1. Introduction

As Linux enthusiasts and system administrators, mastering the art of timing can be as crucial as understanding the script itself, especially when it comes to the boot process. systemd, the init system and service manager for Linux, plays a pivotal role in this orchestra, managing the sequence and timing of scripts and services.

In this tutorial, we’ll delve into a common challenge of how to delay a systemd script from running at boot.

We’ll explore a practical scenario where two systemd scripts, one for OpenVPN and another for Transmission, need fine-tuning in their boot sequence timing. Our goal is to ensure they execute in the right order, providing a smooth, error-free startup. Let’s get started!

2. Understanding systemd and Boot Sequence

Let’s start by setting the stage with systemd, the heart of the Linux boot process.

systemd initializes the system and manages services and daemons, replacing older init systems like SysVinit and Upstart. Its design offers faster boot times, efficient management, and dependability, all crucial for modern Linux systems.

But with this power comes complexity, especially regarding the timing and order of script execution during boot. Why is script timing crucial?

Let’s imagine the boot process as a relay race, where each runner (script or service) must pass the baton (control) to the next at precisely the right moment. A misstep in timing can lead to services starting out-of-order, resulting in errors or system malfunctions. This is especially true in interconnected scenarios, where one service’s output is another’s input, as is the case with our OpenVPN and Transmission example.

3. systemd Service Types and Their Behaviors

To understand how to manipulate script timing, we must first grasp the different types of systemd services. Each type determines how systemd treats the service during startup. Let’s briefly discuss them.

3.1. simple Service

This is the default service type. systemd considers the service up and running as soon as the process is started. It’s straightforward but can be tricky when other services depend on the output of the simple service.

3.2. oneshot Service

This type is ideal for scripts that perform a task and then exit. It’s often used in initialization tasks. systemd waits for the process to finish before proceeding, which can be handy for ensuring order.

3.3. forking Service

Used for traditional daemons that fork a child process and then exit the parent process, a forking service tells systemd to wait for the parent process to exit before considering the service started.

4. Understanding the Problem

Let’s look into a common scenario to better illustrate this concept.

Let’s consider two systemd scripts. The first script starts OpenVPN, which in turn executes a shell script to write the IP address of the connection to a file vpn.env. The second script starts the Transmission BitTorrent client, which is supposed to bind to the IP address specified in vpn.env.

However, a challenge arises when the Transmission script executes too quickly, running before OpenVPN has had the chance to start properly and write to vpn.env. This misalignment leads to Transmission failing to bind to the correct IP address, demonstrating a clear case of mismanaged script execution order.

The root cause of this early execution is often due to the nature of the service types and dependencies as defined in the systemd unit files.

In our scenario, the challenge arises from the simple type used in the OpenVPN script (Type=simple):

# OpenVPN script
Description=VPN Custom Launch Connection

ExecStart=/usr/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/vpn.conf


This type tells systemd that as soon as the OpenVPN process starts, it should consider the service up and move on to the next, not waiting for any post-execution tasks, like writing to vpn.env.

However, this precipitates a race condition with the Transmission script, which requires the output of OpenVPN:

# Transmission script
Description=Transmission BitTorrent Daemon Under VPN
After=network.target vpn.service

ExecStart=/usr/bin/transmission-daemon -f --log-error --config-dir /opt/transmission --bind-address-ipv4 $ifconfig_local --rpc-bind-address --no-portmap
ExecReload=/bin/kill -s HUP $MAINPID


As we can see, addressing this problem requires a thoughtful approach. We could consider several potential solutions, such as modifying service types, introducing explicit delays, or implementing conditional delays based on script execution or file creation. Let’s look at each of these in turn.

5. Modifying systemd Service Types

One effective approach to controlling the timing of script execution is by tweaking the Type parameter in the service’s unit file.

In the case of our OpenVPN service, changing it from Type=simple to Type=oneshot could provide a solution. The oneshot type is particularly useful for scripts that perform a task and then exit. It signals systemd to consider the service active only after the start command has finished executing.

In conjunction with Type=oneshot, we can use the RemainAfterExit=yes option:

# OpenVPN script
ExecStart=/usr/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/vpn.conf

Here, this Type=oneshot service is considered inactive as soon as the ExecStart process exits. This is useful for scripts or tasks that do their job and then exit.

However, by setting RemainAfterExit=yes, systemd treats the service as active even after the main process exits. This is important for ensuring that dependent services (like Transmission, in our case) see the OpenVPN service as active and thus start as expected.

6. Adding Explicit Delays

Another approach is to introduce explicit delays in the startup process of the dependent service.

We can achieve this through the ExecStartPre and ExecStartPost directives. These directives allow us to specify commands that run before or after the main service command, respectively.

6.1. Using ExecStartPre

In our Transmission script, using a simple sleep command in ExecStartPre can delay the start of the Transmission service:

# Transmission script
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/transmission-daemon ...

Here, this command adds a fixed delay of 10 seconds before the service starts.

