Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Linux

Ask Slashdot: Can You Say Something Nice About Systemd? 928

ewhac writes: "I'm probably going to deeply deeply regret this, but every time a story appears here mentioning systemd, a 700-comment thread of back-and-forth bickering breaks out which is about as informative as an old Bud Light commercial, and I don't really learn anything new about the subject. My gut reaction to systemd is (currently) a negative one, and it's very easy to find screeds decrying systemd on the net. However, said screeds haven't been enough to prevent its adoption by several distros, which leads me to suspect that maybe there's something worthwhile there that I haven't discovered yet. So I thought it might be instructive to turn the question around and ask the membership about what makes systemd good. However, before you stab at the "Post" button, there are some rules...

Bias Disclosure: I currently dislike systemd because — without diving very deeply into the documentation, mind — it looks and feels like a poorly-described, gigantic mess I know nothing about that seeks to replace other poorly-described, smaller messes which I know a little bit about. So you will be arguing in that environment."

Nice Things About systemd Rules:
  1. Post each new Nice Thing as a new post, not as a reply to another post. This will let visitors skim the base level of comments for things that interest them, rather than have to dive through a fractally expanding tree of comments looking for things to support/oppose. It will also make it easier to follow the next rule:
  2. Avoid duplication; read the entire base-level of comments before adding a new Nice Thing. Someone may already have mentioned your Nice Thing. Add your support/opposition to that Nice Thing there, rather than as a new post.
  3. Only one concrete Nice Thing about systemd per base-level post. Keep the post focused on a single Nice Thing systemd does. If you know of multiple distinct things, write multiple distinct posts.
  4. Describe the Nice Thing in some detail. Don't assume, for example, that merely saying "Supports Linux cgroups" will be immediately persuasive.
  5. Describe how the Nice Thing is better than existing, less controversial solutions. systemd is allegedly better at some things than sysvinit or upstart or inetd. Why? Why is the Nice Thing possible in systemd, and impossible (or extremely difficult) with anything else? (In some cases, the Nice Thing will be a completely new thing that's never existed before; describe why it's good thing.)

We will assume out of the gate that systemd boots your system faster than ${SOMETHING_ELSE}, so no points for bringing that up. Bonus points are awarded for:

  • Personal Experience. "I actually did this," counts for way more than, "The docs claim you can do this."
  • Working Examples. Corollary to the above — if you did a Nice Thing with systemd, consider also posting the code/script/service file you wrote to accomplish it.
  • Links to Supporting Documentation. If you leveraged a Nice Thing, furnish a link to the docs you used that describe the Nice Thing and its usage.
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Can You Say Something Nice About Systemd?

Comments Filter:
  • by eldavojohn ( 898314 ) * <eldavojohnNO@SPAMgmail.com> on Friday October 31, 2014 @07:04AM (#48276995) Journal
    "What Does Systemd Mean to Me?"
    By
    eldavojohn

    Systemd has a nice ring to it. The way the syllables roll off my tongue pleases me greatly. It could be the title of a great anime series. It could even be the lost name of an ancient forgotten god-king. It might even be the name I give my first born. It sounds much more authoritative and genuine than sysvinit or upstart or inetd. For instance from my non-technical fourth grade perspective this is what I interpret the others to mean:
    • sysvinit - A cheap knockoff of systemd. Sounds sort of like a sexually transmitted disease phase like syphilis virus initialization.
    • upstart - Sounds like you don't know what the hell is going on. "This young upstart" ... leave it to the pros, greenhorn. Leave it to systemd.
    • inetd - What are we, fishing here? You netted? You netted what? At least tell us what you netted. Is it a record breaking fish? Also, nice try with the cheap 'd' knockoff at the end. Leave it to the originals. Leave it to ... systemd.

    Contrary to your base assumptions, systemd does not actually boot faster on my Pentium II (Intel inside) system. I just like the way it sounds.

    • Personal Experience - I actually stood up at dinner last night and slammed my fist down on the table and yelled at my wife that "WE WILL ONLY USE SYSTEMD IN THIS HOUSE FROM NOW ON" and I flung her iPad against the wall, shattering it. And then I got down on my knees in tears -- having seen the light -- and swore fealty to systemd.
    • Working Examples - Three nights ago I stole away into the night across town to the Olafsen's house (a predominantly Norwegian family) and (being predominantly of Swedish descent myself) spray painted on the front of their new home: "SYSTEMD BOOT HOME" in blood red paint. This was a Nice Thing in a "never forget" sorta way. I then got down on my knees in tears and applied the spray paint liberally to my upper lip -- the same condition in which I write this post for you, dear reader.
    • Links to Supporting Documentation - [1] [wikipedia.org]
    • by therealkevinkretz ( 1585825 ) on Friday October 31, 2014 @09:37AM (#48278613)

      We've had problems a few times with systemd (usually the next boot after an upgrade to a package). Without exception, the failed boot occured with next-to-no meaningful error on the console and was more difficult to debug than if it had been using sysvinit. I personally, as a sysadmin for ~16 years, don't see a problem with sysvinit that justifies tearing it out of Linux for a more complicated, more opaque replacement.

    • by ACE209 ( 1067276 )

      ok - comments can be closed I think.

      There should be no more to say here.

  • by CajunArson ( 465943 ) on Friday October 31, 2014 @07:08AM (#48277019) Journal

    I've done migrational upgrades to System-d with Arch Linux with zero problems in addition to using it with new installations. It works fine, and I'm still really confused about the jihad-level hatred it seems to engender in some people.

    • by binarylarry ( 1338699 ) on Friday October 31, 2014 @07:14AM (#48277065)

      Remember how awesome pulseaudio is? Well what if we made your ENTIRE SYSTEM that awesome?

      • by Anonymous Coward on Friday October 31, 2014 @07:22AM (#48277147)

        Pulseaudio works fine.

