How to Detect When systemctl daemon-reload is Needed: Comparing Running vs. Stored Unit Configs


4 views

When working with systemd services, many admins blindly run systemctl daemon-reload after modifying unit files, but this isn't always necessary. The command reloads all unit files and recreates the dependency tree, which can cause unnecessary service interruptions if executed without proper validation.

To view the currently loaded configuration of a service:

systemctl show [servicename] --all --no-pager

For a more focused comparison of specific parameters:

systemctl cat [servicename] | grep -i "parameter"
systemctl show [servicename] --property=Parameter | grep -i "value"

To see differences between running and stored configurations:

diff <(systemctl cat [servicename]) <(systemctl show [servicename] --property=FragmentPath | cut -d= -f2 | xargs cat)

For a more detailed audit trail:

# Store current running config
systemctl show [servicename] --all --no-pager > running_config.txt

# Compare after modification
systemctl show [servicename] --all --no-pager | diff -u running_config.txt -

Let's examine a MySQL service modification:

# Before changes
systemctl show mysqld --property=LimitNOFILE --no-pager
# Output: LimitNOFILE=10000

# Edit /usr/lib/systemd/system/mysqld.service
# Change LimitNOFILE=50000

# Check if reload is needed
systemctl show mysqld --property=FragmentPath --no-pager | xargs grep "LimitNOFILE"
# Current running value still shows 10000? Need reload

Create a bash function to detect when reload is needed:

needs_reload() {
    local service=$1
    local current_hash=$(systemctl cat $service | sha256sum)
    local running_hash=$(systemctl show $service --property=FragmentPath | cut -d= -f2 | xargs cat | sha256sum)
    [ "$current_hash" != "$running_hash" ] && return 0 || return 1
}

# Usage:
if needs_reload nginx; then
    echo "Configuration changed, reload needed"
    systemctl daemon-reload
fi

After running daemon-reload, verify changes were applied:

# Before reload
journalctl -u [servicename] --since "5 minutes ago" --no-pager | grep "Reloading"

# After reload
systemctl show [servicename] --property=ActiveState,SubState,FragmentPath --no-pager

Remember that some service properties require a full restart rather than just reload. Environment variables and certain security contexts may need service restart to take effect, even after daemon-reload.

For complex services, consider using systemd-delta to identify overridden unit files that might affect your configuration:

systemd-delta --type=overridden

When modifying systemd unit files, administrators often wonder whether their changes require a daemon-reload. Unlike some services that automatically detect config changes, systemd requires explicit reloading. The fundamental question is: How can we compare the currently running configuration with the modified unit file before executing the reload?

The most robust approach uses systemd-analyze, which provides deep systemd introspection:

# Compare running vs. stored config for a specific unit
systemd-analyze verify --no-pager /etc/systemd/system/nginx.service

# Show differences between runtime and disk versions (requires systemd v240+)
systemd-delta --type=extended | grep -A5 "\.service"

For older systemd versions, this workaround helps:

diff -u <(systemctl cat nginx.service) <(cat /etc/systemd/system/nginx.service)

Create a checksum comparison script like this:

#!/bin/bash
UNIT=$1
RUNNING_HASH=$(systemctl show -p FragmentPath $UNIT | cut -d'=' -f2 | xargs sha256sum)
STORED_HASH=$(sha256sum $(systemctl show -p FragmentPath $UNIT | cut -d'=' -f2))

if [ "$RUNNING_HASH" != "$STORED_HASH" ]; then
    echo "Config changed - daemon-reload required"
    diff <(systemctl cat $UNIT) $(systemctl show -p FragmentPath $UNIT | cut -d'=' -f2)
else
    echo "No changes detected"
fi

After modifying a unit file, check the journal for reload events:

journalctl -u systemd --since "1 hour ago" | grep -E "Reloading|daemon-reload"

Let's walk through a real-world scenario:

# 1. Make changes to nginx unit file
sudo nano /etc/systemd/system/nginx.service

# 2. Verify if reload needed
systemd-analyze verify /etc/systemd/system/nginx.service
systemctl show nginx.service -p NeedDaemonReload

# 3. If output shows "NeedDaemonReload=yes", then:
sudo systemctl daemon-reload

# 4. Verify reload actually occurred
journalctl -u nginx --since "5 minutes ago" | grep "Reloaded"

For automation, use this Python 3 script to detect required reloads:

import subprocess
import sys

def get_unit_config(unit_name):
    running = subprocess.check_output(['systemctl', 'cat', unit_name]).decode()
    stored_path = subprocess.check_output(
        ['systemctl', 'show', '-p', 'FragmentPath', unit_name]
    ).decode().split('=')[1].strip()
    with open(stored_path, 'r') as f:
        stored = f.read()
    return running, stored

if __name__ == "__main__":
    unit = sys.argv[1]
    run_conf, store_conf = get_unit_config(unit)
    if run_conf != store_conf:
        print(f"⚠️ {unit} requires daemon-reload")
        sys.exit(1)
    else:
        print(f"✓ {unit} is synchronized")
        sys.exit(0)
  • Always verify using systemd-analyze before reloading
  • Monitor journal logs for confirmation of successful reloads
  • Hash comparison provides deterministic change detection
  • For critical systems, implement pre-reload validation scripts