Wunschkonzert, Ponyhof und Abenteuerspielplatz

It has been a while since my last status update on systemd. Here's another short, incomprehensive status update on what we worked on for systemd since then.

Fedora F15 (Rawhide) now includes a split up /etc/init.d/rc.sysinit (Bill Nottingham). This allows us to keep only a minimal compatibility set of shell scripts around, and boot otherwise a system without any shell scripts at all. In fact, shell scripts during early boot are only used in exceptional cases, i.e. when you enabled autoswapping (bad idea anyway), when a full SELinux relabel is necessary, during the first boot after initialization, if you have static kernel modules to load (which are not configured via the systemd-native way to do that), if you boot from a read-only NFS server, or when you rely on LVM/RAID/Multipath. If nothing of this applies to you can easily disable these parts of early boot and save several seconds on boot. How to do this I will describe in a later blog story.
We have a fully C coded shutdown logic that kills all remaining processes, unmounts all remaining file systems, detaches all loop devices and DM volumes and does that in the right way to ensure that all these things are properly teared down even if they depend on each other in arbitrary ways. This is not only considerably faster then the traditional shell hackery for this, but also a lot safer, since we try to unmount/remount the remaining file systems with a little bit of brains. This feature is available via systemctl --force poweroff to the administrator. The --force controls whether the usual shutdown of all services is run or whether this is skipped and we immediately shall enter this final C shutdown logic. Using --force hence is a much safer replacement for the old /sbin/reboot -f and does not leave dirty file systems behind. (Thanks to Fabiano Fidencio has his colleagues from ProFUSION for this).
systemd now includes a minmalistic readahead implementation, based on fanotify(), fadvise() and mincore(). It supports btrfs defragmentation and both SSD and HDD disks. While the effect on boots that are anyway fast (such as most stuff involving SSD) is minimal, slower and older machines benefit from this more substantially.
We now control fsck and quota during early boot with a C tool that ensure maximum parallelization but properly implements the necessary high-level administration logic.
Every service, every user and every user session now gets its own cgroup in the 'cpu' hierarchy thus creating better fairness between the logged in users and their sessions.
We now provide /dev/log logging from early boot to late shutdown. If no syslog daemon is running the output is passed on to kmsg. As soon as a proper syslog daemon starts up the kmsg buffer is flushed to syslog, and hence we will have complete log coverage in syslog even for early boot.
systemctl kill was introduced, an easy command to send a signal to all processes of a service. Expect a blog story with more details about this shortly.
systemd gained the ability to load the SELinux policy if necessary, thus supporting non-initrd boots and initrd boots from the same binary with no duplicate work. This is in fact (and surprisingly) a first among Linux init systems.
We now initialize and set the system locale inside PID 1 to be inherited by all services and users.
systemd has native support for /etc/crypttab and can activate encrypted LUKS/dm-crypt disks both at boot-up and during runtime. A minimal password querying infrastructure is available, where multiple agents can be used to present the password to the user. During boot the password is queried either via Plymouth or directly on the console. If a system crypto disk is plugged in after boot you are queried for the password via a GNOME agent, or a wall(1) agent. Finally, while you run systemctl start (or a similar command) a minimal TTY password agent is available which asks you for passwords right-away if this is necessary. The password querying logic is very simple, additional agents can be implemented in a trivial amount of code (Yupp, KDE folks, you can add an agent for this, too). Note that the password querying logic in systemd is only for non-user passwords, i.e. passwords that have no relation to a specific user, but rather to specific hardware or system software. In future we hope to extend this so that this can be used to query the password of SSL certificates when Apache or other servers start.
We offer a minimal interface that external projects can use to extend the dependency graph systemd manages. In fact, the cryptsetup logic mentioned above is implemented via this 'plugin'-like system. Since we did not want to add code that deals with cryptographic disks into the systemd process itself we introduced this interface (after all cryptographic volumes are not an essential feature of a minimal OS, and unncessary on most embedded uses; also the future might bring us STC which might make this at least partially obsolete). Simply by dropping a generator binary into /lib/systemd/system-generators which should write out systemd unit files into a temporary directory third-party packages may extend the systemd dependency tree dynamically. This could be useful for example to automatically create a systemd service for each KVM machine or LXC container. With that in place those containers/machines could be managed and supervised with the same tools as the usual system services.
We integrated automatic clean-up of directories such as /tmp into the tmpfiles logic we already had in place that recreates files and directories on volatile file systems such as /var/run, /var/lock or /tmp.
We now always measure and write to the log files the system startup time we measured, broken up into how many time was spent on the kernel, the initrd and the initialization of userspace.
We now safely destroy all user session before going down. This is a feature long missing on Linux: since user processes were not killed until the very last moment the unhealthy situation that user code was running at a time where no other daemon was remaining was a normal part of shutdown.
systemd now understands an 'extreme' form of disabling a service: if you symlink a service name in /etc/systemd/system to /dev/null then systemd will mark it as masked and completely refuse starting it, regardless if this is requested manually or automaticallly. Normally it should be sufficient to simply call systemctl disable to disable a service which still allows manual activation but no automatic activation. Masking a service goes one step further.
There's now a simple condition syntax in places which allows skipping or enabling units depending on the existance of a file, whether a directory is empty or whether a kernel command line option is set.
In addition to normal shutdowns for reboot, halt or poweroff we now similarly support a kexec reboot, that reboots the machine without going though the BIOS code again.
We have bash completion support for systemctl. (Ran Benita)
Andrew Edmunds contributed basic support to boot Ubuntu with systemd.
Michael Biebl and Tollef Fog Heen have worked on the systemd integration into Debian to a level that it is now possible to boot a system without having the old initscripts packaged installed. For more details see the Debian Wiki. Michael even tested this integration on an Ubuntu Natty system and as it turns out this works almost equally well on Ubuntu already. If you are interesting in playing around with this, ping Michael.