        People think it sucks; the reality is that the implementation in Lolbuntu was done poorly, giving the non-competent people a bad taste of it.

        I used it in its first versions, and it handled my 5.1 setup perfectly, switched to headphones when I plugged them. And it had per-application volume working out of the box.

        It's one of the first things I install when I install Debian.

      • by thegarbz ( 1787294 ) on Friday October 31, 2014 @08:12AM (#48277597)

        Remember how awesome pulseaudio is? Well what if we made your ENTIRE SYSTEM that awesome?

        Oh I could only dream. Imagine that, a system which can cope with plug and play and access to multiple pieces of hardware at the same time. A system which can seemlessly switch outputs as hardware becomes available. My god that would be an amazing system.

        Actually you've demonstrated the parent's point very well. Pulseaudio like systemd solves very real problems. It had teething issues and now seems to work rather well. If my experience with systemd will be anything like it is with Pulseaudio then I say bring it on.

        • by elgaard ( 81259 )

          what pulsed solves is not very important problems, for me at least.
          But it introduces strange problems, besides eating CPU-cycles and RAM.

          For example, I resently spent some time debugging why icedove occasinally froze. It turned out that it was trying to play a sound, but that went wrong because the user starting icedove was not the same as the user starting the desktop even though both were in the audio group.

          It should be possible to make pulse work in system mode, but I could not get it to work well. But d

        • by tlhIngan ( 30335 )

          Actually you've demonstrated the parent's point very well. Pulseaudio like systemd solves very real problems. It had teething issues and now seems to work rather well.

          The problem stems from the fact that they solve very hard problems. Audio IS hard - it's not just putting a stream to a card and having a beep come out from a speaker anymore - nowadays audio is FAR more complex. Most computers now have various ways to get audio in and out - a hardware ADC/DAC (sound card), Bluetooth, HDMI, digital (S/PDIF, T

    • by serviscope_minor ( 664417 ) on Friday October 31, 2014 @07:40AM (#48277285) Journal

      I've done migrational upgrades to System-d with Arch Linux with zero problems in addition to using it with new installations. It works fine, and I'm still really confused about the jihad-level hatred it seems to engender in some people.

      But "works fine" isn't really a Nice Thing as defined in TFS. I mean for very large values of "worked fine", so did the old scripts. It's not like my computers only became usable this year.

      "works fine" is the minimum acceptable level for an init system.

    • by AmiMoJo ( 196126 ) * on Friday October 31, 2014 @07:43AM (#48277303) Homepage Journal

      Think back to the epic holy wars of the past. Emacs vs. Vi. Big vs. Little Endian. Motorola vs. Intel. Amiga vs. Atari ST. ASCII vs. EDBIC.

      Some people go to war over which part of their dick they are supposed to cut off. Some people go to war over a text editor. It's human nature.

  • by Anonymous Coward on Friday October 31, 2014 @07:11AM (#48277049)

    Betteridge's law of headlines [wikipedia.org] is an adage that states: "Any headline which ends in a question mark can be answered by the word no.

    Is this the right headline to apply it on?

  • by olau ( 314197 ) on Friday October 31, 2014 @07:18AM (#48277105) Homepage

    I like that in the future when the integration is more complete, I'll be able to install a database or a webserver and then once in a full moon when a cosmic ray hits the process and kills it, systemd will just restart it.

    Yes, you can do that with other tools too once you've learnt your lesson (many years ago I had 1.5 year uptime with Apache and then it suddenly crashed) and I am using one of those at the moment. What I like is that this will just work out of the box for newbies and veterans alike with no clunky configuration/interfacing.

    • by Deagol ( 323173 ) on Friday October 31, 2014 @07:50AM (#48277371) Homepage

      Maybe I'm unique in this regard, but as an admin, if something goes down on one of my servers, I want it to stay down until I intervene.

      Firstly, if I'm properly monitoring the process, then I'll be alerted and can investigate.

      Secondly, there may a *reason* the process goes down, and having it down may be a good thing. If someone's trying to fuzz our httpd process for exploitation, then it happily restarting will open up a wider attack window.

      Autopilots on production servers seem like a bad idea to me.

      • by thegarbz ( 1787294 ) on Friday October 31, 2014 @08:20AM (#48277691)

        Maybe I'm unique in this regard, but as an admin, if something goes down on one of my servers, I want it to stay down until I intervene.

        I have the opposite view. If something goes down:
        1) I want to know about it. I want some monitoring system to send me an alert of some description.
        2) I want it set up in a way that it won't clobber it's own log files. Preservation of the reason something failed is key.
        3) I want it to automatically restart if possible. I say if possible because I want to avoid a re-start loop but if something goes down and comes back up then the end user is happy as uptime is maximised and providing criteria 1 and 2 are met I'm no worse off as an admin. Believe it or not random crashes may sometimes happen and may have nothing to do with the config or the system itself. I may be caused by some edge case that was hit by a user, and in those cases I am unlikely to find the problem quickly and in the interest of not limiting user access would be inclined to get the system up and running as quickly as possible and then sort through the log history into what the actual problem was afterwards anyway.

        • Mixed feelings (Score:5, Insightful)

          by Mostly a lurker ( 634878 ) on Friday October 31, 2014 @08:52AM (#48278075)
          Sometimes, availability really is critical. In that case I want to take the risk of an automatic restart before the cause is investigated. However, it is important to appreciate that the approach is risky . The restart can cause cascading errors that change a reasonably simple issue into a multi day recovery operation.
      • Maybe I'm unique in this regard, but as an admin, if something goes down on one of my servers, I want it to stay down until I intervene.

        The problem here is that in complex production environments, servers are not atomic units. Obviously, if the network is down, apache cannot run, but just because the LDAP server is out of commission, that doesn't mean that webapps that don't use LDAP cannot continue to run.

        That's the potential of systemd. To ensure that a process that cannot operate except when other processes that is depends on are OK.
        '

        Firstly, if I'm properly monitoring the process, then I'll be alerted and can investigate.

