' when it is ready. The reference implementation for this notification is provided by ''libsystemd-daemon.so''.
+* {{ic|1=Type=dbus}}: the service is considered ready when the specified {{ic|BusName}} appears on DBus's system bus.
+* {{ic|1=Type=idle}}: ''systemd'' will delay execution of the service binary until all jobs are dispatched. Other than that behavior is very similar to {{ic|1=Type=simple}}.
-=== Filesystem mounts ===
+See the [http://www.freedesktop.org/software/systemd/man/systemd.service.html#Type= systemd.service(5)] man page for a more detailed explanation of the {{ic|Type}} values.
-The default setup will automatically fsck and mount filesystems before starting services that need them to be mounted. For example, systemd automatically makes sure that remote filesystem mounts like [[NFS]] or [[Samba]] are only started after the network has been set up. Therefore, local and remote filesystem mounts specified in {{ic|/etc/fstab}} should work out of the box.
+=== Editing provided units ===
-See {{ic|man 5 systemd.mount}} for details.
+To avoid conflicts with pacman, unit files provided by packages should not be directly edited. There are two safe ways to modify a unit without touching the original file: create a new unit file which [[#Replacement unit files|overrides the original unit]] or create [[#Drop-in files|drop-in snippets]] which are applied on top of the original unit. For both methods, you must reload the unit afterwards to apply your changes. This can be done either by editing the unit with {{ic|systemctl edit}} (which reloads the unit automatically) or by reloading all units with:
-==== Automount ====
+ # systemctl daemon-reload
-* If you have a large {{ic|/home}} partition, it might be better to allow services that do not depend on {{ic|/home}} to start while {{ic|/home}} is being fsck'ed. This can be achieved by adding the following options to the {{ic|/etc/fstab}} entry of your {{ic|/home}} partition:
+{{Tip|
+* You can use ''systemd-delta'' to see which unit files have been overridden or extended and what exactly has been changed.
+* Use {{ic|systemctl cat ''unit''}} to view the content of a unit file and all associated drop-in snippets.
+* The default syntax highlighting for ''systemd'' unit files within [[Vim]] is the same as for [[Wikipedia:Ini_file|INI files]]. However, if you want something more systemd-specific, install {{Pkg|vim-systemd}}.
+}}
- noauto,x-systemd.automount
+==== Replacement unit files ====
-This will fsck and mount {{ic|/home}} when it is first accessed, and the kernel will buffer all file access to {{ic|/home}} until it is ready.
+To replace the unit file {{ic|/usr/lib/systemd/system/''unit''}}, create the file {{ic|/etc/systemd/system/''unit''}} and ''reenable'' the unit to update the symlinks:
-* The same applies to remote filesystem mounts. If you want them to be mounted only upon access, you will need to use the {{ic|noauto,x-systemd.automount}} parameters. In addition, you can use the {{ic|1=x-systemd.device-timeout=#}} option to specify a timeout in case the network resource is not available.
+ # systemctl reenable ''unit''
-* If you have encrypted filesystems with keyfiles, you can also add the {{ic|noauto}} parameter to the corresponding entries in {{ic|/etc/crypttab}}. Systemd will then not open the encrypted device on boot, but instead wait until it is actually accessed and then automatically open it with the specified keyfile before mounting it. This might save a few seconds on boot if you are using an encrypted RAID device for example, because systemd doesn't have to wait for the device to become available. For example:
+Alternatively, run:
-{{hc|/etc/crypttab|
+ # systemctl edit --full ''unit''
-data /dev/md0 /root/key noauto}}
-==== LVM ====
+This opens {{ic|/etc/systemd/system/''unit''}} in your editor (copying the installed version if it does not exist yet) and automatically reloads it when you finish editing.
-If you have LVM volumes not activated via the [[Mkinitcpio|initramfs]], enable {{ic|lvm.service}} (provided by the {{pkg|lvm2}} package):
+{{Note|The replacement units will keep on being used even if Pacman updates the original units in the future. This method makes system maintenance more difficult and therefore the next approach is preferred.}}
- # systemctl enable lvm
+==== Drop-in files ====
-Similarly, if you have LVM on encrypted devices mounted later during boot (e.g. from {{ic|/etc/crypttab}}), enable {{ic|lvm-on-crypt.service}} (also provided by the {{pkg|lvm2}} package):
+To create drop-in files for the unit file {{ic|/usr/lib/systemd/system/''unit''}}, create the directory {{ic|/etc/systemd/system/''unit''.d/}} and place ''.conf'' files there to override or add new options. ''systemd'' will parse and apply these files on top of the original unit.
- # systemctl enable lvm-on-crypt
+The easiest way to do this is to run:
-=== ACPI power management ===
+ # systemctl edit ''unit''
-Systemd handles some power-related [[Wikipedia:Advanced_Configuration_and_Power_Interface|ACPI]] events. They can be configured via the following options from {{ic|/etc/systemd/logind.conf}}:
+This opens the file {{ic|/etc/systemd/system/''unit''.d/override.conf}} in your text editor (creating it if necessary) and automatically reloads the unit when you are done editing.
-* {{ic|HandlePowerKey}}: specifies which action is invoked when the power key is pressed.
+{{Note|Not all keys can be overridden with drop-in files. For example, for changing {{ic|1=Conflicts=}} a replacement file [https://lists.freedesktop.org/archives/systemd-devel/2017-June/038976.html is necessary].}}
-* {{ic|HandleSuspendKey}}: specifies which action is invoked when the suspend key is pressed.
-* {{ic|HandleHibernateKey}}: specifies which action is invoked when the hibernate key is pressed.
-* {{ic|HandleLidSwitch}}: specifies which action is invoked when the lid is closed.
-The specified action can be one of {{ic|ignore}}, {{ic|poweroff}}, {{ic|reboot}}, {{ic|halt}}, {{ic|suspend}}, {{ic|hibernate}} or {{ic|kexec}}.
+==== Revert to vendor version ====
-If these options are not configured, systemd will use its defaults: {{ic|1=HandlePowerKey=poweroff}}, {{ic|1=HandleSuspendKey=suspend}}, {{ic|1=HandleHibernateKey=hibernate}}, and {{ic|1=HandleLidSwitch=suspend}}.
+To revert any changes to a unit made using {{ic|systemctl edit}} do:
-On systems which run no graphical setup or only a simple window manager like [[i3]] or [[awesome]], this may replace the [[acpid]] daemon which is usually used to react to these ACPI events.
+ # systemctl revert ''unit''
-In the current version of systemd, the {{ic|Handle}} options will apply throughout the system unless they are "inhibited" (temporarily turned off) by a program, such as a power manager inside a desktop environment. If these inhibits are not taken, you can end up with a situation where systemd suspends your system, then when it wakes up the other power manager suspends it again.
+==== Examples ====
-{{Warning|Currently, the power managers in the newest versions of [[KDE]] and [[GNOME]] are the only ones that issue the necessary "inhibited" commands. Until the others do, you will need to set the {{ic|Handle}} options to {{ic|ignore}} if you want your ACPI events to be handled by [[Xfce]], [[acpid]] or other programs. New versions are on the way that will include this functionality.}}
+For example, if you simply want to add an additional dependency to a unit, you may create the following file:
-{{Note|Systemd can also use other suspend backends (such as [[Uswsusp]] or [[TuxOnIce]]), in addition to the default ''kernel'' backend, in order to put the computer to sleep or hibernate.}}
+{{hc|/etc/systemd/system/''unit''.d/customdependency.conf|2=
+[Unit]
+Requires=''new dependency''
+After=''new dependency''
+}}
-==== Sleep hooks ====
+As another example, in order to replace the {{ic|ExecStart}} directive for a unit that is not of type {{ic|oneshot}}, create the following file:
-Systemd does not use [[pm-utils]] to put the machine to sleep when using {{ic|systemctl suspend}} or {{ic|systemctl hibernate}}; [[pm-utils]] hooks, including any [[Pm-utils#Creating_your_own_hooks|custom hooks]], will not be run. However, systemd provides a similar mechanism to run custom scripts on these events. Systemd runs all executables in {{ic|/usr/lib/systemd/system-sleep/}}, passing two arguments to each of them:
+{{hc|/etc/systemd/system/''unit''.d/customexec.conf|2=
+[Service]
+ExecStart=
+ExecStart=''new command''
+}}
-* Argument 1: either {{ic|pre}} or {{ic|post}}, depending on whether the machine is going to sleep or waking up
+Note how {{ic|ExecStart}} must be cleared before being re-assigned [https://bugzilla.redhat.com/show_bug.cgi?id=756787#c9]. The same holds for every item that can be specified multiple times, e.g. {{ic|OnCalendar}} for timers.
-* Argument 2: either {{ic|suspend}} or {{ic|hibernate}}, depending on which is being invoked
-In contrast to [[pm-utils]], systemd will run these scripts concurrently and not one after another.
+One more example to automatically restart a service:
-The output of any custom script will be logged by {{ic|systemd-suspend.service}} or {{ic|systemd-hibernate.service}}. You can see its output in systemd's [[Systemd#Journal|journal]]:
+{{hc|/etc/systemd/system/''unit''.d/restart.conf|2=
- # journalctl -b -u systemd-suspend
+[Service]
+Restart=always
+RestartSec=30
+}}
-Note that you can also use {{ic|sleep.target}}, {{ic|suspend.target}} or {{ic|hibernate.target}} to hook units into the sleep state logic instead of using custom scripts.
+== Targets ==
-An example of a custom sleep script:
+{{Style|Unclear description, copy-pasted content (explicitly mentions "Fedora").|section=Make section "Targets" more clearly}}
-{{hc|/usr/lib/systemd/system-sleep/example.sh|
+''systemd'' uses ''targets'' which serve a similar purpose as [[wikipedia:Runlevel|runlevels]] but act a little different. Each ''target'' is named instead of numbered and is intended to serve a specific purpose with the possibility of having multiple ones active at the same time. Some ''target''s are implemented by inheriting all of the services of another ''target'' and adding additional services to it. There are ''systemd'' ''target''s that mimic the common SystemVinit runlevels so you can still switch ''target''s using the familiar {{ic|telinit RUNLEVEL}} command.
-#!/bin/sh
-case $1/$2 in
-  pre/*)
-    echo "Going to $2..."
-    ;;
-  post/*)
-    echo "Waking up from $2..."
-    ;;
-esac}}
-See {{ic|man 7 systemd.special}} and {{ic|man 8 systemd-sleep}} for more details.
+=== Get current targets ===
-=== Temporary files ===
+The following should be used under ''systemd'' instead of running {{ic|runlevel}}:
-Systemd-tmpfiles uses configuration files in {{ic|/usr/lib/tmpfiles.d/}} and {{ic|/etc/tmpfiles.d/}} to describe the creation, cleaning and removal of volatile and temporary files and directories which usually reside in directories such as {{ic|/run}} or {{ic|/tmp}}. Each configuration file is named in the style of {{ic|/etc/tmpfiles.d/<program>.conf}}. This will also override any files in {{ic|/usr/lib/tmpfiles.d/}} with the same name.
+ $ systemctl list-units --type=target
-tmpfiles are usually provided together with service files to create directories which are expected to exist by certain daemons. For example the [[Samba]] daemon expects the directory {{ic|/var/run/samba}} to exist and to have the correct permissions. The corresponding tmpfile looks like this:
+=== Create custom target ===
-{{hc|/usr/lib/tmpfiles.d/samba.conf|
+The runlevels that held a defined meaning under sysvinit (i.e., 0, 1, 3, 5, and 6); have a 1:1 mapping with a specific ''systemd'' ''target''. Unfortunately, there is no good way to do the same for the user-defined runlevels like 2 and 4. If you make use of those it is suggested that you make a new named ''systemd'' ''target'' as {{ic|/etc/systemd/system/''your target''}} that takes one of the existing runlevels as a base (you can look at {{ic|/usr/lib/systemd/system/graphical.target}} as an example), make a directory {{ic|/etc/systemd/system/''your target''.wants}}, and then symlink the additional services from {{ic|/usr/lib/systemd/system/}} that you wish to enable.
-D /var/run/samba 0755 root root}}
-However, tmpfiles may also be used to write values into certain files on boot. For example, if you use {{ic|/etc/rc.local}} to disable wakeup from USB devices with {{ic|echo USBE > /proc/acpi/wakeup}}, you may use the following tmpfile instead:
+=== Mapping between SysV runlevels and systemd targets ===
-{{hc|/etc/tmpfiles.d/disable-usb-wake.conf|
+{| class="wikitable"
-w /proc/acpi/wakeup - - - - USBE}}
+! SysV Runlevel !! systemd Target !! Notes
+|-
+| 0 || runlevel0.target, poweroff.target || Halt the system.
+|-
+| 1, s, single || runlevel1.target, rescue.target || Single user mode.
+|-
+| 2, 4 || runlevel2.target, runlevel4.target, multi-user.target || User-defined/Site-specific runlevels. By default, identical to 3.
+|-
+| 3 || runlevel3.target, multi-user.target || Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.
+|-
+| 5 || runlevel5.target, graphical.target || Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.
+|-
+| 6 || runlevel6.target, reboot.target || Reboot
+|-
+| emergency || emergency.target || Emergency shell
+|-
+|}
-The tmpfiles method is recommended in this case since systemd doesn't actually support {{ic|/etc/rc.local}}.
+=== Change current target ===
-See {{ic|man 5 tmpfiles.d}} for details.
+In ''systemd'' targets are exposed via ''target units''. You can change them like this:
-=== Units ===
+ # systemctl isolate graphical.target
-A unit configuration file encodes information about a service, a socket, a device, a mount point, an automount point, a swap file or partition, a start-up target, a file system path or a timer controlled and supervised by systemd. The syntax is inspired by XDG Desktop Entry Specification .desktop files, which are in turn inspired by Microsoft Windows .ini files.
+This will only change the current target, and has no effect on the next boot. This is equivalent to commands such as {{ic|telinit 3}} or {{ic|telinit 5}} in Sysvinit.
-See {{ic|man 5 systemd.unit}} for details.
+=== Change default target to boot into ===
-== Transitioning from initscripts to systemd ==
+The standard target is {{ic|default.target}}, which is a symlink to {{ic|graphical.target}}. This roughly corresponds to the old runlevel 5.
-=== Initscripts emulation ===
+To verify the current target with ''systemctl'':
-Integration with Arch's classic configuration is provided by the {{Pkg|initscripts}} package. When {{Pkg|initscripts}} are installed in parallel with systemd, with the system running on systemd, systemd will do the following:
+ # systemctl get-default
-# Parse the {{ic|DAEMONS}} array of {{ic|/etc/rc.conf}} and start all listed daemons at boot
+To change the default target to boot into, change the {{ic|default.target}} symlink. With ''systemctl'':
-# Execute {{ic|/etc/rc.local}} during boot
-# Execute {{ic|/etc/rc.local.shutdown}} during shutdown
-Initscripts emulation is simply meant as a transitional measure to ease users' move to systemd, and '''will eventually go away'''. Native systemd does not rely on {{ic|rc.conf}} centralised configuration, so it is recommended to use [[#Native configuration|native systemd configuration files]], which will take precedence over {{ic|/etc/rc.conf}}.
+{{hc|1=$ systemctl set-default multi-user.target|2=
+Removed /etc/systemd/system/default.target.
+Created symlink /etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target.}}
-{{Note|The recommended way to replace {{ic|/etc/rc.local}} is to write the custom service files for any things you want to run on the system startup. See the corresponding [[#Writing_custom_.service_files|section]].}}
+Alternatively, append one of the following [[kernel parameters]] to your bootloader:
-{{Note|If you disabled {{keypress|Ctrl+Alt+Del}} to reboot in {{ic|/etc/inittab}}, you will have to reconfigure this setting for systemd by running {{ic|systemctl mask ctrl-alt-del.target}} as root.}}
+* {{ic|1=systemd.unit=multi-user.target}} (which roughly corresponds to the old runlevel 3),
+* {{ic|1=systemd.unit=rescue.target}} (which roughly corresponds to the old runlevel 1).
-=== Moving away from the DAEMONS array ===
+=== Default target order ===
-For a pure systemd setup, you should remove the {{ic|/etc/rc.conf}} file entirely and enable services only via {{ic|systemctl}}. For each {{ic|<service_name>}} in the {{ic|DAEMONS}} array in {{ic|/etc/rc.conf}}, run:
+Systemd chooses the {{ic|default.target}} according to the following order:
- # systemctl enable <service_name>
+# Kernel parameter shown above
+# Symlink of {{ic|/etc/systemd/system/default.target}}
+# Symlink of {{ic|/usr/lib/systemd/system/default.target}}
-{{Tip|For a list of commonly used daemons with their initscripts and systemd equivalents, see [[Daemons List|this table]].}}
+== Temporary files ==
-If {{ic|<service_name>.service}} does not exist:
+"''systemd-tmpfiles'' creates, deletes and cleans up volatile and temporary files and directories." It reads configuration files in {{ic|/etc/tmpfiles.d/}} and {{ic|/usr/lib/tmpfiles.d/}} to discover which actions to perform. Configuration files in the former directory take precedence over those in the latter directory.
-* Most probably, systemd uses a different name. For example, {{ic|cronie.service}} replaces the {{ic|crond}} init daemon; {{ic|alsa-store.service}} and {{ic|alsa-restore.service}} replace the {{ic|alsa}} init daemon. Another important instance is the {{ic|network}} daemon, which is replaced with another set of service files (see [[Configuring Network]] for more details.)
+Configuration files are usually provided together with service files, and they are named in the style of {{ic|/usr/lib/tmpfiles.d/''program''.conf}}. For example, the [[Samba]] daemon expects the directory {{ic|/run/samba}} to exist and to have the correct permissions. Therefore, the {{Pkg|samba}} package ships with this configuration:
-* Otherwise, a service file may not be available for systemd. In that case, you'll need to keep {{ic|rc.conf}} to start the service during boot up.
-{{Tip|You may look inside a package that contains daemon start scripts for service names. For instance:
+{{hc|/usr/lib/tmpfiles.d/samba.conf|
- $ pacman -Ql cronie
+D /run/samba 0755 root root}}
- [...]
- cronie /etc/rc.d/crond                            #Daemon initscript listed in the DAEMONS array (unused in a "pure" systemd configuration)
- [...]
- cronie /usr/lib/systemd/system/cronie.service     #Corresponding systemd daemon service
- [...]
-}}
-* Finally, some services do not need to be explicitly enabled by the user. For instance, {{ic|dbus.service}} will automatically be enabled when {{ic|dbus-core}} is installed. {{ic|alsa-store.service}} and {{ic|alsa-restore.service}} are also enabled automatically by systemd. Check the list of available services and their state using the {{ic|systemctl}} command like this: {{ic|systemctl status <service_name>}}.
+Configuration files may also be used to write values into certain files on boot. For example, if you used {{ic|/etc/rc.local}} to disable wakeup from USB devices with {{ic|echo USBE > /proc/acpi/wakeup}}, you may use the following tmpfile instead:
-== Basic systemctl usage  ==
+{{hc|/etc/tmpfiles.d/disable-usb-wake.conf|
+#    Path                  Mode UID  GID  Age Argument
+w    /proc/acpi/wakeup     -    -    -    -   USBE}}
-The main command used to introspect and control systemd is {{ic|systemctl}}. Some of its uses are examining the system state and managing the system and services. See {{ic|man 1 systemctl}} for more details.
+See the {{man|8|systemd-tmpfiles}} and {{man|5|tmpfiles.d}} man pages for details.
-{{Tip|You can use all of the following {{ic|systemctl}} commands with the {{ic|-H <user>@<host>}} switch to control a systemd instance on a remote machine. This will use [[SSH]] to connect to the remote systemd instance.}}
+{{Note|This method may not work to set options in {{ic|/sys}} since the ''systemd-tmpfiles-setup'' service may run before the appropriate device modules is loaded. In this case you could check whether the module has a parameter for the option you want to set with {{ic|modinfo ''module''}} and set this option with a [[Kernel modules#Setting module options|config file in /etc/modprobe.d]]. Otherwise you will have to write a [[Udev#About_udev_rules|udev rule]] to set the appropriate attribute as soon as the device appears.}}
-{{Note|{{ic|systemadm}} is the official graphical frontend for {{ic|systemctl}}. It is provided by the {{AUR|systemd-ui-git}} package from the [[AUR]].}}
+== Timers ==
-=== Analyzing the system state ===
+A timer is a unit configuration file whose name ends with ''.timer'' and encodes information about a timer controlled and supervised by ''systemd'', for timer-based activation. See [[systemd/Timers]].
-List running units:
+{{Note|Timers can replace [[cron]] functionality to a great extent. See [[systemd/Timers#As a cron replacement]].}}
- $ systemctl
+== Mounting ==
-or:
+''systemd'' is in charge of mounting the partitions and filesystems specified in {{ic|/etc/fstab}}. The {{man|8|systemd-fstab-generator}} translates all the entries in {{ic|/etc/fstab}} into systemd units, this is performed at boot time and whenever the configuration of the system manager is reloaded.
- $ systemctl list-units
+''systemd'' extends the usual [[fstab]] capabilities and offers additional mount options. These affect the dependencies of the mount unit, they can for example ensure that a mount is performed only once the network is up or only once another partition is mounted. The full list of specific ''systemd'' mount options, typically prefixed with {{ic|x-systemd.}}, is detailed in {{man|5|systemd.mount|FSTAB}}.
-List failed units:
+An example of these mount options in the context of ''automounting'', which means mounting only when the resource is required rather than automatically at boot time, is provided in [[fstab#Automount with systemd]].
- $ systemctl --failed
+== Journal ==
-The available unit files can be seen in {{ic|/usr/lib/systemd/system/}} and {{ic|/etc/systemd/system/}} (the latter takes precedence). You can see list installed unit files by:
+''systemd'' has its own logging system called the journal; therefore, running a {{ic|syslog}} daemon is no longer required. To read the log, use:
-  $ systemctl list-unit-files
+  # journalctl
-=== Using units ===
+In Arch Linux, the directory {{ic|/var/log/journal/}} is a part of the {{Pkg|systemd}} package, and the journal (when {{ic|1=Storage=}} is set to {{ic|auto}} in {{ic|/etc/systemd/journald.conf}}) will write to {{ic|/var/log/journal/}}.  If you or some program delete that directory, ''systemd'' will '''not''' recreate it automatically and instead will write its logs to {{ic|/run/systemd/journal}} in a nonpersistent way. However, the folder will be recreated when you set {{ic|1=Storage=persistent}} and [[restart]] {{ic|systemd-journald.service}} (or reboot).
-Units can be, for example, services ({{ic|.service}}), mount points ({{ic|.mount}}), devices ({{ic|.device}}) or sockets ({{ic|.socket}}).
+Systemd journal classifies messages by [[#Priority level|Priority level]] and [[#Facility|Facility]]. Logging classification corresponds to classic [[wikipedia:Syslog|Syslog]] protocol ([https://tools.ietf.org/html/rfc5424 RFC 5424]).
-When using {{ic|systemctl}}, you generally have to specify the complete name of the unit file, including its suffix, for example {{ic|sshd.socket}}. There are however a few shortforms when specifying the unit in the following {{ic|systemctl}} commands:
+===Priority level===
-* If you don't specify the suffix, systemctl will assume {{ic|.service}}. For example, {{ic|netcfg}} and {{ic|netcfg.service}} are treated equivalent.
+A syslog severity code (in systemd called priority) is used to mark the importance of a message [https://tools.ietf.org/html/rfc5424#section-6.2.1 RFC 5424 Section 6.2.1].
-* Mount points will automatically be translated into the appropriate {{ic|.mount}} unit. For example, specifying {{ic|/home}} is equivalent to {{ic|home.mount}}.
-* Similiar to mount points, devices are automatically translated into the appropriate {{ic|.device}} unit, therefore specifying {{ic|/dev/sda2}} is equivalent to {{ic|dev-sda2.device}}.
-See {{ic|man systemd.unit}} for details.
+{| class="wikitable"
+|-
+! Value !! Severity !! Keyword  !! Description || Examples
+|-
+| 0 || Emergency || emerg || System is unusable || Severe Kernel BUG, systemd dumped core.<br>This level should not be used by applications.
+|-
+| 1 || Alert || alert || Should be corrected immediately || Vital subsystem goes out of work. Data loss. <br>{{ic|kernel: BUG: unable to handle kernel paging request at ffffc90403238ffc|}}.