And that's it for now. There's a lot of other stuff in the git commits, but most of it is smaller and I will it thus spare you.

We have come quite far in the last year. systemd is about a year old now, and we are now able to boot a system without legacy shell scripts remaining, something that appeared to be a task for the distant future.

All of this is available in systemd 13 and in F15/Rawhide as I type this. If you want to play around with this then consider installing Rawhide (it's fun!).

posted at: 04:30 | path: /projects | permanent link to this entry | 21 comments

Posted by Aaron Seigo at Fri Nov 19 05:13:28 2010
"Yupp, KDE folks, you can add an agent for this, too"

where is the documentation for the relevant API used to accomplish this?

Posted by alex at Fri Nov 19 06:22:18 2010
Lennart, what % of a boot time systemd is reducing in compare to a easy to read/manage sysV boot system?

I were trying to find the measurements, but never found any.

Posted by Anonymous at Fri Nov 19 07:36:44 2010
How easily could I disable the automatic cleaning of /tmp? I lost useful bits one too many times before I turned off cleaning of /tmp on all my systems. Plus, this seems like a good opportunity to find out how easily the built-in equivalents to init scripts allow configuration.

Posted by Michael at Fri Nov 19 08:20:46 2010
@Anoymous:
/etc/tmpfiles.d/systemd.conf contains (among others) those two lines:

d /tmp 1777 root root 10d
d /var/tmp 1777 root root 30d

Just comment them out and you're done.
For more info see http://0pointer.de/public/systemd-man/tmpfiles.d.html

Posted by Michael at Fri Nov 19 09:05:44 2010
>> In fact, shell scripts during early boot
>> are only used in exceptional cases

Why is LVM an "exceptional case"? It's the default to install Fedora on LVM after all. Would you say it is better to not use LVM or will there be better support for it in the future?

Posted by Dave Airlie at Fri Nov 19 09:49:06 2010
Hey Lennart, a lot of people use reboot -f when their system won't let them umount filesystems, like for when they've oopsed the kernel and want to remote reboot, so I hope you haven't actually removed proper forced reboot in favour of calling umounts which will just hang the system in the kernel if something has gone wrong in the storage subsystem.

Posted by bkor at Fri Nov 19 10:43:11 2010
Always nice to see the updates & new features of systemd.

Posted by Anon2 at Fri Nov 19 10:57:40 2010
Always nice to see how an originally nice idea morphs into a Swiss Army Knife software. Next step to shave off a few more milliseconds of a boot time is to move the systemd code into the kernel.

Posted by Jaroslav Reznik at Fri Nov 19 11:07:11 2010
From one of Fedora's KDE folks - is it really so difficult to ping us and ask for help supporting yours technologies that come to Fedora? Same as with Polkit... It's not easy to catch it then if we don't know what to support.

Thanks Aaron for comment. /me is going to look for documentation...

Posted by Vasilis Vasaitis at Fri Nov 19 13:09:24 2010
Great stuff! The only thing that comes to mind is, you guys should really make sure to provide detailed documentation for the user/administrator, in man/texinfo format (ideally both). One really good thing about the traditional shell-based boot system is that it's extremely self-documenting: even if I don't know anything about how a distribution has its boot system set up I can start reading inittab and take it from there. With systemd inevitably a lot of the boot process becomes much more opaque, so there should be plenty of documentation about what it does, in what order, how everything is configured/modified/disabled, etc etc.

Posted by Lennart at Fri Nov 19 16:05:57 2010
Aaron, systemd is actually documented very well, in fact much better than most projects, however this interface isn't so far. Feel free to ping me if you need details. I don't bite. If KDE hackers want to be involved, then involve yourself, don't always wait for us to ping you.

alex: I am pretty sure systemd is much easier to manage than sysv. I am booting in 14s now a fully equipped F15 with crypto and everything. With sysv it used to be something like 26s or so. But on purpose I don't give out numbers like this since they are not necessarily reproducible. The speed-up is bigger if you have a system which starts more stuff anyway. And the measurements are highly dependent on your hardware.

Anonymous: you can configure that easily in the files Michael suggested. Instead of disabling those lines I however recommend simply replacing the last word in those lines. If you write "-" instead of 10d then the automatic cleanup is disabled. Note however that you are most likely doing something wrong if you store files you don't want to lose in /tmp.