        Secondly, there

    • by morgauxo ( 974071 ) on Friday October 31, 2014 @08:00AM (#48277497)

      A long time ago I used to do that with inittab. And then suddenly that was wrong, we weren't supposed to use inittab anymore, everything was supposed to bin in an init script.

      Whatever

  • by db48x ( 92557 ) <db48x@db48x.net> on Friday October 31, 2014 @07:19AM (#48277113) Homepage

    If you have a service called 'foo', then 'systemctl status foo' not only shows you whether the service is running, it also shows you the last 10 log entries created by that service. This is great when the service failed; usually the error message will be right there.

    How does it do this? Well, because all processes created by the service are in the same cgroup, all of the log messages (and even anything they print to stdout, which would have been lost otherwise) can easily be tagged with the service name (and a bunch of other metadata). You can use journalctl to query the journal for the logs from a specific service, and systemctl status does this for you.

    • by ledow ( 319597 ) on Friday October 31, 2014 @07:31AM (#48277209) Homepage

      My problem with things like systemd is not that they have nice features - lots of things have nice features. Windows' Shadow Copies is a lovely feature that's a lot easier to configure that some alternative equivalents, etc.

      It's that they put those nice features into some new paradigm of configuration when you could have just added them to the existing system.

      • by db48x ( 92557 )

        If you think you can add this nice thing to syslog, then please do. Quite a lot of people will sing your praises, in fact.

  • by Anonymous Coward on Friday October 31, 2014 @07:22AM (#48277143)

    Using the information gleaned from this year old bug [redhat.com] I was able to create a Tower of Hanoi solver using the dependency resolver's attempts to determine whether a NFS filesystem should be mounted after the network comes up or not. Every attempt to start Apache (which depended on the filesystem) represents moving a disc to the middle tower.

  • by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Friday October 31, 2014 @07:35AM (#48277239)

    Seriously, I've been a Linux Guy since the 90ies and I honestly couldn't care less.
    Anything I know about init is about runlevels - and those are a really neat thing. I mean really cool. You can fiddle with those using mc (Midnight Commander) and debian has a stack of 4-6 of those preconfigged and set up by default - last time I checked, some 7 years ago or something anyway.
    Point is, my grandma can set up a runlevel that ex- or includes the LAMP stack in it's 'launch', 'init' or whatever-it's-called sequence and I can set my box to it by typing "init [simple Int here]" for my box to go there.

    Again, that is pretty neat and cool and the best working solution I've run into so far.
    Way better than anything in the Windos world, that's for sure.

    If this "systemd" thing - whatever that is - doesn't break this or offers a neater improvement on that runlevel stuff or a way better concept that's worthwhile moving into, perhaps like the SVN vs. Git thing in which Git comes out on top IMHO - without requiring some bullshit GUI tool to be usable, that's all very fine and dandy with me.

    If, on the other hand, you're going to push this new fad and hurt me wile doing so, I'm coming for you some time in the future. With a baseball club and my mafia friends. Other than fucking around with one of the best filemanagers ever - Konqueror - and replacing it with an inferior dolphin - this isn't some GUI toy you should fiddle with. This is Linux at a level where it's actually *the* industry standard. As in 'no other even comes close to this level of reliability and quality". Fucking that up would be a really stupid idea.

    Otherwise I really positively couldn't care less - and that's how it should be, no? Except for, maybe, if I were a System Developer or Distro Release Manager or something.

    My 2 cents.

  • by wierd_w ( 1375923 ) on Friday October 31, 2014 @07:36AM (#48277245)

    'systemd' needs to stay optional, and I mean that explicitly. optional. Not "default", and not "optional, in the sense that you then have to do the maintainer's job for them because they are too lazy to consider people not using systemd, because systemd is the default, and the maintainer does not want to consider the people that dont want systemd, regardless of the reasons or circumstances." kind of way.

    Systemd is potentially useful for only a subset of the linux ecosystem, and forcing this kind of change is a bad thing.

    Please allow me to explain why:

    Systemd seeks to be a "Be all, end all solution to system initialization", which ultimately means that it will itself try to cover every possible thing that its maintainers believe needs to or should happen during system init. That in and of itself means that it will be large and cumbersome; exactly the things that embedded linux should avoid, where ultra-minimalism is king. (We are talking systems that have just a few dozen megabytes of memory, and just a few hundred megahertz of processor power at the most. Having all that gobbled up by the init system as soon as power is applied is not going to win you any trophies, and boldly asserting that embedded devices need to obey a desktop paradigm is throwing the baby out with the bathwater.)

    This is especially true with "reference distributions", like debian. Debian "console only" deployments with tools like debootstrap are reasonably common with embedded devices, as are deployments that make use of chroots for specific sandboxed services. A chroot does not need a full blown init like systemd. It is best served with a simple init script. Building a distro with the intention of killing simple init, and replacing it with a monolithic solution like systemd will make service daemons much more difficult to control in this way, and will actually rob core functionality away from the distro that goes that route--- exclusively in favor of desktop flavored deployments.

    Linux is more than desktops.

    Linux is routers.
    Linux is home automation systems.
    Linux is servers performing specialized functions.
    Linux is so much more.

    Please be more considerate about trying to force systemd into debian. Optional is OK. Optional like "gnome vs kde vs xfce vs $ManagerHere". Not "optional" like "unity on ubuntu". Debian is a reference distro, upon which many other distros are based. It has already found its niche in the linux ecosystem. Please dont try to reinvent it.

    • by jbolden ( 176878 )

      I think systemd is excellent for servers, I think the wide adoption by PaaS vendors proves this. I also happen to think process management is good for most embedded systems. Because they often have less support, both human and other infrastructure being able to do internal process management is a plus. So I disagree strongly that systemd is about desktop, that's a myth.

