Disabling services via systemctl

gergan · July 30, 2013, 3:58pm

I’m trying to strip away unnecessary services from running on my openSuse 12.3 system, but have found it difficult to really kill them dead. I’ve read through Chapter 8 - Systemd in the documentation, but there are problems that I can’t quite figure out.

I’m trying to stop rcpbind and ldap from automatically starting up in my default multi-user mode (runlevel5). I have executed
“systemctl disable ldap.service” and “systemctl disable rpcbind.service”, but they still launch on a reboot. I verified that the system took my commands:[INDENT=2]pabst:~ # systemctl status ldap.service
ldap.service - LSB: OpenLDAP Server (slapd)
Loaded: loaded (/etc/init.d/ldap)
Active: active (running) since Tue, 2013-07-30 04:06:06 EDT; 4h 54min ago
Process: 624 ExecStart=/etc/init.d/ldap start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/ldap.service
â 787 /usr/lib/openldap/slapd -h ldap:/// -f /etc/openldap/slapd.conf -u ldap -g ldap -o slp=o…

Jul 30 04:06:05 pabst.beer slapd[787]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Jul 30 04:06:05 pabst.beer slapd[787]: slapd starting
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 fd=13 ACCEPT from IP=127.0.0.1:58969 (IP=0.0.0.0:389)
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=0 BIND dn="" method=128
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=0 RESULT tag=97 err=0 text=
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=2 UNBIND
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 fd=13 closed
Jul 30 04:06:06 pabst.beer systemd[1]: Started LSB: OpenLDAP Server (slapd).

pabst:~ # systemctl status rpcbind.service
rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; disabled)
Active: active (running) since Tue, 2013-07-30 04:05:58 EDT; 4h 55min ago
Main PID: 503 (rpcbind)
CGroup: name=systemd:/system/rpcbind.service
â 503 /sbin/rpcbind -w -f

Jul 30 04:05:58 pabst.beer systemd[1]: Starting RPC Bind…
Jul 30 04:05:58 pabst.beer systemd[1]: Started RPC Bind.
[/INDENT]

I also noticed that ypbind.service seems to be trying to start, as well, but isn’t successful only because of a fatal error.[INDENT=2]
[size=1]pabst:/usr/lib/systemd/system # systemctl status ypbind.service
ypbind.service - NIS/YP (Network Information Service) Clients to NIS Domain Binder
Loaded: loaded (/usr/lib/systemd/system/ypbind.service; disabled)
Active: failed (Result: exit-code) since Tue, 2013-07-30 04:06:03 EDT; 5h 41min ago
Process: 710 ExecStopPost=/bin/sh -c /bin/rm -f /var/yp/binding/* /var/run/ypbind.pid (code=exited, status=0/SUCCESS)
Process: 632 ExecStartPost=/usr/share/ypbind/ypbind-systemd-post (code=exited, status=0/SUCCESS)
Process: 631 ExecStart=/bin/sh -c /usr/share/ypbind/ypbind-systemd-pre; exec /usr/sbin/ypbind -n $OTHER_YPBIND_OPTS (code=exited, status=1/FAILURE)
CGroup: name=systemd:/system/ypbind.service

Jul 30 04:06:01 pabst.beer systemd[1]: Started NIS/YP (Network Information Service) Clients to NIS Domain Binder.
Jul 30 04:06:01 pabst.beer sh[631]:
Error: NIS domain not specified.

Jul 30 04:06:02 pabst.beer sh[631]: domainname not set - aborting.
Jul 30 04:06:02 pabst.beer systemd[1]: ypbind.service: main process exited, code=exited, status=1/FAILURE
Jul 30 04:06:03 pabst.beer systemd[1]: Unit ypbind.service entered failed state[/size]
[/INDENT]

chkconfig shows them as off also, if it matters. (chkconfig is depreciated?)

