systemd

Resources

Home

Project

Wikipedia

Package information

GitHub

systemd is a modern SysV-style init and rc replacement for Linux systems. It is supported in Gentoo as an alternative init system.

Installation

The core around which all distributions are built is the Linux kernel. It is the layer between the user programs and the system hardware. Gentoo provides its users several possible kernel sources. A full listing with description is available at the Kernel overview page.

For amd64-based systems, Gentoo recommends the sys-kernel/gentoo-sources package.

Choose an appropriate kernel source and install it using emerge:

Kernel

systemd makes use of many modern Linux kernel features. Right now, the lower bound on kernel version is set in the ebuild to 2.6.39. In recent versions of sys-kernel/gentoo-sources, there is a convenient way of selecting the mandatory and optional kernel options for systemd (see Kernel/Configuration for further details):

Gentoo Linux --->
   Support for init systems, system and service managers --->
      [*] systemd

To configure the kernel options manually (which is the only option when not using sys-kernel/gentoo-sources), the following kernel configuration options are required or recommended:

General setup  --->
	[*] Control Group support --->
		[*]   Support for eBPF programs attached to cgroup
	[ ] Enable deprecated sysfs features to support old userspace tools
	[*] Configure standard kernel features (expert users)  --->
		[*] open by fhandle syscalls
		[*] Enable eventpoll support
		[*] Enable signalfd() system call
		[*] Enable timerfd() system call
[*] Networking support --->
Device Drivers  --->
	Generic Driver Options  --->
		[*] Maintain a devtmpfs filesystem to mount at /dev
File systems  --->
	[*] Inotify support for userspace
	Pseudo filesystems  --->
		[*] /proc file system support
		[*] sysfs file system support

General setup  --->
	[*] Configure standard kernel features (expert users)  --->
		[*] Checkpoint/restore support
	[*] Namespaces support  --->
		[*] Network namespace
[*] Enable the block layer  --->
	[*] Block layer SG support v4
Processor type and features  --->
	[*] Enable seccomp to safely compute untrusted bytecode
Networking support --->
	Networking options --->
		<*> The IPv6 protocol
Device Drivers  --->
	Generic Driver Options  --->
		()  path to uevent helper
		[ ] Fallback user-helper invocation for firmware loading
Firmware Drivers  --->
	[*] Export DMI identification via sysfs to userspace
File systems --->
	<*> Kernel automounter version 4 support (also supports v3)
	Pseudo filesystems --->
		[*] Tmpfs virtual memory file system support (former shm fs)
		[*]   Tmpfs POSIX Access Control Lists
		[*]   Tmpfs extended attributes

For an UEFI system also enable the following:

[*] Enable the block layer  --->
	Partition Types  --->
		[*] Advanced partition selection
		[*]   EFI GUID Partition support
Processor type and features  --->
	[*] EFI runtime service support
Firmware Drivers  --->
        EFI (Extensible Firmware Interface) Support -->
	        <*> EFI Variable Support via sysfs

If the system is using the BFQ scheduler, it's recommended by BFQ upstream to enable "BFQ hierarchical scheduling support" under "Enable the block layer -> IO Schedulers".

For an up-to-date list, see section "REQUIREMENTS" in the upstream README file.

/etc/mtab

Upstream only supports the /etc/mtab file being a symlink to /proc/self/mounts. Not creating this symlink will also cause problems with mount (bug #434090) and df (bug #477240). In the past some utilities wrote information (like mount options) into /etc/mtab and thus it was supposed to be a regular file. Nowadays all software is supposed to avoid this problem. Still, before switching the file to become a symbolic link, please check bug #477498 to be sure that the system is not affected by any reported regressions.

To create the symlink, run:

Ensure /usr is present at boot time

For a split /usr configuration, use an initramfs to mount /usr before starting systemd. For now, this means using sys-kernel/dracut or sys-kernel/genkernel-next until support for /usr is available in sys-kernel/genkernel. Set aside time now to migrate:

When using dracut, enable the usrmount module if it is not automatically enabled to mount /usr automatically.