      That being said though I agree that systemd is a bad choice for low memory embedded systems. But frankly I think Debian is mostly a bad

  • by msobkow ( 48369 ) on Friday October 31, 2014 @07:36AM (#48277249) Homepage Journal

    The idea of booting services in parallel is nice, but the problem is that apparently it doesn't have a way to specify that you need to wait for a dependant service to hold off until the initialization of the dependancy is complete. Systemd considers it "booted" as soon as it launches, which causes people problems with unreliable network initializations and such that have been resolved for Sys-V style init scripts for years (if not decades.)

    • by mvdwege ( 243851 ) <mvdwege@mail.com> on Friday October 31, 2014 @08:21AM (#48277721) Homepage Journal

      Wait, what? It's the other way around. If the dependencies are systemd managed, systemd will wait until they report back to be up and running before starting dependants. This is opposed to the SysV rc way, which just blithely ignores all output and continues booting unless the rc script actually hangs.

      In fact, one of the most common complaints is that systemd keeps hanging on filesystems in fstab that are not mandatory to mount on boot, instead of ignoring the mount error and leaving them to be mounted manually later.

      • by msobkow ( 48369 )

        That is absolute bollocks. You have to go out of your way to put the init programs in the background with SysV init scripts -- they don't return until initialization is actually complete.

    • Wrong, services are considered "booted" when they are ready to process requests. For most services, the kernel kan be made to "buffer" request, so we don't care in which order they are started. For those rare cases when we do wan't to hold off a service, the unit-files can specify exactly what to wait for.

      Oh, and by the way Sys-V init scripts never solved this. They depended on the daemons to solve this, which they virtually never did. Or sprinkle the init-scripts with strategically placed sleeps. This resu

  • by Anonymous Coward on Friday October 31, 2014 @07:39AM (#48277277)

    http://uselessd.darknedgy.net/ProSystemdAntiSystemd/

    This comes from an "anti-systemd" source, but tries to cut through a lot of the controversy and hostility shown on both sides. Bear in mind, you only see the anti-systemd view on Slashdot, but you get just as much idiocy on the other side as well. For example, the Poettering "death threats" were actually a joke made by a bunch of people in an IRC channel. Here, read the log (ctrl-F "hitman"):
    http://logs.nslu2-linux.org/livelogs/maemo/maemo.20130215.txt

    • by Nemyst ( 1383049 )

      http://uselessd.darknedgy.net/ProSystemdAntiSystemd/

      This comes from an "anti-systemd" source, but tries to cut through a lot of the controversy and hostility shown on both sides. Bear in mind, you only see the anti-systemd view on Slashdot, but you get just as much idiocy on the other side as well. For example, the Poettering "death threats" were actually a "joke" made by a bunch of people in an IRC channel. Here, read the log (ctrl-F "hitman"): http://logs.nslu2-linux.org/li... [nslu2-linux.org]

      FTFY. Sorry, there are some things which just are not funny, and if we're gonna condemn idiots like Sam Biddle who tweet "bring back bullying" and other such nonsense (hint: the backlash was rather large), we should also condemn people "jokingly" saying they're gonna put a hitman on anyone.

  • by Rich0 ( 548339 ) on Friday October 31, 2014 @07:48AM (#48277349) Homepage

    I've been starting to migrate many of my services at home to containers to make them a bit easier to maintain (a bit of a tangent - having 5 containers instead of one host with 5 services means that you have to do 5x as many updates, but each update can at most break one thing at a time). This was trivial to do with systemd-nspawn.

    With a command line that barely fills a terminal line I can launch a container, have it boot systemd inside the container, have a few bind mounts, and have it get its own IP like a lightweight VM. Within the container systemd just does whatever it is told to do, like launch ssh so that I can get in, configure the network, and launch whatever services the container was intended to provide. The container journal logs are symlinked back to the host log directory, so they're really easy to look at from the host.

    Sure, you can do similar things with docker, but doing it with systemd involves less tooling in general.

    Also, for simpler situations systemd-nspawn makes a VERY good substitute for chroot. In addition to doing everything chroot does, it starts a separate process namespace so you don't see outside processes from inside the container. It also automatically sets up /dev for you, sets up resolv.conf, etc - it can do all this while just spawning one program inside just like chroot does (so no need to run systemd inside). It can also set up bind mounts if you ask it to. When you exit it cleans up - no lingering bind mounts, or tmpfs, or /proc and such inside. Also, any mounts inside the container aren't visible outside, so you can run a backup on your chroot and not have it follow bind mounts, or try to save /proc/kcore or whatever. In fact, you could spawn 5 containers inside the same directory and they can have private /tmp and /dev and /proc while seeing changes each other make in the files in the actual chroot.

  • Stop means STOP (Score:5, Informative)

    by Rich0 ( 548339 ) on Friday October 31, 2014 @07:51AM (#48277387) Homepage

    One thing I really like about systemd is that when you stop a service, it actually stops.

    I used to run monit with openrc and when you wanted to restart a service you had to play games to ensure that it was really killed, and that the service state was cleaned up, and so on. Just telling openrc to stop the service just wasn't reliable at all - it worked well when nothing was wrong, but if nothing was wrong chances are monit wouldn't be doing anything.

    Systemd is very effective at containing processes and their children and when you stop them, they are all gone for good. If you want to restart a service, systemctl restart service will get the job done 100% of the time, assuming the configuration/etc lets it restart. It does support graceful shutdown of individual services, followed by process genocide.

    This also applies to things like cron jobs you launch through it. When the parent process ends, anything left gets cleaned up.

  • Hardening (Score:5, Informative)

    by icemaze ( 1865436 ) on Friday October 31, 2014 @07:51AM (#48277389)

    Systemd was forced down my throat by Arch Linux. I didn't know anything about the controversy back then, so I just thought: "There's probably a good reason for this, let's get to work".

    I read some docs and I liked the security features a lot! You can tighten services easily with a declarative syntax.

