Chapter 2. Optimising systemd to shorten the boot time

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/using_systemd_unit_files_to_customize_and_optimize_your_system/optimising-systemd-to-shorten-the-boot-time_working-with-systemd

As a system administrator, you can optimise performance of your system and shorten the boot time. You can review the services that systemd starts during boot and evaluate their necessity. Disabling certain services to start at boot can improve the boot time of your system.

2.1. Examining system boot performance

To examine system boot performance, you can use the systemd-analyze command. By using certain options, you can tune systemd to shorten the boot time.

Prerequisites

Optional: Before you examine systemd to tune the boot time, list all enabled services:

$ systemctl list-unit-files –state=enabled

Procedure

Choose the information you want to analyze:

Analyze the information about the time that the last successful boot took:

$ systemd-analyze

Analyze the unit initialisation time of each systemd unit:

$ systemd-analyze blame

The output lists the units in descending order according to the time they took to initialise during the last successful boot.

Identify critical units that took the longest time to initialise at the last successful boot:

$ systemd-analyze critical-chain

The output highlights the units that critically slow down the boot with the red colour.

Figure 2.1. The output of the systemd-analyze critical-chain command

systemd analyze critical Additional resources

systemd-analyze (1) man page on your system 2.2. A guide to selecting services that can be safely disabled

You can shorten the boot time of your system by disabling certain services that are enabled on boot by default.

List enabled services:

$ systemctl list-unit-files –state=enabled

Disable a service:

systemctl disable

Certain services must stay enabled so that your operating system is safe and functions in the way you need.

Refer to the following table as a guide to selecting the services that you can safely disable. The table lists all services enabled by default on a minimal installation of Red Hat Enterprise Linux.

Expand Table 2.1. Services enabled by default on a minimal installation of RHEL Service name Can it be disabled? More information auditd.service

yes

Disable auditd.service only if you do not need audit messages from the kernel. Be aware that if you disable auditd.service, the /var/log/audit/audit.log file is not produced. Consequently, you are not able to retroactively review some commonly-reviewed actions or events, such as user logins, service starts or password changes. Also note that auditd has two parts: a kernel part, and a service itself. By using the systemctl disable auditd command, you only disable the service, but not the kernel part. To disable system auditing in its entirety, set audit=0 on kernel command line.

autovt@.service

no

This service runs only when it is really needed, so it does not need to be disabled.

crond.service

yes

Be aware that no items from crontab will run if you disable crond.service.

dbus-org.fedoraproject.FirewallD1.service

yes

A symlink to firewalld.service

dbus-org.freedesktop.NetworkManager.service

yes

A symlink to NetworkManager.service

dbus-org.freedesktop.nm-dispatcher.service

yes

A symlink to NetworkManager-dispatcher.service

firewalld.service

yes

Disable firewalld.service only if you do not need firewall.

getty@.service

no

This service runs only when it is really needed, so it does not need to be disabled.

import-state.service

yes

Disable import-state.service only if you do not need to boot from a network storage.

irqbalance.service

yes

Disable irqbalance.service only if you have just one CPU. Do not disable irqbalance.service on systems with multiple CPUs.

kdump.service

yes

Disable kdump.service only if you do not need reports from kernel crashes.

loadmodules.service

yes

This service is not started unless the /etc/rc.modules or /etc/sysconfig/modules directory exists, which means that it is not started on a minimal RHEL installation.

lvm2-monitor.service

yes

Disable lvm2-monitor.service only if you do not use Logical Volume Manager (LVM).

microcode.service

no

Do not disable the service because it provides updates of the microcode software in the CPU.

NetworkManager-dispatcher.service

yes

Disable NetworkManager-dispatcher.service only if you do not need notifications on network configuration changes (for example in static networks).

NetworkManager-wait-online.service

yes

Disable NetworkManager-wait-online.service only if you do not need working network connection available right after the boot. If the service is enabled, the system does not finish the boot before the network connection is working. This may prolong the boot time significantly.

NetworkManager.service

yes

Disable NetworkManager.service only if you do not need connection to a network.

nis-domainname.service

yes

Disable nis-domainname.service only if you do not use Network Information Service (NIS).

rhsmcertd.service

no

rngd.service

yes

Disable rngd.service only if you do not need much entropy on your system, or you do not have any sort of hardware generator. Note that the service is necessary in environments that require a lot of good entropy, such as systems used for generation of X.509 certificates (for example the FreeIPA server).

rsyslog.service

yes

Disable rsyslog.service only if you do not need persistent logs, or you set systemd-journald to persistent mode.

selinux-autorelabel-mark.service

yes

Disable selinux-autorelabel-mark.service only if you do not use SELinux.

sshd.service

yes

Disable sshd.service only if you do not need remote logins by OpenSSH server.

sssd.service

yes

Disable sssd.service only if there are no users who log in the system over the network (for example by using LDAP or Kerberos). Red Hat recommends to disable all sssd-* units if you disable sssd.service.

syslog.service

yes

An alias for rsyslog.service

tuned.service

yes

Disable tuned.service only if you do need to use performance tuning.

lvm2-lvmpolld.socket

yes

Disable lvm2-lvmpolld.socket only if you do not use Logical Volume Manager (LVM).

dnf-makecache.timer

yes

Disable dnf-makecache.timer only if you do not need your package metadata to be updated automatically.

unbound-anchor.timer

yes

Disable unbound-anchor.timer only if you do not need daily updates of the root trust anchor for DNS Security Extensions (DNSSEC). This root trust anchor is used by the Unbound resolver and resolver library for DNSSEC validation.

Show more To find more information about a service, use one of the following commands:

$ systemctl cat

$ systemctl help

The systemctl cat command provides the content of the respective /usr/lib/systemd/system/ service file, as well as all applicable overrides. The applicable overrides include unit file overrides from the /etc/systemd/system/ file or drop-in files from a corresponding unit.type.d directory.

Additional resources

systemd.unit(5) man page on your system The systemd help command that shows the man page of a particular service 2.3. Additional resources

systemctl(1), systemd-delta(1), and systemd(1) man pages on your system systemd.directives(7), systemd.unit(5), and systemd.service(5) man pages on your system systemd.target(5) and systemd.kill(5) man pages on your system systemd Home Page

Updated: