Linux 命令 - systemctl

Systemctl是一个systemd工具,主要负责控制systemd系统和服务管理器。

Systemd是一个系统管理守护进程、工具和库的集合,用于取代System V初始进程。Systemd的功能是用于集中管理和配置类UNIX系统。

在Linux生态系统中,Systemd被部署到了大多数的标准Linux发行版中,只有为数不多的几个发行版尚未部署。Systemd通常是所有其它守护进程的父进程,但并非总是如此。

Systemd初体验和Systemctl基础

首先检查你的系统中是否安装有systemd并确定当前安装的版本

1
2
3
#  systemctl --version
systemd 219
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN

上例中很清楚地表明,我们安装了215版本的systemd。

检查systemd和systemctl的二进制文件和库文件的安装位置

1
2
3
4
5
#  whereis systemd
systemd: /usr/lib/systemd /etc/systemd /usr/share/systemd /usr/share/man/man1/systemd.1.gz

# whereis systemctl
systemctl: /usr/bin/systemctl /usr/share/man/man1/systemctl.1.gz

检查systemd是否运行

1
2
3
4
5
6
#  ps -eaf | grep systemd
root 1 0 0 3月18 ? 00:03:11 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
root 323 1 0 3月18 ? 00:01:45 /usr/lib/systemd/systemd-journald
root 348 1 0 3月18 ? 00:00:00 /usr/lib/systemd/systemd-udevd
dbus 459 1 0 3月18 ? 00:02:49 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root 468 1 0 3月18 ? 00:01:23 /usr/lib/systemd/systemd-logind

分析systemd启动进程

1
2
#  systemd-analyze
Startup finished in 690ms (kernel) + 1.288s (initrd) + 8.138s (userspace) = 10.117s

分析启动时各个进程花费的时间

1
2
3
4
5
6
7
8
9
10
11
#  systemd-analyze blame
5.130s network.service
3.022s rabbitmq-server.service
2.120s postfix.service
320ms systemd-journal-flush.service
296ms tuned.service
293ms lvm2-monitor.service
226ms nginx.service
187ms dev-vda1.device
181ms rc-local.service
...

分析启动时的关键链

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#  systemd-analyze critical-chain
The time after the unit is active or started is printed after the "@" character.
The time the unit takes to start is printed after the "+" character.

multi-user.target @8.129s
└─tuned.service @6.008s +296ms
└─network.target @5.999s
└─network.service @869ms +5.130s
└─basic.target @811ms
└─sockets.target @811ms
└─rpcbind.socket @811ms
└─sysinit.target @808ms
└─systemd-update-utmp.service @797ms +9ms
└─auditd.service @642ms +154ms
└─systemd-tmpfiles-setup.service @615ms +26ms
└─rhel-import-state.service @531ms +83ms
└─local-fs.target @471ms
└─local-fs-pre.target @471ms
└─lvm2-monitor.service @177ms +293ms
└─lvm2-lvmetad.service @232ms
└─lvm2-lvmetad.socket @163ms
└─-.slice

重要:Systemctl接受服务(.service),挂载点(.mount),套接口(.socket)和设备(.device)作为单元。

列出所有可用单元

1
2
3
4
5
6
7
8
9
10
11
#  systemctl list-unit-files
UNIT FILE STATE
proc-sys-fs-binfmt_misc.automount static
dev-hugepages.mount static
dev-mqueue.mount static
proc-sys-fs-binfmt_misc.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
tmp.mount disabled
brandbot.path disabled

列出所有运行中单元

1
2
3
4
5
6
7
#  systemctl list-units
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats File System Automount Point
sys-devices-pci0000:00-0000:00:03.0-virtio0-net-eth0.device loaded active plugged Virtio network device
sys-devices-pci0000:00-0000:00:04.0-virtio1-block-vda-vda1.device loaded active plugged /sys/devices/pci0000:00/0000:00:04.0/virtio1/block/vda/vda1
sys-devices-pci0000:00-0000:00:04.0-virtio1-block-vda.device loaded active plugged /sys/devices/pci0000:00/0000:00:04.0/virtio1/block/vda
sys-devices-platform-serial8250-tty-ttyS1.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS1

列出所有失败单元

1
2
3
4
5
6
7
8
9
10
11
12
#  systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● kdump.service loaded failed failed Crash recovery kernel arming
● postfix.service loaded failed failed Postfix Mail Transport Agent
● YDService.service loaded failed failed LSB: tomcat service

LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

3 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

检查某个单元(如 cron.service)是否启用

1
2
#  systemctl is-enabled crond.service
enabled

检查某个单元或服务是否运行

1
2
3
4
5
#  systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)