    Here's a snippet from my ntpdate.service file. You don't need much systemd knowledge to guess at what each line does:

    PrivateTmp=true
    ReadOnlyDirectories=/
    InaccessibleDirectories=/boot
    InaccessibleDirectories=/root
    InaccessibleDirectories=/etc/ssh
    LimitNPROC=1
    DeviceAllow=/dev/null rw
    DeviceAllow=/dev/urandom r
    User=nobody
    Group=nobody
    CapabilityBoundingSet=CAP_SYS_TIME
    NoNewPrivileges=true

    I ended up enjoying that work and tightened things so much that I hit a bug, which was resolved in just a few days: https://bugs.freedesktop.org/s... [freedesktop.org]

    But I still don't know how to configure the network properly T_T

    • Re:Hardening (Score:4, Insightful)

      by ledow ( 319597 ) on Friday October 31, 2014 @09:15AM (#48278343) Homepage

      Those facilities are not given by systemd. They are given by cgroups and other security features. Systemd just has a way for you to specify them for services, it's not doing all of the heavy lifting.

      Similarly, imagine that config file, interpreted by SysVInit scripts, and applied the same. Would that be better or worse than systemd?

      And, to be honest, in terms of the userbase, that's quite a niche preference. I can count on my fingers the number of times that I've personally had to lock down a service to the bare essentials. That's what package managers and SELinux policies are for.

      Again, it's a lovely feature. But does that justify ripping out the init code from the entire distro for? And could it be done any other way (I'm guessing yes).

  • Speed (Score:5, Interesting)

    by Carewolf ( 581105 ) on Friday October 31, 2014 @07:51AM (#48277397) Homepage

    Just installing systemd over sysv speed booting up from a minute to 10 seconds, and shutting down from half a minute to under one second. I always hated Linux couldn't handle shutting the fuck down efficiently, now it does.

    • Re:Speed (Score:5, Informative)

      by bill_mcgonigle ( 4333 ) * on Friday October 31, 2014 @08:00AM (#48277493) Homepage Journal

      I've killed systemd shutdowns hard after 15 minutes of timing out waiting for an nfs share that went offline.

      The old system didn't do that. Not to detract from the lovely startup times, but it's not "all baked" yet.

      • by Theovon ( 109752 )

        This sounds like a bug. Systemd is new, so it will have bugs. This is not, however, a design flaw. It is merely something that needs to be fixed. It's only a major problem if the devs refuse to fix it on the grounds that they don't think it's a bug. However, I've mostly only encountered that attitude when reporting Chrome bugs to Google.

  • Exit codes matter (Score:5, Informative)

    by Rich0 ( 548339 ) on Friday October 31, 2014 @07:55AM (#48277431) Homepage

    A small thing I've come to appreciate with systemd is that it actually cares about exit codes. This applies to any unit, including timer units (the equivalent of cron jobs). I ported most of my cron scripts over to systemd and suddenly started noticing scripts which had been having non-zero exits for ages, but fcron just didn't care about exit codes.

    You can tell systemd to ignore exit codes for a process, or specific exit codes. However, I've found that in general using systemd I have a lot more awareness of abnormalities in my services.

    Sure, you can often get away with ignoring exit codes, just as you can often get away with ignoring compiler warnings. However, in getting rid of them I fixed a few problems ranging from trivial to important, and my system is more robust for it.

  • by TheCycoONE ( 913189 ) on Friday October 31, 2014 @08:05AM (#48277543)

    Writing service files for my own daemons or modifying existing ones is pretty close to trivial. The files are short, easy to understand, and there isn't any risk of runaway child processes like there is with a sysvinit init script making them close to trivial to write and maintain. If anything I would say that's why so many distros are jumping on board.

    I had to write service files as an early adopter, but it would also be useful for anyone rolling out their own daemons or that needed to tweak the behaviour of an existing service for their own needs. I imagine it would also lead to fewer packaging bugs.

  • by Theovon ( 109752 ) on Friday October 31, 2014 @08:12AM (#48277599)

    Systemd is modular:
        - It's broken up into multiple independent processes, each of which handles one major thing well.
        - It's broken up into libraries so that commonly used code (such as parsing config files) is implemented once and shared among the services, saving memory (because you know how shared object libraries work, right?) and ensuring that there's only one implementation of any one thing that needs to be tested and debugged.
        - Interdependence among services is minimized, although as with any real, complex system, there are chains of dependencies.
        - Dependencies on and among services are handled on-demand so that only the services you need are running (often started well after boot). As a side effect, boot time is shortened.
        - Process 1 (init) is very small, with minimal functionality, in order to minimize the chances that it will crash.

    The above are all true, or at least they are consistent with claims made by the developers. Sure, I have negative things to say, which are also true, but I don't want to add to the noise of all the false negative claims floating around.

  • by AddictedToCaffine ( 713582 ) on Friday October 31, 2014 @08:15AM (#48277629)
    I like it because it hasn't been proven to cause Tourette syndrome. The swearing it seems to cause is just a coincidence.
  • by gQuigs ( 913879 ) on Friday October 31, 2014 @08:17AM (#48277653) Homepage

    Systemd during a normal boot is doing some detailed logging of the boot process that let's you do a simper version of bootchart. This allows you to find out how long each service took to boot and also do a graph of them.

    It's concerned complimentary to the actual bootchart...

    [1] http://0pointer.de/blog/projec... [0pointer.de]

  • by Anonymous Coward on Friday October 31, 2014 @08:25AM (#48277769)

    Back in 1993 I worked on a network process controller for Inmarsat-A. It had it's own custom init process group leader which erected unix domain IPCs between certain children, some shared memory segments, and performed a waitpid to relaunch any child process that died. I was new to the project and new to unix so when I suggested we use inittab to take over this task, the team lead just laughed. Init was not up to the task. The arrival of systemd finally addresses this use case: a process group leader that can care for of a hierarchy of tightly coupled processes. Systemd may be complicated, but so is the intended use case.

