OT: It's a bike shed
OT: It's a bike shed
Posted Nov 29, 2014 10:29 UTC (Sat) by cesarb (subscriber, #6266)In reply to: The "Devuan" Debian fork and the fuss about systemd by janpla
Parent article: The "Devuan" Debian fork
I've been trying to grok why the debate has become so heated for a while, and I think I finally understood it yesterday.
An init system is not a nuclear power plant.
Everybody (on the Unix world) understands (or thinks can understand) how an init system works. It's something so simple that it could be implemented as a set of shell scripts (and on traditional sysvinit without an initrd, it actually is). Therefore, everyone has its own strongly-held opinion on how things should be done.
That wouldn't happen with for instance a new register allocator for a compiler, which is the sort of esoteric subject few feel qualified to have an opinion about.
Now combine this with strong personalities, and a few trolls fanning the flames for the lulz, and one can see how the discussion got so heated.
Posted Nov 29, 2014 20:27 UTC (Sat)
by deepfire (guest, #26138)
[Link] (8 responses)
Posted Nov 29, 2014 22:10 UTC (Sat)
by cesarb (subscriber, #6266)
[Link] (7 responses)
At its core, it's an init system. An init system, not an init daemon. Most of its extra functionality is replacing what used to be provided by the "early boot" scripts (rcS.d on Debian-style distributions), or the core parts of the "late boot" scripts (at rc[2345].d on Debian-style distributions) like filesystem mounting or networking.
Other parts of its extra functionality are things which are required for its functionality (cgroup management), which augment its functionality (like journald, which as some might remember started as the "stdio bridge" to capture a daemon's stdout/stderr output), or which work better as part of PID 1 (I believe that's the case for kdbus management).
Finally, there are the parts which just share its internal libraries of utility functions but are otherwise separate; udev is the main example (it's still separate, only the code was simplified by porting it to systemd's internal libraries), and I believe the future "userspace console" work will also be an example. These are not a concern; they are using the same git repository just for development convenience.
Other than that last category, it all can elicit the reaction "I could do that with shell scripts" (pulling things like syslog and udev from external projects, and managing them with shell scripts); in fact, that's how it was done before systemd. Thus my point stands:
> Everybody (on the Unix world) understands (or thinks can understand) how an init system works. It's something so simple that it could be implemented as a set of shell scripts (and on traditional sysvinit without an initrd, it actually is). Therefore, everyone has its own strongly-held opinion on how things should be done.
Posted Dec 1, 2014 2:09 UTC (Mon)
by ras (subscriber, #33059)
[Link] (6 responses)
It depends on how you define an "init system". To those of us who are familiar with SysV, an init system is something that starts and stops processes. This mostly happens during booting and software upgrades, and for all the criticism of SysV it does a serviceable job of it. That's hardly surprising, as it isn't a very big or complex job.
Systemd goes well beyond that definition. Yes, the starting point was an init system. But then they decided the init system provide containers for the sub-systems it's starting and stopping. This has multiple benefits. Security wise it isolates the subsystems, and this isolation makes dependencies between them explicit, which hopefully simplifying things and making them more reliable. I think it moved from there to "oh, lets put the users in their own containers too", for the same reasons.
But just putting everything inside turned out to be both fragile and complex, I think mainly because the existing utilities like pid 1(!), cron, network configuration (plus DHCP, DNS, nssswitch) and were designed for managing an entire LAN, not a set of containers. Done properly these would be split into client and server side, with the server realising it was managing a host and the client tailored to running in a container on that host. The solution was to write their own replacements for all these, which they have done. As part of that taking over udev was necessary because that is what makes resources (like tty's and networks) available to containers. They also need a way to communicate between all those containers securely. (It's a big issue, because whatever mechanism is chosen is also the first mechanism an attacker will look at for escaping the container.) DBus is apparently the chosen way. KDBus makes it more suitable for this task - in particular it brings security enhancements only the kernel can provide.
In short, they are trying to move from a world where we run a whole pile of services on one system which necessarily means everything is visible to everything else, to a system that isolates every individual service and user to its own virtual container and so the default becomes it can see nothing else the box is doing, unless someone explicitly arranges for it.
So now goal posts have moved from "init system" to containerisation system. Once you view yourself as providing a universal container, it's natural to also provide all the tools needed by your average container : network devices, mounted file systems, time, logging, setting host name, cron like services, providing mechanism via which the containers can communicate and cooperate, yada yada - there are a lot of them, which is why systemd re-implements world+dog. And there is a surprising one: managing what software packages are visible in the container, so for example only containers that need a setuid sudo have the sudo package. So claims that systemd aims to provide all of the next layer above the kernel aren't too far from the truth, although typical of all spin such claims don't tell you the underlying reason.
To me with my software engineer hat on, it's an inspirational vision. It reminds me of the developments in programming languages 50 years ago, when we went from one big program to deliberating providing well defined interfaces, and hiding everything else by default. It also addresses a frustration I have felt for the last decade or so - that we now rely on machine visualisation to isolate our systems. This is absurd. For a start it's hugely inefficient. That's obvious from one simple metric - the number of containers something like OpenVZ can support vs VMWare. But worse, it's a demarcation dispute that cuts deep into our terrority. We software guys are supposed to be kings of layers of abstraction - but here we are using the abstraction layers provided the hardware guys over own.
On the other hand to me, a sysadmin responsible for ensuring hundreds of machines runs smoothly - it is scary stuff. Just learning a new init system is a big enough chore, but tossing out my current expertise in configuring boxes for a new paradigm is going to be a metric fuckton of work. I am absolutely not going to contemplate doing that work until it there is proof the vision the software engineer is getting so excited about yields a better result, proof in the form of systems that are easier to set up, and have been deployed and stable for a long while. If Debian were to force me along that path before it is in my professional opinion prudent to do so, I would abandon Debian, even though I am a DD. I think this is what underlies a lot of the angst I see on the Debian lists. For jessie that's undeserved as Debian is only adopting this bits of the systemd init system that replicate what SvsV is doing. It's a fairly small step.
However there is no denying where the systemd developers want to take us. Once they succeed in enticing us to take this first inch, they fully expect us to walk with them along the full mile. I can't fault their strategy - it's the tried and true embrace, extend, control. Getting every distro to use the systemd init system is the embrace step, and it has been done amazingly well. It is indeed far better SysV init system that SysV ever was, and the work they have done on backwards compatibility is awesome. If they pull the rest off with the same competence, they may well have a hope of taking the entire Linix eco system with them.
And finally we get to the relevance of the sentence I quoted at the start - charactering this as merely a changing from an "init daemon" to an "init system" is missing the point. In fact you've missed the entire barn.
Posted Dec 1, 2014 6:42 UTC (Mon)
by dlang (guest, #313)
[Link] (1 responses)
this is where I disagree with you. In FOSS we are supposed to be informed users and admins, with the expectation that we have full control over our systems. This is exactly the opposite of the trickery that you are describing.
Posted Dec 1, 2014 7:34 UTC (Mon)
by ras (subscriber, #33059)
[Link]
I didn't intend to make a statement about the morality of it one way or the other. Lots of people have commented on the merits of their ambitions, yet when push comes to shove it seems those tasked with making a decision on whether to adopt systemd based it solely on the technical merits of what they saw before them. Debian certainly did. Why continue bash on a topic that ended up being irrelevant to the decision making process?
Now I think about why it is this way, it's probably because we all know it doesn't matter. It boils down to one thing: is this new scheme an improvement? If it is the end justified the means. If it isn't all this visualisation stuff becomes useless bloat that no one will have the patience to maintain, so it will be pruned down to just the init system - uselessd or something that looks like it.
All that said, it may be true my tone betrayed a sneaking admiration for way they have pulled this first stage off. They make the politicians in my country look like rank amateurs.
Posted Dec 1, 2014 12:00 UTC (Mon)
by vonbrand (subscriber, #4458)
[Link] (3 responses)
SysVinit does do an extremely lousy job at "being just an init system" as you describe it. Yes, its numerous shortcommings can be worked around by ever more complex scripts for doing the actual starting and stopping, by having a seasoned sysadmin at hand for moving things along when some snag manifests itself, and an expert to find out how it wedged (yet again) and how to paper over said misfeature by waiting a while for things to settle. Please get over it, init's job is not simple. The fact that init scripts grew like cancer, had to be refactored several times, and are still a gigantic mess should be a clue. No, "they could be written simply, the people who made the mess are just incompetent" doesn't cut it, check out why and how they grew, step by painful step. Besides, each distribution has its own version of the mess, thet can't all be completely clueless. The fact that there grew a complete zoo of "start a process"-style services (inittab, init scripts, inetd, cron, specialized user session startup handling) should be a red flag that there is something amiss. Consider that daemon has two man pages here (Fedora 20), in section 7 listing 15 steps to be done rigurously (and saying that the daemon(3) function should not be used) for "SysV style", 10 different steps for "New style" (but mostly simplifying steps, or explaining why they aren't needed anymore). The 6 steps for systemd are just recommendations on how to write the service file, no special code in the daemon itself is mandated. The day you can write a simple daemon in nothing more than a dozen lines of, say, shell and have the whole startup/stop/restart/logging dance handled consistently by general infrastructure is near (if not already arrived) with systemd. There have been several attempts to clean up this mess, and provide a consistent, common plumbing infrastructure for Linux. The first one to get real traction (as in not "just runs the legacy sysvinit scripts") across distributions is systemd. It isn't perfect now, and it will turn out to have its own warts. But it is a definite step forward, on almost the whole range of Linux use, from small embedded through desktop to large servers. For perspective, I still remember the painful transitions from BSD init on SunOS to SysV on Solaris; then the pre-sysvinit handling on Linux to sysvinit, and finally the migration from that (upstart didn't count, it was just a "somewhat better sysvinit" here on Fedora) to systemd. The pain was worth it each time.
Posted Dec 1, 2014 23:51 UTC (Mon)
by flussence (guest, #85566)
[Link] (2 responses)
Init's job is to serve as an entry point to the OS's rc system, reap exited processes, and halt the system on command.
Once you learn to stop conflating init with the rc layer (which may be Upstart, OpenRC, runit, s6, many other things, or as you so eloquently put it the "cancer" of RHEL/Debian shell scripts), you'll agree how simple it is.
Posted Dec 2, 2014 0:19 UTC (Tue)
by mpr22 (subscriber, #60784)
[Link] (1 responses)
Posted Dec 2, 2014 15:54 UTC (Tue)
by flussence (guest, #85566)
[Link]
OT: It's a bike shed
OT: It's a bike shed
OT: It's a bike shed
OT: It's a bike shed
OT: It's a bike shed
OT: It's a bike shed
OT: It's a bike shed
Observation: by your definition, sysvinit overreaches.
OT: It's a bike shed
OT: It's a bike shed