Systemd has replaced sysVinit as the default service manager in RHEL 7. Some of the sysVinit commands have been symlinked to their RHEL 7 counterparts, however this will eventually be deprecated in favor of the standard systemd commands in the future.

SysVinit V/s systemd runlevels

Here is a comparison between SysVinit runlevels V/s systemd targets.

SYSVINIT RUNLEVEL SYSTEMD TARGET FUNCTION
0 runlevel0.target, poweroff.target System halt/shutdown
1, s, single runlevel1.target, rescue.target Single-user mode
2, 4 runlevel2.target, runlevel4.target, multi-user.target User-defined/Site-specific runlevels. By default, identical to 3.
3 runlevel3.target, multi-user.target Multi-user, non-graphical mode, text console only
5 runlevel5.target, graphical.target Multi-user, graphical mode
6 runlevel6.target, reboot.target Reboot
emergency emergency.target Emergency mode
Changing runlevels with systemd

The runlevel target can be changed by using the systemctl isolate command :

# systemctl isolate multi-user.target
To view what targets are available you can issue the list-units option with the type target

# systemctl list-units –type=target
Run level 3 is emulated by multi-user.target. This is done by symbolic link and can be used interchangeably

# systemctl isolate multi-user.target
# systemctl isolate runlevel3.target
# ls -l /usr/lib/systemd/system/runlevel3.target
lrwxrwxrwx 1 root root 17 Oct 18 11:41 /usr/lib/systemd/system/runlevel3.target -> multi-user.target
Run level 5 is emulated by graphical.target. This is also done by symbolic link and can be used interchangeably

# systemctl isolate graphical.target
# systemctl isolate runlevel5.target
# ls -l /usr/lib/systemd/system/runlevel5.target
lrwxrwxrwx 1 root root 16 Oct 18 11:41 /usr/lib/systemd/system/runlevel5.target -> graphical.target
Changing the default runlevel

The default runlevel can be changed by using the set-default option.

# systemctl set-default multi-user.target
To get the currently set default, you can use the get-default option.

# systemctl get-default
The default runlevel in systemd can also be set using the below method (not recommended though).

# ln -sf /lib/systemd/system/[desired].target /etc/systemd/system/default.target
The default target can also be set in the kernel line during boot by adding the following option :

systemd.unit=multi-user.target

Question : I cannot reach my Samba server after starting the service. How do I open the port to be able to connect to my Samba server?

Solution :

If running FirewallD, it is mandatory to open the ports used by the Samba server in order for it to properly accept clients. To begin with check the firewalld status using the systemctl command :

# systemctl status firewalld
? firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2016-10-29 21:47:04 IST; 1 weeks 4 days ago
Main PID: 1055 (firewalld)
CGroup: /system.slice/firewalld.service
??1055 /usr/bin/python -Es /usr/sbin/firewalld –nofork –nopid

Oct 29 21:46:50 localhost.localdomain systemd[1]: Starting firewalld – dynamic firewall daemon…
Oct 29 21:47:04 localhost.localdomain systemd[1]: Started firewalld – dynamic firewall daemon.
As seen in the output above the firewall service is active and running. So we are good to go further.

Check the list of open ports and services using the commands below :

# firewall-cmd –list-ports
# firewall-cmd –list-services
Once you have confirmed that the samba ports are not open on the system, open the Samba port using the following FirewallD command:

# firewall-cmd –add-service=samba
The above command will change the runtime, opening the port temporarily. Make the changes permanent using the following command (this will persist through reboot):

# firewall-cmd –add-service=samba –permanent
Verify

To verify if the samba service is added to the firewalld use :

# firewall-cmd –list-services
dhcpv6-client samba ssh
As you can see samba service is now added to the firewall and samba ports are now open.

By default, RHEL 7 uses the FirewallD service to provide network security. FirewallD must be stopped and disabled when using the iptables service:

# systemctl stop firewalld.service
# systemctl disable firewalld.service
# systemctl enable iptables.service
# systemctl start iptables.service
The iptables service is now provided by a separate package called iptables-services:

# yum info iptables-services
Name : iptables-services
Arch : x86_64
Version : 1.4.21
Release : 13.el7
Size : 23 k
Repo : installed
From repo : anaconda
Summary : iptables and ip6tables services for iptables
URL : http://www.netfilter.org/
License : GPLv2
Description : iptables services for IPv4 and IPv6
:
: This package provides the services iptables and ip6tables that have been split
: out of the base package since they are not active by default anymore.
The iptables-services package may need to be installed 1st:

# systemctl -a|grep iptables
? iptables.service not-found inactive dead iptables.service
Stop and disable the firewalld service first.