# Dracut modules to add to the default
add_dracutmodules+="usrmount"

When genkernel-next is used, before rebuilding the kernel, be sure to set the UDEV variable in genkernel's configuration file to yes. This will pull /usr into the initramfs:

# Use udev instead of mdev as the default device manager for the initramfs.
# If systemd and perhaps lvm is used, then this _must_ be turned on.
UDEV="yes"

See the Initramfs guide for more alternatives.

Using LVM and initramfs

When sys-fs/lvm2 is used and the system is booted using an initramfs, the initramfs will have to be created using sys-kernel/genkernel-next by running:

<target> is either initramfs or one of the other genkernel targets which imply the creation of an initramfs. For more information, look at the output of genkernel --help:

When LVM is used, the lvmetad daemon needs to be started as well. Otherwise systemd will be unable to mount LVM volumes. lvmetad can be enabled in /etc/lvm/lvm.conf:

# Set use_lvmetad to '1' for systemd
use_lvmetad = 1

USE flags

Profile

Enable the systemd USE flag globally (in make.conf). The consolekit USE flag should also be disabled to prevent conflicts with the systemd-logind service. It is also possible to switch to a systemd subprofile to use saner USE flags defaults in which case it is not necessary to change make.conf:

Finally update the system with the new profile:

When dependency problems occur (such as sys-fs/udev blocking sys-apps/systemd), sys-fs/udev might be registered in the world file. Try to resolve this by deselecting it:

sys-apps/systemd contains udev. Once installed, sys-fs/udev can be removed as systemd will be the provider for the virtual/udev requirement.

Bootloader

In order to run systemd, switch the init that the executable kernel (or the initramfs) uses.

The following subsections document how to switch the init in one of the boot managers or the kernel.

GRUB Legacy (0.x)

The init=/lib/systemd/systemd argument should be added to the kernel command-line. An example excerpt from grub.conf would look like so:

title=Gentoo with systemd
root (hd0,0)
kernel /vmlinuz root=/dev/sda2 init=/lib/systemd/systemd

Should the system boot using OpenRC, try using real_init instead of init.

GRUB 2

When grub-mkconfig is used, add the init option to GRUB_CMDLINE_LINUX:

# Append parameters to the linux kernel command line
GRUB_CMDLINE_LINUX="init=/lib/systemd/systemd"

When the GRUB2 configuration file is written by hand (experts only), append the init= parameter to the linux or linux16 command.

linux /vmlinuz-3.10.9 root=UUID=508868e4-54c6-4e6b-84b0-b3b28b1656b6 init=/lib/systemd/systemd

YABOOT

Yaboot is a boot loader for PowerPC-based hardware running Linux, particularly New World ROM Macintosh systems.

The init=/lib/systemd/systemd argument should be added directly after the kernel command-line. An example from yaboot.conf:

image=/vmlinux 
   append="init=/lib/systemd/systemd" 
   label=Linux 
   read-only 
   initrd=/initramfs 
   initrd-size=8192

You must run the ybin command each time you modify yaboot.conf for the changes to take effect.

In-kernel config

The init configuration can also be hard-coded in the kernel configuration. See Processor type and features -> Built-in kernel command line. Note that this technique works for both GRUB and GRUB2.

Upgrades

systemd has the ability to update in-place on a running system (no reboot necessary). After an upgrade to systemd has emerged, run the following command:

Configuration

systemd supports a few system configuration files to set the most basic system details.

Machine ID

Create a machine ID for journaling to work. This can be done through the following command:

Hostname

To set the hostname, create/edit /etc/hostname and simply provide the desired hostname.

When booted using systemd, a tool called hostnamectl exists for editing /etc/hostname and /etc/machine-info. To change the hostname, run:

Refer to man hostnamectl for more options.

