How to Reset systemd’s “start request repeated too quickly” for fail2ban.service in CentOS 7


1 views

When working with systemd services in CentOS 7, you might encounter this frustrating message:

systemd[1]: start request repeated too quickly for fail2ban.service

This typically occurs when a service fails to start and systemd's automatic restart throttling kicks in. While you could reboot the system, there's a better way.

First, let's understand why this happens. Systemd implements a restart limit to prevent service crash loops. The default settings are:

StartLimitInterval=10s
StartLimitBurst=5

This means if a service fails to start 5 times within 10 seconds, systemd will block further start attempts.

Instead of rebooting, you can manually reset the counter:

# View current failures
systemctl show fail2ban.service -p NRestarts
systemctl show fail2ban.service -p StartLimitBurst

# Reset the counter
systemctl reset-failed fail2ban.service

For development environments where you need more flexibility:

[Service]
StartLimitInterval=100s
StartLimitBurst=20
RestartSec=5s
Restart=always

Apply changes with:

systemctl daemon-reload

Before simply resetting the counter, it's wise to check why the service fails:

journalctl -u fail2ban.service -b
systemctl status fail2ban.service --no-pager -l

In extreme cases where you must bypass the limit immediately:

systemctl --force --force start fail2ban.service

Warning: This should only be used for testing purposes.

When working with systemd services on CentOS 7 (or any systemd-based Linux distribution), you might encounter this common but frustrating message:

systemd[1]: start request repeated too quickly for fail2ban.service

This is systemd's built-in protection mechanism against rapid consecutive service start attempts. While this is useful in production environments, it can be problematic during development or testing scenarios where you need to frequently restart services.

The default systemd configuration enforces a cool-down period after failed service start attempts. When testing configurations (especially with automation tools like CHEF), this behavior can block legitimate start attempts, forcing unnecessary VM reboots.

Here are several approaches to reset or bypass this limitation:

# Method 1: Reset the service's rate limiting
systemctl reset-failed fail2ban.service

# Method 2: Force a clean state (CentOS 7 specific)
systemctl daemon-reload
systemctl reset-failed

For development environments where you need to disable this protection entirely:

# Create override directory
mkdir -p /etc/systemd/system/fail2ban.service.d/

# Create override file with these contents:
[Service]
StartLimitInterval=0
StartLimitBurst=0

Then reload systemd:

systemctl daemon-reload

The key parameters controlling this behavior are:

  • StartLimitInterval: Time window for counting start attempts (default: 10s)
  • StartLimitBurst: Maximum number of start attempts within the interval (default: 5)

For automated testing with tools like CHEF, consider adding this to your test scripts:

# Chef recipe example
execute 'reset_fail2ban_failures' do
  command 'systemctl reset-failed fail2ban.service'
  action :run
end

service 'fail2ban' do
  action [:enable, :start]
end

Check current service status with:

systemctl show fail2ban.service -p StartLimitInterval,StartLimitBurst,StartLimitAction

For more detailed debugging:

journalctl -u fail2ban.service --since "5 minutes ago"