2.4 Service Management

systemd Service Management

Modern Linux systems use systemd to manage services. Essential for DevOps automation and monitoring.

Core Commands:

# Service status and control
systemctl status service_name
sudo systemctl start service_name
sudo systemctl stop service_name
sudo systemctl restart service_name
sudo systemctl reload service_name

# Enable/disable services (auto-start at boot)
sudo systemctl enable service_name
sudo systemctl disable service_name

# List services
systemctl list-units --type=service
systemctl list-units --type=service --state=active
systemctl list-units --type=service --state=failed

Common Services:

# Web servers
sudo systemctl status nginx
sudo systemctl status apache2

# Databases
sudo systemctl status mysql
sudo systemctl status postgresql

# SSH
sudo systemctl status ssh
sudo systemctl status sshd

# System services
sudo systemctl status docker
sudo systemctl status firewalld

Creating Custom Services

Service File Location:

/etc/systemd/system/myservice.service

Modern Service File Example:

[Unit]
Description=Modern Python Web Application
Documentation=https://myapp.example.com/docs
After=network-online.target
Wants=network-online.target
Requires=postgresql.service

[Service]
Type=notify
User=appuser
Group=appuser
WorkingDirectory=/opt/myapp
Environment=PYTHONPATH=/opt/myapp
Environment=DJANGO_SETTINGS_MODULE=myapp.settings.production
EnvironmentFile=-/etc/myapp/environment
ExecStartPre=/opt/myapp/scripts/pre-start.sh
ExecStart=/opt/myapp/venv/bin/python manage.py runserver 0.0.0.0:8000
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -TERM $MAINPID
Restart=always
RestartSec=10
TimeoutStartSec=30
TimeoutStopSec=30

# Security settings
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/var/lib/myapp /var/log/myapp
PrivateTmp=yes
PrivateDevices=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
RestrictRealtime=yes

# Resource limits
LimitNOFILE=1024
MemoryMax=512M
CPUQuota=50%

[Install]
WantedBy=multi-user.target

Advanced Service Management:

# Service dependency management
systemctl list-dependencies service_name     # Show dependencies
systemctl list-dependencies --reverse nginx  # Show what depends on nginx

# Performance and resource monitoring
systemctl show service_name --property=CPUShares,MemoryLimit
systemd-cgtop                                # Real-time resource usage

# Service security and isolation
systemctl show service_name --property=User,Group,NoNewPrivileges
systemd-analyze security service_name        # Security analysis

# Troubleshooting failed services
systemctl status service_name --no-page      # Detailed status
systemctl cat service_name                   # Show service file
systemd-analyze verify service_name          # Validate service file

Container Integration:

# Podman/Docker integration with systemd
podman generate systemd --new --name myapp > /etc/systemd/system/myapp.service
systemctl daemon-reload
systemctl enable myapp.service

# User services (rootless containers)
systemctl --user enable myapp.service
loginctl enable-linger username              # Enable user services at boot

Logging and Troubleshooting

Service Logs:

# View service logs
journalctl -u service_name
journalctl -u service_name -f        # Follow logs
journalctl -u service_name --since today
journalctl -u service_name --since "2024-01-01"

# System logs
journalctl -p err                     # Error messages only
journalctl --since "1 hour ago"      # Recent logs

Troubleshooting Steps:

1. Check service status: systemctl status service_name

2. View recent logs: journalctl -u service_name -n 50

3. Check configuration files for syntax errors

4. Verify user permissions and file ownership

5. Test service manually outside systemd

Note

DevOps Tip: Always test service configurations in development before deploying to production. Use systemctl –user for user services that don’t require root privileges.

Swap	A unit of this type encapsulates/activates/deactivates swap partition
Path	A unit of this type monitors files/directories and activates/deactivates a service if the specified file or directory is accessed
Timer	A unit of this type activates/deactivates specified service based on a timer or when the set time is elapsed
Snapshot	A unit that creates and saves the current state of all running units. This state can be used to restore the system later
Slice	A group of units that manages system resources such as CPU, and memory
Scope	A unit that organizes and manages foreign processes

The following table briefly explains the terms that the systemd uses to describe the status of units.

Status	Description
loaded	The unit’s configuration file has been successfully read and processed
active exited	Successfully executed the one-time configuration and after execution, the unit is neither running an active process nor waiting for an event
active running	Successfully executed the one-time configuration and after execution, the unit is running one or more active processes
active waiting	Successfully executed the one-time configuration and after execution, the unit is waiting for an event
inactive dead	Either the one-time configuration failed to execute or not executed yet

systemd targets

systemd replaces traditional SysVinit runlevels with predefined groups of units called targets.

Targets are usually defined according to the intended use of the system, and ensure that the required dependencies for that use are met.

The following table shows some standard preconfigured targets, the sysVinit runlevels they resemble, and the use case they address.

Target	Runlevel	Usage
rescue	1	single-user mode, for recovery of critical system components or configuration
multi-user	2	non-graphical multi-user console access, via local TTYs or network
graphical	5	a GUI sessions. Typically, provides the user with a fully featured desktop environment
custom	4	systemd allows any number of custom-defined targets

The standard LINUX kernel supports these seven different runlevels :

• 0 - System halt the system can be safely powered off with no activity.

• 1 - Single user mode.

• 2 - Multiple user mode with no NFS(network file system).

• 3 - Multiple user mode under the command line interface and not under the graphical user interface.

• 4 - User-definable.

• 5 - Multiple user mode under GUI (graphical user interface) and this is the standard runlevel for most of the LINUX-based systems.

• 6 - Reboot which is used to restart the system.

REDHAT FAMILY

# List all loaded service units
systemctl list-units --type=service

# Check status for NAME service unit
systemctl status NAME

# Check if NAME service is enabled
systemctl is-enabled NAME

# Check start|stop|restart NAME service
systemctl start|stop|restart NAME

# Enable|disable NAME service
systemctl enable|disable NAME

# Get default target
systemctl get-default

Warning

Linux is user-friendly, but it’s just very selective about who its friends are.

Questions

1. What is the difference between a service and a daemon?

   1. A daemon is a program that runs in the background, while a service is a daemon that is started by systemd.

   2. A daemon is a program that runs in the background, while a service is a program that runs in the foreground.

   3. A daemon is a program that runs in the foreground, while a service is a program that runs in the background.

   4. A daemon is a program that runs in the foreground, while a service is a daemon that is started by systemd.

2. Which of the following is not a systemd unit type?

   1. Service

   2. Device

   3. Target

   4. Scope

3. Which of the following is not a systemd target?

   1. rescue

   2. multi-user

   3. graphical

   4. custom

4. Which of the following is not a valid systemd command?

   1. systemctl list-units –type=service

   2. systemctl status NAME

   3. systemctl is-enabled NAME

   4. systemctl update NAME

5. What is the default target in systemd?

   1. rescue

   2. multi-user

   3. graphical

   4. custom

6. How do you check the status of a service?

   1. systemctl status NAME

   2. systemctl list-units –type=service

   3. systemctl is-enabled NAME

   4. systemctl update NAME

7. How do you check if a service is enabled?

   1. systemctl status NAME

   2. systemctl list-units –type=service

   3. systemctl is-enabled NAME

   4. systemctl update NAME

Answers

1. A daemon is a program that runs in the background, while a service is a daemon that is started by systemd.

2. Target

3. custom

4. systemctl update NAME

5. graphical

6. systemctl status NAME

7. systemctl is-enabled NAME