| ▲ | Runit Linux: Complete Guide to Unix Init Scheme with Service Supervision(codelucky.com) |
| 62 points by smartmic 6 days ago | 35 comments |
| |
|
| ▲ | goku12 4 minutes ago | parent | next [-] |
| I'm sure that anyone who likes to hack their systems will surely appreciate runit. But I wonder if the larger crowd is familiar with the philosophy and ecosystem behind runit that makes it such a pleasure to work with. Runit is a member of a family of supervision suites known as the daemontools family. daemontools [1] is a process supervision suite that Daniel J Bernstein released in 1997, and is still in use today. The daemontools family is the exact opposite of what we've come to expect from an init or process supervision system. It pioneered an approach that eschews large complex monolithic daemons in favor of the unix philosophy. They're made of numerous small and simple applications - a few dozen sometimes. Unlike the traditional init systems that most of us prudently stay away from (other than writing their service configurations), these applications are very easy to understand and tinker with independently. They have a coreutils feel - you can easily find other uses for them and mix and match them freely (because they're all very specialized). Sometimes it feels like they designed the utility suite first and then designed a supervision/init suite around it. It isn't just easy to setup a service hierarchy with it. The applications are so small and simple that implementing the suite yourself isn't a big stretch either. The way they set up an init system or supervision tree is out of scope here. The blog post "Celebrating Daemontools" [2] by G.D. Ritter is the best description I could find. Instead, let's focus on the individual applications. Simplicity is a virtue in engineering. These tools try to get away with as little work as possible. For example, there is no complex config language, API or wire-format. Instead, these tools communicate the intent (config or commands) and the state of the service tree using the filesystem. Its API is a tree of directories, files, symlinks and FIFOs called a 'scan directory' - somewhat reminiscent of the /sys and /proc directories. Each service is started, monitored and restarted upon crash by a very small and stable daemon that takes its instructions from a sub-directory of the scan directory (a service directory). The files inside these sub-directories are arbitrary executables (scripts/binaries) or others that either contain a single value or are completely empty (the file itself is the data). They religiously avoid parsing. Another trick they use heavily is 'chain loading' of applications (a.k.a 'Bernstein loading'). Here, one application 'execs' into another application, with the latter completely replacing the former in memory. This is used to, for example, set the environment variables (from files - one per variable) before execing into the required service. Sometimes, these chains are several commands long. There is even a scripting language called execline [3] that works entirely by chain loading. Unlike traditional scripting languages, the shell/interpreter doesn't stay resident in memory and babysit the child processes. It (execlineb) does some very simple initial processing and then completely exits the scene. The rest of the execution is a bunch commands invoking others using traditional syscalls. Writing execline scripts takes some getting used to, but it's very nifty afterwards. They use these simple techniques to do everything including parallel service initialization with dependencies, setting up envvars, gid, uid, resource limits, logging and even socket activation. They are super light and extremely fast. They have such straightforward interfaces that composing systems with tools from different suites is also possible. Though I haven't seen it in practice yet, starting and managing containers (like systemd-nspawn) should be trivial to achieve. These suites grow on you once you start using them and remind you what could have been. They really show you that something as complex as init systems and process supervision doesn't require prodigious talent or the resources of MNCs. You just need to stick to the fundamentals. Finally, some other members of this family that deserves some mention. Bruce Guenter's daemontools-encore [4] expands on daemontools with backwards-compatible changes including extra service states (besides just up and down). And then there are Gerrit Pape's Runit [5], Laurent Bercot's s6 [6] and Jonathan de Boyne Pollard's nosh [7]. These three can run as init systems on Linux and BSDs. Nosh features a systemd and upstart shim layer to make it feel familiar to the users of those software. Nosh also has utils that convert systemd service files and upstart scripts to its native service bundles. [1] http://cr.yp.to/daemontools.html [2] https://journal.infinitenegativeutility.com/celebrating-daem... [3] http://skarnet.org/software/execline/ [4] http://untroubled.org/daemontools-encore/ [5] http://smarden.org/runit [6] http://skarnet.org/software/s6/ [7] https://jdebp.uk/Softwares/nosh/ [8] https://jdebp.uk/FGA/daemontools-family.html |
