SystemD Gains New Networking Features

jones_supa writes A lot of development work is happening on systemd with just the recent couple of weeks seeing over 200 commits. With the most recent work that has landed, the networkd component has been improved with new features. Among the additions are IP forwarding and masquerading support (patch). This is the minimal support needed and these settings get turned on by default for container network interfaces. Also added was minimal firewall manipulation helpers for systemd's networkd. The firewall manipulation helpers (patch) are used for establishing NAT rules. This support in systemd is provided by libiptc, the library used for communicating with the Linux kernel's Netfilter and changing iptables firewall rulesets. Those wishing to follow systemd development on a daily basis and see what is actually happening under the hood, can keep tabs via the systemd Git viewer.

Fuck Me

[MightyMartian]

Christ almighty, this beast is a fucking monster. What's next, a shell and a userland?

Glad I'm heading to FreeBSD. Linux is going down the tubes.

Re:Fuck Me

[MightyMartian]

Yes, I can see it now. A stripped Linux kernel will boot, and then in turn will boot the SystemD-OS. The whole thing will be like DOS 3.3 and Windows 3.1, except CONFIG.SYS and AUTOEXEC.BAT will be binary files that require special userland tools to decode and manipulate.

Re: Fuck Me

[BarbaraHudson]

Considering that Microsoft did a limited release of a multi-tasking dos back in 1987, complete with preemptive multitasking, and that later extensions allowed dos to access up to 3 gig of ram for 32-bit programs, or 4 gig in unreal mode, I'd say emacs and systemd can't beat dos as an os.

Re:Fuck Me

[BronsCon]

Even worse, try requiring LDAP (not just making it an option when an account isn't found locally, actually requiring it) for logins on a system booting via SystemD. Have your recovery media handy, you'll have to boot from it in order to remove the LDAP requirement when SystemD can't su because the network isn't up yet (or, if the LDAP server is localhost, slapd hasn't started because, guess what, it needs to su to its configured user during its init process).

Major issue affecting Ubuntu and, as far as I know, all Debian-based systems. The workaround should be simple: allow local account logins right up until TTYs actually become available, regardless of configuration. But, apparently, LDAP isn't considered important, so this has been an issue for as long as Debian has used SystemD and will likely remain so until Debian moves on to something else.

The current "recommended" workaround is a pair of ifup/down scripts that requires LDAP when the interface is up and makes it optional when it interface is down, which is great until your system crashes or you lose power and the "optional" config doesn't get applied. Then, it's time to whip out the recovery media so you can manually change the config and have a bootable system again. Needless to say, I refuse to implement that hack of a fix.

Instead, I ended up leaving LDAP optional, with a single user able to sign in, locally only, who can only su, and a local admin account that can only sudo and su, but can't log in. At least that minimizes the risk of not being able to unilaterally change either user's password across multiple systems in a timely manner; an attacker knowing the password for the user who can log in locally would have to be at the machine, and they still couldn't do anything without also knowing the username and password of the user who can sudo+su. In the end, I guess I get the benefit of being able to log in to said machines even when the LDAP server is unavailable, but it still shouldn't be necessary to implement such workarounds.

Re:Fuck Me

[preaction]

Init starts a daemon that watches for the event. This is how inetd worked. Whatever happened to that?

Re:Fuck Me

[allfieldsrequired]

As an IT person, results are important. What does systemd provide that previous mechanisms didn't. Parallel startup? I don't boot servers that often where asynchronous startup of processes is a big issue. Resource limits? Doable with the shell script that gets plopped into /etc/rc.d. I'm just not seeing the benefit, but what I am seeing is a gigantic amount of code which touches the entire system, giving me concerns about security and stability, and there have been a number of articles on /. about systemd, to the point where people are even forking distros just so they don't have to deal with it.