+|-
+| 2 || Critical || crit || Critical conditions || Crashes, coredumps. Like familiar flash:<br>{{ic|systemd-coredump[25319]: Process 25310 (plugin-containe) of user 1000 dumped core}}<br>Failure in the system primary application, like X11.
+|-
+| 3 || Error || err || Error conditions || Not severe error reported:<br>{{ic|kernel: usb 1-3: 3:1: cannot get freq at ep 0x84}},<br>{{ic|systemd[1]: Failed unmounting /var.}},<br>{{ic|libvirtd[1720]: internal error: Failed to initialize a valid firewall backend}}).
+|-
+| 4 || Warning || warning || May indicate that an error will occur if action is not taken. ||  A non-root file system has only 1GB free.<br>{{ic|org.freedesktop. Notifications[1860]: (process:5999): Gtk-WARNING **: Locale not supported by C library. Using the fallback 'C' locale}}.
+|-
+| 5 || Notice || notice || Events that are unusual, but not error conditions. || {{ic|systemd[1]: var.mount: Directory /var to mount over is not empty, mounting anyway}}. {{ic|gcr-prompter[4997]: Gtk: GtkDialog mapped without a transient parent. This is discouraged}}.
+|-
+| 6 || Informational || info ||  Normal operational messages that require no action. || {{ic|lvm[585]:   7 logical volume(s) in volume group "archvg" now active}}.
+|-
+| 7 || Debug || debug || Information useful to developers for debugging the application. || {{ic|kdeinit5[1900]: powerdevil: Scheduling inhibition from ":1.14" "firefox" with cookie 13 and reason "screen"}}.
+|}
-Activate a unit immediately:
+If you cannot find a message on the expected priority level, also search a couple of levels above and below: these rules are recommendations, and the developer of the affected application may have a different perception of the issue's importance from yours.
- # systemctl start <unit>
+===Facility===
-Deactivate a unit immediately:
+A syslog facility code is used to specify the type of program that is logging the message [https://tools.ietf.org/html/rfc5424#section-6.2.1 RFC 5424 Section 6.2.1].
-  # systemctl stop <unit>
+{| class="wikitable"
+! Facility code !! Keyword !! Description !! Info
+|-
+| 0 || kern || kernel messages
+|-
+| 1 || user || user-level messages
+|-
+| 2 || mail || mail system || Archaic POSIX still supported and sometimes used (for more {{man|1|mail}})
+|-
+| 3 || daemon || system daemons || All daemons, including systemd and its subsystems
+|-
+| 4 || auth || security/authorization messages || Also watch for different facility 10
+|-
+| 5 || syslog || messages generated internally by syslogd || For syslogd implementations (not used by systemd, see facility 3)
+|-
+| 6 || lpr || line printer subsystem (archaic subsystem)
+|-
+| 7 || news || network news subsystem (archaic subsystem)
+|-
+| 8 || uucp || UUCP subsystem (archaic subsystem)
+|-
+| 9 || || clock daemon || systemd-timesyncd
+|-
+| 10 || authpriv || security/authorization messages || Also watch for different facility 4
+|-
+| 11 || ftp || FTP daemon
+|-
+| 12 || - || NTP subsystem
+|-
+| 13 || - || log audit
+|-
+| 14 || - || log alert
+|-
+| 15 || cron || scheduling daemon
+|-
+| 16 || local0 || local use 0  (local0)
+|-
+| 17 || local1 || local use 1  (local1)
+|-
+| 18 || local2 || local use 2  (local2)
+|-
+| 19 || local3 || local use 3  (local3)
+|-
+| 20 || local4 || local use 4  (local4)
+|-
+| 21 || local5 || local use 5  (local5)
+|-
+| 22 || local6 || local use 6  (local6)
+|-
+| 23 || local7 || local use 7  (local7)
+|}
-Restart a unit:
+So, useful facilities to watch: 0,1,3,4,9,10,15.
- # systemctl restart <unit>
+=== Filtering output ===
-Ask a unit to reload its configuration:
+''journalctl'' allows you to filter the output by specific fields. Be aware that if there are many messages to display or filtering of large time span has to be done, the output of this command can be delayed for quite some time.
- # systemctl reload <unit>
+{{Tip|While the journal is stored in a binary format, the content of stored messages is not modified. This means it is viewable with ''strings'', for example for recovery in an environment which does not have ''systemd'' installed. Example command:
+{{bc|$ strings /mnt/arch/var/log/journal/af4967d77fba44c6b093d0e9862f6ddd/system.journal <nowiki>| grep -i</nowiki> ''message''}}
+}}
-Show the status of a unit, including whether it is running or not:
+Examples:
- $ systemctl status <unit>
+* Show all messages from this boot: {{bc|# journalctl -b}} However, often one is interested in messages not from the current, but from the previous boot (e.g. if an unrecoverable system crash happened). This is possible through optional offset parameter of the {{ic|-b}} flag: {{ic|journalctl -b -0}} shows messages from the current boot, {{ic|journalctl -b -1}} from the previous boot, {{ic|journalctl -b -2}} from the second previous and so on – you can see the list of boots with their numbers by using {{ic|journalctl --list-boots}}. See {{man|1|journalctl}} for full description, the semantics is much more powerful.
+* Show all messages from date (and optional time): {{bc|1=# journalctl --since="2012-10-30 18:17:16"}}
+* Show all messages since 20 minutes ago: {{bc|1=# journalctl --since "20 min ago"}}
+* Follow new messages: {{bc|# journalctl -f}}
+* Show all messages by a specific executable: {{bc|# journalctl /usr/lib/systemd/systemd}}
+* Show all messages by a specific process: {{bc|1=# journalctl _PID=1}}
+* Show all messages by a specific unit: {{bc|# journalctl -u man-db.service}}
+* Show kernel ring buffer: {{bc|1=# journalctl -k}}
+* Show only error, critical, and alert priority messages {{bc|# journalctl -p err..alert}} Numbers also can be used, {{ic|journalctl -p 3..1}}. If single number/keyword used, {{ic|journalctl -p 3}} - all higher priority levels also included.
+* Show auth.log equivalent by filtering on syslog facility: {{bc|1=# journalctl SYSLOG_FACILITY=10}}
+* If your journal directory (by default located under {{ic|/var/log/journal}}) contains huge amount of log data then {{ic|journalctl}} can take several minutes in filtering output. You can speed it up significantly by using {{ic|--file}} option to force {{ic|journalctl}} to look only into most recent journal: {{bc|# journalctl --file /var/log/journal/*/system.journal -f}}
-Check whether a unit is already enabled or not:
+See {{man|1|journalctl}}, {{man|7|systemd.journal-fields}}, or Lennart's [http://0pointer.de/blog/projects/journalctl.html blog post] for details.
- $ systemctl is-enabled <unit>
+{{Tip|1=
+By default, ''journalctl'' truncates lines longer than screen width, but in some cases, it may be better to enable wrapping instead of truncating. This can be controlled by the {{ic|SYSTEMD_LESS}} [[environment variable]], which contains options passed to [[Core utilities#less|less]] (the default pager) and defaults to {{ic|FRSXMK}} (see {{man|1|less}} and {{man|1|journalctl}} for details).
-Enable a unit to be started on bootup:
+By omitting the {{ic|S}} option, the output will be wrapped instead of truncated. For example, start ''journalctl'' as follows:
-  # systemctl enable <unit>
+  $ SYSTEMD_LESS=FRXMK journalctl
-{{Note|If services do not have an {{ic|Install}} section, it usually means they are called automatically by other services. But if you need to install them manually, use the following command, replacing {{ic|foo}} with the name of the service.
+If you would like to set this behaviour as default, [[Environment variables#Per_user|export]] the variable from {{ic|~/.bashrc}} or {{ic|~/.zshrc}}.
- # ln -s /usr/lib/systemd/system/''foo''.service /etc/systemd/system/graphical.target.wants/
 }}
-Disable a unit to not start during bootup:
+=== Journal size limit ===
- # systemctl disable <unit>
+If the journal is persistent (non-volatile), its size limit is set to a default value of 10% of the size of the underlying file system but capped to 4 GiB. For example, with {{ic|/var/log/journal/}} located on a 20 GiB partition, journal data may take up to 2 GiB. On a 50 GiB partition, it would max at 4 GiB.
-Show the manual page associated with a unit (this has to be supported by the unit file):
+The maximum size of the persistent journal can be controlled by uncommenting and changing the following:
- $ systemctl help <unit>
+{{hc|/etc/systemd/journald.conf|2=
+SystemMaxUse=50M
+}}
-=== Power management ===