Any help in tracking down what is launching these, where I am missing it, and how to successfully stop them would be greatly appreciated. Thank you in advance.

hcvv · July 30, 2013, 4:46pm

Please use CODE tags around your computer texts. It is the button in the tool bar of the post editor. The result will be better for our eyes

gergan · July 30, 2013, 5:06pm

[post updated with code tags as suggested.]

I’m trying to strip away unnecessary services from running on my openSuse 12.3 system, but have found it difficult to really kill them dead. I’ve read through Chapter 8 - Systemd in the documentation, but there are problems that I can’t quite figure out.

I’m trying to stop rcpbind and ldap from automatically starting up in my default multi-user mode (runlevel5). I have executed
“systemctl disable ldap.service” and “systemctl disable rpcbind.service”, but they still launch on a reboot. I verified that the system took my commands:

[INDENT=2]pabst:~ # systemctl status ldap.service
ldap.service - LSB: OpenLDAP Server (slapd)
          Loaded: loaded (/etc/init.d/ldap)
          Active: active (running) since Tue, 2013-07-30 04:06:06 EDT; 4h 54min ago
         Process: 624 ExecStart=/etc/init.d/ldap start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/ldap.service
                  â 787 /usr/lib/openldap/slapd -h ldap:///   -f /etc/openldap/slapd.conf -u ldap -g ldap -o slp=o...

Jul 30 04:06:05 pabst.beer slapd[787]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Jul 30 04:06:05 pabst.beer slapd[787]: slapd starting
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 fd=13 ACCEPT from IP=127.0.0.1:58969 (IP=0.0.0.0:389)
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=0 BIND dn="" method=128
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=0 RESULT tag=97 err=0 text=
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 op=2 UNBIND
Jul 30 04:06:06 pabst.beer slapd[787]: conn=1000 fd=13 closed
Jul 30 04:06:06 pabst.beer systemd[1]: Started LSB: OpenLDAP Server (slapd).


pabst:~ # systemctl status rpcbind.service
rpcbind.service - RPC Bind
          Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; disabled)
          Active: active (running) since Tue, 2013-07-30 04:05:58 EDT; 4h 55min ago
        Main PID: 503 (rpcbind)
          CGroup: name=systemd:/system/rpcbind.service
                  â 503 /sbin/rpcbind -w -f

Jul 30 04:05:58 pabst.beer systemd[1]: Starting RPC Bind...
Jul 30 04:05:58 pabst.beer systemd[1]: Started RPC Bind.
[/INDENT]

I also noticed that ypbind.service seems to be trying to start, as well, but isn’t successful only because of a fatal error.

[INDENT=2]
[size=2]pabst:/usr/lib/systemd/system # systemctl status ypbind.service
ypbind.service - NIS/YP (Network Information Service) Clients to NIS Domain Binder
          Loaded: loaded (/usr/lib/systemd/system/ypbind.service; disabled)
          Active: failed (Result: exit-code) since Tue, 2013-07-30 04:06:03 EDT; 5h 41min ago
         Process: 710 ExecStopPost=/bin/sh -c /bin/rm -f /var/yp/binding/* /var/run/ypbind.pid (code=exited, status=0/SUCCESS)
         Process: 632 ExecStartPost=/usr/share/ypbind/ypbind-systemd-post (code=exited, status=0/SUCCESS)
         Process: 631 ExecStart=/bin/sh -c  /usr/share/ypbind/ypbind-systemd-pre; exec /usr/sbin/ypbind -n  $OTHER_YPBIND_OPTS (code=exited, status=1/FAILURE)
          CGroup: name=systemd:/system/ypbind.service

Jul 30 04:06:01 pabst.beer systemd[1]: Started NIS/YP (Network Information Service) Clients to NIS Domain Binder.
Jul 30 04:06:01 pabst.beer sh[631]: 
Error: NIS domain not specified.

