[nurb]

"if you do an init system but still invoke all the shell scripts and all the other things needed to bring up the system, you’ve only solved part of the problem."

That's exactly what I think is wrong with systemd. If a script bring a speed issue on start up, it should fixed by optimizing the script, use/create another script language with parallelism and higher pref, or even turn it into a compiled program. This is not supposed to be the problem of the init system developper.

In fact the only purpose of an init system is to start executables in a defined order, not more.

This is going to be like X, a huge pile of unmaintainable code, and that's definitely not the UNIX philosophy.

[_delirium]

> In fact the only purpose of an init system is to start executables in a defined order, not more.

A good init system should also do process supervision and integrate with the OS's resource-management subsystem (on Linux, cgroups). You could do that with an even bigger pile of shell scripts, of course, and some Linux distros towards the end of the sysvinit era have been trying to. But at some point a giant tangle of shell scripts which are full of copy/paste boilerplate and frequent bugs starts to look like not the best solution.

It's not like systemd is the first system to come to that conclusion, either. Solaris dropped sysvinit 10 years ago, and OSX dropped its BSD-ish init in the same year. Earlier than that, djb also wrote an init replacement called daemontools, which was a bit of a step in that direction, though a smaller one. That got some uptake but was hampered by some of the oddities of being djbware (e.g. for years it was "license-free software", and it was only intermittently maintained).

[JdeBP]

> It's not like systemd is the first system to come to that conclusion, either. [...] Earlier than that, djb also wrote an init replacement called daemontools, [...]

daemontools gained svscan in 1998, and svscanboot in 2001. Years earlier, in AIX version 3.2 released in January 1992, IBM introduced its (then) new System Resource Controller. This was, and still is, a service manager that is spawned by the initial user process, that has the task of supervising daemon processes, bringing them up and down in response to administrative command, logging control activity, and notifying about failures to run.

You'll find things like the srcmstr process; the startsrc, stopsrc, and lssrc commands for starting, stopping, and listing services; the whole notion of signals to control daemons (SIGTERM, SIGNORM, SIGFORCE, et al.); entry 5.2.1 in the Usenet comp.mail.sendmail FAQ which talks about how fork-and-exit-the-main-process by Sendmail breaks service management; all of the "How do I get my too-clever-for-its-own-good daemon to work with this new service management system?" discussions in the mid-1990s; and IBM's documented advice from at least as early as 1995 on how to write daemons properly, achingly familiar.

One can look to mainframe and minicomputer operating systems before that, and also to Windows NT 3.1 which had the initial user process spawning the Service Control Manager, released in 1993. But in the narrow Unix+Linux worldview, credit should go to AIX for being the first operating system released where people had come to that conclusion, approaching a quarter of a century ago.

[lawl]

Process supervising is for process supervisors. Init's jobs is to be able to start a process supervisor.

[chousuke]

Okay. So, init starts the process supervisor. Then, the process supervisor starts everything else.

Then all of a sudden, something goes wrong and the process supervisor crashes. Init then inherits all the children, and has no clue what's going on with them, so your system is hosed.

What benefit is there to having the init be separate from the process supervisor?

EDIT: let me just expand on this a bit... Monit and other process supervisors do more than just manage the lifecycle of a process; they can run various checks to ensure that a service actually works. Systemd's process supervision is limited to knowing the current state of the process (running, stopped by admin, failed to start, constantly crashing, or optionally: not responding to watchdog), so systemd in no way makes monitoring daemons redundant.

When the traditional sysvinit starts and stops processes, it actually has no clue what it's doing and thus init scripts need to rely on PID files and other hacks to provide basic functionality.

I would like to know why you think that the process that starts and stops processes should not be interested in whether the processes are actually running or not.

[jude-]

> When the traditional sysvinit starts and stops processes, it actually has no clue what it's doing and thus init scripts need to rely on PID files and other hacks to provide basic functionality.

Tooting my own horn here, but I wrote a filesystem called runfs that specifically addresses this. A service writes a PID file to runfs, and runfs automatically removes it once the process dies.

Code: https://github.com/jcnelson/runfs

[lawl]

Now you have the process supervisor in your init. What happens if your supervisor crashes now?

So obviously that's not a good idea.

Additionaly it bears the problem that you can't upgrade your process supervisor without rebooting.