|
| ▲ | nine_k 9 hours ago | parent | prev | next [-] |
| It's looks absurdly simple, but works very well. (Speaking as a long-term Void Linux user.) Configuring a new service is also trivially simple. Dependencies sort of can be handled: you can start (or stop) another service from within your service; runit will retry if your service fails to start due to a dependency not yet running. |
| |
| ▲ | gyulai 9 hours ago | parent [-] | | I'm a huge fan of Void as well. Surprised it didn't get a mention in the article. I didn't even realize that runit had an existence outside of Void. | | |
| ▲ | shevy-java 7 hours ago | parent | next [-] | | I've had various issues installing Void so I succumbed to Manjaro, which works surprisingly well. I have noticed in general that many non-systemd distributions work less well over time for some reason. Slackware is the best example - one release per decade means it is factually dead, but even trying more modern variants simply no longer works as it once used to work. At the same time there is less and less adapted documentation to be found. It seems the non-systemd distributions not only declined in absolute numbers but also in regards to manpower and time investment. MX Linux also lags behind updating versions of numers programs: https://distrowatch.com/table.php?distribution=mx - it has gotten a bit better after libretto, but it still lags behind compared to e. g. Fedora. | | |
| ▲ | gyulai 6 hours ago | parent | next [-] | | The thing where Void really stands out in my opinion is "hackability" and providing an inviting on-ramp for making certain kinds of customizations that would be intimidating in terms of their complexity in other distros. -- I don't use it as a daily-driver desktop. For example, I have a chroot'able tarball providing all dependencies for all software I write that runs on a server. I build that tarball myself from source in an airgapped environment. (I had been doing something like this, minus the airgapping, with Gentoo from about 2012 until 2024). I looked for a replacement for Gentoo in 2024 and landed on Void. Most of the time when I do a build, I just pull the latest commit from the repo, and it "just works", even though Void is not even advertising itself as a source-based distro. Sometimes it breaks because of the distro itself (just like Gentoo used to). But, with Void it has always been so much easier to diagnose and fix issues, and the project is also quite inviting to merging such fixes. With Gentoo, it had always been quite painful to deal with the layers of complexity pertaining to Gentoo itself, rather than any package that has decided to break. Void, on the other hand, has managed to avoid such extra complexity. Lately, I've started to play around with Void's tool for creating the live installer ISO. It's quite malleable and can easily be repurposed for building minimalist live/stateless environments for pretty much any purpose. I'm using that to create VM guests to isolate some contexts for security-purposes like a "poor man's Qubes OS" kind of thing. | |
| ▲ | prmoustache 2 hours ago | parent | prev | next [-] | | > Slackware is the best example - one release per decade means it is factually dead, In slackware's case it just means most users have switched to the rolling release model of the -current branch really. | |
| ▲ | t43562 3 hours ago | parent | prev | next [-] | | Artix is great IMO. You can choose your init system. It's not for your grandmother perhaps. It's a rolling distro like Manjaro and I think it generally benefits from the Arch ecosystem. I only really notice it getting better since I've been using it for the last 3-4 years. The change to using pipewire for sound was unpleasant and the one other major problem I had was Chromium breaking Signal for a time. Everything else has been happiness. | |
| ▲ | enriquto 2 hours ago | parent | prev [-] | | > Slackware is the best example - one release per decade means it is factually dead As a daily user of slack I find your statement quite interesting. If you run "-current", all your programs are up to date, and you get new releases much sooner than any debian variant. | | |
| ▲ | jmclnx an hour ago | parent [-] | | First on-topic, you can use runnit on Slackware:
https://slackbuilds.org/repository/15.0/system/runit/ Now another point of view :) As a Slackware I stick with release because it is extremely stable and my main System (Thinkpad W541) works fast as most modern systems with 16G mem and 8 CPUs. If I ever got a brand new system (doubtful), I would use current until the next release. Also, I like the fact I do not have to install patches every other day. Plus PV keeps the applications I use most up to date in Release. That is the good thing about Slackware, you have current for the adventitious and release for people like me. And both you admin the exact same way. FWIW, I use regular Window Managers as opposed to desktops and my main programs are Emacs (latest version), vim (close to the latest), Firefox (latest), mutt, tin, irssi and some games that come with KDE. |