Jul 30 04:06:02 pabst.beer sh[631]: domainname not set - aborting.
Jul 30 04:06:02 pabst.beer systemd[1]: ypbind.service: main process exited, code=exited, status=1/FAILURE
Jul 30 04:06:03 pabst.beer systemd[1]: Unit ypbind.service entered failed state
[/size][/INDENT]

chkconfig shows them as off also, if it matters. (chkconfig is depreciated?)

Any help in tracking down what is launching these, where I am missing it, and how to successfully stop them would be greatly appreciated. Thank you in advance.

hcvv · July 30, 2013, 5:56pm

Sorry, I didn’t mean to le yuouy post everything again. It was meant for future posts. But in any case you got the trick <9except for the superfluous white space in front of all lines, no, please do not post for the third time ).

I have no doubt someone will offer you the correct statements, I am still not fluent with systemd :(. But I also undrstand that the old sysvinit statements still work.

wolfi323 · July 30, 2013, 6:24pm

Apparently some other service depends on them, and therefore they get started despite being disabled.

You could try to mask them:

systemctl mask ldap.service

From “man systemctl”:


      ** mask [NAME...]**
           Mask one or more unit files, as specified on the command line. This
           will link these units to /dev/null, making it impossible to start
           them. This is a stronger version of **disable**, since it prohibits all
           kinds of activation of the unit, including manual activation. Use
           this option with care.

       **unmask [NAME...]**
           Unmask one or more unit files, as specified on the command line.
           This will undo the effect of **mask**.

Or just uninstall the corresponding packages.
openldap2 is not installed by default anyway.
ypbind is, but it doesn’t start on my system:

wolfi@amiga:~> systemctl status ypbind.service
ypbind.service - NIS/YP (Network Information Service) Clients to NIS Domain Binder
          Loaded: loaded (/usr/lib/systemd/system/ypbind.service; disabled)
          Active: inactive (dead)
          CGroup: name=systemd:/system/ypbind.service

wolfi@amiga:~>

You can list out the dependencies by:

systemctl dot|grep ypbind

robin_listas · July 30, 2013, 6:33pm

On 2013-07-30 17:16, gergan wrote:

> I’m trying to stop rcpbind and ldap from automatically starting up in
> my default multi-user mode (runlevel5).

How do you know that they are not needed?

Or in other words: why did you install ldap? It is not installed by
default. If the system installed it is because you made certain choices
that need it.

Likewise, rcpbind is used by other services, like nfs. It is not started
independently.

Which is the reason you can not stop them.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

tsu2 · July 30, 2013, 6:44pm

Although probably not the recommended way, I would start with finding all Units with the particular name.

So for instance if I run the following command

systemctl -a | grep rpcbind

You will see that there is not only a service but a target unit.
Target units are run as part of the boot sequence while the service units usually start later.
Note also that I used the “-a” flag to display “all” units, not just loaded.

I haven’t thought about trying to identify the parents of a particular Unit, but if “status” identifies a CGroup the Unit belongs to, I suspect that would be a good clue to the name of the Parent.

HTH,
TSU

robin_listas · July 30, 2013, 6:43pm

On 2013-07-30 18:26, wolfi323 wrote:
>
> Apparently some other service depends on them, and therefore they get
> started despite being disabled.
>
> You could try to mask them:

But that may break the system, as other service is using them.
>
>
> You can list out the dependencies by:
>
> Code:
> --------------------
> systemctl dot|grep ypbind
> --------------------

Interesting. The command suggests this:


-- You probably want to process this output with graphviz' dot tool.
-- Try a shell pipeline like 'systemctl dot | dot -Tsvg > systemd.svg'!

which takes a long time. I then used “display” to display the resulting
graph, and this almost killed my system because it wanted 6.8 GB of RAM!

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

wolfi323 · July 30, 2013, 7:02pm

Possibly. That’s why I posted the help text for “unmask” as well.