So what benefits does it actually provide?

[chousuke]

Your second statement misses the point. Your process supervisor can be ultimately stable and never crash, but if it does crash, it's just as fatal as init crashing.

systemd PID 1 won't be rendered prone to crashing just because it contains more than trivial amounts of code. If that were the case, then surely the Linux kernel would be crashing every fifteen minutes, considering how much code it contains.

As far as I'm aware, the only component that can screw up systemd is dbus, and since the relevant parts are moving into the kernel, you won't just be able to hose your system by killing the dbus daemon accidentally.

I have yet to see an argument for process supervision functionality not existing in PID 1, besides simply stating that it must be so. Meanwhile, an init which is guaranteed to know whether the processes it starts (or stops!) are actually running is able to behave much more intelligently than scripts sending signals to PIDs that hopefully correspond to the correct process.

[makomk]

No, your process supervisor crashing won't be as fatal as init crashing, because init crashing is an instant kernel panic under Linux. Also, very few projects are as robust as the Linux kernel or have development practices that are as good, and systemd is unlikely to be one of them.

[ledbettj]

You can restart systemd on the fly with `systemctl daemon-reexec`.

[sitkack]

Both of you are really close to agreeing ...

[_delirium]

Are there any examples of a process supervisor that isn't also intended to replace the traditional init system? Even systems less ambitious than SMF/launchd/systemd, like daemontools and runit, aim to replace sysvinit, because otherwise you'd have to specify twice, in different ways, how each service should start and stop (though it's possible to set up configurations where that works).

[makomk]

At the moment I'm using OpenRC which does exactly that on top of sysvinit, as are most Gentoo users. You don't have to specify everything twice because init never actually knew how to start and stop services in the first place - with a traditional sysvinit configuration that was all handled by scripts that it started, and OpenRC replaces those scripts.

[the_why_of_y]

sysvinit does have built-in service management via inittab(5); unfortunately it is so primitive that in practice it is only used to spawn getty(8).

[JdeBP]

> unfortunately it is so primitive that in practice it is only used to spawn getty(8).

The AIX System Resource Controller is spawned by a record in /etc/inittab. (AIX actually comes with utilities for maintaining /etc/inittab such as mkitab.) So too is svscanboot in daemontools 0.75 and later. Gerrit Pape is currently having problems with the Debian package for running runit, precisely because runit has for some years been run from /etc/inittab in some configurations and in Debian 8 it is suddenly no longer a file whose existence is always guaranteed because it is part of an "essential" package. There are some other packages in Debian 7 that have undocumented dependencies from the existence of an /etc/inittab file, because they too read/write it for their own purposes. I have yet to verify whether they've been fixed for Debian 8.

Don't think for one second that in the second decade of the 21st century people only ever use /etc/inittab for getty. (-:

This is one of the quieter on-going problems for Debian 8. It switches one to using systemd, because that's the Debian 8 default; but there's no upgrade path or compatibility mechanism for /etc/inittab. Every few months, another "I was (unknowingly) using /etc/inittab; I upgraded; it broke." person seems to pop up.

[Wilya]

Supervisor, god, monit, circus, etc.

And even though it can handle both init and process supervision, runit has a clear separation between the two tasks. The "runit" program handles init tasks. The "runsvdir" program handle process supervision. And each one is completely functional without the other.

[digi_owl]

I wonder how much reduced the grief would be if systemd could run on top of another init process as just a supervisor (similar to how daemontools work, and runit can work).

but then the argument is that systemd needs to be init to properly manage the cgroups etc.

[JdeBP]

> Are there any examples of a process supervisor that isn't also intended to replace the traditional init system?

Yes. You are conflating System 5 init and System 5 rc.

The IBM AIX srcmstr program is intended to be run by init, not to replace it. ("The SRC is operationally independent of the init command." - http://www-01.ibm.com/support/knowledgecenter/ssw_aix_61/com... "You can also start the SRC from the command line, a profile, or a shell script, but there are several reasons for starting it during initialization" - http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com...)

Gerrit Pape's runit has "runit" (exec()ed from "runit-init") as a system manager running as process #1 doing the system management tasks that only process #1 can do, and "runsvdir" as a service manager that runs as some other process.

