Mask V Disable a Systemd Service Unit

In the systemd world, you should be aware of the difference between disabling and masking a service unit.

To prevent a service unit that corresponds to a system service from being automatically started at boot time:

# systemctl disable name.service

When invoked systemd reads the [Install] section of the selected service unit and removes the appropriate symbolic link. In RHEL7, for example, the symbolic link would be to the /usr/lib/systemd/system/name.service file from the /usr/lib/systemd/system/ directory.

Every service unit that is known to systemd may be started if it is needed – even if it is disabled. To explicitly tell systemd that a service should never run, you have to use the mask command:

# systemctl mask name.service

This command replaces the /etc/systemd/system/name.service unit file with a symbolic link to /dev/null, rendering the actual unit file inaccessible to systemd.

To revert this action and unmask a service unit:

# systemctl unmask name.service

The Syslog Protocol

I have used syslog for over 30 years now but other than knowing that it uses UDP and port 514, I have never looked at the underlying protocol in any detail.

Syslog is standardized by the IETF in RFC 5424

This document describes the syslog protocol, which is used to convey
event notification messages. This protocol utilizes a layered
architecture, which allows the use of any number of transport
protocols for transmission of syslog messages. It also provides a
message format that allows vendor-specific extensions to be provided
in a structured way.

This RFC does not define any transports. They are defined in other documents. One such transport is defined in RFC 5426 and is consistent with the traditional UDP transport.

Here is the ABNF (Augmented Backus–Naur Form) definition for a syslog message:


                        SP APP-NAME SP PROCID SP MSGID
      PRI             = "<" PRIVAL ">"
      PRIVAL          = 1*3DIGIT ; range 0 .. 191

      PROCID          = NILVALUE / 1*128PRINTUSASCII
      MSGID           = NILVALUE / 1*32PRINTUSASCII

      DATE-MONTH      = 2DIGIT  ; 01-12
      DATE-MDAY       = 2DIGIT  ; 01-28, 01-29, 01-30, 01-31 based on
                                ; month/year
      TIME-HOUR       = 2DIGIT  ; 00-23
      TIME-MINUTE     = 2DIGIT  ; 00-59
      TIME-SECOND     = 2DIGIT  ; 00-59
      TIME-SECFRAC    = "." 1*6DIGIT

      SD-ELEMENT      = "[" SD-ID *(SP SD-PARAM) "]"
      SD-PARAM        = PARAM-NAME "=" %d34 PARAM-VALUE %d34
      SD-ID           = SD-NAME
      PARAM-NAME      = SD-NAME
      PARAM-VALUE     = UTF-8-STRING ; characters '"', '\' and
                                     ; ']' MUST be escaped.
      SD-NAME         = 1*32PRINTUSASCII
                        ; except '=', SP, ']', %d34 (")

      MSG             = MSG-ANY / MSG-UTF8
      MSG-ANY         = *OCTET ; not starting with BOM
      MSG-UTF8        = BOM UTF-8-STRING
      BOM             = %xEF.BB.BF
      UTF-8-STRING    = *OCTET ; UTF-8 string as specified
                        ; in RFC 3629

      OCTET           = %d00-255
      SP              = %d32
      PRINTUSASCII    = %d33-126
      NONZERO-DIGIT   = %d49-57
      DIGIT           = %d48 / NONZERO-DIGIT
      NILVALUE        = "-"

Syslog message size limits are dictated by the syslog transport in use. There is no upper limit per se. Any transport receiver must be able to accept messages of up to and including 480 octets in length, should be able to accept messages of up to and including 2048 octets in length and may accept messages larger than 2048 octets in length. If a transport receiver receives a message with a length larger than it supports, it should truncate the message or it may discard the message.

I was not aware that facility and severity values are not normative. They are described in the RFC purely for informational purposes. Facility values must be in the range of 0 to 23 inclusive. Severity values must be in the range of 0 to 7 inclusive.

The RFC also defines an optional but useful set of structured data elements. For example the SD-ID timeQuality may be used by an originator to describe its notion of system time and should be written if the originator is not properly synchronized with a reliable external time source or if it does not know whether its time zone information is correct.

Interestingly, TCP port 512 is reserved not for syslog but for remote shells such as rsh and remsh.


OpenVZ is OS containerization like Solaris Zones or FreeBSD Jails. It is virtualization at the OS level whereby all containers share the same architecture and kernel version. It uses a single patched kernel called the Linux Containers (LXC) kernel.

Its one real advantage is that containers can be faster and more efficient compared with true virtualization because it does not have the overhead of a true hypervisor such as VMware or KVM.

Older versions of OpenVZ uses a common file system so each virtual environment is just a directory of files that is isolated using chroot as also occurs in Solaris zones. Newer versions can have different file systems.

Each container performs and executes exactly like a stand-alone server; a container can be rebooted independently and have root access, users, IP addresses, memory, processes, files, applications, system libraries and configuration files. However, if the common Linux kernel crashes, all containers crash.

OpenVZ comes with command line tools only. It forms the basis for the Parallels Cloud Server, a commercial virtualization solution offered by Parallels.

GNU Coreutils Epoch Date Support

GNU coreutils 5.3.0 added the very useful @ operator to the date command to enable users to easily convert seconds since the Unix Epoch into date strings.

$ date
Mon Mar 17 21:31:15 EDT 2014
$ date +%s
$ date -d'@1395106277'
Mon Mar 17 21:31:17 EDT 2014
$ date --date='@1395106277'
Mon Mar 17 21:31:17 EDT 2014

[ ]: Reached target Switch Root.
[ ]: Started Plymouth switch root service.
[ ]: Starting Switch Root...
[ ]: Not switching root: /sysroot does not seem to be an OS tree. /etc/os-release is missing.
[ ]: Failed to start Switch Root.
[ ]: Startup finished in 211ms (kernel) + 0 (initrd) + 45ms (userspace) = 256ms.
[ ]: Unit initrd-switch-root.service entered failed state.
[ ]: Triggering OnFailure= dependencies of initrd-switch-root.service.
[ ]: Starting Emergency Shell...

Looking at the contents of /sysroot:

# ls

There was no sign of an /etc directory. Instead, the full path to the os-release file was /sysroot/root/etc/os-release.

Why is the systemd initrd-switch-root service testing for the presence of /etc/os-release? Well, the /etc/os-release file contains operating system identification data. The file format is a newline-separated list of environment-like shell-compatible variable assignments. It was one of the new configuration files that systemd introduced and systemd, per Poettering, is architected to fail to the Emergency Shell if this file cannot be located and read.

I am not sure what changed in the updates I installed but the fix itself is to add the following to the kernel command line parameters.


So here is the UEFI shell script I am now using to EFI Stub boot the current version of Fedora 20:

vmlinuz-3.12.6-300.fc20.efi root=UUID=4d1c04a2-838a-439c-a17c-40bac9377b25 rd.lvm=0  KEYTABLE=us SYSFONT=True rd.luks=0 ro LANG=en_US.UTF-8 rhgb quiet rootflags=subvol=root initrd=.\initramfs-3.12.6-300.fc20.x86_64.img

By the way, my root file system is btrfs and not ext4 but I do not think this has anything to do with the problem but I need to investigate further.