Systemd

June 29, 2015

The controversial systemd

I recently went to a talk given at Facebook by Lennart Poettering. Systemd will be replacing sysvinit in the upcoming REL 7 distribution in Red Hat Linux, the Linux operating system that is commonly used in some enterprises. What interests me are the container features that it provides as an alternative to the docker style container system.

Before Systemd

Systemd was started in 2009, before 2009 there were

Sysvinit

no dependency management
code is not very clean

Upstart

code is clean
glue
defining a lot of events and glue them together
maximize what gets started at system startup

Systemd

Instead of admin explicitly defining what happens when, up to the system to figure out what to start
job of the developer/admin to define dependencies and job of the system/computer to take care of the rest. Philosophy is that the computer to solve the algorithm for you.

Inspirations from

Launchd
- Socket activation
- Inetd
SMF
- Solaris management framework

Features of Systemd

Modular
- Can turn off most features except 3

Basic concepts

Everything is a unit Foo.service Bar.device Waldo.target Another.socket Something.automount
Dependencies (-> requires) Multi-user.target -> http.service -> basic.target -> local-fs.target -> home.mount -> Systemd-fsck@dev-sda6.service -> dev-sda7.device

Run level vs linear dependency
Descriptive targets (you can define and name the targets)
Start as a little as necessary, parallel as much as possible.

This example above is a dependency check for a web (http service). You can use system graph to see dependencies

Example of parent and child process double forking (the classic example)

example if Apache needs MySQL to be started first systemd tracks processes using the Linux kernel’s cgroups subsystem instead of by using process identifiers (PIDs); thus, daemons cannot “escape” systemd, not even by double-forking.

Starting a service at service level 3

Systemd family

Systemctl stop service

Systemctl restart

Systemctl status

will show you the entire tree
how long ago was the service started

Systemctl show

shows status for processes

Systemctl cat (don’t have to go to the directory file/folder) Systemctl edit - tell MySQL to change the cpu to use

More daemons Systemd-udevd

Systemd-logind Systemd-journald

admin can

Systemd-networkd

network manager
match to which configuration does his network file match
Intel uses it to do router configurations for example Uplink and downlink management Networks are fully hotswappable
does not do wifi

Systemd-resolved

DNS on red hat vs DNS on your local home
if we have information about queries then we won’t query all that we know.

Systemd-timesyncd

syncs the clock
when the system comes up if the clock comes up empty (ex: on raspberry pi) the time stamp might not be monotonic -recommended over full ntp server if http is not needed

Systemd-locald Systemd-hostnamed

Others for bootup Systemd-tmpfiles

setup up sync remove and setup temp/files at boot time

Systemd-sysusers

bootup a system with just the users around
will not create etc and var until necessary
especially useful for container based systems that just only need users, where most container information is stored in a MySQL database
useful for rpm also

System-module-load

Systemd-binfmt Format binaries such as Java

Systemd-backlight Manages background lighting actors reboot

Systemd-random-seed Saves randomness seed across reboot

Journalctl Log error, really useful, time zone correctly - unlike syslog, or chroot which is a steam

Systemctl

Loginctl Show session Show user log

Machinectl Useful for containers

Coredumpctl Collects core dumps Ex: coredumpctl gdb If used this way every coredump is logged

Busctl What interfaces methods and dbus messages each message offer

Systemd-nspawn

container runs over this (docker has its own implementation), rkt is built on it
simple
spawn it to a directory and start it up
like qemu-Kvm but for containers

Systemd-machined

rest of the system knows about what a container is
nspawn will register
place to register containers (don’t emulate Hardware but share kernel) and VM (emulate hardware)
every container registered with machined will get host name resolutions http://www.freedesktop.org/wiki/Software/systemd/machined/
dash M flag
machinectl status
like Unix ps command allows state of container

Via machined Ps Systemctl -M In this container very thing is okay or 5 failed Loginctl -M who is logged in within this container Systemctl list-containers

Container Nspawn

VM Kvm

Systemd-import Uncompressed/unzip and then call nspawn Add more containers (and VMs) to your local system

Nspawn va docker Docker’s philosophy

micro service within each docker

Systemd

difference between systemd and normal container should be minimal More integrated isolation Recursively entering into the docker is annoying Journalctl example can interleave all service logs into one log stream

Summary

See image

Q&A

how do you deal with trolls
- Cost of open source
tools are tightly bundled
- networkd makes assumptions about how the system is run /var Assumptions that certain mounts and libraries exist Vendor for the operation system should integrate for you
- it doesn’t run on FreeBSD, Solaris SMF is not inherently portable either. Making it portable is a burden and it’s not a priority for Debian.
- benefits code is more minimal.

If you buy rel 7 (red hat) you should get systemd preconfigured

Nspawn now works on non systemd systems now but it’s not officially supported.

Inotify fix request - reload file from disk every 10 minutes.
- Notify sync
- Unix doesn’t have a transactional file system.
- Snapshot from dbus on disk is non trivial
Opinionated Syslog flaws, journal log say the earliest and everything is logged Consolek replaced by logind
Journal-remote Journal over http protocol., understands ssl
- Export to handle coredump (binary) plus json
- provides both push and pull based logging
- pull based in at times useful
Claims only 99% compatibility with old style fs Not sysvinit 100% compatibility