From: Steven McDonald Date: Sat, 13 Jun 2015 09:50:54 +0000 (+1000) Subject: Write a rant about systemd X-Git-Url: http://git.steven-mcdonald.id.au/?a=commitdiff_plain;h=15e201af91ab4aaab14baa175923f7163239a612;p=www.git Write a rant about systemd --- diff --git a/articles/index.shtml b/articles/index.shtml new file mode 100644 index 0000000..da3dfff --- /dev/null +++ b/articles/index.shtml @@ -0,0 +1,26 @@ + + + + + + + + + + + +
+ +

Articles

+ +

+Why I dislike systemd +

+ +
+ + + + + + diff --git a/articles/systemd.shtml b/articles/systemd.shtml new file mode 100644 index 0000000..7a35791 --- /dev/null +++ b/articles/systemd.shtml @@ -0,0 +1,408 @@ + + + + + + + + + + + + +
+ +

Why I dislike systemd

+ +

+As a Linux sysadmin in the 2010s, it's hard not to have an opinion on +systemd. But what I find baffling about it is how divisive it is; +nearly everyone (or at least the most vocal crowd) seems to either love +it or hate it. When I tell people that systemd was the catalyst for my +defection to OpenBSD last year, their usual reaction is to assume that +I am part of the "hate it" group. Nope. +

+ +

+In truth, systemd itself was a very small part of the reason I jumped +ship. Its introduction made me realise two important things. First, the +design problems with modern Linux run deeper than any one piece of +software, I just hadn't noticed until I had a fresh one to learn. +Second, and this is specific to Debian, the "universal operating +system" mantra is fundamentally flawed; you cannot support all use +cases when confronted with two alternatives that each function best +when adopted to the exclusion of all others. +

+ +

+But you didn't come here to read my life story. Back to systemd. +

+ +

+Let me be clear. systemd is not the work of the devil, it probably +doesn't contain any NSA backdoors, and it isn't the worst piece of +software the big Linux distributions are shipping by default. It does +address some real problems with Linux, and its approach does have its +merits. +

+ +

+It's often said that a half-truth is worse than a lie. In the case of +systemd, a half-improvement is worse than a complete flop. People are +focusing on the features they want to use and ignoring the ones that +will come back to bite them later. +

+ +

+No, my biggest problem with systemd is that it is repeating the +mistakes of System V all over again. It's just given them a change of +clothes to appeal to the 21st century. +

+ +

A bit of history

+ +

+In order to understand how we got here, we need to cast our minds (or, +for people under the age of 50 like myself, our imaginations) back to +the mid-1960s. Time-sharing operating systems were a new and innovative +concept, and many people still used batch processing as the established +method for getting things done. Many different organisations were +experimenting with many different approaches to time-sharing. One of +these was Multics. +

+ +

+Multics was the conceptual ancestor of all UNIX and UNIX-like systems. +The problems that made Multics a failure were not its core design +principles, but the design and implementation of its parts. This is +much more effectively communicated using a concrete example, from +a paper by Dennis Ritchie first presented in 1979. +

+ +
+

+The very convenient notation for IO redirection, using the `>’ and +`<‘ characters, was not present from the very beginning of the PDP-7 +Unix system, but it did appear quite early. Like much else in Unix, it +was inspired by an idea from Multics. Multics has a rather general IO +redirection mechanism embodying named IO streams that can be +dynamically redirected to various devices, files, and even through +special stream-processing modules. Even in the version of Multics we +were familiar with a decade ago, there existed a command that switched +subsequent output normally destined for the terminal to a file, and +another command to reattach output to the terminal. Where under Unix +one might say +

+ +
ls >xx
+ +

+to get a listing of the names of one’s files in xx, on Multics the +notation was +

+ +
iocall attach user_output file xx
+list
+iocall attach user_output syn user_i/o
+ +

+Even though this very clumsy sequence was used often during the Multics +days, and would have been utterly straightforward to integrate into the +Multics shell, the idea did not occur to us or anyone else at the time. +I speculate that the reason it did not was the sheer size of the +Multics project: the implementors of the IO system were at Bell Labs in +Murray Hill, while the shell was done at MIT. We didn’t consider making +changes to the shell (it was their program); correspondingly, the +keepers of the shell may not even have known of the usefulness, albeit +clumsiness, of iocall. (The 1969 Multics manual lists iocall as an +`author-maintained,’ that is non-standard, command.) Because both the +Unix IO system and its shell were under the exclusive control of +Thompson, when the right idea finally surfaced, it was a matter of an +hour or so to implement it. +

+
+ +

+What we have here is, fundamentally, a trade-off. Ritchie's speculation +on the reason for the trade-off aside, Multics tried to be everything +to everyone by providing the most general interface possible. As a +result, it was inefficient to develop and cumbersome to use. It got the +job done by making the 99% majority of use cases more difficult in +order to make the 1% minority simpler. This is a design pattern I think +is being repeated in systemd. +

