Post Syndicated from Lennart Poettering original https://0pointer.net/blog/projects/systemd-update-2.html
It has been a
while since my last status update on systemd. Here’s another short,
incomprehensive status update on what we worked on for systemd since then.
- Fedora F15 (Rawhide) now includes a split up
/etc/init.d/rc.sysinit (Bill Nottingham). This allows us to keep only
a minimal compatibility set of shell scripts around, and boot otherwise a
system without any shell scripts at all. In fact, shell scripts during early
boot are only used in exceptional cases, i.e. when you enabled autoswapping
(bad idea anyway), when a full SELinux relabel is necessary, during the first
boot after initialization, if you have static kernel modules to load (which are
not configured via the systemd-native way to do that), if you boot from a
read-only NFS server, or when you rely on LVM/RAID/Multipath. If nothing of
this applies to you can easily disable these parts of early boot and
save several seconds on boot. How to do this I will describe in a later blog
story. - We have a fully C coded shutdown logic that kills all remaining processes,
unmounts all remaining file systems, detaches all loop devices and DM volumes
and does that in the right way to ensure that all these things are properly
teared down even if they depend on each other in arbitrary ways. This is not
only considerably faster then the traditional shell hackery for this, but also
a lot safer, since we try to unmount/remount the remaining file systems with a
little bit of brains. This feature is available via systemctl --force
poweroff to the administrator. The --force controls whether the
usual shutdown of all services is run or whether this is skipped and we
immediately shall enter this final C shutdown logic. Using --force
hence is a much safer replacement for the old /sbin/reboot -f and does
not leave dirty file systems behind. (Thanks to Fabiano Fidencio has his
colleagues from ProFUSION for this). - systemd now includes a minmalistic readahead implementation, based on
fanotify(), fadvise() and mincore(). It supports btrfs defragmentation and both
SSD and HDD disks. While the effect on boots that are anyway fast (such as most
stuff involving SSD) is minimal, slower and older machines benefit from this
more substantially. - We now control fsck and quota during early boot with a C tool that ensure
maximum parallelization but properly implements the necessary high-level
administration logic. - Every service, every user and every user session now gets its own cgroup in
the ‘cpu’ hierarchy thus creating better fairness between the logged in users
and their sessions. - We now provide /dev/log logging from early boot to late shutdown.
If no syslog daemon is running the output is passed on to kmsg. As soon as a
proper syslog daemon starts up the kmsg buffer is flushed to syslog, and hence
we will have complete log coverage in syslog even for early boot. - systemctl kill was introduced, an easy command to send a signal to
all processes of a service. Expect a blog story with more details about this
shortly. - systemd gained the ability to load the SELinux policy if necessary, thus
supporting non-initrd boots and initrd boots from the same binary with no
duplicate work. This is in fact (and surprisingly) a first among Linux init
systems. - We now initialize and set the system locale inside PID 1 to be inherited by
all services and users. - systemd has native support for /etc/crypttab and can activate
encrypted LUKS/dm-crypt disks both at boot-up and during runtime. A minimal
password querying infrastructure is available, where multiple agents can be
used to present the password to the user. During boot the password is queried
either via Plymouth or directly on the console. If a system crypto disk is
plugged in after boot you are queried for the password via a GNOME agent, or a
wall(1) agent. Finally, while you run systemctl start (or a similar
command) a minimal TTY password agent is available which asks you for passwords
right-away if this is necessary. The password querying logic is very simple,
additional agents can be implemented in a trivial amount of code (Yupp, KDE folks, you
can add an agent for this, too). Note that the password querying logic in
systemd is only for non-user passwords, i.e. passwords that have no relation to
a specific user, but rather to specific hardware or system software. In future
we hope to extend this so that this can be used to query the password of SSL
certificates when Apache or other servers start. - We offer a minimal interface that external projects can use to extend the
dependency graph systemd manages. In fact, the cryptsetup logic mentioned above
is implemented via this ‘plugin’-like system. Since we did not want to add code
that deals with cryptographic disks into the systemd process itself we
introduced this interface (after all cryptographic volumes are not an essential
feature of a minimal OS, and unncessary on most embedded uses; also the future
might bring us STC which might make this at least partially obsolete). Simply
by dropping a generator binary into
/lib/systemd/system-generators which should write out systemd unit
files into a temporary directory third-party packages may extend the systemd
dependency tree dynamically. This could be useful for example to automatically
create a systemd service for each KVM machine or LXC container. With that in
place those containers/machines could be managed and supervised with the same
tools as the usual system services. - We integrated automatic clean-up of directories such as /tmp into
the tmpfiles logic we already had in place that recreates files and
directories on volatile file systems such as /var/run,
/var/lock or /tmp. - We now always measure and write to the log files the system startup time we
measured, broken up into how many time was spent on the kernel, the initrd and
the initialization of userspace. - We now safely destroy all user session before going down. This is a feature
long missing on Linux: since user processes were not killed until the very last
moment the unhealthy situation that user code was running at a time where no
other daemon was remaining was a normal part of shutdown. - systemd now understands an ‘extreme’ form of disabling a service: if you
symlink a service name in /etc/systemd/system to /dev/null
then systemd will mark it as masked and completely refuse starting it,
regardless if this is requested manually or automaticallly. Normally it should
be sufficient to simply call systemctl disable to disable a service
which still allows manual activation but no automatic activation. Masking a
service goes one step further. - There’s now a simple condition syntax in places which allows
skipping or enabling units depending on the existance of a file, whether a
directory is empty or whether a kernel command line option is set. - In addition to normal shutdowns for reboot, halt or poweroff we now
similarly support a kexec reboot, that reboots the machine without going though
the BIOS code again. - We have bash completion support for systemctl. (Ran Benita)
- Andrew Edmunds contributed basic support to boot Ubuntu with systemd.
- Michael Biebl and Tollef Fog Heen have worked on the systemd integration
into Debian to a level that it is now possible to boot a system without having
the old initscripts packaged installed. For more details see the Debian Wiki. Michael even
tested this integration on an Ubuntu Natty system and as it turns out this
works almost equally well on Ubuntu already. If you are interesting in playing
around with this, ping Michael.
And that’s it for now. There’s a lot of other stuff in the git commits, but
most of it is smaller and I will it thus spare you.
We have come quite far in the last year. systemd is about a year old now,
and we are now able to boot a system without legacy shell scripts remaining,
something that appeared to be a task for the distant future.
All of this is available in systemd 13 and in F15/Rawhide as I type
this. If you want to play around with this then consider installing Rawhide
(it’s fun!).