Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Init: then and now

Init: then and now

A story of starting systems up

Pierre-Yves Ritschard

November 07, 2017
Tweet

More Decks by Pierre-Yves Ritschard

Other Decks in Programming

Transcript

  1. Init: then and now
    A story of starting systems up
    1

    View Slide

  2. Grüß Gott
    Pierre-Yves Ritschard
    CTO & Co-founder at
    Unix since 96
    Open-Source developer at OpenBSD, Riemann, Collectd, and
    more
    @pyr
    Exoscale
    2 . 1

    View Slide

  3. Exoscale
    Infrastructure as a service
    Part of A1 Digital
    Zones in Frankfurt, Vienna, Zürich,
    Geneva
    3 . 1

    View Slide

  4. How do systems start?
    4 . 1

    View Slide

  5. The rmware
    5 . 1

    View Slide

  6. The rmware
    6 . 1

    View Slide

  7. The rmware
    Exposes BUS access
    Rudimentary way to communicate list devices
    Looks for a bootloader in on devices
    Usually very basic environment (sometimes 16-
    bit)
    7 . 1

    View Slide

  8. The bootloader
    8 . 1

    View Slide

  9. The bootloader
    9 . 1

    View Slide

  10. The bootloader
    An intermediate mini-OS
    Rudimentary le-system support
    Prepares environment to start
    kernel
    10 . 1

    View Slide

  11. The kernel
    11 . 1

    View Slide

  12. The kernel
    12 . 1

    View Slide

  13. The kernel
    Discovers devices on Buses
    Prepares environment to run process(es) using a common
    format
    Exposes standard facilities for programs:
    Abstracted I/O: open(2)
    Memory management: mmap(2), malloc(3)
    Process handling: fork(2), signal(2)
    Network abstractions: socket(2), bind(2), connect(2)
    13 . 1

    View Slide

  14. Init
    14 . 1

    View Slide

  15. Init
    First process started by the kernel
    Runs boot sequence
    Mounts lesystems
    Starts the network
    Starts essential subsystems: syslog, ntpd,
    cron
    Starts background daemons: ssh, smtpd
    Root of process tree
    15 . 1

    View Slide

  16. Multi-User mode
    16 . 1

    View Slide

  17. Multi-User mode
    17 . 1

    View Slide

  18. Multi-User mode
    All facilities up and
    running
    Ready to run user
    programs
    18 . 1

    View Slide

  19. Our focus today
    19 . 1

    View Slide

  20. A small detour: the process tree
    There is a process hierarchy in Unix
    The kernel runs only one user
    process
    20 . 1

    View Slide

  21. A small detour: the process tree
    21 . 1

    View Slide

  22. A small detour: the process tree
    22 . 1

    View Slide

  23. Init duties
    Mount lesystems, start
    everything
    Stay around to watch over
    hierarchy
    23 . 1

    View Slide

  24. Init resiliency
    What happens when init crashes?
    24 . 1

    View Slide

  25. Init resiliency
    25 . 1

    View Slide

  26. Init simpli ed
    How would you?
    Mount lesystems
    Start the network
    Start essential subsystems: syslog, ntpd,
    cron
    Start background daemons: ssh, smtpd
    26 . 1

    View Slide

  27. Standard Init
    swapon -a
    umount -a >/dev/null 2>&1
    mount -a -t nonfs
    . /etc/rc.conf
    sh /etc/netstart
    if [ X${rwhod} = X"YES" ]; then
    echo -n ' rwhod'; rwhod
    fi
    if [ X${lpd} = X"YES" ]; then
    echo -n ' printer'; lpd
    fi
    . /etc/rc.local
    27 . 1

    View Slide

  28. Standard Init
    #define _PATH_BSHELL "/bin/sh"
    #define _PATH_RUNCOM "/etc/rc"
    /* ... */
    execv(_PATH_BSHELL, argv);
    /* ... */
    28 . 1