Thank you, these are pretty much exactly my thoughts as well. I am very happy that all the systemd people have found a project to be productive in, and I appreciate some of the things they are trying to do. However, I run a large server farm, I don't need any containers, I don't need parallel boot, and so far, I have seen that they are highly adept at politicking their way into acceptance by various mainstream distro's as a default, and sometimes only init system.

I recently had to recompile Nginx on Ubunty Trusty in order to add some module, and this broke due to an unsatisfied systemd library dependency. Wait, what? Nginx now magically needs to be linked to systemd to compile? The madness is complete in my eyes.

I have since started playing around with Alpine Linux, which is a breath of fresh air in many ways, and barring any unforeseen issues, we will probably slowly migrate our fleet to Alpine. I resent the fact that I am forced to divert time, effort, and resources away from our jobs to deal with this shit. Part of my motivation in using Linux extensively is freedom of choice. The choice to go and roll my own distro isn't the kind of choice I signed up for though. Ubuntu was mostly nice, mostly functional, mostly stable and has mostly up to date packages for everything I need. With Debian, and so Ubuntu, chosing SystemD as a default, and especially looking at all the acrimony surrounding the issue in Debian, I am very fucking worried about where Linux is going to go in the next few years.

I wish I had more time to get into BSD....

Re:Fuck Me

[Aighearach]

Upstart has serious, known design flaws that cannot and will not be fixed. It will not be adopted for real technical reasons. Shouting slogans doesn't change the technical issues.

See: http://0pointer.de/blog/projec...

SysV is the weird monster that this thing is finally saving me from. You can't force me to keep using that old crap, and you can't force systemd not to replace it for me.

What has happened to Linux?

What the hell is happening to the Linux ecosystem?

I've been a user of it for a couple of decades now. Although it wasn't perfect, for years it provided a better environment for me than Windows or even OS X could provide.

But that's really started to change maybe within the past 5 years. The first major debacle I can think of is GNOME 3. They went out of their way to ignore everything good about GNOME 2, and instead forced all sorts of stupid ideas upon us.

Firefox is the next debacle I can think of. It's a lot like GNOME 3 in many ways. There was a good, reliable, usable browser in Firefox 3.5. Then it all went to hell in Firefox 4 and beyond.

Now we have systemd, which is obviously dumb in pretty much all respects. It just doesn't fit within the Linux ecosystem at all. That's probably why it's so disruptive.

What makes systemd worse, though, is the impact it has had on pretty much all of the major Linux distros. Pretty much all of the most usable and useful ones (sorry, Slackware, this excludes you) have switched to it, with horrible results.

The stability of my Debian testing system has gone down the shitter since they switched to systemd some time ago. I've had more problems properly booting my system in the past six months than I had in the 15 years prior to systemd getting installed.

I'm torn at this point. I'm probably going to buy a Mac and move to OS X for my personal system, while moving all of my servers over to FreeBSD as soon as I can. I'm pretty sure that I'm done with Linux at this point. I just don't think the ecosystem can be salvaged. So much good software has been ruined.

Re:What has happened to Linux?

[nctritech]

freedesktop.org is under Red Hat control. All of the biggest douche moves in Linux have come from Red Hat, including all the Poettering-based junk and the lovely musings of Ulrich Drepper. At least Drepper wrote some interesting papers and made some valuable contributions despite his acerbic handling of bug reports; I don't really find anything Poettering does to be of real-world value. Red Hat has beaten Microsoft in the EEE philosophy; I think Microsoft is far less evil than Red Hat at this point in history. It's too bad because Red Hat historically helped to bring Linux into the corporate mainstream and has otherwise done some great things for the community. Why did they start going downhill so hard?

Red Hat and Ubuntu are the enemies of clean, functional, and elegant open-source solutions. The irony is so thick that you could cut it with a knife.

Systemd has been great for *BSD.

Systemd is truly the best thing that has ever happened to the BSD community.

Systemd alone is making Linux totally unsuitable for serious use. So what are people doing when a formerly-stable distro like Debian adopts systemd and becomes a disaster? They're moving to FreeBSD, OpenBSD, NetBSD, Dragonfly BSD and PC-BSD.