>
>
> You can list out the dependencies by:
>
> Code:
> --------------------
> systemctl dot|grep ypbind
> --------------------

Interesting. The command suggests this:

– You probably want to process this output with graphviz’ dot tool.
– Try a shell pipeline like ‘systemctl dot | dot -Tsvg > systemd.svg’!

which takes a long time. I then used “display” to display the resulting
graph, and this almost killed my system because it wanted 6.8 GB of RAM!

Firefox displays the graph just fine on my system. Didn’t want to try “display” now because I only have 2GB RAM and 2GB swap.
But the text output should be enough to find out what needs those services.

arvidjaar · July 30, 2013, 7:41pm

[INDENT=2]

[/INDENT]
This is normal sysvinit script, you need to use chkconfig to disable it.[INDENT=2]
[/INDENT]

[INDENT=2]Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; disabled)[/INDENT]

[INDENT=2]
[/INDENT]

rpcbind is socket-activated. You need to disable rpcbind.socket.

gergan · July 30, 2013, 8:37pm

Folks, thanks for your input and assistance.

You could try to mask them:

I encountered the mask option in the Chapter8 documentation, but I hesitated pulling the rug out from whatever start-up operation kept running them. I wanted to better understand what dependencies I was missing.

…and thank you kindly for the following. These should help me track down the culprits.

systemctl dot|grep ypbind

systemctl -a | grep rpcbind

I had installed LDAP only because I thought I’d tinker with it in the future. This system is in my home network and provides basic useful services: cups, samba, named, firewalling, etc. I’d like to keep the system pruned of services I don’t use or need, but I do often load up stuff to play with and learn from. The “systemctl dot” & “systemctl -a” command tips you all provided look like what I need to trace back where these services are being launched.

Thanks again.

-GJH

robin_listas · July 30, 2013, 10:28pm

On 2013-07-30 20:46, gergan wrote:

> I had installed LDAP only because I thought I’d tinker with it in the
> future.

Then remove it.
Some login methods use it. And some mail configurations.

> This system is in my home network and provides basic useful
> services: cups, samba, named, firewalling, etc. I’d like to keep the
> system pruned of services I don’t use or need, but I do often load up
> stuff to play with and learn from. The “systemctl dot” & “systemctl -a”
> command tips you all provided look like what I need to trace back where
> these services are being launched.

ypbind is part of samba.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

robin_listas · July 30, 2013, 10:28pm

On 2013-07-30 19:46, arvidjaar wrote:

> rpcbind is socket-activated. You need to disable rpcbind.socket.

But that would cause some network services using it to fail, no?

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

gergan · July 30, 2013, 11:04pm

Able to clarify?

ypbind is part of samba.

ypbind ***can ***be used with samba?
or
ypbind is integral to samba?

I want nothing to do with ypbind or NIS if possible. I’ve made no direct configuration of them to this point.

wolfi323 · July 31, 2013, 12:14am

No, it is not:

wolfi@amiga:~> rpm -qi ypbind
Name        : ypbind
Version     : 1.35
Release     : 6.1.1
Architecture: x86_64
Install Date: Die 12 Mär 2013 02:39:13 CET
Group       : Productivity/Networking/NIS
Size        : 86074
License     : GPL-2.0
Signature   : RSA/SHA256, Son 27 Jän 2013 09:26:16 CET, Key ID b88b2fd43dbdc284
Source RPM  : ypbind-1.35-6.1.1.src.rpm
Build Date  : Son 27 Jän 2013 09:26:00 CET
Build Host  : build05
Relocations : (not relocatable)
Packager    : http://bugs.opensuse.org
Vendor      : openSUSE
URL         : http://www.linux-nis.org/nis/ypbind-mt
Summary     : NIS client daemon
Description :
This package provides the ypbind daemon. The ypbind daemon binds NIS
clients to an NIS domain and searches a new NIS server if the old one
goes down.