# systemctl stop firewalld.service
# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
If you try to enable the iptables service, it would fail.

# systemctl enable iptables.service
Failed to execute operation: No such file or directory
Install the iptables-services package.

# yum install iptables-services -y
Enable the iptables service :

# systemctl enable iptables.service
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
Start the iptables service :

# systemctl start iptables.service
#

yum-cron is an optional package starting from Red Hat Enterprise Linux 6, this is a plugin for yum. From man page of yum-cron :

yum-cron is a simple way to call yum commands from cron. It provides configuration to keep repository metadata up to date, and to check for, download, and apply updates.
The yum-cron package provides a convenient way to check for, download and apply updates automatically. The cron jobs from the yum-cron package are active immediately after installing the package and there’s no extra configuration necessary. The job will be run when your normal daily cron jobs are set to run.

Installation

To install yum-cron package

# yum -y install yum-cron
# chkconfig yum-cron on
Configuration for RHEL 6

Then edit /etc/sysconfig/yum-cron to set MAILTO=[email address] for email notifications.

MAILTO=sys@example.com
To exclude packages using yum-cron edit the /etc/sysconfig/yum-cron to have the packeges to be excluded in the automatic uodate :

YUM_PARAMETER=kernel* mysql*
To start yum-cron service after editing configuration file.

# service yum-cron start
Configuration for RHEL 7

Then edit /etc/yum/yum-cron.conf to set email_to=[email address] for email notifications.

email_to=sys@example.com
To exclude packages using yum-cron edit the /etc/yum/yum-cron.conf to have the packeges to be excluded in the automatic uodate :

exclude=kernel* mysql*
In RHEL 7 you can use following options in yum-cron configuration file, to install security updates.

[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum –security upgrade
# security-severity:Critical = yum –sec-severity=Critical upgrade
# minimal = yum –bugfix upgrade-minimal
# minimal-security = yum –security upgrade-minimal
# minimal-security-severity:Critical = –sec-severity=Critical upgrade-minimal
update_cmd = default
To start yum-cron service after editing configuration file.

# systemctl start yum-cron

Question: Why CentOS 7 / RHEL 7 have many tmpfs (6 tmpfs filesystem), are these tmpfs mandatory for OS? What are the mount /run/user/1000, /run/user/0, /run/user/45, /sys/fs/cgroup for?

Answer:

If you run df -hP in RHEL 7 system you would find many tmpfs file systems mounted.

# df -hP
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_os-lv_root 296G 33G 248G 12% /
devtmpfs 126G 0 126G 0% /dev
tmpfs 126G 631M 126G 1% /dev/shm
tmpfs 126G 1.3G 125G 2% /run
tmpfs 126G 0 126G 0% /sys/fs/cgroup
/dev/sda1 976M 112M 797M 13% /boot
tmpfs 26G 0 26G 0% /run/user/0
tmpfs 26G 0 26G 0% /run/user/5006
tmpfs 9.5G 68K 9.5G 1% /run/user/1000
tmpfs is a temporary filesystem that resides in memory and/or your swap partition(s), depending on how much you fill it up.
Mounting directories as tmpfs can be an effective way of speeding up accesses to their files, or to ensure that their contents are automatically cleared upon reboot.

/dev

/dev contains device files which are created and removed automatically by the udev daemon, as hardware is added or removed etc.
(devtmps is just a tmpfs that was created specially by the kernel early in the boot process, which contains the core devices pre-created so that the boot process has something to work with before udevd is loaded.)

/dev/shm

/dev/shm is used by the POSIX shared memory facilities.

/run

/run contains resource locks and PID files etc. which are relevant to currently-running daemons. /var/run and /var/lock are symlinks back to /run for compatibility reasons.

/media

/media contains the mount-points of removable media (e.g. optical discs and USB drives), which are created and removed automatically.

/sys/fs/cgroup

/sys/fs/cgroup contains details for the cgroup system, which is used (mainly by systemd) to divide processes into groups for resource sharing etc.