    View Slide

  29. Init ow
    29 . 1

    View Slide

  30. Are we there?
    How does the system stop?
    How do I restart or stop
    services?
    30 . 1

    View Slide

  31. Stopping the system
    /etc/rc.shutdown
    31 . 1

    View Slide

  32. Stopping or restarting services
    Stop: pkill
    Restart: pkill -HUP

    32 . 1

    View Slide

  33. This isn't ideal
    It's hard to keep track of startup order
    Plenty of services didn't react well to standard
    signals
    No way to easily gather service status
    No way to ensure a critical service stays up
    This puts a lot on application packagers
    Especially on non-standardized systems
    Hello !
    33 . 1

    View Slide

  34. Case in point: daemons
    int
    daemon(void)
    {
    switch (fork()) {
    case -1:
    return (-1);
    case 0:
    break;
    default:
    _exit(0);
    }
    if (setsid() == -1)
    return (-1);
    (void)chdir("/");
    (void)close(STDIN_FILENO);
    (void)close(STDOUT_FILENO);
    (void)close(STDERR_FILENO);
    return (0);
    }
    34 . 1

    View Slide

  35. Case in point: daemons
    How do I know the child's PID?
    How do I keep track of service
    availability
    35 . 1

    View Slide

  36. Common things applications do
    36 . 1

    View Slide

  37. More things applications must do
    37 . 1

    View Slide

  38. A better world?
    38 . 1

    View Slide

  39. The init landscape
    System
    V
    Upstart
    SystemD
    39 . 1

    View Slide

  40. System V
    You all know it
    /etc/init.d/rc5.d/S99blargh
    Introduces runlevels
    Enforces the concept of service startup, status, and
    shutdown.
    inittab(5) to de ne runlevels as state transitions
    Still leaves much to be desired
    40 . 1

    View Slide

  41. Ubuntu Upstart
    Simple DSL
    Event based start on (net-device-up and local-
    filesystems)
    Support for environment, logging, and PID tracking
    41 . 1

    View Slide

  42. Ubuntu Upstart
    description "Warp agent"
    start on runlevel [2345]
    stop on runlevel [!2345]
    respawn
    respawn limit 5 60
    limit nofile 8192 8192
    pre-start script
    [ -x "/usr/sbin/warp-agent" ] || exit 0
    [ -r "/etc/warp/agent.json" ] || exit 0
    end script
    exec /usr/sbin/warp-agent /etc/warp/agent.json
    42 . 1

    View Slide

  43. Ubuntu Upstart
    43 . 1

    View Slide

  44. Ubuntu Upstart Drawbacks
    Very brittle job supervision
    Left the process in un xable states on a regular
    basis
    44 . 1

    View Slide

  45. SystemD
    DSL based
    Builds a dependency graph
    Support for environment, logging, PID tracking
    Opt-in support for resource constraints,
    rewalling
    45 . 1

    View Slide

  46. SystemD
    [Unit]
    Description="Warp agent"
    ConditionPathExists=/usr/sbin/warp-agent
    ConditionPathExists=/etc/warp/agent.json
    [Service]
    ExecStart=/usr/sbin/warp-agent /etc/warp/agent.json
    LimitNOFILE=8192
    [Install]
    WantedBy=multi-user.target
    46 . 1

    View Slide

  47. SystemD
    47 . 1

    View Slide

  48. SystemD drawbacks
    Hard to avoid heated discussions
    Wide scope means more room for error
    Mixed focus on desktop & servers can be off-puting for
    admins
    Heavily coupled to DBUS
    That giant, little-known attack vector on your system
    48 . 1

    View Slide

  49. Shepperd
    (define nginx
    (make
    #:provides '(nginx web-server)
    #:start (make-forkexec-constructor
    (list "nginx"))
    #:stop (make-kill-destructor)))
    (register-services nginx)
    49 . 1

    View Slide

  50. Plenty more
    Daemontools
    SMF
    OpenRC
    BSD rc.d
    runit
    50 . 1

    View Slide

  51. Plenty more
    http://blog.darknedgy.net/technology/2015/09/05/0/
    51 . 1

    View Slide

  52. Thanks!
    Questions?
    We're
    hiring!
    52 . 1

    View Slide