Locale

Usually, locales will be properly migrated from OpenRC when installing systemd. When required, the locale can be set in /etc/locale.conf as per the Gentoo handbook instructions:

LANG="en_US.utf8"

Once booted with systemd, the tool localectl is used to set locale and console or X11 keymaps. To change the system locale, run the following command:

To change the virtual console keymap:

And finally, to set the X11 layout:

If needed the model, variant and options can be specified as well:

After doing any of the above, update the environment so the changes will take effect:

Time and date

Time, date, and timezone can be set using the timedatectl utility. That will also allow users to set up synchronization without needing to rely on net-misc/ntp or other providers than systemd's own implementation.

To learn how to use timedatectl simply run:

Automatic module loading

Automatic module loading is configured in a different file, or rather directory of files. The configuration files are stored in /etc/modules-load.d. On boot every file with a list of modules will be loaded. The file format is a list of modules separated by newlines and can have any name as long as it ends with .conf. The module loading can be separated by program, service or whatever way that fits personal preference. An example virtualbox.conf is listed below:

vboxdrv
vboxnetflt
vboxnetadp
vboxpci

Network

systemd-networkd

systemd-networkd is useful for simple configuration of wired network interfaces. It is disabled by default.

To configure systemd-networkd, create a

• .network file under /etc/systemd/network. See systemd.network(5) for reference. A simple DHCP configuration is given below:

[Match]
Name=en*
 
[Network]
DHCP=yes

Note that systemd-networkd does not update resolv.conf by default. To have systemd manage the DNS settings, replace resolv.conf with a symlink and start systemd-resolved.

NetworkManager

Often NetworkManager is used to configure network settings. For that purpose, simply run the following command when using a graphical desktop:

If that is not the case and the network needs to be configured from console, give nmcli a try, or follow a guided configuration process through nmtui:

nmtui is a curses frontend that will guide the user in the process while running in console mode.

Handling of log files

systemd has its own way of handling log files without needing to rely on an external log system (such as app-admin/syslog-ng or app-admin/rsyslog).

If desired, the logging service be configured to pass log messages to external logging utilities such as sysklog or syslog-ng. See man journald.conf to learn how to configure the systemd-journald service to suit situational needs.

systemd's integrated logging service writes log messages in a secure, binary format. The logs are read by using the journalctl command, which is a separate executable from the systemd-journald logging service.

Some common journalctl options:

For more information and many more options, look at man journalctl.

/tmp is now in tmpfs

Unless some other filesystem is explicitly mounted to /tmp in /etc/fstab, systemd will mount /tmp as tmpfs. That means it will be emptied on every boot and its size will be limited to 50% of the system's RAM size. To know why this is the desired behavior and how to modify it, take a look at API File Systems.

Configure verbosity of boot process

When migrating to systemd users usually notice differences regarding verbosity of boot process:

• The kernel command-line option quiet not only influences the kernel output, but also that of systemd itself. Then, while setting up systemd for the machine, drop the option to see any errors could arise more easily. After that, add it back to get a quiet (and faster) boot.
• Even passing the quiet kernel command-line option, systemd can still be configured to show its status by also passing systemd.show_status=1.
• When not using the quiet kernel command-line option, some messages might be overwriting consoles. This could be caused by the kernel configuration (see man 5 proc and look for /proc/sys/kernel/printk). To tweak it pass the loglevel=5 kernel command-line parameter (and update the value according to preference, for instance set a lower value like 1).

Services

At some point the system will need to be rebooted in order to get systemd running (in system mode). Be sure to read all of this document to ensure systemd is configured as completely as possible before rebooting. Note that journalctl works with systemd not running, but that systemctl will not do anything useful without systemd running. Complete the service configuration (enabling and starting of services) after logging in to the system running systemd.

OpenRC services

Although systemd originally intended to support running old init.d scripts, that support is not suited well for a dependency-based RC like OpenRC and thus is completely disabled on Gentoo. OpenRC provides additional measures to ensure that init.d scripts can't be run when OpenRC was not used to boot the system (otherwise the results would be unpredictable).

Listing available services

All available service units can be listed using the list-units argument of systemctl:

UNIT                               LOAD   ACTIVE SUB       DESCRIPTION
boot.automount                     loaded active waiting   EFI System Partition Automount
proc-sys-fs-binfmt_misc.automount  loaded active waiting   Arbitrary Executable File Formats File System Automount Point
...

