Systemctl and Systemd on CentOS 7

Introduction to Systemd

Systemd is a system and service manager for Linux operating systems which is the new standard for CentOS 7, RHEL 7, Fedora, ArchLinux. Most Linux distros seem to be going towards adding Systemd as a standard and replace the old init.d. By design it’s backwards compatible with SysVinit scripts, and introduces new features like on-demand activation of processes, parallel startup for system services upon boot or even support for system state snapshots. systemctl it the core tool used to manage Systemd services and units.

Systemd introduces a new concept called systemd units. These units are represented by unit configuration files located in following directories:

/usr/lib/systemd/system/
/run/systemd/system/
/etc/systemd/system/

Each of these folders contain different Systemd units. For example, the first one contains units distributed by RPMs, like sshd while the last one contains units created and managed by the system administrator, i.e: Network Manager.

Manage Services

The main purpose of any init system is to manage services and initialize services post kernel boot. systemctl is quite simple to use here and uses regular start, stop, status commands. The full syntax to start a service would be:

systemctl start name.service

systemctl is smart enough to determine what kind of application we’re dealing with as such this should suffice:

systemctl start name

The same applies for stop and restart commands as well.

Listing Services

The following command will list all the currently loaded service units:

systemctl list-units --type service

List all installed service units and determine their state(ENABLED/DISABLED):

systemctl list-unit-files --type service

Enable, Disable, Mask Services

Enabling a service means that it will start automatically upon next system reboot. Running the enable command will create the necessary symlink from the /usr/lib/systemd/system/ folder to the /etc/systemd/system/ one. For example, enabling nginx will have the following output:

[root@web01 ~]# systemctl enable nginx.service
ln -s '/usr/lib/systemd/system/nginx.service' '/etc/systemd/system/multi-user.target.wants/nginx.service'

In order to disable nginx and don’t start it on boot time:

[root@web01 ~]# systemctl disable nginx.service
rm '/etc/systemd/system/multi-user.target.wants/nginx.service'

which will remove the symlink. We can even make any service and prevent it from being started by any other services by running:

[root@web01 ~]# systemctl mask nginx.service
ln -s '/dev/null' '/etc/systemd/system/nginx.service'

which will create a symlink from /etc/systemd/system/nginx.service to /dev/null

Power Management

systemctl is able to manage the machine’s state as well which means that you can reboot, shutdown, power-off, suspend, hibernate and so on:

  • systemctl reboot – Reboot the system
  • systemctl poweroff – Power-off the system
  • systemctl suspend – Suspend the system
  • systemctl hibernate – Put the system into hibernation

Conclusions

systemctl allows you to full control your systemd instance. It’s a really powerful tool and this is just a basic guide on what you can achieve using it.

More details about systemd and systemctl can be found here.

Disable SELinux on CentOS 7

How to disable SELinux on CentOS 7 or most Linux operating systems?

SELinux stands for Security-Enhanced Linux and is a Linux kernel security module that provides a mechanism for supporting access control security policies. If you’ve recently installed your CentOS 7(works for CentOS 4,5,6 as well) and you don’t want to use SELinux, the easiest way would be to disable it first and then make sure it won’t start upon reboot.

We can verify the status using sestatus which should return enabled along with some variables or disabled if it’s already turned off:


[root@server ~]# sestatus
SELinux status: disabled

In order to disable it for the time being, until the machine is rebooted we can simply use the setenforce command:


[root@server ~]# setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]

Simply running setenforce Permissive from shell as root:

[root@server ~]# setenforce Permissive

OR:

[root@server ~]# setenforce 0

should to the trick but we also need to make sure it remains permanent. In order to do this we’ll simply edit SELinux’s configuration file located under: /etc/sysconfig/selinux and alter the SELINUX variable to disabled:

[root@server ~]# vi /etc/sysconfig/selinux

After saving the file and exiting the editor SELinux should be off and it shouldn’t interfere unless you enable it again. It recommended that we reboot the machine after changing SELinux between modes. If you plan to install cPanel/WHM on the machine this is a mandatory step. cPanel/WHM doesn’t work on your machine with SELinux set to Enforcing(1).

Please note that if we disable SELinux on CentOS 7 it doesn’t mean the machine will be less protected, however the OS will be more permissive. For example an user would be able to set 777 permissions for sensitive files like SSH Keys which means that other users will be able to see them.

Read more about SELinux:

SELinux on Wikipedia
HowTos SELinux

Tweak Swap on CentOS 7

Swap is quite important on a small virtual machine but also on large servers. If you haven’t enabled Swap yet you should check the following guide here. This article should provide you some information about swap and how you can tweak swap on CentOS 7.

Pre-flight checks

We’ll check if swap is enabled using swapon -s which should output something similar to this:

[root@web ~]# swapon -s
Filename Type Size Used Priority
/swap file 1048572 16 -1

This means we currently have a 1GB swap and we can confirm that it’s enabled by running free -m.

We’ll be touching two variables here: Swappiness and Cache Pressure.

