MAN
systemd-resolve [OPTIONS...] HOSTNAME|ADDRESS...
systemd-resolve [OPTIONS...] --service [[NAME] TYPE] DOMAIN
systemd-resolve [OPTIONS...] --openpgp EMAIL@DOMAIN...
systemd-resolve [OPTIONS...] --statistics
systemd-resolve [OPTIONS...] --reset-statistics
Resolve domain names, IPv4 and IPv6 addresses, DNS records, and services.
-h --help # Show this help
--version # Show package version
--no-pager # Do not pipe output into a pager
-4 # Resolve IPv4 addresses
-6 # Resolve IPv6 addresses
-i --interface=INTERFACE # Look on interface
-p --protocol=PROTO|help # Look via protocol
-t --type=TYPE|help # Query RR with DNS type
-c --class=CLASS|help # Query RR with DNS class
--service # Resolve service (SRV)
--service-address=BOOL # Resolve address for services (default: yes)
--service-txt=BOOL # Resolve TXT records for services (default: yes)
--openpgp # Query OpenPGP public key
--tlsa # Query TLS public key
--cname=BOOL # Follow CNAME redirects (default: yes)
--search=BOOL # Use search domains for single-label names (default: yes)
--raw[=payload|packet] # Dump the answer as binary data
--legend=BOOL # Print headers and additional info (default: yes)
--statistics # Show resolver statistics
--reset-statistics # Reset resolver statistics
--status # Show link and server status
--flush-caches # Flush all local DNS caches
--reset-server-features # Forget learnt DNS server feature levels
--set-dns=SERVER # Set per-interface DNS server address
--set-domain=DOMAIN # Set per-interface search domain
--set-llmnr=MODE # Set per-interface LLMNR mode
--set-mdns=MODE # Set per-interface MulticastDNS mode
--set-dnsovertls=MODE # Set per-interface DNS-over-TLS mode
--set-dnssec=MODE # Set per-interface DNSSEC mode
--set-nta=DOMAIN # Set per-interface DNSSEC NTA
--revert # Revert per-interface configurationTRICKS
LXC
bind DNS from host to containers
dynamically
# for selected interface
resolvectl --interface lxdbr0 dnssec set no
# add DNS configuration to lxd domain
resolvectl dns lxdbr0 "$(lxc network show lxdbr0 | sed -n 's|.*ipv4\.address: \(.*\)/.*|\1|p')"
resolvectl domain lxdbr0 '~lxd'
# old style
# systemd-resolve --interface lxdbr0 --set-dnssec no #~ old style
#sed -i 's|^.\?DNSSEC=.*$|DNSSEC=allow-downgrade|' /etc/systemd/resolved.conf # global / not too advisable
#systemd-resolve --interface lxdbr0 --set-domain '~lxd' --set-dns "$(lxc network show lxdbr0 | sed -n 's|.*ipv4\.address: \(.*\)/.*|\1|p')"persistently
path="/etc/systemd/resolved.conf.d/"
[ -d "${path}" ] || mkdir -p "${path}"
cidr="$(lxc network show lxdbr0 | sed -n 's|.*ipv4\.address: \(.*\)/.*|\1|p')"
echo "# Configuration file for lxdbr0
[Resolve]
DNS=${cidr}
Domains=lxd
DNSSEC=no" > "${path}/lxd.conf"start & enable service
[ "$(systemctl status systemd-resolved.service)" = "inactive" ] && systemctl start systemd-resolved.service
[ "$(systemctl is-enabled systemd-resolved.service)" ] && systemctl enable systemd-resolved.servicetest
resolvectl query sp20-www.lxd
#systemd-resolve -i lxdbr0 sp20-www.lxdUse TAB to select options & values !!
journalctl -p err|alert|crit|debug|emerg|err|info|notice|warning # print only level
-u $service # show logs for unit apache2
_PID=1 # show journal for one PID
<command> # show journal for one command (ex: /usr/sbin/apache2)OTHERS
systemd-cgls [OPTIONS...] [CGROUP...]
Recursively show control group contents
-a --all Show all groups, including empty
-u --unit Show the subtrees of specifified system units
--user-unit Show the subtrees of specifified user units
-l --full Do not ellipsize output
-k Include kernel threads in output
-M --machine= Show containersystemd-cgtop [OPTIONS...] [CGROUP]
Show top control groups by their resource usage
-p --order=path Order by path
-t --order=tasks Order by number of tasks/processes
-c --order=cpu Order by CPU load (default)
-m --order=memory Order by memory load
-i --order=io Order by IO load
-r --raw Provide raw (not human-readable) numbers
--cpu=percentage Show CPU usage as percentage (default)
--cpu=time Show CPU usage as time
-P Count userspace processes instead of tasks (excl. kernel)
-k Count all processes instead of tasks (incl. kernel)
--recursive=BOOL Sum up process count recursively
-d --delay=DELAY Delay between updates
-n --iterations=N Run for N iterations before exiting
-b --batch Run in batch mode, accepting no input
--depth=DEPTH Maximum traversal depth (default: 3)
-M --machine= Show containersystemd-analyze [OPTIONS...] {COMMAND} ...