+It is also possible to use the drop-in snippets configuration override mechanism rather than editing the global configuration file. In this case do not forget to place the overrides under the {{ic|[Journal]}} header:
-If you are in a local {{ic|systemd-logind}} user session and no other session is active, the following commands will work without root privileges. If not (for example, because another user is logged into a tty), systemd will automatically ask you for the root password.
+{{hc|/etc/systemd/journald.conf.d/00-journal-size.conf|2=
+[Journal]
+SystemMaxUse=50M
+}}
-Shut down and reboot the system:
+[[Restart]] the {{ic|systemd-journald.service}} after changing this setting to immediately apply the new limit.
- $ systemctl reboot
+See {{man|5|journald.conf}} for more info.
-Shut down and power-off the system:
- $ systemctl poweroff
+=== Clean journal files manually ===
-Shut down and halt the system:
+Journal files can be globally removed from {{ic|/var/log/journal/}} using ''e.g.'' {{ic|rm}}, or can be trimmed according to various criteria using {{ic|journalctl}}. Examples:
- $ systemctl halt
+* Remove archived journal files until the disk space they use falls below 100M: {{bc|1=# journalctl --vacuum-size=100M}}
+* Make all journal files contain no data older than 2 weeks. {{bc|1=# journalctl --vacuum-time=2weeks}}
-Suspend the system:
+See {{man|1|journalctl}} for more info.
- $ systemctl suspend
+=== Journald in conjunction with syslog ===
-Put the system into hibernation:
+Compatibility with a classic, non-journald aware [[Syslog-ng|syslog]] implementation can be provided by letting ''systemd'' forward all messages via the socket {{ic|/run/systemd/journal/syslog}}. To make the syslog daemon work with the journal, it has to bind to this socket instead of {{ic|/dev/log}} ([http://lwn.net/Articles/474968/ official announcement]).
- $ systemctl hibernate
+The default {{ic|journald.conf}} for forwarding to the socket is {{ic|1=ForwardToSyslog=no}} to avoid system overhead, because [[rsyslog]] or [[syslog-ng]] pull the messages from the journal by [http://lists.freedesktop.org/archives/systemd-devel/2014-August/022295.html#journald itself].
-== Running DEs under systemd ==
+See [[Syslog-ng#Overview]] and [[Syslog-ng#syslog-ng and systemd journal]], or [[rsyslog]] respectively, for details on configuration.
-To enable graphical login, run your preferred [[Display Manager]] daemon (e.g. [[KDM]]). At the moment, service files exist for [[GDM]], [[KDM]], [[SLiM]], [[XDM]], [[LXDM]] and [[LightDM]].
+=== Forward journald to /dev/tty12 ===
- # systemctl enable kdm
+Create a [[#Editing provided units|drop-in directory]] {{ic|/etc/systemd/journald.conf.d}} and create a {{ic|fw-tty12.conf}} file in it:
-This should work out of the box. If not, you might have a {{ic|default.target}} set manually or from a older install:
+{{hc|1=/etc/systemd/journald.conf.d/fw-tty12.conf|2=
+[Journal]
+ForwardToConsole=yes
+TTYPath=/dev/tty12
+MaxLevelConsole=info
+}}
-{{hc|# ls -l /etc/systemd/system/default.target|
+Then [[restart]] {{ic|systemd-journald.service}}.
-/etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target}}
-Simply delete the symlink and systemd will use its stock {{ic|default.target}} (i.e. {{ic|graphical.target}}).
+=== Specify a different journal to view ===
+There may be a need to check the logs of another system that is dead in the water, like booting from a live system to recover a production system. In such case, one can mount the disk in e.g. {{ic|/mnt}}, and specify the journal path via {{ic|-D}}/{{ic|--directory}}, like so:
-  # rm /etc/systemd/system/default.target
+  $ journalctl -D ''/mnt''/var/log/journal -xe
-=== Using systemd-logind ===
+== Tips and tricks ==
-{{Note|As of 2012-10-30, [[ConsoleKit]] has been [https://www.archlinux.org/news/consolekit-replaced-by-logind/ replaced by systemd-logind] as the default mechanism to login to the DE.}}
+=== Running services after the network is up ===
-In order to check the status of your user session, you can use {{ic|loginctl}}. All [[PolicyKit]] actions like suspending the system or mounting external drives will work out of the box.
+To delay a service after the network is up, include the following dependencies in the ''.service'' file:
- $ loginctl show-session $XDG_SESSION_ID
-== Writing custom .service files ==
-=== Handling dependencies ===
-With systemd, dependencies can be resolved by designing the unit files correctly. The most typical case is that the unit {{ic|A}} requires the unit {{ic|B}} to be running before {{ic|A}} is started. In that case add {{ic|1=Requires=B}} and {{ic|1=After=B}} to the {{ic|[Unit]}} section of {{ic|A}}. If the dependency is optional, add {{ic|1=Wants=B}} and {{ic|1=After=B}} instead. Note that {{ic|1=Wants=}} and {{ic|1=Requires=}} do not imply {{ic|1=After=}}, meaning that if {{ic|1=After=}} is not specified, the two units will be started in parallel.
-Dependencies are typically placed on services and not on targets. For example, {{ic|network.target}} is pulled in by whatever service configures your network interfaces, therefore ordering your custom unit after it is sufficient since {{ic|network.target}} is started anyway.
-=== Type ===
-There are several different start-up types to consider when writing a custom service file. This is set with the {{ic|1=Type=}} parameter in the {{ic|[Service]}} section. See {{ic|man systemd.service}} for a more detailed explanation.
-* {{ic|1=Type=simple}}: systemd considers the service to be started up immediately. The process must not fork. Do not use this type if other services need to be ordered on this service, unless it is socket activated.
-* {{ic|1=Type=forking}}: systemd considers the service started up once the process forks and the parent has exited. For classic daemons use this type unless you know that it is not necessary. You should specify {{ic|1=PIDFile=}} as well so systemd can keep track of the main process.
-* {{ic|1=Type=oneshot}}: This is useful for scripts that do a single job and then exit. You may want to set {{ic|1=RemainAfterExit=}} as well so that systemd still considers the service as active after the process has exited.
-* {{ic|1=Type=notify}}: Identical to {{ic|1=Type=simple}}, but with the stipulation that the daemon will send a signal to systemd when it is ready. The reference implementation for this notification is provided by {{ic|libsystemd-daemon.so}}.
-* {{ic|1=Type=dbus}}: The service is considered ready when the specified {{ic|BusName}} appears on DBus's system bus.
-=== Replacing provided unit files ===
-The unit files in {{ic|/etc/systemd/system/}} take precedence over the ones in {{ic|/usr/lib/systemd/system/}}.
-To make your own version of a unit (which will not be destroyed by an upgrade), copy the old unit file from {{ic|/usr/lib/}} to {{ic|/etc/}} and make your changes there. Alternatively you can use {{ic|.include}} to parse an existing service file and then override or add new options. For example, if you simply want to add an additional dependency to a service file, you may use:
-{{hc|/etc/systemd/system/<service-name>.service|2=
-.include /usr/lib/systemd/system/<service-name>.service
+{{hc|/etc/systemd/system/''foo''.service|2=
 [Unit]
-Requires=<new dependency>
+...
-After=<new dependency>}}
+'''Wants=network-online.target'''
+'''After=network-online.target'''
+...
+}}
-Then run the following for your changes to take effect:
+The network wait service of the particular application that manages the network, must also be enabled so that {{ic|network-online.target}} properly reflects the network status.
+* For the ones using [[NetworkManager]], [[enable]] {{ic|NetworkManager-wait-online.service}}.
+* If using [[systemd-networkd]], {{ic|systemd-networkd-wait-online.service}} is by default enabled automatically whenever {{ic|systemd-networkd.service}} has been enabled; check this is the case with {{ic|systemctl is-enabled systemd-networkd-wait-online.service}}, there is no other action needed.
- # systemctl reenable <unit>
+For more detailed explanations see [https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ Running services after the network is up] in the systemd wiki.
- # systemctl restart <unit>
-{{Tip|You can use {{ic|systemd-delta}} to see which unit files have been overridden and what exactly has been changed.}}