+ +

+Most importantly for the point I'm making, an interface like iocall is +so obviously wrong to us because we have seen what a better +interface looks like. To the designers of Multics, it was a +perfectly reasonable approach to solving a very real problem. That is +not the same thing as being a good solution. +

+ +

The commercialisation of UNIX

+ +

+Fast-forward to the 1980s. AT&T wanted to commercialise UNIX, ended +the practice of distributing source code along with their binaries, and +began implementing features they thought would make their product sell. +The culmination of these efforts is the System V family of operating +systems, of which Linux is a member (albeit as a clone, not a direct +descendant). For the purposes of this discussion, I'll be referring to +System III as a member of the System V family, as the distinction isn't +too relevant. +

+ +

+One of the things System V inherited from Research UNIX was an init +that provided inflexible process monitoring, and invoked an +ever-growing shell script (/etc/rc) to perform service startup. Its +developers decided that the best way to tackle this problem was to +invent a new configuration language which would enable init to perform +more complex and customisable tasks, along with a way of allowing +vendors to drop in their own service startup routines and have them run +automatically at boot. +

+ +

+Sound familiar? It should. The fact that System V's init failed so +spectacularly at scaling to the problems of today, while modern BSD +systems continue to manage just fine by way of incremental improvements +to the pre-existing components, should serve as a lesson in itself. +

+ +

Introducing systemd

+ +

+Okay, enough with the history lesson already. You came here to read a +rant. So here it is. +

+ +

It shuffles complexity around

+ +

+A common point raised in favour of systemd is that its unit files are +"simpler" than init scripts. Superficially, this is true. What's really +going on, though, is that the complexity has been moved from the logic +into the language. +

+ +

+In stark contrast to Bourne shell, so many of systemd's unit directives +are highly specialised building blocks which aren't easily reusable. +This isn't necessarily a bad thing, except that because systemd units +aren't real programs, there's no way to escape to more basic primitives +as required. Inevitably, what this means is that more and more +directives will be added over time as more and more use cases are +discovered. +

+ +

+Don't believe me? Wait until 2025, and if the number of unit directives +hasn't at least tripled compared to today (and people aren't working +around their absence by invoking wrapper scripts from ExecStart), I'll +buy you a drink. Hint: At least one Debian package (memcached) is +already invoking a wrapper script from ExecStart. +

+ +

+If you start with complex logic in a simple language, you can always +simplify your implementation. If you start with simple logic in a +complex language, you're stuck with that complexity as soon as anyone +else starts using it. +

+ +

It babysits its users

+ +

+This complaint is far from unique to systemd, but is pandemic to a +disturbingly increasing number of programs, especially on Linux. Why is +systemctl edit even a thing? +

+ +

+No, you're just a user. You couldn't possibly manage +the job of invoking an editor on a configuration file without bricking +your computer, so here's a wrapper that does it for you. Oh, you edited +the file directly anyway? Here, let me helpfully tell you that +you should run systemctl daemon-reload, but perform the action +you requested using the old configuration anyway. +

+ +

+Speaking of which, why is systemctl daemon-reload even a +thing? When did filesystems become so uncool that not only are they +demoted to second-class citizens beneath some other primary source of +truth, but you don't even reload files when you know +they've been changed? +

+ +

+Now, I'm well aware that I'm giving an oversimplification of the issue +here. There are deeper design issues that make systemctl edit +quite different from opening an editor on a unit file, but my point is +that the user doesn't care. All they see is an overly +complex CLI that does little other than edit a file. However, this does +make a convenient segue into my next point... +

+ +

It takes the Multics approach to interoperability

+ +

+One of the fundamental differences between Multics and UNIX is the way +programs interact. Multics had programs that were developed +independently, and while they were each workable solutions that could +be made to complement each other when necessary, they were far from +efficient at doing so. UNIX turned this on its head, with one of its +most basic design principles to be to "write programs to work +together". +

+ +

+Now, systemd does rely heavily on D-Bus, and in doing so makes itself +controllable by other applications. You might consider that "working +together", but I see systemd as more akin to iocall than UNIX's shell +redirection; it provides facilities other programs can use without +integrating into their workflow. +

+ +

+The previous example is an ideal illustration of this. Using an editor +on unit files directly will work, but it's clumsy, and you need to +remember to invoke daemon-reload after you're done. Yes, it +works, but that's not the point. The point is that it's inefficient and +counterintuitive to edit unit files except through systemd's own +interfaces. That is not what I would call "working together". +

+ +

+I'll repeat what I said before, because it's important: To the +designers of Multics, it was a perfectly reasonable approach to solving +a very real problem. That is not the same thing as being a good +solution. +

+ +

It's unpredictable

+ +

+Log into a computer running systemd. Try to find the answer to "which +units are going to be started on next boot?". This is not quite the +same thing as "which units were started on this boot?", and because of +the complex dependency relationships between units, it's actually a +very difficult question to answer. This is bad if you're a +security-conscious sysadmin. +

+ +

+The failing of dependency-driven service initialisation is that it +works far better in theory than it does in practice. In theory, you +just have a directed graph of nodes, and you would like those depended +upon by default.target to start. In practice, that's not how systems +administration works. +

+ +

+As a sysadmin, when I reboot a system, I want to be able to ask "is foo +going to start up after a reboot?". I want to know, with reasonable +confidence, what the state of my system is going to be when it comes +onto the network. This is one area where sysvinit outperforms systemd +immeasurably. +

+ +

+And yes, you can avoid the whole issue just by masking any units you +don't want to start, but that's missing the point. Again, the point I'm +making isn't that it doesn't work, just that it doesn't work +efficiently. Your tools should make your job easier, not get in your +way. +

+ +

Its priorities are warped

+ +

+One of the "features" of systemd is that it allows you to boot a system +without needing a shell at all. This seems like such a senseless +manoeuvre that I can't help but think of it as a knee-jerk reaction to +the perception of Too Much Shell in sysv init scripts. +

+ +

+In exactly which universe is it reasonable to assume that you have a +running D-Bus service (or kdbus) and a filesystem containing unit +files, all the binaries they refer to, all the libraries they link +against, and all the configuration files any of them reference, but +that you lack that most ubiquitous of UNIX binaries, /bin/sh? +

+ +

+The use case often cited for this is managing services inside a +container. I don't see why the init on my desktop needs to be +complicated and restricted for the sake of a feature used by a minority +of people with specialised use cases. By all means, write a tool for +bootstrapping containers that doesn't rely on a shell, but don't +shoehorn that into a one-size-fits-all init. +

+ +

+What makes this especially annoying, though, is that systemd also +includes a dumbed-down shell-like parser to handle "EnvironmentFile"s +(which usually don't actually set environment variables when sourced +from a shell, but that's the way systemd's parser treats them). Also, +service units have a pseudo-shell syntax for argument lists. One +particularly bizarre feature that breaks expectations for users of +pretty much any other software is that $FOO is word-split into multiple +arguments, whereas ${FOO} isn't. +

+ +

+Is avoiding ever having to execute a binary really so useful in the +real world that these complications are justified? +

+ +

Conclusions

+ +

+I said it in my introduction, and I'll say it again: systemd's approach +has its merits. But its shortcomings are representative of a philosophy +that seems to be in fashion at the moment on Linux: ignoring history +and assuming we can do it better now, instead of familiarising +ourselves with historical mistakes and learning from them. +

+ +

+There is no one thing about it that makes it bad software, but taken as +a whole, I believe it creates more problems than it solves. Sadly, many +of those problems will take years to become apparent, by which time all +the major Linux distributions will have fully integrated it. That mess +will be left up to some poor soul in the 2040s to deal with, who will +hopefully learn from these mistakes and break the vicious cycle. +

+ +

+While this article was focused on systemd, it is really just one +example of an endemic trend on Linux, and across System V-family +systems in general. It's easy to look at an existing tool, identify its +deficiencies, write a replacement and label it as progress. It takes +considerably more skill to look at an existing tool, identify its +strong points, and modify it to work better. That is where Linux stands +to learn a lot from BSD. +

+ +

+If you think I'm full of shit, feel free to rant at me about it on +Twitter or something, but don't expect me to care. I've made my choice +to move to OpenBSD, and I couldn't care less whether systemd works well +for others or not. I'm simply documenting my experiences because I feel +there are important lessons to be learned which I'd rather not forget +about, and maybe others would like to read as well. +

+ +
+ + + + + + diff --git a/head.shtml b/head.shtml index 172d9c6..8daf3c2 100644 --- a/head.shtml +++ b/head.shtml @@ -1,7 +1,11 @@ - <!--#include virtual="/sitename.txt"--> + <!--#if expr="$pagetitle"--> + <!--#echo var="pagetitle"--> + <!--#else--> + <!--#include virtual="/sitename.txt"--> + <!--#endif--> diff --git a/navigation.shtml b/navigation.shtml index 9c85db5..35bd72b 100644 --- a/navigation.shtml +++ b/navigation.shtml @@ -3,6 +3,9 @@
  • Home
  • +
  • + Articles +
  • Projects
  • diff --git a/style.css b/style.css index 627c7bc..deeed4a 100644 --- a/style.css +++ b/style.css @@ -36,7 +36,7 @@ code h1 { - font-size: 1.6em; + font-size: 1.8em; font-weight: bold; } @@ -48,19 +48,19 @@ h2 h3 { - font-size: 1.4em; + font-size: 1.2em; font-weight: bold; } h4 { - font-size: 1.3em; + font-size: 1.1em; font-weight: bold; } h5 { - font-size: 1.2em; + font-size: 1.1em; font-weight: bold; }