While straightforward, this method has limitations, particularly in its inflexibility. Fixed delays may not always align perfectly with the varying initialization times of other services, and they can unnecessarily prolong the boot process.

6.2. Using ExecStartPost

Similar to our previous interaction, we can modify the OpenVPN service file to include an ExecStartPost with a delay:

# OpenVPN script
ExecStart=/usr/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/vpn.conf
ExecStartPost=/bin/sleep 10

Here, adding ExecStartPost=/bin/sleep 10 in the OpenVPN script will delay signaling its readiness for 10 seconds after the VPN connection is established. This might be useful if additional processes or checks need to occur after the VPN starts but before dependent services (like Transmission) are launched.

To reiterate, these fixed delays may not adapt well to different system conditions. They could either be too long, unnecessarily delaying the boot process, or too short, failing to resolve the race condition if the dependent service takes longer to initialize.

6.3. Script-Based Conditional Delays

For a more dynamic solution, script-based conditional delays offer flexibility.

For example, we can design a script to wait for a specific condition, such as the creation of the vpn.env file, before allowing the dependent service to start:

# Transmission script
ExecStartPre=/bin/bash -c 'while [ ! -f /etc/openvpn/vpn.env ]; do sleep 1; done'
ExecStart ...

Here, this script enters a loop that checks every 1 second for the existence of the /etc/openvpn/vpn.env file. The loop continues (and thus, the service’s main process is delayed) until the file is found.

While this method is more adaptable than a fixed delay, it requires careful consideration of potential performance impacts, especially in scenarios where the condition might not be met for an extended period.

For instance, if there’s a situation where the vpn.env file isn’t created (due to an error or misconfiguration), the script will continue to wait indefinitely, potentially leading to a hang in the startup process.

7. Utilizing systemd Timers

systemd timers offer a more nuanced approach to managing service execution times.

These timers act as a scheduling mechanism, triggering services at specific intervals, dates, or times. This method is particularly useful when we need to delay a service’s startup by a precise amount of time or schedule it to start at a specific moment.

7.1. Creating a Timer Unit File

If we want to delay the Transmission service to ensure OpenVPN has enough time to initialize, we can create a timer unit file (for example, transmission.timer):

# /etc/systemd/system/transmission.timer
Description=Delay Transmission startup after boot



This timer sets the Transmission service (transmission.service) to start 15 seconds after boot by using OnBootSec. It’s essential to balance the delay to avoid unnecessarily long boot times while ensuring dependent services have enough time to initialize.

7.2. Modifying the Transmission Service

We have to modify the Transmission service (transmission.service) to ensure that it doesn’t start automatically on boot. We can do this by removing or commenting out any WantedBy or RequiredBy directives in its [Install] section.

7.3. Enabling the Timer Unit File

Lastly, to use the new timer unit file, we can now enable and start it using systemctl:

$ systemctl enable transmission.timer
$ systemctl start transmission.timer

Here, we enable the timer unit file for use.

8. Leveraging systemd Path Units

We can also use a path unit in systemd to monitor specific filesystem paths and trigger services when changes occur, such as the creation or modification of files.

For our scenario, we can create a .path unit to monitor the vpn.env file. Once this file is created or modified by the OpenVPN service, the .path unit will activate the Transmission service.

8.1. Creating the .path Unit File

Let’s create a .path unit file (for example, transmission-vpn.path) in the systemd directory (usually /etc/systemd/system/).

Then, we can add the basic configuration:

# transmission-vpn.path
Description=Watch for vpn.env file



With this, we tell systemd to watch for the existence of the vpn.env file.

8.2. Linking the .path Unit to the Transmission Service

We can now modify the Transmission service unit file to add a dependency on the .path unit:

# Transmission script
Description=Transmission BitTorrent Daemon Under VPN
After=network.target vpn.service
Requires=vpn.service transmission-vpn.path

This ensures that the Transmission service starts only after the .path unit is triggered.

8.3. Reloading and Enabling the .path Unit

After creating and modifying the necessary files, we should reload the systemd daemon to apply the changes and also enable the path unit file:

$ sudo systemctl daemon-reload
$ sudo systemctl enable transmission-vpn.path

By using a .path unit, we establish a more dynamic and reliable way to control the start of the Transmission service. It ensures that the service starts only after the OpenVPN service has written the necessary vpn.env file, eliminating the race condition.

This method provides a dynamic and efficient way to manage service dependencies based on actual system events. However, we should note that .path units are more suitable for scenarios where file creation or modification is a reliable indicator of readiness.

9. Conclusion

In this article, we navigated the complexities of managing script execution orders during the Linux boot process with systemd. Starting with an understanding of systemd’s role and the importance of service types, we then dissected a real-world scenario involving OpenVPN and Transmission.

Finally, we explored various strategies for delaying systemd script execution, such as modifying service types, adding script delays, using ExecStartPost, and the advanced approach of creating a .path unit.

Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.