Skip to main content

Learning systemd

·625 words·3 mins

As I occasionally write services for daemon processes, every time when I need I just google for it, this works most of the time. But sometimes it repeated and I haven’t keep a note of those one off(I wrongly thought) services. Recently read the blog systemd by examples which encourage me to write down my services and share here, most usefully hope I can copy them once needed, from here.

  • Check status or info of a unit don’t need sudo
  • A name default indicate to service, e.g. systemctl status docker for docker, systemctl status docker.socket for docker socket

Notes from the book

In systemd, a target is a unit that groups together other systemd units for a particular purpose. The units that a target can group together include services, paths, mount points, sockets, and even other targets.


Jenkins agent for SharedCloud



Copied from archlinux wiki, V2Ray service

Description=V2Ray Service

ExecStart=/usr/bin/v2ray -confdir /etc/v2ray/


iptables save and restore

Copied from iptables-restore.service of awslabs/amazon-eks-ami, modified with adding ExecStartPre, my iptables file have some custom value need to be replaced for the current running machine, i.e. IP address.

Description=Restore iptables
# iptables-restore must start after docker because docker will
# reconfigure iptables to drop forwarded packets.

ExecStartPre=/bin/bash /etc/sysconfig/
ExecStart=/bin/bash -c "/sbin/iptables-restore < /etc/sysconfig/iptables"
ExecStartPost=/usr/bin/mount /data

/usr/bin/sed -i "s/MY_IP/$(hostname -I|cut -d' ' -f2)/g" /etc/sysconfig/iptables


This file come from the builtin [email protected], a good example for service to start on behalf of a particular user.





Not having the [Install] section makes this a static type of service that you can’t enable.

systemctl list-unit-files -t timer
systemctl list-timers


D-Bus, which is short for Desktop Bus, is a messaging protocol that allows applications to communicate with each other. It also allows the system to launch daemons and applications on demand, whenever they’re needed.

man bootup
systemctl list-dependencies
strings /lib/systemd/systemd | grep -A 100 ''
systemd-analyze # same as systemd-analyze time
systemd-analyze blame # See services run time
systemd-analyze critical-chain # target to start during bootup

ls -ltr /run/systemd/generator/ # systemd dynamic generate mounts from /etc/fstab to here

systemctl cheatsheet

man systemd.directives
man systemd.unit

systemctl --state=help
systemctl list-units -t service
systemctl list-unit-files
systemctl list-unit-files -t
systemctl is-enabled docker
systemctl is-active docker
systemctl show
systemctl show --property=Virtualization

systemctl list-dependencies
systemctl list-dependencies --after
systemd-analyze dot

systemctl get-default
ls -ltr /lib/systemd/system/

# This will shut down the graphics server and bring you back to a text-mode login prompt
sudo systemctl isolate multi-user
sudo systemctl isolate graphical

# cgroups
systemctl status user.slice
ls -l /sys/fs/cgroup

sudo apt install cgroup-tools
sudo yum install libcgroup-tools

lssubsys # view active resource controllers

# Limit for user
sudo systemctl set-property user-1001.slice CPUQuota=200%
# --runtime, reboot the restriction is gone
sudo systemctl set-property --runtime user-1001.slice MemoryMax=1G

sudo systemctl set-property user-1001.slice BlockIOReadBandwidth="/dev/sda 1M"
sudo systemctl set-property apache2.service BlockIOReadBandwidth="/dev/sda 1M"

# Created in /etc/systemd/system.control

# Only ff this is first-time for user-1001, need to reload.
sudo systemctl daemon-reload

cat /sys/fs/cgroup/cpu/user.slice/user-1001.slice/cpu.cfs_quota_us
# 200000

# Limit for service
## with systemctl cmd
sudo systemctl set-property cputest.service CPUQuota=90%

## with service file

#      [Service]
#      ExecStart=/usr/bin/stress-ng -c 4
#      CPUQuota=90%

The ulimit command allows us to dynamically control resource usage for a shell session and for any processes that get started by the shell session. you can either set or lower limits as a normal user, but you need sudo privileges to increase any limits

ulimit -a