Search
SupportConsoleDevelopersStart a trialContact

Chapter 2. Optimizing systemd to shorten the boot time

download PDF

As a system administrator, you can optimize performance of your system and shorten the boot time. You can review the services that systemd starts during boot and evaluate their necessity. Disabling certain services to start at boot can improve the boot time of your system.

2.1. Examining system boot performance

To examine system boot performance, you can use the systemd-analyze command. By using certain options, you can tune systemd to shorten the boot time.

Prerequisites

  • Optional: Before you examine systemd to tune the boot time, list all enabled services: 

    $ systemctl list-unit-files --state=enabled

Procedure

Choose the information you want to analyze:

  • Analyze the information about the time that the last successful boot took: 

    $ systemd-analyze

  • Analyze the unit initialization time of each systemd unit: 

    $ systemd-analyze blame

    The output lists the units in descending order according to the time they took to initialize during the last successful boot.

  • Identify critical units that took the longest time to initialize at the last successful boot: 

    $ systemd-analyze critical-chain

    The output highlights the units that critically slow down the boot with the red color.

    Figure 2.1. The output of the systemd-analyze critical-chain command

    systemd analyze critical

Additional resources

  • systemd-analyze (1) man page

2.2. A guide to selecting services that can be safely disabled

You can shorten the boot time of your system by disabling certain services that are enabled on boot by default.

  • List enabled services: 

    $ systemctl list-unit-files --state=enabled

  • Disable a service: 

    # systemctl disable <service_name>

Certain services must stay enabled so that your operating system is safe and functions in the way you need.

Refer to the following table as a guide to selecting the services that you can safely disable. The table lists all services enabled by default on a minimal installation of Red Hat Enterprise Linux.

Table 2.1. Services enabled by default on a minimal installation of RHEL
Service nameCan it be disabled?More information

auditd.service

yes

Disable auditd.service only if you do not need audit messages from the kernel. Be aware that if you disable auditd.service, the /var/log/audit/audit.log file is not produced. Consequently, you are not able to retroactively review some commonly-reviewed actions or events, such as user logins, service starts or password changes. Also note that auditd has two parts: a kernel part, and a service itself. By using the systemctl disable auditd command, you only disable the service, but not the kernel part. To disable system auditing in its entirety, set audit=0 on kernel command line.

autovt@.service

no

This service runs only when it is really needed, so it does not need to be disabled.

crond.service

yes

Be aware that no items from crontab will run if you disable crond.service.

dbus-org.fedoraproject.FirewallD1.service

yes

A symlink to firewalld.service

dbus-org.freedesktop.NetworkManager.service

yes

A symlink to NetworkManager.service

dbus-org.freedesktop.nm-dispatcher.service

yes

A symlink to NetworkManager-dispatcher.service

firewalld.service

yes

Disable firewalld.service only if you do not need firewall.

getty@.service

no

This service runs only when it is really needed, so it does not need to be disabled.

import-state.service

yes

Disable import-state.service only if you do not need to boot from a network storage.

irqbalance.service

yes

Disable irqbalance.service only if you have just one CPU. Do not disable irqbalance.service on systems with multiple CPUs.

kdump.service

yes

Disable kdump.service only if you do not need reports from kernel crashes.

loadmodules.service

yes

This service is not started unless the /etc/rc.modules or /etc/sysconfig/modules directory exists, which means that it is not started on a minimal RHEL installation.

lvm2-monitor.service

yes

Disable lvm2-monitor.service only if you do not use Logical Volume Manager (LVM).

microcode.service

no

Do not be disable the service because it provides updates of the microcode software in CPU.

NetworkManager-dispatcher.service

yes

Disable NetworkManager-dispatcher.service only if you do not need notifications on network configuration changes (for example in static networks).

NetworkManager-wait-online.service

yes

Disable NetworkManager-wait-online.service only if you do not need working network connection available right after the boot. If the service is enabled, the system does not finish the boot before the network connection is working. This may prolong the boot time significantly.

NetworkManager.service

yes

Disable NetworkManager.service only if you do not need connection to a network.

nis-domainname.service

yes

Disable nis-domainname.service only if you do not use Network Information Service (NIS).

rhsmcertd.service

no

 

rngd.service

yes

Disable rngd.service only if you do not need much entropy on your system, or you do not have any sort of hardware generator. Note that the service is necessary in environments that require a lot of good entropy, such as systems used for generation of X.509 certificates (for example the FreeIPA server).

rsyslog.service

yes

Disable rsyslog.service only if you do not need persistent logs, or you set systemd-journald to persistent mode.

selinux-autorelabel-mark.service

yes

Disable selinux-autorelabel-mark.service only if you do not use SELinux.

sshd.service

yes

Disable sshd.service only if you do not need remote logins by OpenSSH server.

sssd.service

yes

Disable sssd.service only if there are no users who log in the system over the network (for example by using LDAP or Kerberos). Red Hat recommends to disable all sssd-* units if you disable sssd.service.

syslog.service

yes

An alias for rsyslog.service

tuned.service

yes

Disable tuned.service only if you do need to use performance tuning.

lvm2-lvmpolld.socket

yes

Disable lvm2-lvmpolld.socket only if you do not use Logical Volume Manager (LVM).

dnf-makecache.timer

yes

Disable dnf-makecache.timer only if you do not need your package metadata to be updated automatically.

unbound-anchor.timer

yes

Disable unbound-anchor.timer only if you do not need daily update of the root trust anchor for DNS Security Extensions (DNSSEC). This root trust anchor is used by Unbound resolver and resolver library for DNSSEC validation.

To find more information about a service, use one of the following commands: 

$ systemctl cat <service_name>
$ systemctl help <service_name>

The systemctl cat command provides the content of the respective /usr/lib/systemd/system/<service> service file, as well as all applicable overrides. The applicable overrides include unit file overrides from the /etc/systemd/system/<service> file or drop-in files from a corresponding unit.type.d directory.

Additional resources

  • The systemd.unit(5) man page
  • The systemd help command that shows the man page of a particular service

2.3. Additional resources

  • systemctl(1) man page
  • systemd(1) man page
  • systemd-delta(1) man page
  • systemd.directives(7) man page
  • systemd.unit(5) man page
  • systemd.service(5) man page
  • systemd.target(5) man page
  • systemd.kill(5) man page
  • systemd Home Page
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.