Michael: yes, I believe we should no longer install LVM by default. It slows down boot considerably and is still not updated to today's hotpluggable dynamic world. And for the majority of all folks (especially laptop people) it offers zero benefit. In fact, Fedora is the only distribution enabling LVM by default, and I believe we should stop doing that. With the advent of btrfs volume management will become much nicer and future-proof anyway.

Posted by Lennart at Fri Nov 19 16:11:58 2010
Dave: traditional 'reboot -f' continues to exist.

Jaroslav: see my comment to Aaron regarding KDE involvement. Please consider this blog story my ping to you. I am happy to provide you with any information you need and reference implementations. I'd even be willing to review any code you guys might come up with to check if it does what it is supposed to do.

Vasilis: systemd documentation for admins is actually pretty good, much better than what most projects have. Just check out the man pages: http://0pointer.de/public/systemd-man/

Posted by Lennart at Fri Nov 19 17:09:12 2010
Jaroslav, Aaron: wrote some documentation of the algorithm now for you: http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents -- Happy?

Posted by nate-m at Fri Nov 19 18:29:30 2010
"""Michael: yes, I believe we should no longer install LVM by default."""

When Btrfs gets up and going well then LVM will be redundant and inferior for most purposes. Hopefully it won't take long.

Then they can figure out how to integrate support for btrfs snapshots and volume management into systemd. :P

For example one of the more useful ways to use Btrfs is to create a new volume for each user. Then users can enable features like compression and encryption for their user. Also makes it useful for snapshotting users and applications.

And there is the btrfs plugin for yum for rolling back updates and such things.

Fun stuff. Lets hope it does not suck as much as LVM. :)

Posted by j at Fri Nov 19 19:16:18 2010
Is systemd only for sysv folks?

Posted by Lennart at Fri Nov 19 19:22:08 2010
j, uh? what do you mean by that? We (optionally) support SysV scripts as an alternative source of configuration. You can disable that at compile time even though most distributions will probably leave it enabled by default.

Some distros (Gentoo) have chosen to disable SysV support in systemd by default, since they historically actually did not use SysV scripts for bootup.

Posted by j at Fri Nov 19 20:09:48 2010
Sorry, I was under the impression it somehow relies on sysv. Read up on it in the meanwhile (the announcement post), please disregard.

Posted by nona at Sat Nov 20 05:31:56 2010
Can we use those password agents in early (initrd) boot?

I'm thinking cryptoroot. AFAICT, systemd isn't supposed to go into the initrd, and these new agents depend on systemd, so how is that going to work?

Posted by oiaohm at Sat Nov 20 09:39:02 2010
I am sorry but btrfs is not a replacement to Linux LVM. Yes the LVM support should be fixed up. http://en.wikipedia.org/wiki/Logical_volume_management

There are cases where LVM can come into its own when you have multi distributions on the same drive.

LVM can contain all types of partitions. btrfs downfall it's solution can only contain btrfs and cannot snapshot other partition types. Really LVM support in Linux kernel extended to handle windows LVM would be handy. So yes there could be a need for Multi OS installs for LVM support to work correctly. Not something that can be just turned off by them for speed.

The NFS read only one is also critical this is handy for secure diskless remote boot terminals where you want reset to return to a clean state.

Lennart you are making the same mistake as some of the design selections with pulseaudio and alsa. Simple fact NFS read only, LVM, RAID and so on exist in the old system so the new system need to support them or have a replacement that is better for the tasks they do.

If you want to deprecate LVM, NFS read only, RAID support please explain what there proper replacements is matching there function. BTRFS is not a proper replacement to LVM or RAID due to its limited Filesystem type support.

Posted by Diego at Sat Nov 20 10:43:44 2010
oiaohm: Eventually Btrfs should be able to export a btrfs subvolume as a block device, so you will be able to put a Ext4 filesystem on top of it - but anyway, systemd is not unsupporting LVM, Lennart only said it will not allow to have boots without scripts.

That said, deprecating LVM is just not going to happen, LVM is really powerful and provides features (like extending a filesystem to a new disk) that users can't live without. And the installer allows to install Fedora without LVM.

Posted by Lennart at Sat Nov 20 16:43:50 2010
nona, dracut handles passwords for crypt root already quite well. I see not need to replace that by our agent logic.

oiaohm: calm down. I am not suggesting to deprecate LVM. Just remove it from the default install.

Leave a Comment:

It should be obvious but in case it isn't: the opinions reflected here are my own. They are not the views of my employer, or Ronald McDonald, or anyone else.

Please note that I take the liberty to delete any comments posted here that I deem inappropriate, off-topic, or insulting. And I excercise this liberty quite agressively. So yes, if you comment here, I might censor you. If you don't want to be censored your are welcome to comment on your own blog instead.

レナート Wunschkonzert, Ponyhof und Abenteuerspielplatz ﻟﻴﻨﺎﺭﺕ

Fri, 19 Nov 2010

systemd Status Update