|
| |
| ▲ | blueflow 6 hours ago | parent | prev [-] | | Gitlab also uses runit for service supervision. |
|
|
|
| ▲ | msarnoff 7 hours ago | parent | prev | next [-] |
| I've done small embedded Linux systems and it makes me so happy that there is a (mostly) compatible implementation built into busybox. svlogd's rotation and size capping makes it great when using limited-lifespan nonvolatile storage like eMMC. |
| |
| ▲ | fullstop an hour ago | parent [-] | | I do the same thing, although as "embedded" systems get bigger I've moved some things over to systemd. It's a little complicated to set up if your root file system is read-only, since runit really wants to write to the disk, and you must set up symlinks pointing to tmpfs. |
|
|
| ▲ | devsda 5 hours ago | parent | prev | next [-] |
| I know some people frown on having multiple processes within a container but there are scenarios where it is needed. I've used both openrc and runit for that purpose and runit has been the simplest to setup and use. |
|
| ▲ | virajk_31 4 hours ago | parent | prev | next [-] |
| I am here to enjoy systemd vs alternatives comments...haha |
|
| ▲ | doubletwoyou 7 hours ago | parent | prev | next [-] |
| goodness that’s a lot of ads this is probably one of the most promising candidates for an init system aside from systemd, right? I know openrc is still having trouble with parallel startups as a result of its design which is almost a must at this point. s6 is in the works from what I hear, but not configurable via simple config files yet. |
| |
| ▲ | rendaw an hour ago | parent | next [-] | | I made https://github.com/andrewbaxter/puteron/ ! It's more similar to systemd in that it has a dependency graph, but I think it's simpler to use and better aligned with typical use cases. I haven't used it as a full init system though, only on top of systemd (same as I've seen runit used). | |
| ▲ | shevy-java 7 hours ago | parent | prev | next [-] | | Systemd isn't merely an init system though, so I always find these comparisons unfair. They should focus on one simple and good alternative to the startup-functionality for non-systemd infected systems though. Void has one advantage: they have many clever people, a bit like how Arch used to be before they succumbed to systemd (today's arch is different from when Judd was in charge). | |
| ▲ | rahen 6 hours ago | parent | prev | next [-] | | The best challenger to systemd in terms of feature parity is probably dinit: https://davmac.org/projects/dinit/ Have a look at Chimera Linux if you want to give it a try:
https://chimera-linux.org/ runit, s6, and OpenRC don't have the downsides of systemd, but they also only cover a subset of its features | |
| ▲ | t43562 4 hours ago | parent | prev [-] | | dinit is, imo, the one I'd pick. It's focused but it has dependencies and the services are defined by a DSL rather than startup scripts. Having said that, I haven't used runit and from the look of it, it's a big improvement over SystemV at the very least. |
|
|
| ▲ | udev4096 8 hours ago | parent | prev [-] |
| systemd scales. I love small init systems but systemd is just so convenient. It handles daemon process, encryption with cryptsetup, boot process (systemd-boot), hardening options you can define on unit files, good support for nested containerization etc. It's deeply entrenched in every major distro that it's impossible to administer a linux system without it |
| |
| ▲ | blueflow a minute ago | parent | next [-] | | Do you happen to use Arch Linux? | |
| ▲ | rahen 7 hours ago | parent | prev | next [-] | | The article and discussion are about runit, why bring systemd into it? Diversity in solutions is a good thing, there’s no need to feel threatened by that. | | |
| ▲ | fullstop an hour ago | parent | next [-] | | I'm okay with it for comparison's sake. As a long-time runit user, systemd does far better with sequencing things. With runit you have to have a check executable, and then run
'sv check servicename' in the start script of the service which depends on another. | |
| ▲ | udev4096 3 hours ago | parent | prev [-] | | Least sane systemd hater, try using runit or sysvinit on a production system and come back crying when your runit bash scripts fail all the time | | |
| ▲ | DaSHacka 3 hours ago | parent [-] | | You never addressed GP's point... This is just a thread about runit, what good is bringing tribal console-war like arguments about systemd to it? |
|
| |