The following file suffixes are of interest:

Alternatively the systemctl tool can be used to list all services (including implicit ones):

And finally check for services that failed to start:

Enabling, disabling, starting, and stopping services

The usual way of enabling a service is using the following command:

Services can be disabled likewise:

These commands enable services using their default name in default target (both specified in "Install" section of the service file). However, sometimes services either don't provide that information or users prefer to have another name/target.

Note that these commands only enable or disable the service to be started on a next boot; to start the service right now, use:

Services can be stopped likewise:

Installing custom unit files

Custom unit files can be placed in /etc/systemd/system, where they will be recognized after running systemctl daemon-reload:

/lib/systemd/system is reserved for service files installed by the package manager.

Customizing unit files

When only minor changes to a unit are needed, there's no need to create a full copy of the original unit file in /etc/systemd/system. Overriding settings in a package management provided unit can be achieved by drop-in files in a

• .d directory named after the original unit (e.g. apache2.d) in /etc/systemd/system/.

[Service]
MemoryLimit=1G

A reload of systemd is needed to inform it of the changes:

Then the service needs to be restarted to apply the changes:

Verify that the changed property was applied to the service:

MemoryLimit=1074000000

Enabling a service under a custom name

When the name provided by "Alias" in the unit's "[Install]" section does not meet the expectations and providing a permanent new value for this through a customization is not desired, a symlink can be created manually in /etc/systemd/system/*.wants/. The name of the

• .wants directory can either specify a target or another service which will depend on the new one.

For example, to install mysqld.service as db.service in the multi-user.target:

To disable the service, just remove the symlink:

Native services

Some of Gentoo packages already install systemd unit files. For these services, it is enough to enable them. A quick summary of packages installing unit files can be seen on systemd eclass users list.

The following table lists systemd services matching OpenRC ones:

Timer services

Since version 197 systemd supports timers, making cron unnecessary on a systemd system. Since version 212 persistent services are supported, replacing even anacron. Persistent timers are run at the next opportunity if the system was powered down when the timer was scheduled.

The following is an example on how to make a simple timer that runs in the context of a user. It will even run if the user is not logged in. Every timed service needs a timer and a service file that is activated by the timer as follows:

[Unit]
Description=daily backup work
RefuseManualStart=no
RefuseManualStop=no
 
[Timer]
Persistent=false
OnCalendar=Mon-Fri *-*-* 11:30:00
Unit=backup-work.service
 
[Install]
WantedBy=default.target

[Unit]
Description=daily backup work
RefuseManualStart=no
RefuseManualStop=yes
 
[Service]
Type=oneshot
ExecStart=/home/<user>/scripts/backup-work.sh

Firstly, tell systemd to rescan the service files:

It is possible to trigger the backup manually by running the following command:

Start and stop the timer manually as follows:

Finally, to activate the timer at every system start, run:

To check the last results of running the service:

Emailing failures

If a timed service runs and fails an e-mail can be send out to inform the user or administrator. This is possible with the "OnFailure" stanza which specifies what should happen if a service fails. A failure is detected by a non-zero return code of the invoked script.

For that change the script as follows:

[Unit]
Description=daily backup work
RefuseManualStart=no
RefuseManualStop=yes
OnFailure=failure-email@%i.service
 
[Service]
Type=oneshot
ExecStart=/home/<user>/scripts/backup-work.sh

This requires to have the service failure-email@.service installed, which can be found in kylemanna's systemd-utils repository.

Replacing cron

The above timer and service files can also be added to /lib/systemd/system to make them available system-wide. The install section should then say WantedBy=multi-user.target to enable the service at system start.

However, cron also runs the scripts in /etc/cron.daily and other locations. Several packages place scripts there that they expect to be run daily. This behavior can be emulated with systemd by installing sys-process/systemd-cron. Then activate the new cron replacement with the following commands:

Troubleshooting

• Gentoo bugtracker: known bugs
• Freedesktop.org bugtracker: known bugs
• Upstream debugging guide

/dev/kmsg buffer overrun, some messages lost

Problem

When booting the system displays an infinite loop of /dev/kmsg buffer overrun, some messages lost. The login screen to console never appears since the system never gets to that point in the boot process.