Profile systemd, show unit dependencies, check unit files
-h --help # Show this help
--version # Show package version
--no-pager # Do not pipe output into a pager
--system # Operate on system systemd instance
--user # Operate on user systemd instance
-H --host=[USER@]HOST # Operate on remote host
-M --machine=CONTAINER # Operate on local container
--order # Show only order in the graph
--require # Show only requirement in the graph
--from-pattern=GLOB # Show only origins in the graph
--to-pattern=GLOB # Show only destinations in the graph
--fuzz=SECONDS # Also print also services which finished SECONDS earlier than the latest in the branch
--man[=BOOL] # Do [not] check for existence of man pages
--generators[=BOOL] # Do [not] run unit generators (requires privileges)
Commands:
time # Print time spent in the kernel
blame # Print list of running units ordered by time to init
critical-chain [UNIT...] # Print a tree of the time critical chain of units
plot # Output SVG graphic showing service initialization
dot [UNIT...] # Output dependency graph in man:dot(1) format
log-level [LEVEL] # Get/set logging threshold for manager
log-target [TARGET] # Get/set logging target for manager
dump # Output state serialization of service manager
syscall-filter [NAME...] # Print list of syscalls in seccomp filter
verify FILE... # Check unit files for correctness
calendar SPEC... # Validate repetitive calendar time events
service-watchdogs [BOOL] # Get/set service watchdog stateUse TAB to select options & values !! (slow for systemctl)
TIPS
systemctl list-units --type=mount # list services which mounts devicesOPTIONS
systemctl [OPTIONS...] {COMMAND} ...
-t, --type= # limit display to certain unit types
--state= # When listing units, show only those in the specified states, LOAD, SUB, or ACTIVE
-p, --property= # when showing unit/job/manager properties with the show command, limit display to properties specified
-a, --all # show all properties in listing unit/job/manager properties
-r, --recursive # also show units of local containers
--reverse # show reverse dependencies between units, with list-dependencies
--after # show the units that are ordered before the specified unit, with list-dependencies
--before # show the units that are ordered after the specified unit, with list-dependencies
-l, --full # do not ellipsize unit names, process tree entries, journal output, or truncate unit descriptions in the output of status, list-units, list-jobs, and list-timers
--value # show only print the value, and skip the property name and "=" when printing properties
--show-types # show the type of the socket when showing sockets
--job-mode= # controls how to deal with already queued jobs. It takes one of "fail", "replace", "replace-irreversibly", "isolate", "ignore-dependencies", "ignore-requirements" or "flush"
--fail # shorthand for --job-mode=fail
-i, --ignore-inhibitors # when system shutdown or a sleep state is requested, ignore inhibitor locks
--dry-run # ust print what would be done
-q, --quiet # suppress printing of the results of various commands and also the hints about truncated log lines
--no-block # do not synchronously wait for the requested operation to finish
--wait # synchronously wait for started units to terminate again
--user # talk to the service manager of the calling user, rather than the service manager of the system
--system # talk to the service manager of the system. This is the implied default
--failed # list units in failed state. This is equivalent to --state=failed
--no-wall # do not send wall message before halt, power-off and reboot
--global # operate on the global user configuration director when used with enable and disable
--no-reload # do not implicitly reload daemon configuration after executing the changes when used with enable and disable
--no-ask-password # disables asking for passwords when used with start and related commands
--kill-who= # choose which processes to send a signal to when used with kill
-s, --signal= # choose which signal to send to selected processes when used with kill
-f, --force # overwrite any existing conflicting symlinks when used with enable
--message= # poweroff or reboot, set a short message explaining the reason for the operation when used with halt
--now # the units will also be started when used with enable
--root= # use the specified root path when looking for unit files when used with enable/disable/is-enabled (and related commands)
--runtime # make changes only temporarily, so that they are lost on the next reboot when used with enable, disable, edit, (and related commands)
--preset-mode= # takes one of "full" (the default), "enable-only", "disable-only"
-n, --lines= # controls the number of journal lines to show when used with status
-o, --output= # controls the formatting of the journal entries that are shown when used with status
--firmware-setup # indicate to the system's firmware to boot into setup mode when used with the reboot command
--plain # output is printed as a list instead of a tree when used with list-dependencies, list-units or list-machines
-H, --host= # execute the operation remotely
-M, --machine= # execute operation on a local container
--no-pager # do not pipe output into a pager
--no-legend # do not print the legendUNIT commands
INFORMATION
list-units [PATTERN...] # List units currently in memory
list-sockets [PATTERN...] # List socket units currently in memory, ordered by address
list-timers [PATTERN...] # List timer units currently in memory, ordered by next elapse