使用Systemctl控制并管理服务

列出所有服务(包括启用的和禁用的)

1
2
3
4
5
6
7
8
9
10
11
#  systemctl list-unit-files --type=service
UNIT FILE STATE
acpid.service enabled
arp-ethers.service disabled
atd.service enabled
auditd.service enabled
autovt@.service enabled
blk-availability.service disabled
brandbot.service static
chrony-dnssrv@.service static
chrony-wait.service disabled

Linux中如何启动、重启、停止、重载服务以及检查服务(如 httpd.service)状态

1
2
3
4
5
# systemctl start httpd.service
# systemctl restart httpd.service
# systemctl stop httpd.service
# systemctl reload httpd.service
# systemctl status httpd.service

注意:当我们使用systemctl的start,restart,stop和reload命令时,我们不会从终端获取到任何输出内容,只有status命令可以打印输出。

如何激活服务并在启动时启用或禁用服务(即系统启动时自动启动服务)

1
2
3
# systemctl is-active httpd.service
# systemctl enable httpd.service
# systemctl disable httpd.service

如何屏蔽(让它不能启动)或显示服务(如 httpd.service)

1
2
3
4
# systemctl mask httpd.service
ln -s '/dev/null' '/etc/systemd/system/httpd.service'
# systemctl unmask httpd.service
rm '/etc/systemd/system/httpd.service'

使用systemctl命令杀死服务

1
2
# systemctl kill httpd
# systemctl status httpd

使用Systemctl控制并管理挂载点

列出所有系统挂载点

1
2
3
4
5
6
7
8
9
#  systemctl list-unit-files --type=mount
UNIT FILE STATE
dev-hugepages.mount static
dev-mqueue.mount static
proc-sys-fs-binfmt_misc.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
tmp.mount disabled

挂载、卸载、重新挂载、重载系统挂载点并检查系统中挂载点状态

1
2
3
4
5
# systemctl start tmp.mount
# systemctl stop tmp.mount
# systemctl restart tmp.mount
# systemctl reload tmp.mount
# systemctl status tmp.mount

在启动时激活、启用或禁用挂载点(系统启动时自动挂载)

1
2
3
# systemctl is-active tmp.mount
# systemctl enable tmp.mount
# systemctl disable tmp.mount

在Linux中屏蔽(让它不能启用)或可见挂载点

1
2
3
4
# systemctl mask tmp.mount
ln -s '/dev/null' '/etc/systemd/system/tmp.mount'
# systemctl unmask tmp.mount
rm '/etc/systemd/system/tmp.mount'

使用Systemctl控制并管理套接口

列出所有可用系统套接口

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#  systemctl list-unit-files --type=socket
UNIT FILE STATE
dbus.socket static
dm-event.socket enabled
epmd.socket disabled
epmd@.socket disabled
lvm2-lvmetad.socket enabled
lvm2-lvmpolld.socket enabled
rpcbind.socket enabled
rsyncd.socket disabled
sshd.socket disabled
syslog.socket static
systemd-initctl.socket static
systemd-journald.socket static
systemd-shutdownd.socket static
systemd-udevd-control.socket static
systemd-udevd-kernel.socket static

在Linux中启动、重启、停止、重载套接口并检查其状态

1
2
3
4
5
# systemctl start cups.socket
# systemctl restart cups.socket
# systemctl stop cups.socket
# systemctl reload cups.socket
# systemctl status cups.socket

在启动时激活套接口,并启用或禁用它(系统启动时自启动)

1
2
3
# systemctl is-active cups.socket
# systemctl enable cups.socket
# systemctl disable cups.socket

屏蔽(使它不能启动)或显示套接口

1
2
3
4
# systemctl mask cups.socket
ln -s '/dev/null' '/etc/systemd/system/cups.socket'
# systemctl unmask cups.socket
rm '/etc/systemd/system/cups.socket'

服务的CPU利用率(分配额)

获取当前某个服务的CPU分配额(如httpd)

1
2
# systemctl show -p CPUShares httpd.service
CPUShares=1024

将某个服务(httpd.service)的CPU分配份额限制为2000 CPUShares/

1
2
3
# systemctl set-property httpd.service CPUShares=2000
# systemctl show -p CPUShares httpd.service
CPUShares=2000

注意:当你为某个服务设置CPUShares,会自动创建一个以服务名命名的目录(如 httpd.service),里面包含了一个名为90-CPUShares.conf的文件,该文件含有CPUShare限制信息,你可以通过以下方式查看该文件:

1
2
3
# vi /etc/systemd/system/httpd.service.d/90-CPUShares.conf 
[Service]
CPUShares=2000