Daniel J. Bernstein's daemontools, Adam Sampson's freedt, and Bruce Guenter's daemontools-encore do not, strictly speaking (and pace Paul Jarc's patches), have a program for running as process #1. They all have "svscanboot", which is to be spawned by process #1 and which runs "svscan" as a service manager.

Laurent Bercot's s6 does not have a program for running as process #1. Its "s6-svscan" is a service manager, usually run as some other process. And its "s6-svscanboot" sample program is analogous to "svscanboot". It comes with examples for writing one's own program to run as process #1, but "s6 cannot provide live examples without becoming system-specific" (http://skarnet.org./software/s6/s6-svscan-1.html).

Wayne Marshall's perp has "perpd" as the service manager. This can be started by "perpboot", which (like "svscanboot") is spawned by process #1 rather than run as process #1. There's no program in the package for doing process #1 tasks.

nosh has a program for process #1, "system-manager", and a program that runs in another process to do service management, "service-manager".

All of these aim at replacing System 5 rc. Only two in fact offer in-the-box replacements for System 5 init. Do not conflate rc and init. The person that you were replying to was wrong; hence the basis for your question was wrong. Learn from "system-manager"'s manual page, "runit"'s manual page, what Paul Jarc found when he experimented with running svscan as process #1, and indeed "systemd"'s manual page to an extent. "init's job" is more than "starting a process supervisor".

[astine]

Then the process supervisor can then launch your processes. But then all init is doing is launching your process supervisor. We can just drop a step by providing the process supervisor executable to the kernel. There is no need for init anymore.

[JdeBP]

> But then all init is doing is launching your process supervisor.

This "all init does/needs to do" notion is oft-repeated, but it is oft-repeated rubbish. It is a notion commonly held by people who have never actually written a process #1 program that functions in production systems; because experience (as I can attest) teaches otherwise. There are, in fact, several things that various operating system kernels and other programs demand of process #1 that one simply cannot escape. People think that fork()ing things and acting as the parent of orphaned processes is the prime function. Ironically, dealing with orphaned processes is (with recent Linux kernels) a part the system that one can largely factor out of process #1 into other processes, whilst the things that people usually forget in their off-the-top-of-the-head designs for init (such as handling SIGINT, SIGPWR, SIGWINCH, and so forth sent from the kernel and enacting the various system state change requests) are the parts that one cannot. To see what one actually has no choice but to do in process #1 programs, look at the overlaps in the operation of Gerrit Pape's runit, Felix von Leitner's minit, and the system-manager program from the nosh package. There are several things for a /system manager/ to do when there's a separate /service manager/.

[elwin]

> In fact the only purpose of an init system is to start executables in a defined order, not more.

That's where the disagreement lies. I see the purpose of an init system as being to transition the machine from one state to another. Sometimes this means starting executables. Sometimes it means stopping them. Sometimes it involves more complicated tasks.

> This is going to be like X, a huge pile of unmaintainable code

That is exactly my opinion of the shell scripts that previously handled networking.

[sethrin]

Yes, "init" is a bit of a misnomer, given that it also handles shutdown/runlevel transitions. I see the big difference here as being between the people who think that the job of the OS is to provide a simple base for executing user-defined scripts, and well, everyone else. I think that an appropriate analogy would be handcrafted goods versus mass production. Linux has been transformed into a wide variety of products at various times, and while I don't think the init scripts played a very large role in any of that, the idea that the OS is what you choose to turn it into does have strong credence in this community.

The other side of the debate, I think, are the people who feel like a collection of init scripts should be refactored somehow, and mostly this seems to involve rewriting things in C, adding dependency annotations to init files, and implementing support for cgroups. At least that's what OpenRC has been doing. Systemd unit files go a step further, but it's a good step in my opinion. Anything that any two scripts do should be refactored into a common method or library, and hopefully that process leaves very little for the init script or unit file to do.

It doesn't matter to me personally whether this stuff gets done in Bash or C; I can't really maintain either. I could probably write a unit file if I had to. I understand there are lots of people who have put lots of time into writing Bash scripts. Some sysadmins may even think that their job is to write scripts. These people should continue to write all the scripts that they want, because Linux is all about that, but maybe they should also let other people write a decent plumbing layer for Linux, because modern OSes are all about that.