is-active PATTERN... # Check whether units are active
is-failed PATTERN... # Check whether units are failed
status [PATTERN...|PID...] # Show runtime status of one or more units
show [PATTERN...|JOB...] # Show properties of one or more units/jobs or the manager
cat PATTERN... # Show files and drop-ins of specified units
set-property UNIT PROPERTY=VALUE... # Sets one or more properties of a unit
help PATTERN...|PID... # Show manual for one or more units
list-dependencies [UNIT...] # Recursively show units which are required
ACTION
start UNIT... # Start (activate) one or more units
stop UNIT... # Stop (deactivate) one or more units
reload UNIT... # Reload one or more units
restart UNIT... # Start or restart one or more units
try-restart UNIT... # Restart one or more units if active
reload-or-restart UNIT... # Reload one or more units if possible, otherwise start or restart
try-reload-or-restart UNIT... # If active, reload one or more units, if supported, otherwise restart
isolate UNIT # Start one unit and stop all others
kill UNIT... # Send signal to processes of a unit
clean UNIT... # Clean runtime, cache, state, logs or configuration of unit
freeze PATTERN... # Freeze execution of unit processes
thaw PATTERN... # Resume execution of a frozen unit
reset-failed [PATTERN...] # Reset failed state for all, one, or more units
UNIT FILE commands
list-unit-files [PATTERN...] # List installed unit files
enable [UNIT...|PATH...] # Enable one or more unit files
disable UNIT... # Disable one or more unit files
reenable UNIT... # Reenable one or more unit files
preset UNIT... # Enable/disable one or more unit files based on preset configuration
preset-all # Enable/disable all unit files based on preset configuration
is-enabled UNIT... # Check whether unit files are enabled
mask UNIT... # Mask one or more units
unmask UNIT... # Unmask one or more units
link PATH... # Link one or more units files into the search path
revert UNIT... # Revert one or more unit files to vendor version
add-wants TARGET UNIT... # Add 'Wants' dependency for the target on specified one or more units
add-requires TARGET UNIT... # Add 'Requires' dependency for the target on specified one or more units
edit UNIT... # Edit one or more unit files
get-default # Get the name of the default target
set-default TARGET # Set the default target
MACHINE Commands
list-machines [PATTERN...] # List local containers and host
JOB Commands
list-jobs [PATTERN...] # List jobs
cancel [JOB...] # Cancel all, one, or more jobs
ENVIRONMENT commands
show-environment # Dump environment
set-environment VARIABLE=VALUE... # Set one or more environment variables
unset-environment VARIABLE... # Unset one or more environment variables
import-environment [VARIABLE...] # Import all or some environment variables
MANAGER STATE commands
daemon-reload # Reload systemd manager configuration
daemon-reexec # Reexecute systemd manager
log-level [LEVEL] # Get/set logging threshold for manager
log-target [TARGET] # Get/set logging target for manager
service-watchdogs [BOOL] # Get/set service watchdog state
SYSTEM commands
is-system-running # Check whether system is fully running
default # Enter system default mode
rescue # Enter system rescue mode
emergency # Enter system emergency mode
halt # Shut down and halt the system
poweroff # Shut down and power-off the system
reboot # Shut down and reboot the system
kexec # Shut down and reboot the system with kexec
exit [EXIT_CODE] # Request user instance or container exit
switch-root ROOT [INIT] # Change to a different root file system
suspend # Suspend the system
hibernate # Hibernate the system
hybrid-sleep # Hibernate and suspend the system
suspend-then-hibernate # Suspend the system, wake after a period of
RUNLEVEL
Runlevel 0 # Shut down and Power off the system.
Runlevel 1 # Rescue?Maintainance Mode.
Runlevel 3 # multiuser, no-graphic system.
Runlevel 4 # multiuser, no-graphic system.
Runlevel 5 # multiuser, graphical# use TAB to select options & values !! (slow for systemctl
system.
Runlevel 6 # Shutdown and Reboot the machine.EXAMPLES
ps -eaf | grep systemd # Check systemd running
systemctl list-unit-files # List all the available units
systemctl list-unit-files --type=service # List all available services
systemctl list-unit-files --type=mount # List all system mount points
systemctl list-unit-files --type=socket # List all available system sockets
systemctl list-unit-files sys* # List all the available units start with 'sys'
systemctl list-units *fs* # List all running units contains 'fs'
systemctl --failed # List all failed unitsmaking it impossible to start (cut link)
systemctl mask ssh.service
systemctl unmask ssh.serviceauto start service at system boot
systemctl is-active ssh.service
systemctl enable ssh.service
systemctl disable ssh.serviceGet the current CPU Shares of a Service
systemctl show -p CPUShares ssh.service
systemctl set-property ssh.service CPUShares=2000 # Limit the CPU Share of a service (httpd.service) to 2000After logging in, type "journalctl -xb" to view
systemctl emergency
systemctl reboot
systemctl default # to try again to boot into default mode.How to start Runlevel 5 aka graphical mode
systemctl isolate runlevel5.target
systemctl isolate graphical.targetHow to start Runlevel 3 aka multiuser mode
systemctl isolate runlevel3.target
systemctl isolate multiuser.targetHow to set multiusermode or graphical mode as default runlevel
systemctl set-default runlevel3.target
systemctl set-default runlevel5.target