Just today we find out that DigitalOcean now supports FreeBSD. There's clearly a very bright future ahead for the BSDs.

And it's clear now that Linux is on its way out. While Linux and Linux systems will still be around for some time, of course, everyone important who made Linux great in the past is fleeing from it. We're moving to BSD, because unlike the Linux community, the BSD community does things right. Something like systemd would never be taken seriously by them.

FYI: FreeBSD now available on Digital Ocean

[CrashNBrn]

I asked a few months back now, about the possibility of BSD on Digital Ocean due to all of the SystemD shenanigans of late. Got an email notification today that FreeBSD droplets are now available on Digital Ocean. It will be interesting to see if other VPS/Linux providers follow suit.

CB.

Re:Will SystemD feature creep ever stop ?

[_xeno_]

but even Microsoft managed to avoid building a console, web server, and QR code server into its init system.

Actually, when it comes to consoles... they kinda did.

Consoles in Windows run as part of the Client/Server Runtime Subsystem, which isn't exactly equivalent to init but kind of is. Killing CSRSS causes a BSOD as it's considered that critical to Windows. (Sort of, apparently it's not a "real" BSOD. Do not ask me what that means, I don't know.)

This was the reason that the Windows console didn't support themes (like the XP theme or the Aero theme) until Windows 7 - it was too tightly coupled to the core OS and Microsoft didn't want to introduce security risks via themes.

systemd is hypocritical

[beaverdownunder]

It annoys me that someone like Poettering, who only had PulseAudio come into use because of the ability distributions had to easily change core operating system components (and wouldn't have had the existing audio-subsystem been entrenched), would then proceed to develop something specifically intended to lock down its own existence and prevent its replacement by something else. It's hypocritical.

While I totally understand why he did it -- nobody wants to put a great amount of time into something only to have it superseded -- it flies in the face of open source in general, where you contribute to an evolving 'thing', and that while your specific contribution may not exist in the future, you can be happy that you took part in the evolution of the whole, and not feel the need to stamp your face on it for perpetuity.

It also sets a dangerous precedent. What's going to be locked down next, in the name of stability, or speed, or whatever else (when it's really about someone trying to 'make their mark'?) Do we lock down the file system? Only one file system for Linux, full stop? Do we lock down the network transports? The window manager? The terminal? The command-line applications?

Then what? Do we then create a global committee, made up of people who maintain the existing components (of course), to make decisions about those components and whatever's left into the future?

I mean, yes, I agree in that case something else will surely (and quickly) rise in Linux's place (I mean, who wants to put in the time to help projects who only exist to serve their creator's vanity) but it seems a shame that Linux should end this way.

Re:All Linux distros will look like this

[turbidostato]

"Here, in Lennart's own words"

No, *this* are Lennart's own words:
let's summarize what we are trying to do:
* We want an efficient way that allows vendors to package their software
* We want to allow end users and administrators to install these packages on their systems, regardless which distribution they have installed on it.
* We want a unified solution that ultimately can cover updates for full systems, OS containers, end user apps, programming ABIs, and more.
* We want our images to be trustable (i.e. signed). In fact we want a fully trustable OS

So my reading is: we want Linux ecosystem to disappear and be substituted by Microsoft's business model where there's just one OS (Red Hat) and a set of corporate software vendors.

Re:Will SystemD feature creep ever stop ?

[jbernardo]

Systemd's occasional (read: frequent in one of my pcs) failure to shutdown is how I found out that the devs had decided that sysreq was too dangerous for the users to have and had to be disabled.

So I was stuck with a system waiting forever for something to shutdown, and without being able to use sysreq to kill all the processes and unmount file systems safely. Of course, the only way out was a hardware reset, with the subsequent log corruption that let me with no hints on why systemd would not allow my pc to shutdown. Well, at least it got me moving to evaluate the still rational linux distributions out there, as well as the *BSDs, something I had been procrastinating for a few months.