+=== Enable installed units by default ===
-=== Syntax highlighting for units within Vim ===
+{{Expansion|How does it work with instantiated units?}}
-Syntax highlighting for systemd unit files within [[Vim]] can be enabled by installing {{AUR|vim-systemd}} from the [[Arch User Repository|AUR]].
+Arch Linux ships with {{ic|/usr/lib/systemd/system-preset/99-default.preset}} containing {{ic|disable *}}. This causes ''systemctl preset'' to disable all units by default, such that when a new package is installed, the user must manually enable the unit.
-== Targets ==
+If this behavior is not desired, simply create a symlink from {{ic|/etc/systemd/system-preset/99-default.preset}} to {{ic|/dev/null}} in order to override the configuration file. This will cause ''systemctl preset'' to enable all units that get installed—regardless of unit type—unless specified in another file in one ''systemctl preset'''s configuration directories. User units are not affected. See {{man|5|systemd.preset}} for more information.
-Systemd uses ''targets'' which serve a similar purpose as runlevels but act a little different. Each ''target'' is named instead of numbered and is intended to serve a specific purpose with the possibility of having multiple ones active at the same time. Some ''targets'' are implemented by inheriting all of the services of another ''target'' and adding additional services to it. There are systemd ''target''s that mimic the common SystemVinit runlevels so you can still switch ''target''s using the familiar {{ic|telinit RUNLEVEL}} command.
+{{Note|Enabling all units by default may cause problems with packages that contain two or more mutually exclusive units. ''systemctl preset'' is designed to be used by distributions and spins or system administrators. In the case where two conflicting units would be enabled, you should explicitly specify which one is to be disabled in a preset configuration file as specified in the manpage for {{ic|systemd.preset}}.}}
-=== Get current targets ===
+=== Sandboxing application environments ===
+A unit file can be created as a sandbox to isolate applications and their processes within a hardened virtual environment. systemd leverages [[wikipedia:Linux_namespaces|namespaces]], white-/blacklisting of [[Capabilities]], and [[control groups]] to container processes through an extensive [https://www.freedesktop.org/software/systemd/man/systemd.exec.html execution environment configuration].
-The following should be used under systemd instead of {{ic|runlevel}}:
+The enhancement of an existing systemd unit file with application sandboxing typically requires trial-and-error tests accompanied by the generous use of {{Pkg|strace}}, [[wikipedia:Standard_streams#Standard_error_.28stderr.29|stderr]] and [https://www.freedesktop.org/software/systemd/man/journalctl.html journalctl] error logging and output facilities. You may want to first search upstream documentation for already done tests to base trials on.
- $ systemctl list-units --type=target
+Some examples on how sandboxing with systemd can be deployed:
+* {{Ic|CapabilityBoundingSet}} defines a whitelisted set of allowed capabilities, but may also be used to blacklist a specific capability for a unit.
+** The {{Ic|CAP_SYS_ADM}} capability, for example, which should be one of the [https://lwn.net/Articles/486306/ goals of a secure sandbox]: {{ic|1=CapabilityBoundingSet=~ CAP_SYS_ADM}}
-=== Create custom target ===
+== Troubleshooting ==
-The runlevels that are assigned a specific purpose on vanilla Fedora installs; 0, 1, 3, 5, and 6; have a 1:1 mapping with a specific systemd ''target''. Unfortunately, there is no good way to do the same for the user-defined runlevels like 2 and 4. If you make use of those it is suggested that you make a new named systemd ''target'' as {{ic|/etc/systemd/system/<your target>}} that takes one of the existing runlevels as a base (you can look at {{ic|/usr/lib/systemd/system/graphical.target}} as an example), make a directory {{ic|/etc/systemd/system/<your target>.wants}}, and then symlink the additional services from {{ic|/usr/lib/systemd/system/}} that you wish to enable.
+=== Investigating systemd errors ===
-=== Targets table ===
+As an example, we will investigate an error with {{ic|systemd-modules-load}} service:
-{| border="1"
+'''1.''' Lets find the ''systemd'' services which fail to start at boot time:
-! SysV Runlevel !! systemd Target !! Notes
-|-
-| 0 || runlevel0.target, poweroff.target || Halt the system.
-|-
-| 1, s, single || runlevel1.target, rescue.target || Single user mode.
-|-
-| 2, 4 || runlevel2.target, runlevel4.target, multi-user.target || User-defined/Site-specific runlevels. By default, identical to 3.
-|-
-| 3 || runlevel3.target, multi-user.target || Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.
-|-
-| 5 || runlevel5.target, graphical.target || Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.
-|-
-| 6 || runlevel6.target, reboot.target || Reboot
-|-
-| emergency || emergency.target || Emergency shell
-|-
-|}
-=== Change current target ===
+{{hc|1=$ systemctl --state=failed|2=
+systemd-modules-load.service   loaded '''failed failed'''  Load Kernel Modules}}
-In systemd targets are exposed via "target units". You can change them like this:
+Another way is to live log ''systemd'' messages:
-  # systemctl isolate graphical.target
+  $ journalctl -fp err
-This will only change the current target, and has no effect on the next boot. This is equivalent to commands such as {{ic|telinit 3}} or {{ic|telinit 5}} in Sysvinit.
+'''2.''' Ok, we found a problem with {{ic|systemd-modules-load}} service. We want to know more:
+{{hc|$ systemctl status systemd-modules-load|2=
+systemd-modules-load.service - Load Kernel Modules
+   Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static)
+   Active: '''failed''' (Result: exit-code) since So 2013-08-25 11:48:13 CEST; 32s ago
+     Docs: man:systemd-modules-load.service(8).
+           man:modules-load.d(5)
+  Process: '''15630''' ExecStart=/usr/lib/systemd/systemd-modules-load ('''code=exited, status=1/FAILURE''')
+}}
+If the {{ic|Process ID}} is not listed, just restart the failed service with {{ic|systemctl restart systemd-modules-load}}
-=== Change default target to boot into ===
+'''3.''' Now we have the process id (PID) to investigate this error in depth. Enter the following command with the current {{ic|Process ID}} (here: 15630):
+{{hc|1=$ journalctl _PID=15630|2=
+-- Logs begin at Sa 2013-05-25 10:31:12 CEST, end at So 2013-08-25 11:51:17 CEST. --
+Aug 25 11:48:13 mypc systemd-modules-load[15630]: '''Failed to find module 'blacklist usblp''''
+Aug 25 11:48:13 mypc systemd-modules-load[15630]: '''Failed to find module 'install usblp /bin/false''''
+}}
-The standard target is {{ic|default.target}}, which is aliased by default to {{ic|graphical.target}} (which roughly corresponds to the old runlevel 5). To change the default target at boot-time, append one of the following [[kernel parameters]] to your bootloader:
+'''4.''' We see that some of the kernel module configs have wrong settings. Therefore we have a look at these settings in {{ic|/etc/modules-load.d/}}:
+{{hc|$ ls -Al /etc/modules-load.d/|
+...
+-rw-r--r--   1 root root    79  1. Dez 2012  blacklist.conf
+-rw-r--r--   1 root root     1  2. Mär 14:30 encrypt.conf
+-rw-r--r--   1 root root     3  5. Dez 2012  printing.conf
+-rw-r--r--   1 root root     6 14. Jul 11:01 realtek.conf
+-rw-r--r--   1 root root    65  2. Jun 23:01 virtualbox.conf
+...
+}}
-{{Tip|The {{ic|.target}} extension can be left out.}}
+'''5.''' The {{ic|Failed to find module 'blacklist usblp'}} error message might be related to a wrong setting inside of {{ic|blacklist.conf}}. Lets deactivate it with inserting a trailing '''#''' before each option we found via step 3:
+{{hc|/etc/modules-load.d/blacklist.conf|
+'''#''' blacklist usblp
+'''#''' install usblp /bin/false
+}}
-* {{ic|1=systemd.unit=multi-user.target}} (which roughly corresponds to the old runlevel 3),
+'''6.''' Now, try to start {{ic|systemd-modules-load}}:
-* {{ic|1=systemd.unit=rescue.target}} (which roughly corresponds to the old runlevel 1).
+ $ systemctl start systemd-modules-load
+If it was successful, this should not prompt anything. If you see any error, go back to step 3 and use the new PID for solving the errors left.
-Alternatively, you may leave the bootloader alone and change {{ic|default.target}}. This can be done using {{ic|systemctl}}:
+If everything is ok, you can verify that the service was started successfully with:
+{{hc|$ systemctl status systemd-modules-load|2=
+systemd-modules-load.service - Load Kernel Modules
+   Loaded: '''loaded''' (/usr/lib/systemd/system/systemd-modules-load.service; static)
+   Active: '''active (exited)''' since So 2013-08-25 12:22:31 CEST; 34s ago
+     Docs: man:systemd-modules-load.service(8)
+           man:modules-load.d(5)
+ Process: 19005 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=0/SUCCESS)
+Aug 25 12:22:31 mypc systemd[1]: '''Started Load Kernel Modules'''.
+}}
- # systemctl enable multi-user.target
+=== Diagnosing boot problems ===
-The effect of this command is outputted by {{ic|systemctl}}; a symlink to the new default target is made at {{ic|/etc/systemd/system/default.target}}. This works if, and only if:
+''systemd'' has several options for diagnosing problems with the boot process. See [[boot debugging]] for more general instructions and options to capture boot messages before ''systemd'' takes over the [[boot process]]. Also see the [http://freedesktop.org/wiki/Software/systemd/Debugging/ systemd debugging documentation].
- [Install]
+=== Diagnosing a service ===
- Alias=default.target
-is in the target's configuration file. Currently, {{ic|multi-user.target}} and {{ic|graphical.target}} both have it.
+If some ''systemd'' service misbehaves or you want to get more information about what is happening, set the {{ic|SYSTEMD_LOG_LEVEL}} [[environment variable]] to {{ic|debug}}. For example, to run the ''systemd-networkd'' daemon in debug mode:
-== Journal ==
+Add a [[#Drop-in files|drop-in file]] for the service adding the two lines:
-Since version 38, systemd has its own logging system, the journal. Therefore, running a syslog daemon is no longer required. To read the log, use:
+ [Service]
+ Environment=SYSTEMD_LOG_LEVEL=debug
- # journalctl
+Or equivalently, set the environment variable manually:
-By default (when {{ic|Storage&#61;}} is set to {{ic|auto}} in {{ic|/etc/systemd/journald.conf}}), the journal writes to {{ic|/var/log/journal/}}. If the directory {{ic|/var/log/journal/}} does not exist (e.g. if you or some program delete it), systemd will '''not''' create it automatically, but instead write its logs to {{ic|/run/systemd/journal}}. This means that logs will be lost on reboot.
+ # SYSTEMD_LOG_LEVEL=debug /lib/systemd/systemd-networkd
-=== Filtering output ===
+then [[restart]] ''systemd-networkd'' and watch the journal for the service with the {{ic|-f}}/{{ic|--follow}} option.
-{{ic|journalctl}} allows you to filter the output by specific fields.
+=== Shutdown/reboot takes terribly long ===
-Examples:
+If the shutdown process takes a very long time (or seems to freeze) most likely a service not exiting is to blame. ''systemd'' waits some time for each service to exit before trying to kill it. To find out if you are affected, see [http://freedesktop.org/wiki/Software/systemd/Debugging/#shutdowncompleteseventually this article].
-Show all messages from this boot:
+=== Short lived processes do not seem to log any output ===
- # journalctl -b
-Follow new messages:
+If {{ic|journalctl -u foounit}} does not show any output for a short lived service, look at the PID instead. For example, if {{ic|systemd-modules-load.service}} fails, and {{ic|systemctl status systemd-modules-load}} shows that it ran as PID 123, then you might be able to see output in the journal for that PID, i.e. {{ic|journalctl -b _PID&#61;123}}. Metadata fields for the journal such as {{ic|_SYSTEMD_UNIT}} and {{ic|_COMM}} are collected asynchronously and rely on the {{ic|/proc}} directory for the process existing. Fixing this requires fixing the kernel to provide this data via a socket connection, similar to {{ic|SCM_CREDENTIALS}}. In short, it is a [https://github.com/systemd/systemd/issues/2913 bug]. Keep in mind that immediately failed services might not print anything to the journal as per design of systemd.
- # journalctl -f
+=== Boot time increasing over time ===
-Show all messages by a specific executable:
+After using {{ic|systemd-analyze}} a number of users have noticed that their boot time has increased significantly in comparison with what it used to be. After using {{ic|systemd-analyze blame}} [[NetworkManager]] is being reported as taking an unusually large amount of time to start.
- # journalctl /usr/lib/systemd/systemd
+The problem for some users has been due to {{ic|/var/log/journal}} becoming too large. This may have other impacts on performance, such as for {{ic|systemctl status}} or {{ic|journalctl}}. As such the solution is to remove every file within the folder (ideally making a backup of it somewhere, at least temporarily) and then setting a journal file size limit as described in [[#Journal size limit]].
-Show all messages by a specific process:
+=== systemd-tmpfiles-setup.service fails to start at boot ===
- # journalctl _PID=1
+Starting with systemd 219, {{ic|/usr/lib/tmpfiles.d/systemd.conf}} specifies ACL attributes for directories under {{ic|/var/log/journal}} and, therefore, requires ACL support to be enabled for the filesystem the journal resides on.
-Show all messages by a specific unit:
+See [[Access Control Lists#Enabling ACL]] for instructions on how to enable ACL on the filesystem that houses {{ic|/var/log/journal}}.
- # journalctl -u netcfg
+=== systemd version printed on boot is not the same as installed package version ===
-See {{ic|man journalctl}}, {{ic|systemd.journal-fields}} or Lennert's [blog post http://0pointer.de/blog/projects/journalctl.html] for details.
+You need to [[Mkinitcpio#Image_creation_and_activation|regenerate your initramfs]] and the versions should match.
-=== Journal size limit ===
+{{Tip|1=A pacman hook can be used to automatically regenerate the initramfs every time {{pkg|systemd}} is upgraded. See [https://bbs.archlinux.org/viewtopic.php?id=215411 this forum thread] and [[Pacman#Hooks]].}}
-If the journal is persistent (non-volatile), its size limit is set to a default value of 10% of the size of the respective file system. E.g. with {{ic|/var/log/journal}} located on a 50 GiB root partition this would lead to 5 GiB of journal data. The maximum size of the persistent journal can be controlled by {{ic|SystemMaxUse}} in {{ic|/etc/systemd/journald.conf}}, so to limit it for example to 50 MiB uncomment and edit the corresponding line to:
+=== Disable emergency mode on remote machine ===
- SystemMaxUse=50M
+You may want to disable emergency mode on a remote machine, for example, a virtual machine hosted at Azure or Google Cloud. It is because if emergency mode is triggered, the machine will be blocked from connecting to network.
-Refer to {{ic|man journald.conf}} for more info.
-=== Journald in conjunction with syslog ===
-Compatibility with classic syslog implementations is provided via a socket {{ic|/run/systemd/journal/syslog}}, to which all messages are forwarded. To make the syslog daemon work with the journal, it has to bind to this socket instead of {{ic|/dev/log}} ([http://lwn.net/Articles/474968/ official announcement]). The {{pkg|syslog-ng}} package in the repositories automatically provides the necessary configuration.
- # systemctl enable syslog-ng
-== Optimization ==
-=== Analyzing the boot process ===
-==== Using systemd-analyze ====
-Systemd provides a tool called {{ic|systemd-analyze}} that allows you to analyze your boot process so you can see which unit files are causing your boot process to slow down. You can then optimize your system accordingly. You have to install {{Pkg|python2-dbus}} and {{Pkg|python2-cairo}} to use it.
-To see how much time was spent in kernelspace and userspace on boot, simply use:
- $ systemd-analyze
-{{Tip|To see how much time was spent in the initramfs, append the {{ic|timestamp}} hook to your {{ic|HOOKS}} array in {{ic|/etc/[[mkinitcpio]].conf}} and as root, rebuild your initramfs with {{ic|mkinitcpio -p linux}} }}
-To list the started unit files, sorted by the time each of them took to start up:
- $ systemd-analyze blame
-You can also create a SVG file which describes your boot process graphically, similiar to [[Bootchart]]:
- $ systemd-analyze plot > plot.svg
-==== Using bootchart ====
-You could also use a version of bootchart to visualize the boot sequence. Since you are not able to put a second init into the kernel command line you won't be able to use any of the standard bootchart setups. However the {{AUR|bootchart2}} package from [[AUR]] comes with an undocumented systemd service. After you've installed bootchart2 do:
- # systemctl enable bootchart
-Read the [https://github.com/mmeeks/bootchart bootchart documentation] for further details on using this version of bootchart.
-=== Readahead ===
-Systemd comes with its own readahead implementation, this should in principle improve boot time. However, depending on your kernel version and the type of your hard drive, your mileage may vary (i.e. it might be slower). To enable, do:
- # systemctl enable systemd-readahead-collect systemd-readahead-replay
-Remember that in order for the readahead to work its magic, you should reboot a couple of times.
-=== Early start for services ===
-One central feature of systemd is [[D-Bus]] and socket activation. This causes services to be started when they are first accessed and is generally a good thing. However, if you know that a service (like [[UPower]]) will always be started during boot, then the overall boot time might be reduced by starting it as early as possible. This can be achieved (if the service file is set up for it, which in most cases it is) by issuing:
- # systemctl enable upower
-This will cause systemd to start UPower as soon as possible, without causing races with the socket or D-Bus activation.
-=== Less output during boot ===
-Change {{ic|verbose}} to {{ic|quiet}} on the bootloader's kernel line. For some systems, particularly those with an SSD, the slow performance of the TTY is actually a bottleneck, and so less output means faster booting.
-=== Shell shortcuts ===
-Systemd daemon management requires a bit more text entry to accomplish tasks such as start, stopped, enabling, checking status, etc. The following functions can be added to one's {{ic|~/.bashrc}} file to help streamline interactions with systemd and to improve the overall experience.
-{{bc|
-# simplified systemd command, for instance "sudo systemctl stop xxx" - > "0.stop xxx"
-if ! systemd-notify --booted;
-then  # for not systemd
-.start() {
-        sudo rc.d start $@
-    }
-.restart() {
-        sudo rc.d restart $@
-    }
-.stop() {
-        sudo rc.d stop $@
-    }
-else
-# start systemd service
-.start() {
-        sudo systemctl start $@
-    }
-# restart systemd service
-.restart() {
-        sudo systemctl restart $@
-    }
-# stop systemd service
-.stop() {
-        sudo systemctl stop $@
-    }
-# enable systemd service
-.enable() {
-        sudo systemctl enable $@
-    }
-# disable a systemd service
-.disable() {
-        sudo systemctl disable $@
-    }
-# show the status of a service
-.status() {
-        systemctl status $@
-    }
-# reload a service configuration
-.reload() {
-        sudo systemctl reload $@
-    }
-# list all running service
-.list() {
-        systemctl
-    }
-# list all failed service
-.failed () {
-        systemctl --failed
-    }
-# list all systemd available unit files
-.list-files() {
-        systemctl list-unit-files
-    }
-# check the log
-.log() {
-        sudo journalctl
-    }
-# show wants
-.wants() {
-        systemctl show -p "Wants" $1.target
-    }
-# analyze the system
-.analyze() {
-        systemd-analyze $@
-    }
-fi
-}}
-== Troubleshooting ==
-=== Shutdown/reboot takes terribly long ===
-If the shutdown process takes a very long time (or seems to freeze) most likely a service not exiting is to blame. Systemd waits some time for each service to exit before trying to kill it. To find out if you are affected, see [http://freedesktop.org/wiki/Software/systemd/Debugging#Shutdown_Completes_Eventually this article].
+ # systemctl mask emergency.service
+ # systemctl mask emergency.target
 == See also ==
-*[http://www.freedesktop.org/wiki/Software/systemd Official Web Site]
+*[[Wikipedia:systemd|Wikipedia article]]
-*[http://0pointer.de/public/systemd-man/ Manual Pages]
+*[http://www.freedesktop.org/wiki/Software/systemd systemd Official web site]
-*[http://freedesktop.org/wiki/Software/systemd/Optimizations systemd Optimizations]
+*[http://www.freedesktop.org/wiki/Software/systemd/Optimizations systemd optimizations]
-*[http://www.freedesktop.org/wiki/Software/systemd/FrequentlyAskedQuestions FAQ]
+*[http://www.freedesktop.org/wiki/Software/systemd/FrequentlyAskedQuestions systemd FAQ]
-*[http://www.freedesktop.org/wiki/Software/systemd/TipsAndTricks Tips And Tricks]
+*[http://www.freedesktop.org/wiki/Software/systemd/TipsAndTricks systemd Tips and tricks]
+*[http://wiki.gentoo.org/wiki/Systemd Gentoo Wiki systemd page]
+*[http://fedoraproject.org/wiki/Systemd Fedora Project - About systemd]
+*[http://fedoraproject.org/wiki/How_to_debug_Systemd_problems Fedora Project - How to debug systemd problems]
+*[http://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet Fedora Project - SysVinit to systemd cheatsheet]
+*[[debian:systemd|Debian Wiki systemd page]]
+*[http://0pointer.de/public/systemd-man/ Manual pages]
+*[http://0pointer.de/blog/projects/systemd.html Lennart's blog story], [http://0pointer.de/blog/projects/systemd-update.html update 1], [http://0pointer.de/blog/projects/systemd-update-2.html update 2], [http://0pointer.de/blog/projects/systemd-update-3.html update 3], [http://0pointer.de/blog/projects/why.html summary]
 *[http://0pointer.de/public/systemd-ebook-psankar.pdf systemd for Administrators (PDF)]
-*[http://fedoraproject.org/wiki/Systemd About systemd on Fedora Project]
+*[https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units How To Use Systemctl to Manage Systemd Services and Units ]
-*[http://fedoraproject.org/wiki/How_to_debug_Systemd_problems How to debug systemd problems]
+*[https://dvdhrm.wordpress.com/2013/08/24/session-management-on-linux/ Session management with systemd-logind]
-*[http://www.h-online.com/open/features/Booting-up-Tools-and-tips-for-systemd-1570630.html Booting up: Tools and tips for systemd, a Linux init tool. In The H]
+*[[Emacs#Syntax highlighting for systemd Files|Emacs Syntax highlighting for Systemd files]]
-*[http://0pointer.de/blog/projects/systemd.html Lennart's blog story]
+*[http://www.h-online.com/open/features/Control-Centre-The-systemd-Linux-init-system-1565543.html Two] [http://www.h-online.com/open/features/Booting-up-Tools-and-tips-for-systemd-1570630.html part] introductory article in ''The H Open'' magazine.
-*[http://0pointer.de/blog/projects/systemd-update.html status update]
-*[http://0pointer.de/blog/projects/systemd-update-2.html status update2]
-*[http://0pointer.de/blog/projects/systemd-update-3.html status update3]
-*[http://0pointer.de/blog/projects/why.html most recent summary]
-*[http://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet Fedora's SysVinit to systemd cheatsheet]

Difference between revisions of "Systemd"

Latest revision as of 18:11, 12 August 2018

Contents

Basic systemctl usage

Analyzing the system state

Using units

Power management

Writing unit files

Handling dependencies

Service types

Editing provided units

Replacement unit files

Drop-in files

Revert to vendor version

Examples

Targets

Get current targets

Create custom target

Mapping between SysV runlevels and systemd targets

Change current target

Change default target to boot into

Default target order

Temporary files

Timers

Mounting

Journal

Priority level

Facility

Filtering output

Journal size limit

Clean journal files manually

Journald in conjunction with syslog

Forward journald to /dev/tty12

Specify a different journal to view

Tips and tricks

Running services after the network is up

Enable installed units by default

Sandboxing application environments

Troubleshooting

Investigating systemd errors

Diagnosing boot problems

Diagnosing a service

Shutdown/reboot takes terribly long

Short lived processes do not seem to log any output

Boot time increasing over time

systemd-tmpfiles-setup.service fails to start at boot

systemd version printed on boot is not the same as installed package version

Disable emergency mode on remote machine

See also

Navigation menu

Search