Solution

Most of the time this issue is caused when the CONFIG_POWER_SUPPLY_DEBUG option is enabled in the kernel. The current workaround is to disable this option in the kernel, then recompile, install, and boot the new kernel. The solution can also be found in this thread on the Gentoo forums. According to one user one the forum, this issue was also seen when using I2C EEPROM on an embedded system^[1]. The solution in this case was to disable the CONFIG_I2C_DEBUG_CORE kernel option.

Graphical sessions opened in random places

By default systemd only launches a getty process when it's going to be used. This causes some display managers (like GDM) to use the remaining TTYs for opening graphical sessions on demand, which can result in having consoles and graphical sessions placed randomly depending on the order they were used.

To stick with a more "classical" behavior (i.e, consoles placed from tty1 to tty6 and graphical sessions using the remaining TTYs) force it to always launch getty on those:

LVM

When switching from OpenRC to systemd and LVM is needed to properly mount the system volumes, activate the LVM service:

While it might not be needed for activation of the root volume (if LVM is integrated into the initramfs) it might not work for other LVM volumes, unless the service is activated.

systemd-bootchart

Make sure that CONFIG_DEBUG_KERNEL, CONFIG_SCHED_DEBUG, and CONFIG_SCHEDSTATS are enabled.

'"`UNIQ--pre-00000022-QINU`"'

Next, enable systemd-bootchart.service:

The result of the changes will produce a bootchart report in SVG format located in /run/log/ after each boot. It can be viewed using a modern web browser.

As an alternative to systemd-bootchart the starting of services can be visualized with:

syslog-ng source for systemd

There is no need to add unix-dgram('/dev/log'); to the /etc/syslog-ng/syslog-ng.conf config file. It will cause syslog-ng to fail (at least on version syslog-ng-3.7.2). Update the source src { ...; }; line mentioned in the syslog-ng article as follows:

# default config for openrc
#source src { system(); internal(); };
 
# systemd
source src { systemd-journal(); internal(); };

sys-fs/cryptsetup configuration

systemd does not seem to respect /etc/conf.d/dmcrypt (see bug #429966) so it needs to be configured through the /etc/crypttab file:

crypt-home UUID=c25dd0f3-ecdd-420e-99a8-0ff2eaf3f391 -

Make sure to enable the cryptsetup USE flag for sys-apps/systemd. It will install /lib/systemd/system-generators/systemd-cryptsetup-generator that will automatically create a service (cryptsetup@crypt-home.service for above example) for each entry on boot.

Check for units that failed to start

Check for units that failed to start with:

Enable debug mode

To get more informations set the following in /etc/systemd/system.conf:

LogLevel=debug

Or enable the debug-shell, that opens a terminal at tty9. This helps to debug services during the boot process.

e4rat usage

Please remember to edit /etc/e4rat.conf setting 'init' to /lib/systemd/systemd, otherwise it will keep booting OpenRC.

GRSecurity hardening

With grsecurity enabled, systemd-networkd might log the following error:

could not find udev device: Permission denied

The error raises due to systemd-networkd working under a non-root user with grsecurity refusing access to the complete /sys structure for such users. To disable this option, disable the CONFIG_GRKERNSEC_SYSFS_RESTRICT kernel option.

logind may also have subtle permission issues with CONFIG_GRKERNSEC_PROC active, see bug #472098.

shutdown -rF does not force fsck

The systemd-fsck service is responsible of running fsck when needed. It doesn't honor shutdown's -rF option, but instead honors the following kernel boot parameters.

See also

• Comparison of init systems — compares and contrasts init systems.
• Sakaki's EFI Install Guide - Particularly look at the chapter entitled Configuring systemd and installing necessary tools
• Packages that hard depend on systemd
• OpenRC to systemd Cheatsheet — list of commands commonly used in OpenRC and its equivalent systemd command.

External resources

• FAQ
• Tips and tricks

References