  • by DrXym ( 126579 ) on Friday October 31, 2014 @08:36AM (#48277885)
    I've not had any issues with it and my machine starts faster. It works. Most of the objections to it appear to boil down to personality and philosophical issues rather than whether it is technically sound, e.g. the way the devs interact with the kernel devs, or whether it's too close to the way services work in Windows.

    Having read the myths page I largely believe it was the right thing to do. Linux is a living operating system and sometimes it has to be dragged kicking and screaming away from things that may have been acceptable in 1990 but not when going against other modern operating systems. Wayland is another ongoing example of that and I'm sure that once it becomes the default choice in some dists that we'll see people being extremely vocal about that too.

  • by james_in_denver ( 757233 ) <(moc.oohay) (ta) (revned_ni_semaj)> on Friday October 31, 2014 @08:42AM (#48277953)
    Poettering get to pretend that he's Linus. That, and it manages to start all of the services correctly on my system without hanging about 9 times out of 10. Aside from that? as previous posters have said, if a service stops/crashes for some reason? I want it to stay stopped until i can figure out what is wrong. MySQLD? out of disk space? I don't want that to keep on yo-yoing up and down until i have it fixed. I agree, SystemD should be optional, you want it on your phone/IOT device? fine. My server that I reboot about once every 2-3 months? I want init.
  • by backtick ( 2376 ) on Friday October 31, 2014 @08:42AM (#48277955) Homepage Journal

    Background: I've professionally administered Unix and Linux machines for >25 years, including various BSDs, Linuxes, Irix, HP-UX, Solaris/SunOS, AIX, etc. I've been certified by several vendors or distributions, including, since 1999, Red Hat (which gives me quite a bit of background on their specific implementations over the years). I don't work for a company doing development of any OS or platform. heck, other than random 401K type aggregate ownership, I don't own stock in any company that cares about this issue at a deep level, to the best of my knowledge :)

    Personal Bias about this thread: You pretty much lose all the credibility possible with me when you start of with "I ... dislike systemd because ... it looks ... like a poorly-described, gigantic mess I know nothing about ... ." (It's the "disliking something you know nothing about" that bugs me). Otherwise, I don't care much about this debate on a personal level. I currently admin boxes using systemd as well as everything else, and nothing about systemd has caused me anywhere near the heartache that it seems people who haven't used it much seem to feel about it.

    Seriously, there're thousands of pages of documentation about what it is, how it works, and what most if not all of the design basis decisions are/were. I'll link you to a few of them because hey, you can get to slashdot and post, but you can't seem to use Google ;) (tongue in cheeck, of course). There're plenty of folks who DO have great detailed reasons on why they don't like bits and pieces of it, and you should be able to compare them to the various info I'm linking below.

    Systemd has tons of upside and tons of downside. Most are pretty well detailed, although many of the gut reactions people seem to have to it are based on a lack of understanding about how it works and what it's compatible with, to wit "I can't use shell scripts for anything at startup anymore!" , "All of my old chkconfig or SysV scripts can't be included at all!", "It kills off syslog!", "The only reason it exists is to make laptops boot faster and in the server world we don't care", etc. Those are easily researched and the actual basis (or lack thereof) pretty easily found.

    So, for why the systemd setup looks like it does, you can go back 4.5 years to where the announcement and rationale is described. Speed is part of it, as is device changability, as is double-forking, resource limits, and service state checking and recovery. Yes, it's a load of stuff. Definitely a system-wide approach VS a semi-random collection of various ways to do things all tacked together (which is, frankly, what most Unix and Unixlike systems are, through survival of the fittest).

    http://0pointer.de/blog/projec... [0pointer.de]
    http://0pointer.de/blog/projec... [0pointer.de]
    http://0pointer.de/blog/projec... [0pointer.de]
    http://0pointer.de/blog/projec... [0pointer.de]
    http://0pointer.de/blog/projec... [0pointer.de]

    Since RedHat's obviously the largest major proponent and arguably the source of the most production users, here's their documentation:

    https://access.redhat.com/docu... [redhat.com]

    Here's the project page with loads of links about the software and uses cases:

    http://www.freedesktop.org/wik... [freedesktop.org]

    And of course so many questions have been raised the developers have posted their rebuttals to myths or misunderstandings.

    http:/ [0pointer.de]

  • by jbolden ( 176878 ) on Friday October 31, 2014 @08:45AM (#48277989) Homepage

    OK I'll try this. Traditionally Init services were about starting processes. They didn't have capacities for keeping processes running. Which meant that for processes that need to be kept running and for which there was a real possibility of failure (most of them) the init had to start a process management system which then started the functional process. This has been the status for years. With systemd there is a process maintenance component standard in the init system. Which means that processes not only start but are capable of being kept in a stable state easily and automatically. Process management stops being something system admins work hard at and instead becomes something that happens out of the box.

  • by Anonymous Coward on Friday October 31, 2014 @09:46AM (#48278751)

    Caveat: I am a server admin.

    With systemd, one can't even remotely log a journal natively, which is par for the course in many server environments. You can't make this stuff up, please see bug #1098132 (https://bugzilla.redhat.com/show_bug.cgi?id=1098132) At the time I'm writing this, that functionality still just *doesn't exist* in systemd/journalctl. It was almost pushed into the last revision, but the bugs were show-stoppers so was pulled. Even if it does go into the next systemd revision, how long until it's really kosher for solid/production environments? 1 year? Two? Three? Yet it's being pushed as the default *now*.

    To explain why this is important: if someone cracks in, the log files are going to be one of the first things they muck with. You have locked down syslog/et al, so you can tell if they muck with the binaries, but the log files themselves are considered compromised. Logging remotely at the same time before the data even hits the disk creates another layer of safety, which you simply can't do with systemd/journalctl. One day you will, assuming you want the binary journal and journalctl, but even if you wanted those now you couldn't. Yes, you could rsync over a copy of the files, but there's a reason why people aren't just doing that for regular logs and this is going long.