Swappiness

Swappiness is a Linux kernel parameter that controls the relative weight given to swapping out runtime memory, as opposed to dropping pages from the system page cache. This parameter can be set to values from 0 to 100 inclusive. A low value instructs the kernel to avoid swapping, a higher value causes the kernel to try to use swap space as much as possible. The default value is 60 which works on most systems.

vm.swappiness = 0 – The kernel will swap only to avoid running out of memory
vm.swappiness = 60 – The default value
vm.swappiness = 100 – The kernel will swap aggressively, consuming a lot of the disk I/O

If we want a fast machine and we don’t want to hammer disk I/O we’ll need to lower this value. You can check the value for the current setting using cat:

[root@web ~]# cat /proc/sys/vm/swappiness
60

If we want to temporary change this value we can do it using a simple echo:

[root@web ~]# echo 10 > /proc/sys/vm/swappiness

or by using the sysctl tool:

[root@web ~]# sysctl vm.swappiness=10

This setting is not permanent unless we add it to /etc/sysctl.conf. If the value isn’t defined there you can simply add this line at the bottom of the file:

vm.swappiness = 10

After saving the file and exiting the editor the setting is permanent and it should be seen after reboot as well.

Cache Pressure

Another setting the can help your machine to perform better is vfs_cache_pressure. This setting controls the tendency of the kernel to reclaim the memory which is used for caching of directory and inode objects.

vfs_cache_pressure = 0 – The kernel will never reclaim dentries and inodes due to memory pressure and this can easily lead to out-of-memory situations
vfs_cache_pressure = 100 – The kernel will attempt to reclaim dentries and inodes at a “fair” rate
vfs_cache_pressure > 100 – The kernel will prefer to reclaim dentries and inodes which is not recommended and can have a bad impact on the machine’s perfromance

Default value on CentOS is 100 and it can be adjusted in the same way as vm.swappiness.

[root@web ~]# sysctl vm.vfs_cache_pressure=50
[root@web ~]# cat /proc/sys/vm/vfs_cache_pressure
50

You can also make it permanent by adding it to /etc/sysctl.conf.

How To Add swap on CentOS 7

What is swap?

Swap space on Linux is an area on the machine’s hard drive where the operating system will write data that cannot be held in the memory. Swap is usually used when the amount of physical memory (RAM) is full. If the system needs more memory resources and the RAM is full, inactive pages in memory are moved to the swap space. While swap space can help machines with a small amount of RAM, it should not be considered a replacement for more RAM. Swap space is located on the hard drives, which have a slower access time than physical memory. Due to these factors, relying on swap all the times isn’t recommended and it should be limited.

Pre-flight checks

After installing the OS(in this case CentOS 7) we’ll need to log in to the machine from console or SSH. Before doing anything we should check a few things in order to make sure we have enough room for swap and if swap isn’t already enabled. This can be done using swapon utility, using the -s flag that will print the status:

[root@web ~]# swapon -s

If this returns no output then it means we don’t have swap. Next we’ll check RAM usage using the free utility and the -m parameter:

[root@web ~]# free -mo
total used free shared buffers cached
Mem: 994 851 142 6 39 218
Swap: 0 0 1023

Since swap will be written on the disk we’ll need to check that we have enough disk space available. In order to do so df and the -h parameter(human-friendly reading format) will be used:

[root@web ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 30G 2.7G 26G 10% /
devtmpfs 490M 0 490M 0% /dev
tmpfs 498M 0 498M 0% /dev/shm
tmpfs 498M 6.5M 491M 2% /run
tmpfs 498M 0 498M 0% /sys/fs/cgroup

We have plenty of disk space for this task as such we can proceed to the next step.

How to enable swap on CentOS 7

We’ll create a 1GB swap file called swap in the / location. In order to do this we’ll use fallocate

fallocate -l 1G /swap

The swap file should be created almost instantly and you should see the command prompt again. We can check that the swap file was created using ls

[root@web ~]# ls -lh /swap
-rw------- 1 root root 1.0G Jan 18 03:22 /swap

Before proceeding we’ll need to secure it, in order to make sure only root can read/write on it by using chmod

chmod 600 /swap

We have the file that will be used as swap and we’ll need to instruct the operating system to use it. In order to do so we’ll use mkswap which should return something similar to this:

root@web ~]# mkswap /swap
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=df691846-69f2-4157-86a6-4002cadef825

We now have a swap space and we can enable it using swapon:

swapon /swap

swapon -s should reflex this change along with free -m:

[root@web ~]# swapon -s
Filename Type Size Used Priority
/swap file 1048572 0 -1
[root@web ~]# free -m
total used free shared buffers cached
Mem: 994 851 142 6 40 219
-/+ buffers/cache: 592 401
Swap: 1023 0 1023

This means that we have successfully enabled swap on the machine, however we’ll need to make sure it starts on reboot. In order to do so we’ll edit /etc/fstab using your favorite editor(vi in this case):

vi /etc/fstab

and add the following line:

/swap swap swap sw 0 0

We have successfully enabled swap on CentOS 7 which should start on reboot.