Wait, my init does what

A tour of systemd's lesser known features



Welcome to Container Linux by CoreOS 1353.7.0 (Ladybug)!

[  OK  ] Reached target Remote File Systems.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Starting flamewars.
[  OK  ] Assimilating distros.
[  OK  ] Reached target Presentation.

This is presentation (Linux x86_64 4.9.24-coreos)

presentation login:

Mascot (unofficial)

Thanks to Amanda Breard

About me

        $ whois euank
        
           Name: Euan Kemp
            Job: Software Dev @ CoreOS
        Webpage: euank.com
        Twitter: @wobscale

Container Linux & systemd

systemd is one of the most important parts of Container Linux

Important.. how?

By PID

#1

* yes, I know about sched

What is an init

The process the kernel starts first.


Responsibilities

  • Stay alive until shutdown
  • Launch any additional desired programs (e.g. networking, login console, etc)
  • Adopt orphans 😇
  • Reap children 😈

What else does an init often do?


  • start and stop commands for services
  • Monitor / restart services aka service supervision
  • A configuration format for creating new services definitions
  • Service dependencies
  • Start ttys on each console
  • Runlevels?
  • Mount filesystems

What does systemd do?

The controversy of systemd

2010

systemd

  • service supervision
  • socket activation
  • sysvinit compatible
  • dependency resolution 

[Unit]
Before=getty.target
After=basic.target
Conflicts=shutdown.target

[Service]
ExecStart=/sbin/mingetty %I
Type=simple
Restart=restart-always

2011

The journal

  • Replacement for syslog
  • Binary log format
  • Support for structured logging
tea party
tea party

2014

systemd sucks twitter

No developer in history has been treated so unfairly.

2017

Today

Devuan exists, there are still skeptics.
But overall, systemd is clearly succeeding (and just as clearly awesome).

systemd - the init daemon

socket activation

Start services 'on demand' by listening on their behalf and queueing requests.

services can't start slow if you don't start them meme

Replaces: inetd

systemd user instance

--user

Replaces: supervisord, etc

systemd - the init daemon

as pid > 1

Upstart or systemd

But seriously, systemd

systemctl

systemctl edit

systemctl --host

Kinda like: fleet, ssh, ansible, etc

systemd-run

Replaces: at, cron, screen

journald

remote

Overlaps: rsyslog, fluentd, etc

journal security

  • Authenticated fields (such as _PID, _UID)
  • Certificate auth for remote-upload
  • Forward Secure Sealing

creating the seal

						$ journalctl --setup-keys

coredumps

Replaces: abrt

Networking

networkd

systemd-networkd is a daemon for configuring network interfaces.

  • IPV6 support
  • Speaks LLDP
  • Handles bridges, macvlan, bonds, all that jazz
  • Includes a DHCP server (!)

Replaces: dhclient, brctl, lldpd, etc

timesyncd


It's an ntp client ¯\_(ツ)_/¯


Replaces: ntpd (client)

systemd the boot manager

Interacted with via bootctl

Is: gummiboot; Overlaps: rEFInd

Arguably, it's a sandwich

Running containers

Example: an nginx container

nspawn

Replaces: lxc

rkt

Plain Old Service Files

The systemd forkbomb

# /home/core/.config/user/user-loop.service
[Service]
Environment=XDG_RUNTIME_DIR=/home/core/.config
ExecStart=/usr/lib/systemd/systemd --user --unit=user-loop.service

$ export XDG_RUNTIME_DIR=/home/core/.config
$ sudo -E /usr/lib/systemd/systemd --user --unit=user-loop.service

The systemd forkbomb, II


SYSTEMD_PAGER="systemctl status" systemctl status

The direction of systemd

  • Making regular user's lives easier; improve the base system
  • Integrating well with containers
  • Portable services?

Thanks!


        Slides: https://wait-what.syste.md

       Twitter: @wobscale

Questions?