    Over the last decades, people have worked out tried-and-true systems for documenting and verifying logging. So from an audit perspective, with journalctl you can't lock down syslog-ng and that process, because you've introduced an untrustworthy one above it. They know the current strengths and limitations -- to the point that there are legal/liability issues involved for many if their logging goes wonky. Journalctl adds a layer between the systems they have that work (and even have protocols in place for in terms of auditing), and as of right now adds a *wonky* layer that's very buggy. And by buggy I mean prone to corruption and simply not doing as its told.

    Here's the real kicker: most of this issue would go away if systemd was willing to allow the user to not use journalctl and let things like syslog-ng have that data in the raw. It is choosing not to allow that as a tactic, as opposed to what the users and tech itself wants, and so here we are.

    Also, this entire proposition by samzenpus is inane. When one thinks backwards from what the motivations might be, none of them are good and make me lose that much more respect for the site.

    • by steveha ( 103154 )

      Caveat: I am not a sysadmin. But I have read up on SystemD.

      With systemd, one can't even remotely log a journal natively

      Why not? SystemD offers its own logging system, but does nothing to prevent you from installing a more capable logging daemon such as rsyslog.

      Note that before Fedora 20, rsyslog was installed by default, along with the SystemD logging. In the announcement it says:

      rsyslog will remain the recommended option to install if users require /var/log/messages, need support for the syslog network

  • by PPH ( 736903 ) on Friday October 31, 2014 @10:02AM (#48278925)

    ... the year of BSD on the desktop!

  • downgrade. (Score:4, Insightful)

    by zebedi ( 2772113 ) on Friday October 31, 2014 @10:59AM (#48279573)
    i'm a small time admin, running about 100+ wireless nodes for artisans, private and commercial users. the -majority- of users running debian on desktops (autopilot upgrades rolled out), the rest are smartphones etc. windows is -actively- banned from the network. all routers, servers, firewalls are running debian, handrolled with lenny, wheezy and jessie, but all configs by the book, and audited by an experienced 2nd set of eyes. i'm 35 years in computing, telecoms and electronics. systemd is the worst single time-waster event in my professional career. although not yet enabled by default in jessie, it's causing a -lot- of disruption with basics like remote rebooting becoming an economical hazard (petrol costs), remote desktops not cranking up, auto logins not working (previously reliable packages like gdm3 break on upgrade due to forced dependencies to systemd related packages), endless hangs on startup/shutdown, many users complain about slow shutdowns, or machines not shutting down at all, services not starting. and yes: i understand how the beast works, and i can see the beast is doomed. the logging is a ---fucking--- nightmare, works fine on paper, but is making it impossible to get basic stuff done when in the real world things break, and taking the unreadable logs with it into the ether. i'm yet to see a machine that actually booted faster, or indeed shut down faster. agressive parallelization seems to apply ony for a subset of computing equipment i'm unfamiliar with. i can already hear the smart arse comments from corporate armchair admins: 'do this, do that ...' but the reality is that the problems caused by the yet flaky systemd is creating such an extra workload that is buries any hope of getting to grips with it. driving to each customer and wipe the systems fucked by systemd and re-install them with wheezy or carefully pruned jessie is cheaper, and we can all have our lives back. i never thought i'll be wading through backported software again ... for regular user systemd brings no obvious advantages, at least not for their ancient harddrives on single core desktops - but instead a few ended up with trashed installs, e.g. by old non-critical errors being dragged into an upgrade and then breaking on (remote) reboot. if i hadn't left the core machinery on lenny and wheezy i'd be in deep shit now, and likely going out of business. stefan zalewski, burren.org
  • by Anonymous Coward on Friday October 31, 2014 @11:17AM (#48279803)

    To date, there is no evidence that systemd causes ebola.

  • by Peter H.S. ( 38077 ) on Friday October 31, 2014 @12:39PM (#48280819) Homepage

    systemd's logging system is a huge improvement over old legacy style text logs. It has more early boot logs since it can log while still in initramsfs, and with kdbus it will probably get even earlier and late logging; the goal is "metal-to-metal" logging.

    Having structured and indexed logfile (called journal) is a huge improvement in many ways; it allows for rich meta-data like monotonic timestamps, high precision time stamps, UUID's, exe file names and paths, and incredible easy and powerful sorting and filtering with tools like "systemctl".

    If you try to add meta-data like monotonic timestamps in flat text files, they become very long and cluttered, making them hard to read for humans.

    Another problem with flat text files are the fact that watch scripts depends on the exact wording of the daemon output strings; if the developers changes the wording, third party scripts will fail. In a perverted sense, the exact wording have become a API that cannot easily be changed or extended.
    Not so with systemd; it has a stable API and lots of language bindings. It is easy to make a watch script that targets the stable field's.

    Some CLI examples: I have used full length options for readability and since systemd have excellent bash completion for everything, it doesn't involve much more typing.

    journalctl --boot -1 --priority err

    Show all log entries from previous boot only, that have log level "error".

    journalctl --since -5m

    Show log entries generated the last 5 minutes.

    journalctl --follow --unit smartd.service

    Follow (tail) the smartd daemons log output.

    journalctl _KERNEL_SUBSYSTEM=usb --priority warning

    Show only messages generated by the kernel USB subsystem that have log level "warning"

    journalctl --field _PID

    The "--field" option makes systemctl show all values of the following journal field. In this case it will show a list of all PID's that have ever written to the journal. Want to see every executable that have ever generated log output, substitute _PID with _EXE. Notice the underscore. Field values with underscores have kernel guarantee for being correct.