Ypbind must be running on any machines which are running NIS client
programs.
Distribution: openSUSE 12.3
wolfi@amiga:~>

On my system it’s only required by ypbind, nfs, and nfsserver:

wolfi@amiga:~> systemctl dot|grep rpcbind
[noparse]       "rpcbind.service"->"systemd-journald.socket" ;
        "rpcbind.service"->"basic.target" ;
        "rpcbind.service"->"shutdown.target" ;
        "rpcbind.service"->"systemd-journald.socket" ;
        "rpcbind.service"->"basic.target" ;
        "xinetd.service"->"rpcbind.target" ;
        "shutdown.target"->"rpcbind.target" ;
        "shutdown.target"->"rpcbind.service" ;
        "shutdown.target"->"rpcbind.service" ;[/noparse]
        "ypbind.service"->"rpcbind.service" [noparse];[/noparse]
[noparse]        "ypbind.service"->"rpcbind.service" ;
        "rpcbind.target"->"shutdown.target" ;
        "nfs.service"->"rpcbind.target" ;[/noparse]
   Color legend: black     = Requires
                 dark blue = Requisite
                 dark grey = Wants
                 red       = Conflicts
                 green     = After
wolfi@amiga:~> grep portmap /etc/init.d/*
/etc/init.d/autofs:# Should-Start:   $portmap ypbind keyserv ldap nfsserver network-remotefs
/etc/init.d/autofs:# Should-Stop:    $portmap ypbind keyserv ldap nfsserver network-remotefs
/etc/init.d/cups:# Should-Start:        dbus $named $portmap ptal slpd printbill
/etc/init.d/cups:# Should-Stop:         $portmap
/etc/init.d/nfs:# Required-Start: $network $portmap
/etc/init.d/nfs:# Required-Stop:  $network $portmap
/etc/init.d/nfs:check_portmap() {
/etc/init.d/nfs:   # check if either portmap or rpcbind is running
/etc/init.d/nfs:   if test -x /sbin/portmap && checkproc /sbin/portmap
/etc/init.d/nfs:if ! test "$nfs" = no -o -x /sbin/portmap -o -x /sbin/rpcbind; then
/etc/init.d/nfs:    echo "portmap/rpcbind is missing"
/etc/init.d/nfs:        if ! check_portmap ; then
/etc/init.d/nfs:            echo "portmap/rpcbind is not running"
/etc/init.d/nfs:        if ! check_portmap; then
/etc/init.d/nfs:            echo "Warning: portmap/rpcbind not running - nfs may not work well"
/etc/init.d/nfsserver:# Required-Start: $network $named $portmap
/etc/init.d/nfsserver:# Required-Stop:  $network $portmap
/etc/init.d/rpcbind:# Provides:          portmap rpcbind
/etc/init.d/xinetd:# Should-Start: $portmap autofs
/etc/init.d/ypbind:# Required-Start: $remote_fs $portmap
/etc/init.d/ypbind:# Required-Stop: $remote_fs $portmap

No, ypbind has nothing to do with samba, see above.

I want nothing to do with ypbind or NIS if possible. I’ve made no direct configuration of them to this point.

You should be able to disable it with “systemctl disable ypbind”

robin_listas · July 31, 2013, 12:33am

On 2013-07-30 23:06, gergan wrote:
>
> Able to clarify?
>
>> ypbind is part of samba.
>
> ypbind *-can -*be used with samba?
> or
> ypbind is integral to samba?
>
> I want nothing to do with ypbind or NIS if possible. I’ve made no
> direct configuration of them to this point.

No, sorry, I was confused. I was probably thinking of “wins”. I use
neither of them. Reading the description in the wikipedia, I wonder why
it is installed by default, when apparently kerberos is safer.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

robin_listas · July 31, 2013, 1:03pm

On 2013-07-30 22:28, Carlos E. R. wrote:
> On 2013-07-30 19:46, arvidjaar wrote:
>
>> rpcbind is socket-activated. You need to disable rpcbind.socket.
>
> But that would cause some network services using it to fail, no?

famd now requires rpc. I found that out last month, then forgot. Just
chanced to read it again.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)