检查某个服务的所有配置细节

1
2
3
4
5
6
7
8
9
10
11
#  systemctl show nginx
Type=forking
Restart=no
PIDFile=/run/nginx.pid
NotifyAccess=none
RestartUSec=100ms
TimeoutStartUSec=1min 30s
TimeoutStopUSec=5s
WatchdogUSec=0
WatchdogTimestampMonotonic=0
StartLimitInterval=10000000

分析某个服务(nginx)的关键链

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#  systemd-analyze critical-chain nginx.service
The time after the unit is active or started is printed after the "@" character.
The time the unit takes to start is printed after the "+" character.

nginx.service +226ms
└─network.target @5.999s
└─network.service @869ms +5.130s
└─basic.target @811ms
└─sockets.target @811ms
└─rpcbind.socket @811ms
└─sysinit.target @808ms
└─systemd-update-utmp.service @797ms +9ms
└─auditd.service @642ms +154ms
└─systemd-tmpfiles-setup.service @615ms +26ms
└─rhel-import-state.service @531ms +83ms
└─local-fs.target @471ms
└─local-fs-pre.target @471ms
└─lvm2-monitor.service @177ms +293ms
└─lvm2-lvmetad.service @232ms
└─lvm2-lvmetad.socket @163ms
└─-.slice

获取某个服务(nginx)的依赖性列表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#  systemctl list-dependencies nginx.service
nginx.service
● ├─-.mount
● ├─system.slice
● └─basic.target
● ├─rhel-autorelabel-mark.service
● ├─rhel-autorelabel.service
● ├─rhel-configure.service
● ├─rhel-dmesg.service
● ├─rhel-loadmodules.service
● ├─selinux-policy-migrate-local-changes@targeted.service
● ├─paths.target
● ├─slices.target
● │ ├─-.slice
● │ └─system.slice
● ├─sockets.target
...

按等级列出控制组

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#  systemd-cgls
├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
├─user.slice
│ └─user-0.slice
│ ├─session-48911.scope
│ │ ├─17567 sshd: root@pts/0
│ │ ├─17570 -zsh
│ │ ├─17604 sh -c main() { # Use colors, but only if connected to a terminal, and that terminal # supports them. if which tput >/dev/null 2>&1; then ncolors=$(tput colors) fi if [ -t 1 ] && [ -n "$ncolors" ] && [ "$ncolors" -ge 8 ]; then RED="$(tput
│ │ ├─17643 zsh
│ │ ├─27128 systemd-cgls
│ │ └─27129 systemd-cgls
│ └─session-1.scope
│ ├─25471 barad_agent
│ ├─25477 barad_agent
│ ├─25478 barad_agent
│ └─25839 /usr/local/qcloud/stargate/sgagent -d
...

按CPU、内存、输入和输出列出控制组

1
2
3
4
5
6
7
8
9
10
11
12
#  systemd-cgtop
Path Tasks %CPU Memory Input/s Output/s

/ 78 - 827.5M - -
/system.slice/acpid.service 1 - - - -
/system.slice/atd.service 1 - - - -
/system.slice/auditd.service 1 - - - -
/system.slice/crond.service 1 - - - -
/system.slice/dbus.service 1 - - - -
/system.slice/libstoragemgmt.service 1 - - - -
/system.slice/lvm2-lvmetad.service
...

控制系统运行等级

启动系统救援模式

1
2
3
4
5
6
7
#  systemctl rescue
PolicyKit daemon disconnected from the bus.
We are no longer a registered authentication agent.

Broadcast message from root@server_base on pts/0 (四 2018-04-19 16:31:36 CST):

The system is going down to rescue mode NOW!

进入紧急模式

1
2
3
4
# systemctl emergency
Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" to try again
to boot into default mode.

列出当前使用的运行等级

1
2
#  systemctl get-default
multi-user.target

启动运行等级5,即图形模式

1
2
3
# systemctl isolate runlevel5.target

# systemctl isolate graphical.target

启动运行等级3,即多用户模式(命令行)

1
2
3
# systemctl isolate runlevel3.target

# systemctl isolate multiuser.target

设置多用户模式或图形模式为默认运行等级

1
2
# systemctl set-default runlevel3.target
# systemctl set-default runlevel5.target

重启、停止、挂起、休眠系统或使系统进入混合睡眠

1
2
3
4
5
# systemctl reboot
# systemctl halt
# systemctl suspend
# systemctl hibernate
# systemctl hybrid-sleep

运行等级说明

  • Runlevel 0 : 关闭系统
  • Runlevel 1 : 救援?维护模式
  • Runlevel 3 : 多用户,无图形系统
  • Runlevel 4 : 多用户,无图形系统
  • Runlevel 5 : 多用户,图形化系统
  • Runlevel 6 : 关闭并重启机器

参考

0%