    It is also easy to track two services that you suspect are causing each other problems:

    journalctl --output short-monotonic --boot -u NetworkManager.service -u chronyd.service

    This will show the log entries for NetworkManager and a sNTP client from the current boot, and show the output with monotonic timestamps. Nice.

  • by Lodragandraoidh ( 639696 ) on Friday October 31, 2014 @12:54PM (#48280985) Journal

    The only good thing I can see about systemd is the exposure of some Linux system APIs that were not exposed via the POSIX subsystem. Nice - but not required by most of us - and could be added to existing standards based initialization daemons without totally rewriting the rules.

    Otherwise it seems to be more likely a thinly veiled (actually not veiled at all...given comments of the principles) attempt to fragment the POSIX world - and forcing projects with limited resources to make a Hobson's choice of whether to support systemd based Linux or POSIX standards exclusively. It breaks write once - compile/run anywhere - that was generally available for those who made sure their applications were POSIX compliant. This means that a lot of software that was available across Linux, and Unix flavors (BSD) will now be exclusively available on one or the other - thus fragmenting the *nix world.

    Software is not separate from the ethics that surrounds it. This approach and apparent rabid anti-interoperability view is arrogant and self-serving at the expense of cooperation and choice. Furthermore, the monolithic architecture, obfuscated binary logs, and centralized configuration are antithetical to the Unix way - and makes a linux system as difficult to deal with as a Windows system from an automation and management perspective, and raises concerns in terms of security (the greater the complexity in a system, the greater the opportunity for bugs - and thus the greater the attack surface).

    Finally it throws away many many years of experience/knowledge acquired by system admins, developers, and users about how a *nix system operates and is configured. This fragmentation of the human factors aspect will by its very nature cause faults/issues during operation.

    So - for a host of reasons, I believe it is technically - and more importantly - ethically wrong.

    There is actually one more good thing I can think of: it will spawn new distros, software projects to provide alternatives of various applications in the stack, and perhaps new operating systems altogether - with a renewed focus on design simplicity (KISS) and all of the benefits that come from that. Once a system becomes too complex to understand - are you sure you can trust it? So to recap: systemd has two things going for it; exposure of Linux APIs, and the power to breath life into the further exploration of alternatives in the OS/application layer.

  • by Peter H.S. ( 38077 ) on Friday October 31, 2014 @01:05PM (#48281137) Homepage

    I like the fact that systemd's wholesale acceptance by all major Linux distros means much less fragmentation in both the way the Linux OS is managed and the easy that upstream projects are now able to support advanced features in a distro agnostic way.

    I also like the fact that it exposes advanced kernel features like "cgroups" and "Capabilities" and make them easy to use; just add a keyword in a text config file and restart the service.

    Add ProtectSystem=full in a service config file, and the service and all processes it makes can only "read" /usr and /etc enforced by capabilities. So even if the service is compromised, the hacker can't modify these directories, even if the hacker are able to execute code with root privileges.
    http://www.freedesktop.org/sof... [freedesktop.org]

    Also "ProtectHome=" makes the service unable to read /home, so that no information stealing can take place.

    Perhaps the best thing about these features and the many other systemd features like those, are that they can be enabled by either upstream or the distro makers, so that the end user doesn't have to anything in order to improve the system security. It will simply mean improved security and "defense-in-depth" as deafault on systemd distros.

  • by tibit ( 1762298 ) on Friday October 31, 2014 @01:07PM (#48281163)

    I have an RHEL 6 system with multiple commercial Java applications. For some reason, every commercial Java application out there seems to bundle half of a linux distro with it: they insist on using their own instance of a web server, their own application server, their own database, their own mail daemon, etc. Starting those things serially is true insanity and takes forever.

    With all of this stuff migrated to RHEL 7, tweaked so that there's no init + rc.d craziness left, a 4 minute boot-up turns into 1:30 boot-up. This is with spinning drives. I have another iteration of tweaks where I exposed all internal service dependencies inside each of those monolithic app monsters to systemd, and we can be up and running in 1:15. Looking at I/O statistics, with further judicious use of preloading we should cut it down to 1:00-1:05 after a clean shutdown. The shutdown times, usually well over 2 minutes long, are down to 30 seconds.

    This is all measurable, no-bullshit, experimental data. We even managed not to have to touch any of the commercial app's rc scripts, I simply coded up the requisite systemd configurations for those services, based on the rc scripts. If there's any question as to systemd's effect on the application, or if we need to deal with vendor support, we can always start it up using the rc scripts.

    So, I don't care about ideology behind systemd, and how it fits with someone's ideas about what Unix or a Linux distro should or shouldn't be. All I know is that it'd have taken me 5-10x as long to tweak the system rc.d scripts to parallelize them than it took me to "port" the commercial apps we use over to systemd. Of course the distribution's own services already use systemd, so I didn't have to touch that, only tweak a few things slightly to further leverage parallelism. It has saved us time and money, and the system availability is much better in face of the rare reboots. Everyone is happy. We're a small shop with a single server, and we use no virtualization nor any other enterprisey stuff. Just a plain old RHEL 7 running directly on hardware, with selinux turned on, with custom policies written for each of the commercial apps.

    A lot of the "recommendations" I've got from "veteran" admins essentially reduced to throwing money and resources at the problem. That's IMHO a rather direct vindication of systemd: if it takes a SAN, multilevel storage and VMs just so that the damn init/rc.d-based system will boot in a reasonable amount of time, and all of that is taken care of by systemd, it'd be rather irresponsible for me to try and ignore systemd. In the name of what? Nothing I can think of. It's not like I can tell the management "hey, RHEL 7 comes with systemd, but I can keep using RHEL 6, not use systemd, and spend $25k+ for a SAN, VM and OS licenses, and the time to set it all up and document it all".

    <rant> It takes some chutzpah for commercial vendors to claim RHEL 7 "support" in their solutions, if they support neither selinux nor systemd.</rant>

I've noticed several design suggestions in your code.

Working...