| ▲ | shevy-java 7 hours ago | parent | prev | next [-] | | Well - the systems presented here are about the init part, not anything else. Systemd includes more functionality than merely init-stuff, so any comparison here was always biased and unfair. If you compare 5_000 lines of code to 500_000 lines of code, the comparison won't work. Systemd assembled numerous things (weed-collection via systemd-homie, for the home setup and I think you can also accidentally delete your home directory, with the systemd devs claiming this is a feature). None of those "features" listed is what I consider needed or necessary. All daemon-startup I already did via ruby as wrapper over the underlying system. For a campus site with many computers, systemd simplified managing them. I don't really see the same benefit for people who know more about computer systems at home - all the complexity is a trade-off with regard to having to learn, understand and apply what systemd brings to the table. "It's deeply entrenched in every major distro that it's impossible to administer a linux system without it" That's a non-sequitur, aka an after-the-fact claim made. Not every distribution transitioned into forcing systemd onto everyone - granted, the majority did, but you can find distributions that did not surrender user's rights here, be it devuan, slackware, void, gentoo (https://wiki.gentoo.org/wiki/Gentoo_without_systemd). But admittedly it takes more effort than going into systemd. Note that many of the statements made there such as "hardening options", is just buzzword promo for systemd. It just means nothing. What should "hardening" even mean? Also, it is perfectly fine to use linux on a non-systemd system. People used to do this for decades before systemd infected the linux world. It's a smaller crowd though compared to systemd-using systems and users indeed nowadays. | | |
| ▲ | ethin 6 hours ago | parent | next [-] | | > ... granted, the majority did, but you can find distributions that did not surrender user's rights here... I really don't like the phrasing of this. Nobody's rights are being "infringed" by distros going with systemd. Especially because, as other comments have noted, systemd is (not) just an init system, and more often than not I have found that people who hate on it or try to compare it to any pure init system are usually both arguing in bad faith and fundamentally misunderstanding what systemd actually is. | | |
| ▲ | blueflow 3 hours ago | parent | next [-] | | It is deeply integrated into distros that you cannot run these distros without them, it has bugs that ruin production for you, and if you complain about these bugs to the systemd project, they will consider you a bump in systemd's way of greatness that must be purged. Most recent breakage: https://lwn.net/Articles/1041316/ I hoped this kind of behavior would stop as soon as Lennart was busy with different things @microsoft (this happened to Pulseaudio and that was a good thing), but Luca continued where Lennart left, and this stuff goes on. | |
| ▲ | t43562 3 hours ago | parent | prev [-] | | That suggests that we cannot be allowed to dislike it. I'm allowed to not like init systems e.g. I don't like s6 at all. Oddly, I don't like systemd either but it's not heresy or stupidity or whatever else one might ascribe to it. |
| |
| ▲ | graemep 3 hours ago | parent | prev | next [-] | | > Systemd includes more functionality than merely init-stuff, so any comparison here was always biased and unfair. The real argument about systemd is whether you want an init system, or what is effectively an additional layer in the OS. It provides more standardisation, vs more diversity. The strongest argument for systemd is that it is not just an init system, which is also the strongest argument against systemd. | |
| ▲ | udev4096 3 hours ago | parent | prev [-] | | What a cope. The hardening options highly restrict the unit files from accessing anything more than it's required for it's function. systemd has also made a lot of efforts in progressing the boot security: https://0pointer.net/blog/brave-new-trusted-boot-world.html. Have fun running your "non-infected" systems which is so easy to pwn | | |
| ▲ | zetanor 3 hours ago | parent [-] | | To make a comment like this, I imagine that you've set up BIOS security (password, case intrusion detection...), that you check your keyboard wire end-to-end daily, that you use a USB device whitelist, that you regularly check for hidden cameras spying on your keystrokes, etc., otherwise you're equally "easy to pwn" using equally-quick and roughly-as-cheap attacks. | | |
| ▲ | udev4096 3 hours ago | parent [-] | | Using luks to encrypt all partitions (incl. /boot) and it's only unlocked using yubikey. I have secureboot enabled (sbctl to enroll keys) and TPM PCR values to avoid tampering. systemd-boot (a lot more secure than grub) doesn't have password to lock the kernel editor so I have disabled the editor altogether. I use fapolicy for "whitelisting" apps. Unfortunately, coreboot doesn't have BIOS password feature so it's unlocked |
|
|
| |
| ▲ | blueflow 6 hours ago | parent | prev [-] | | Why does every article on runit have some reactionary runit haters in the comments. | | |
| ▲ | DaSHacka 3 hours ago | parent [-] | | The systemd project and its following can be quite cult-like, towards the more devout-end. |
|
|
