aa r X i v : . [ c s . O S ] J un a p p o r t (cid:13)(cid:13) t e c h n i q u e (cid:13) I SS N - I S RN I NR I A / R T -- -- F R + E N G Thème COM
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE
A Survey of Unix Init Schemes
Yvan Royon — Stéphane Frénot
N° 0338
June 2007 nité de recherche INRIA Rhône-Alpes655, avenue de l’Europe, 38334 Montbonnot Saint Ismier (France)
Téléphone : +33 4 76 61 52 00 — Télécopie +33 4 76 61 52 52
A Survey of Unix Init Schemes
Yvan Royon, St´ephane Fr´enot
Th`eme COM — Syst`emes communicantsProjet AresRapport technique n ° Abstract:
In most modern operating systems, init (as in “initialization”) is the program launchedby the kernel at boot time. It runs as a daemon and typically has PID 1. Init is responsiblefor spawning all other processes and scavenging zombies. It is also responsible for rebootand shutdown operations.This document describes existing solutions that implement the init process and/or initscripts in Unix-like systems. These solutions range from the legacy and still-in-use BSDand SystemV schemes, to recent and promising schemes from Ubuntu, Apple, Sun andindependent developers. Our goal is to highlight their focus and compare their sets offeatures.
Key-words: init process, init scheme tat de l’art des processus init
R´esum´e :
Dans la plupart des syst`emes d’exploitation modernes, init (comme “initialisation”) estl’application lanc´ee par le noyau au d´emarrage. Il s’agit d’un d´emon qui a le PID 1. init apour tˆaches de lancer les autres processus et de nettoyer les processus zombies. Il est aussiresponsable du d´emarrage et red´emarrage du syst`eme.Ce document d´ecrit les implantations existantes du processus init et des scripts initpour variantes d’Unix. Ces implantations vont des solutions BSD et SystemV, pionni`ereset toujours utilis´ees, `a celles plus r´ecentes et prometteuses venant de Ubuntu, Apple, Sun,ainsi que de d´eveloppeurs ind´ependants. Notre but ici est d’analyser les objectifs de cesimplantations, et de comparer leurs fonctionnalit´es.
Mots-cl´es : processus init
Survey of Unix Init Schemes The Boot Process
What happens between the moment a computer is switched on and the moment a user canlog in?Let us begin by a quick and simplified overview of the boot process in most modernoperating systems.1. The computer is switched on or rebooted;2. The
BIOS , stored on the motherboard, is executed from a known location (flashmemory);3. The BIOS determines the boot device (local disc, removable media, PXE from thenetwork);4. The boot device has a special, known sector called the Master Boot Record, whichcontains the stage 1 bootloader . The stage 1 bootloader is loaded into RAM, andpoints to the stage 2 bootloader. The latter can be several sectors long, and is storedon the boot device in a location unknown to the BIOS and subject to change;5. The stage 2 bootloader (e.g., LILO or GRUB for Linux) uncompresses and launchesthe kernel;6. The kernel runs a single application. For Linux, the default is /sbin/init , and can bemodified in LILO or GRUB by passing the init=/path/to/executable parameter to thekernel.Usually, init launches a few getty processes for virtual terminals, a few daemons (cron,dhcp, acpi), the X server, etc.On Unix-like systems, init (as in “initialization”) is the program launched by the kernelat boot time. It runs as a daemon and typically has PID 1. init is responsible for spawningall other processes and scavenging zombies. It is also responsible for reboot and shutdownoperations.
A Bit of History
The first widespread init is the simple solution from BSD. Its main competitor is the morefeatureful but more complex System V init .The BSD init process simply launches a list of processes. It basically reads a configurationfile ( /etc/rc ) where all programs to launch at startup are statically listed. If the administratorwants to modify this list, she must edit the file manually, which is clearly error-prone andhas potentially disastrous effects. This is a very simple and lightweight scheme, but it iscompletely static.
RT n ° Y. Royon & S. Fr´enot
System V, on the other hand, chose to be more flexible. It introduces the notion of runlevel , which can be viewed as multiple and specialized BSD rc files. A runlevel has anidentifier and a purpose. Runlevel 1 boots into single mode, runlevel 2 boots into multi-usermode, etc. Only a fixed number of eight runlevels are available. What each runlevel does isspecified in the /etc/inittab file.A runlevel is a software configuration of the system which allows only a selected group ofapplications to exist. When init is requested to change the runlevel, it kills all applicationsthat are not listed in the new runlevel, and starts all unstarted applications in the newrunlevel.The second great improvement in SysVinit is the notion of rc script. Each applicationcontained in a runlevel comes with a wrapper script; it is an executable that accepts start and stop as parameters. This allows to launch and kill each application using the samesyntax, regardless of how they are implemented and how they handle parameters internally.Most often, the combination of rc scripts with runlevels makes use of symbolic links. Arunlevel is a directory that contains symlinks named with a numbered prefix. When enteringa runlevel, symlinks are accessed alphabetically, in the static order defined by their number.This allows to reuse the same rc script in multiple runlevels. Evolution of Init Schemes
Today, most GNU/Linux distributions use a derivative of System V’s init . Even NetBSDwent from the BSD init to a SystemV-like init . However, there is room for lots of improve-ments, and lots of proposals exist on several topics.The first topic is the order in which rc scripts are started. In 2002, the need(8) schemeproposed to drop statically, manually ordered lists in favour of dependencies . Each rcscript lists the services it needs (e.g., the DHCP daemon needs a network connection), and init computes which rc scripts must be started, in what order. All init schemes except BSD,System V and three minor others have a way to express dependencies.The second topic is the enhancement of configuration management . For instance,Gentoo rc, initNG and runit identify runlevels using a name instead of a number. Thisbreaks the limitation on the number of runlevels, and allows to dedicate a runlevel to acontext or a particular usage (e.g., ”AC mode” and ”battery mode” on a laptop). Similarly,upstart, cinit and Sun SMF introduce a notion of profile (or ”mode” for einit).Another topic is life cycle management . There are two main solutions when monitor-ing the life cycle of applications. The first one is when using rc scripts: init (or a separate rc application) use the /var directory to store which daemon has been started, with which PID.If no process with such PID is running, then the daemon has been killed. This is a reactivelife cycle management, since there is a delay between the death of the daemon and init or rc noticing it. This scheme is used in System V, Gentoo rc, simpleinit, initNG, minit, cinit,monit and the LSB specifications. We must also note that rc scripts may differ for eachdistribution and init scheme: they handle /var differently. The other way to monitor the INRIA
Survey of Unix Init Schemes instrument the life cycle of applications.Solutions that use father processes allow mostly what POSIX signals handle: start, stop, anda hook to execute when a daemon dies unexpectedly. This hook can be used to log errors orto automatically restart (”respawn”) the faulty daemon. Solutions that use rc scripts mayallow a restart operation on a script (Gentoo rc, monit, NetBSD rc.d, LSB specifications),or respawn (initNG, minit, jinit, cinit), in addition to start and stop (System V and itsderivatives).Yet another topic for init enhancement is the tools that ease development and usage.System V uses telinit to pass commands to init . Debian introduced start-stop-daemon , thathandles PID files and such. Gentoo uses rc-update to create and modify runlevels. In SunSMF, svccfg switches profiles. Most init schemes implement their own specific tools.Finally, the great number of existing init schemes is explained by their different focus.Some focus on startup speed (initNG parallelizes startup scripts). Some focus on imple-mentation size (minit, cinit), in order to be usable on resource-constrained devices. Othersfocus on one of the topics listed above (dependencies, runlevels, life cycle management andinstrumentation, tools). But the most interesting schemes are the fairly new ones backedup by Apple, Sun and Ubuntu.Apple’s launchd aims to replace all programs that start applications: xinetd , crond , anacron and init . Daemons can be started, respawned, etc, but also scheduled.Sun’s SMF provides extensive failure detection and diagnostics. It allows to run servicesin degraded or maintenance mode. The goal is to ease the maintenance of the system(presumably a big server) and to enhance uptime.Ubuntu’s upstart aims to replace the same tools as launchd, but also to unify devicesmanagement and power management. It transforms anything into events and triggers: anew device appearing is an event, the screen going into sleep mode is an event, etc. Actions(e.g., mount a filesystem) can be triggered when specific events are thrown. Daemons anddependencies are handled the same way: the DHCP daemon cannot start until a ”networkis ready” event has been thrown. Technical Summaries
The remainder of this document are technical summaries of all init-related schemes thatthe authors know of. Each summary gives a short description on the init scheme, its goalsand/or its origin. It then lists features in terms of configuration, life cycle, dependency andservice management.
RT n ° Y. Royon & S. Fr´enot
Contents
INRIA
Survey of Unix Init Schemes Documentation for recent versions of the BSD-style init : The source code for FreeBSD and OpenBSD can be found at : /sbin/init runs a master boot script ( /etc/rc ) which orchestrates the whole boot procedure.There may be a few additional rc.* scripts. init launches them before going in multi-usermode. Because the boot process is sequential and has very few scripts, it is simple and fast.However, if a new package needs to register itself into the boot process, it needs to editone of the existing script files. This is very dangerous: if the package installer makes amistake, the whole startup process will fail.
BSD init only handles one or a few boot scripts when switching from single-user mode tomulti-user mode, and with halt / reboot / shutdown operations. There are no profiles orrunlevels. None.
No dependencies; only an ordered, linear startup defined in /etc/rc . None.
None. Unix tools such as ps or signal are not part of init .Communication with the outside world is achieved through signals. RT n ° Y. Royon & S. Fr´enot http://freshmeat.net/projects/sysvinit/
From the Freshmeat page:Init’s primary role is to create processes from a script stored in the /etc/inittab file. Thispackage also contains well known and used utilities like reboot , shutdown , killall , poweroff , telinit , sulogin , wall , etc. SysVinit introduced the notion of runlevel. From the man page:A runlevel is a software configuration of the system which allows only a selected groupof processes to exist. The processes spawned by init for each of these runlevels are defined inthe /etc/inittab file. Init can be in one of eight runlevels: 0-6 and S. The runlevel is changedby having a privileged user run telinit , which sends appropriate signals to init , telling it whichrunlevel to change to.Runlevels 0, 1, and 6 are reserved. Runlevel 0 is used to halt the system, runlevel 6 isused to reboot, and runlevel 1 is used to get the system down into single user mode. RunlevelS is used before entering runlevel 1 (single-user mode). Runlevels 2-5 are multi-user modes,and are different for each Unix / Linux distribution.When entering a new runlevel (at system boot the runlevel is undefined, sometimesdescribed as “N”), SysVinit executes a master script ( /etc/init.d/rc for instance). This scriptexecutes all stop-scripts from the old runlevel, then all start-scripts from the new runlevel.Those scripts are found either in /etc/init.d , /etc/rc.d or /sbin/init.d . Each runlevel hasa directory: /etc/rc2.d , /etc/rc6.d , etc. Those directories contain links to the real scripts.SysVinit detects whether to stop or to start a script by its name: start-scripts begin with a“S”, stop-scripts with a “K” (as in “kill”). When starting the start-scripts, they are calledwith “start” as the first and only parameter. When starting stop-scripts, they are calledwith “stop” as first parameter. This is how a configuration for runlevel 2 could look like: s c i c e% l s − l / e t c / r c2 . dt o t a l 0lrwxr − xr − x 1 r o o t r o o t 18 Feb 20 2004 S10syskl ogd − > . . / i n i t . d/ s y s k l o g dlrwxr − xr − x 1 r o o t r o o t 15 Feb 20 2004 S11klogd − > . . / i n i t . d/ kl ogdlrwxr − xr − x 1 r o o t r o o t 13 Feb 20 2004 S14ppp − > . . / i n i t . d/ppplrwxrwxrwx 1 r o o t r o o t 15 Feb 24 2004 S15bind9 − > . . / i n i t . d/ bind9lrwxrwxrwx 1 r o o t r o o t 18 Feb 20 2004 S18quotarpc − > . . / i n i t . d/ quotarpc[ . . . ]s c i c e% l s − l / e t c / r c6 . d INRIA Survey of Unix Init Schemes lrwxrwxrwx 1 r o o t r o o t 15 Aug 31 16: 22 / e t c / r c6 . d/K19aumix − > . . / i n i t . d/aumixlrwxrwxrwx 1 r o o t r o o t 15 Apr 19 09: 55 / e t c / r c6 . d/K19samba − > . . / i n i t . d/sambalrwxrwxrwx 1 r o o t r o o t 13 Feb 25 2004 / e t c / r c6 . d/K20gpm − > . . / i n i t . d/gpm[ . . . ] (Source: nico.schotteli.us )The number behind the S or the K is the priority. The lower the priority, the earlier thescript is started.Each service has its own init-script, which sometimes also accepts “restart” or “reload”.This way, runlevels are modular. The /var/log/wtmp binary file records all user logins and logouts. It is maintained by init , login and getty .The /var/run/utmp binary file holds information on users and processes currently usingthe system. Not all applications use it, so it may be incomplete.Also, service scripts in /etc/init.d can be called during runtime from the command line(not only at startup).SysVinit can dump its state and exec a later version of itself, so no state is lost betweenupgrades (source: jinit’s page). None. Services are started in alphabetical order, hence the priority numbers in the scriptnames. We just hope the administrator made no mistakes. . .
Wrapper scripts are called with a start or stop parameter. telinit switches the current runlevel. RT n ° Y. Royon & S. Fr´enot
Richard Gooch wrote this whitepaper in 2002. He argues that BSD init is not scalable(modifications are risky), and that SysVinit is too complex and ugly.Gooch proposes to remove all master scripts and numbering schemes. init runs all scriptsin /etc/init.d , in random (?) order. The scripts themselves express their dependencies withthe need program. This ensures that a correct startup order is automatically observed. need also ensures that all services are run only once.The concept of virtual service names is also introduced. For instance, sendmail and qmail both provide the mta service. Which implementation is used is not important, so otherservices simply need “ mta ”. This is done with the provide program.These ideas are implemented in simpleinit . A runlevel is represented by a script, e.g. /sbin/init.d/runlevel.3 , which will need an unorderedset of services, as well as e.g. runlevel.2 . This makes it easy to increment and decrement therunlevel.However, this does not support runlevels that bypass these precedence relations.
Same as SysVinit.
Simplistic dependency expression: need serviceXX .It is unclear how we ensure that provide , called in service wrapper scripts, is run beforedependency resolution.
Same as SysVinit.
None.
INRIA
Survey of Unix Init Schemes Gentoo uses SysVinit with modified scripts and tools. Scripts are not handled directly by init , but by Gentoo’s /sbin/rc .Runlevels have names instead of numbers; this removes the limit on their number, andallows specialized runlevels such as “unplugged” for a laptop. Additional tools allow tocreate, delete, modify runlevels from the command line.A global option allows to start scripts in parallel, for a performance gain (more visibleon multi-processor or multi-core machines).Like in SysVinit, after init is invoked as the last step of the kernel boot sequence, it reads /etc/inittab . First, the sysinit entry is run: s i : : s y s i n i t : / s b i n / r c s y s i n i t rc is called and mounts all filesystems. Second, the bootwait entry is run: r c : : bootwai t : / s b i n / r c boot Here, rc switches the runlevel to boot . All links in the /etc/runlevels/boot directorycorrespond to services that always must be run at startup: checkroot, checkfs, clock, etc.Lastly, the initdefault entry is run: i d : 3 : i n i t d e f a u l t :l 3 : 3 : wait : / s b i n / r c d e f a u l t Here, initdefault indicates that the default runlevel is 3 (as in the old SysVinit scheme),and runlevel 3 says that it will wait until /sbin/rc has finished switching to runlevel default .Once rc has finished, init launches virtual consoles as usual, and each console runs a ttywith login (through agetty ). c1 : 1 2 3 4 5 : respawn : / s b i n / a g e t t y 38400 tty1 l i n u x Note that when an agetty dies, init respawns it.Gentoo’s rc program is currently being rewritten in C ( baselayout package version 2, see http://roy.marples.name/node/293 ). The goal is to improve performance and not toneed bash any more. RT n ° Y. Royon & S. Fr´enot
Runlevels are no longer named rc[0-6S] . Instead, they have an alphanumerical name. Eachrunlevel has a corresponding directory in /etc/runlevels , which contains symbolic links toscripts in /etc/init.d .The rc-update command is used to create, delete and modify runlevels. Each time it isused, a service tree is recomputed. This tree contains the list of services to start and theirorder, once all dependencies have been computed and resolved.The rc-status command shows the running status for each service in a runlevel.The rc command switches to a runlevel passed in argument. Switching to a runlevelmeans comparing the list of running services with the runlevel’s service tree. If a servicefrom the service tree is not running, it is started. If a service is running, but is neither inthe service tree nor a dependency of a service in the service tree, it is stopped. This doesnot apply when leaving runlevels sysinit and boot. Each service has an init script particular to the Gentoo distribution. Such a script at leastunderstands start , stop , restart , pause , zap , status , ineed , iuse , needsme , usesme and broken parameters. Life-cycle related parameters are: start and stop , restart (with possibly extrathings to do between the stop and the re-start), zap (to force the status to “stopped” in caseit is wrongly reported as “stopped”) and status (to query the running status).Once a script is successfully start ed, its status is set to “started”. This status will beset to “stopped” if the script is stop ped or zap ped, and will be re-evaluated if the script is status ’ed. Re-evaluation is done by checking the pid file in /var/run and the daemon file in /var/lib/init.d . This means that if a service’s process is manually killed, the service’s statusstays “running” until a stop , zap or status command is issued. Gentoo init scripts respond to the following parameters: ineed , iuse , needsme , usesme and broken . The first two list the hard and soft dependencies of the scripts, the next two listthe scripts that are hard- and soft-dependent on this script, and the last one lists brokendependencies (unresolved, “need”-type).Inside the script, the following metadata tags can be used: need , use , before , after , provide . need are hard dependencies: the current script cannot run without them. use aresoft dependencies: the current script uses them if they are present in the current runlevel orin boot, but can still run without them. before and after specify a startup order, regardlessof dependencies. Finally, provide indicates virtual service names that the current scriptsfulfills (like in Gooch’s need-based init). All these tags are used when a script is manuallyinvoked, and when a runlevel is modified.Network dependencies are a special case. A service will need a network interface to beup (any interface other than net.lo). This dependency is written: need net . INRIA
Survey of Unix Init Schemes All services must have a Gentoo-specific wrapper script (an additional effort for the pack-ager). Configurations and services can be managed through good CLI tools.For each service, settings (preferencess, configuration) are separated from the wrapperscript. Scripts are in /etc/init.d/ < script > , while settings are in /etc/conf.d/ < script > .The main problem is that rc-status does not show the exact state of services (cf. killedprocesses not seamlessly taken into account). rc-status , rc-config , rc-update : see above. /sbin/rc : switch runlevel (sys-apps/baselayout package). depscan.sh : rebuild the dependency tree. RT n ° Y. Royon & S. Fr´enot
InitNG’s goal is to start services in parallel, for a reduced startup time.As a side note, the tool’s syntax is reversed compared to System V: instead of calling < script > start , InitNG is invoked via ngc start < script > . It makes more sense to call a singletool to manage life cycles than to call multiple scripts that duplicate similar behaviour.The configuration files support lots of fancy features, such as respawn mode, suid, nice-ness, output redirect, arguments passing, environment variables passing, etc.There is not much information on the wiki, except that it is supposed to be faster thanSysVinit. ng-update manages configurations similarly to Gentoo’s rc-update .The wiki does not provide more information. Respawn mode for daemons. Otherwise, similar to SysVinit. need and use dependencies, similar to Gentoo init.Network access is a special dependency, as in Gentoo init.
Every command goes through an InitNG program, instead of directly invoking rc shellscripts. The ngc tool is used to start / stop / restart services.The ng-update tool manages runlevels.
INRIA
Survey of Unix Init Schemes http://smarden.org/runit/ From the home page: runit is a cross-platform Unix init scheme with service supervision.Running and shutting down is done in three stages:1.
Stage 1: runit starts /etc/runit/1 and waits for it to terminate. The system’s one time initial-ization tasks are done here. /etc/runit/1 has full control over /dev/console to be ableto start an emergency shell in case the one time initialization tasks fail.2.
Stage 2: runit starts /etc/runit/2 which should not return until the system is going to halt orreboot; if it crashes, it will be restarted. Normally, /etc/runit/2 runs runsvdir .3.
Stage 3: If runit is told to halt or reboot the system, or Stage 2 returns without errors, it termi-nates Stage 2 if it is running, and runs /etc/runit/3 . The systems tasks to shutdownand halt or reboot are done here. runit is “optimized for reliability and small size”. If compiled and statically linked withdietlibc, it produces an ≈ Runlevels are handled through the runsvdir and runsvchdir programs.A runlevel is a directory in /etc/runit/runsvdir/ . Symlinks indicate which are the currentand previous runlevel. A runlevel is launched by runsvdir . Runlevel switching is performedby runsvchdir , which switches directories for runsvdir . Each of a runlevel’s subdirectories is a service. For each service, runsvdir launches a runsv ,which starts and monitors this specific service. A service contains a ./run and an optional./finish script. Its state is maintained in a file by runsv . A named pipe allows to passcommands to runsv , e.g. to start, stop, run once or in respawn mode, pause (SIGSTOP),etc.The sv program sends commands to one or all runsv s. RT n ° Y. Royon & S. Fr´enot
Expression of dependencies is poor. If service A depends on service B, A’s run script mustexplicitly invoke sv to ensure that B is running, e.g.: sv s t a r t B | | exit exec A There are no optional dependencies, no virtual service names, and no tools to exploredependencies.
One management process is launched for each service. A single runlevel process is launchedto manage all these management processes.Commands are passed through named pipes. sv : pass life cycle-related commands from the CLI. runsvchdir : switch runlevel. chpst (change process state): set limits for a service or for a user (depends on the limit, notreally explicit). e.g. INRIA
Survey of Unix Init Schemes http://developer.apple.com/macosx/launchd.html Starting from Mac OS X 10.4, launchd aims to replace init , the old mach init , cron and xinetd . It starts daemons, shuts them down and restarts them when a request comes ( inetd behaviour), runs programs at a specified time or later ( anacron -like behaviour).Each job (service) has an XML property file, replacing the different syntaxes fromcrontab, inittab etc. This includes program arguments, I/O redirect, setuid, chroot, etc.Dependencies are automatically discovered (?). Services are run in parallel. launchd can be controlled from a single utility, launchctl .The source code has been relicensed under the ASL in august 2006. Runlevels are not supported on Mac OS (no order maintained, no selective startup of ser-vices). Directories of jobs can be used to launch a set of jobs together.
Jobs can be started once, started in respawn mode, started in launch-on-demand mode,started based on a schedule, stopped. How a job is started is decided by its property file.As usual, respawn mode requires that the service does not daemonize itself (fork+exec,fork+exit).
Dependencies are a bit unusual and lack documentation. The Uses, Requires and Provideskeywords have been dropped. Instead, services watch for changes on a file or watch forIPCs. The advantage is that we ensure dependencies are not only launched, but are alsoin a usable state, already initialized and ready to communicate. The drawback is that it istotally intrusive and quite obscure.Special dependencies can be specified, also in the source code (not as metadata), butusing specific APIs: disk volume mounted, network available, kernel module present (else itis launched), user Y is logged in.
Everything life cycle-related goes through launchd , instead of using various tools ( cron , inet ).Every command is issued using launchctl , which also has a prompt mode. RT n ° Y. Royon & S. Fr´enot
Instances of launchd can be run for a specific user. This allows non-root users to schedulejobs.No configuration management is provided, nor virtual service names. launchctl : takes commands and passes them to launchd through a mutex.
INRIA
Survey of Unix Init Schemes http://upstart.ubuntu.com/ upstart aims to replace init , cron , anacron , at and inet . It also aims to interact with udev , acpi and module-init-tools (modprobe, etc). The basic idea is that every action is triggeredby an event.Tasks (or jobs, or services) begin in the “waiting” state. Upon reception of a task-dependent set of events, the task is run and goes in the “running” state. Upon reception ofanother task-dependent set of events, it goes to the “dead” state (which should be “stop-ping”), cleans up, then returns to the “waiting” state.An event can be triggered manually, by ACPI, by udev , by upstart , etc. Dependencies arealso expressed as events: upstart sends an event when a task goes “running”; its dependenciessimply wait for this event. Everything task-related is configured in /etc/event.d .Security around events and event senders is unclear.The project has been started before launchd went open source, and shares some similar-ities (mainly inet and cron capabilities).Both code and documentation are quickly progressing, so some limitations presentedhere may already have been fixed. A notion of profile is intended, as a replacement for runlevels. It is still unspecified andunimplemented. Runlevels are still present as dependencies: “start on runlevel-2”. upstart launches all tasks present in /etc/event.d ; the order is defined by dependencies(expressed as events).
Tasks can be waiting, running or dying. A set of events triggers state switching. Actionscan be performed at each state change (start script, stop script, anything).
Dependencies are expressed as e.g. “start on event1”. Event1 can be that a service hasbegun to start (“on starting s1”), has finished to stop (“on stopped s2”), etc. This unusualapproach gives a lot of flexibility: it allows virtual service names, optional dependencies,and a lot more.
RT n ° Y. Royon & S. Fr´enot
The event system is very powerful and flexible. However, it might be a bit complex to getthe whole picture of what happens on the system. start , stop and status commands are provided to manage tasks. initctl is used to throw events from the command line (using a mutex). INRIA
Survey of Unix Init Schemes http://einit.sourceforge.net/ eINIT aims to be a dependency-based init, written entirely in C, suitable for embeddedsystems. It wants to get rid of rc scripts, to have flexible dependencies, to be modular (e.g.with audio output for the blind), and to support respawn mode. eINIT supports runlevels called modes. A mode is described by an XML file. It can dependon other modes (like Gentoo’s boot runlevel), i.e. it comes in addition to the mode it dependson. A mode says which services must be enabled (started), disabled (stopped), and reset(restarted). A mode also defines orders of precedence: “try to start service A, and startservice B if it fails”. Finally, there is the notion of service groups, e.g. all network interfaces,or all graphical devices. Dependencies can be set on one, all or part of the service group.Variables can be set globally and per-mode. (It is unclear what the use case is) Services are either started once, started in respawn mode, or stopped.Dependencies are expressed inside runlevels (cf. above), not in service wrapper scripts.Services are described in the mode’s XML file, with attributes such as “enable” and “disable”that indicate what to run when the service is started and stopped.
Other attributes are “provides” and “requires” for dependencies. This allows for virtualservice names. This also means that the XML description must be duplicated betweenmodes, unless we create a mode dependency.
Most management activities can be seen as switching runlevels.eINIT supports enabling/disabling eINIT modules (e.g. TTYs, shell commands, dae-mons), but not services themselves. This is a much coarser granularity. einit-control passes Commands through a Unix socket.
RT n ° Y. Royon & S. Fr´enot
10 Pardus
Pardus is a GNU/Linux distribution from Turkey. Two subprojects are within our scope:Mudur and C¸ omar.Mudur is the init subsystem, which replaces the rc part of init . It is called by init via the /etc/inittab file. Mudur performs runlevel switching tasks, according to the usual System Vrunlevels (boot, single, reboot, etc). Mudur is written in Python.C¸ omar is the ”configuration management system” which manages settings and prefer-encesi, and handles the way to start applications. It needs modified rc scripts, as do most ofits competitors. According to the wiki, it ”handles parallel execution, access control, profilemanagement and remote management”. C¸ omar is written in C, and rc scripts are writtenin Python.The main objective is to gain speed at startup, while being clean and hiding complexityto the user. Runlevels have the same meaning as in System V. For the sysinit runlevel, Mudur mountspseudo-filesystems, starts udev , loads kernel modules, etc. For other runlevels, Mudur callsC¸ omar, which in turn handles rc scripts. rc scripts accept parameters such as start, stop, status, configure. The start and stopdirectives make use of Debian’s start-stop-daemon . An rc script calls the start methods of the other scripts it depends on.There are no virtual service names.
Command-line tools allow to call methods on rc scripts via C¸ omar.
Not presented.
INRIA
Survey of Unix Init Schemes
11 LSB init Specifications
LSB, the Linux Standards Base, defines what init scripts should conform to.This is an opinion, but the LSB seems more keen on standardizing what RedHat does thanon being innovative.
LSB specifies the following runlevels:0: halt1: single user mode2: multiuser with no network services exported3: normal/full multiuser4: reserved for local use, default is normal/full multiuser5: multiuser with xdm or equivalent6: rebootThis forbids “profiles” and useful runlevel switching as seen in previous init schemes (e.g.Gentoo).
Init files provided by LSB applications shall accept one argument, which states the actionto perform: start : start the service stop : stop the service restart : stop and restart the service if the service is already running, otherwise startthe service reload : cause the configuration of the service to be reloaded without actually stoppingand restarting the service [optional] force-reload : cause the configuration to be reloaded if the service supports this, other-wise restart the service status : print the current status of the serviceThere is no respawn mode.
LSB-compliant applications init scripts (but not system init scripts) must adopt this syntaxfor dependency declaration:
RT n ° Y. Royon & S. Fr´enot − S t a r t : b o o t f a c i l i t y 1 [ b o o t f a c i l i t y 2 . . . ] − Stop : b o o t f a c i l i t y 1 [ b o o t f a c i l i t y 2 . . . ] − S t a r t : r u n l e v e l 1 [ r u n l e v e l 2 . . . ] − Stop : r u n l e v e l 1 [ r u n l e v e l 2 . . . ] − D e s c r i p t i o n : s h o r t d e s c r i p t i o n
Required-stop are applications that must still run before this one stops.The “Default-Start” and “Default-Stop” headers define which runlevels should by defaultrun the script with a start or stop argument, respectively, to start or stop the servicescontrolled by the init script.“Provides” allows to have virtual service names.
Out of scope.
Out of scope.
INRIA
Survey of Unix Init Schemes
12 Daemontools: svscan http://code.dogmap.org/svscan-1/http://cr.yp.to/daemontools.html
From the daemontools page: daemontools is a collection of tools for managing UNIX services.The svscan program can be used as an init replacement.
Configurations / runlevels are supported as directories of run scripts. svscan starts and monitors a collection of services. svscan starts one supervise process foreach subdirectory of the current directory. Every five seconds, svscan checks for subdirecto-ries again. If it sees a new subdirectory, it starts a new supervise process.Runlevel switching is not really specified. supervise monitors a service. It starts the service and restarts it if it dies. To set up a newservice, all supervise needs is a directory with a run script that runs the service. supervise maintains status information in a binary format inside the directory < ser-vice > /supervise , which must be writable by supervise . The status information can be readusing svstat .There is no stop script. No dependencies.
Put run scripts in a directory; daemontools will run the service and monitor it.It is simpler than SysVinit, but lacks features (stop command, runlevel switching). svc is used to send signals to a service. svstat prints the status of services monitored by supervise . multilog saves error messages to one or more logs. It optionally timestamps each line and,for each log, includes or excludes lines matching specified patterns. RT n ° Y. Royon & S. Fr´enot
13 minit
Minit aims to be a very small init. It can start a service, restart it, start it when another isfinished, and take dependencies into account.
None.
Reads /var/run/ < service > .pid and checks if the process has died. Yes, but lacks documentation.
None. msvc : similar to svc from daemontools. pidfilehack : reads /var/run/ < service > .pid . INRIA
Survey of Unix Init Schemes
14 jinit http://john.fremlin.de/programs/linux/jinit/ jinit is based on an extended version of Richard Gooch’s need(8) scheme for init. Currentlythere is no provide(8) functionality.
None? (or at least documentation is lacking).
Supports respawn mode. Apart from that, same as SysVinit.If it receives a fatal error signal like SIGSEGV it will fork a child to dump core, and execitself (with the “panic” option so no bootscripts are run). That means it should never bringthe system down unnecessarily.
Same as the need(8) scheme.
Same as SysVinit.
None. Communicates over SysV message queues.
RT n ° Y. Royon & S. Fr´enot
15 cinit http://linux.schottelius.org/cinit/ cinit claims to be a fast, small and simple init with support for profiles. It supports parallelstartup, mandatory and optional dependencies, and does seem simple to use.Size is ≈ “Profiles” are directories of services. They are put in /etc/cinit .Choosing the profile at startup is supported, but profile switching is not documented. A service is a subfolder in a configuration (or a link to another folder). Everything is donethrough files or symlinks: ./on and ./off indicate the program to run when the service goeson/off. ./on.params and ./on.env contain parameters and environment variables to pass tothe program.
Dependencies are listed in ./wants (optional) and ./needs (mandatory).Virtual service names are not supported. The author suggests using symlinks, e.g. cron - > dcron . None.
A bunch of executables: c i n i t . add . dependency − add a dependency to a s e r v i c ec i n i t . add . g e t t y − add a new g e t t yc i n i t . c r e a t e . empty . s e r v i c e − c r e a t e an empty s e r v i c ec i n i t . r eboot − r eboot i n / bin / shc i n i t . remove . g e t t y − remove a g e t t y s e r v i c ec i n i t . respawn . o f f − swi tch respawing o f fc i n i t . respawn . on − swi tch respawing onc i n i t . shutdown − shutdown i n / bin / sh INRIA Survey of Unix Init Schemes
16 monit monit manages and monitors processes, files, directories and devices. It does not replaceinit: instead, it acts as a service manager, and can reuse rc scripts. monit can start a process which is not running, restart a process if it does not respond,and stop a process if it uses too much resources. It can monitor files, directories and devicesfor changes on timestamp, checksum or size. All checks are performed at a polling intervaltime.Management activities are exported through HTTP(S). Monit is configured via the /etc/-monitrc file.
Only supports groups of services which can be started / stopped together.
A service can be (re)started and stopped. Its state is checked using pid files. This meansthat wrapper scripts may have to be written.
The syntax is simplistic: depends on serviceX (in file /etc/monitrc ).There are no virtual service names.
Periodically check a resource (process, file. . . ). Upon changes, actions are triggered. Forexample: check p r o c e s s apache with p i d f i l e / var / run / httpd . pids t a r t program = ‘ ‘ / e t c / i n i t . d/ httpd s t a r t ’ ’stop program = ‘ ‘ / e t c / i n i t . d/ httpd stop ’ ’ i f then r e s t a r tdepends on apache bi n
HTTP interface.
RT n ° Y. Royon & S. Fr´enot
17 depinit
From the home page: ”Depinit is an alternative init program that can handle parallel execu-tion, dependencies, true roll-back, pipelines, improved signaling and unmounting filesystemson shutdown. It incorporates ideas from sysvinit, simpleinit, daemontools and make. Atpresent, it is a bit experimental, and requires good knowledge of the initialisation processto set up.”While depinit boasts more features than sysvinit, it is quite complex to setup and to use.It also has trouble working with the login program.
A runlevel is a directory in /etc/depinit . How it operates and how it can be switched isunclear.
Each service has its own directory in /etc/depinit , which will contain shell scripts namedstart, stop, source, filter, dest and/or daemon. Their purpose is either obvious (start and stopdescribe shell commands that will be called to start and stop the service), or unexplained.
Dependencies are listed in a depend file within each service’s directory. Each line in the filecorresponds to another directory in /etc/depinit . All interactions with depinit are performed through the depctl command-line tool. Daemonsare started in respawn mode. depinit : can either replace init (and rc), or be started with a PID > depctl : start/stop a service, shutdown/reboot the system, send a signal to a daemon.These tools communicate via signals. INRIA
Survey of Unix Init Schemes
18 NetBSD rc.d
From the home page:As of NetBSD 1.5, the startup of the system changed to using rc-scripts for controllingservices, similar to SysVinit, but without runlevels.
None.
Service wrapper scripts understand start , stop , restart and kill .They are as limited as SysVinit’s. There is no service monitoring facility. Dependencies are expressed in rc scripts as four keywords. REQUIRE is a mandatorydependency; PROVIDE allows virtual service names; BEFORE’s explanation fell througha spatiotemporal void; KEYWORD is a tag used to include or exclude the script fromordering, e.g. with values ’nostart’ or ’shutdown’.Ordering is done via the rcorder command.
None. Start scripts, hope they run, optionally check a pid file.
None.
RT n ° Y. Royon & S. Fr´enot
19 Solaris SMF
SMF (Service Management Facility) is a part of SUN Solaris 10 (historically a System Vvariant). It targets big production servers. From their page:SMF has added the notion of the relationship between a service, its processes, andanother service that is responsible for restarting the service, to the Solaris kernel. SMFunderstands whether a service process failed as the result of an administrator error, failureof a dependent service, software bug, or underlying hardware failure. SMF informs theappropriate restarter, which decides either to disable the service by placing it in maintenancemode because it appears to be defective, or to restart it automatically.SMF still supports inittab , inetd and rc scripts, but aims at replacing them.SMF services are started in parallel, in a dependency-based order.Users can be given the rights to manage services and their state, without being root.Still, there are no per-user services.Alas, the source code is closed. Runlevels are replaced by milestones. A specific set of services must be enabled (started)before a milestone is reached (incremental runlevels). Milestones are: single-user, multi-user,multi-user-server, all, none.The notion of profile also exist: it is an XML file which lists SMF services, and whethereach should be enabled or disabled.
SMF-enabled services can be permanently enabled / disabled (persists on reboot). Whenenabled, they can be online (started), offline (stopped), uninitialized (config has not beenread yet), degraded (runs at limited capacity), and maintenance (stopped, needs an actionfrom the administrator).Possible commands are: permanent or temporary enable / disable, start, stop, restart,refresh. Refresh means reloading a service’s config file, which is usually triggered by SIGHUPon daemons (SIGHUP should kill non-daemon processes).
INRIA
Survey of Unix Init Schemes A dependency is formed as an URI. It can be set on services, devices, network configuration,kernel configuration, milestone (runlevel), and be optional or mandatory. Shortened examplefrom SUN’s site: % s v c s − l network /smtp : sendmai ldependency r e q u i r e a l l / r e f r e s h f i l e : / / l o c a l h o s t / e t c / mail / sendmai l . c f ( − )dependency o p t i o n a l a l l /none svc : / system / system − l o g ( o n l i n e )dependency r e q u i r e a l l / r e f r e s h svc : / system / i d e n t i t y : domain ( o n l i n e )dependency r e q u i r e a l l / r e f r e s h svc : / m i l e s t o n e /name − s e r v i c e s ( o n l i n e )dependency r e q u i r e a l l / none svc : / network / s e r v i c e ( o n l i n e )dependency r e q u i r e a l l / none svc : / system / f i l e s y s t e m / l o c a l ( o n l i n e ) SMF manages services, rc scripts, inet daemons, configurations in an (almost) uniform way.The goal is to obtain the best uptime possible, with as little human intervention as possible.The other big goal is to provide detailed information on failures to the administrator, in thecase he must intervene.There are lots and lots of features, with probably lots of complicated code: even thekernel is modified. This solution is ideal for servers, but not suitable for small systems.
Amongst others: scvs queries the system state, including old rc scripts. svcadm passes commands to SMF services and their restarters. svccfg switches profiles.
RT n ° Y. Royon & S. Fr´enot
20 Other Contenders
The following projects are considered less relevant. Most are dead and/or lack documenta-tion.
Daemons-Managing Daemon is a stalled project from the Free Software Foundation. Docu-mentation is non-existent. http://directory.fsf.org/GNU/DMD.html twsinit is a minimal init replacement (about 8 KB) in x86 assembler. Documentation isnon-existent.
BusyBox combines tiny versions of many common UNIX utilities (GNU fileutils, shellutils,textutils) into a single small executable. It contains a small init system, which is a strippeddown SysVinit scheme. It can read an inittab file, but does not support runlevels.The project is alive.
Fedora had planned to implement its own init replacement. Its goals were a bit confusedand mixed: better startup speed, LSB compliance, respawn, logging, tools. The project isstalled / dead. http://fedoraproject.org/wiki/FCNewInit
Serel aims to speed up the boot sequence using parallel startup. The project is stalled.
INRIA S u r ve y o f U n i x I n i t S c h e m e s Focus ConfigurationManagement Life CycleInstrumentation Life CycleMonitoring Expression ofDependencies LicenseBSD init - No No No Static ordering BSD
SysVinit - Numberedrunlevels start, stop Rc scripts (/var) Static ordering GPL simpleinit
Havedependencies No start, stop Rc scripts (/var) need GPL
Gentoo rc
Better runlevelsanddependencies Named runlevels start, stop, restart Rc scripts (/var) need, use, before,after, provide GPL
InitNG
Speed Named runlevels start, stop, respawn Process (/var) need, use GPL runit
Life CycleManagement Named runlevels POSIX signals Father process es manual scripting BSD launchd Lots of features No(Groups of jobs) start, stop, inet, cron,respawn Father process In code: watch files& IPCs ASL upstart
Event-based Profiles Events Father process stopping, stopped,starting, started,any event GPL eINIT
Runlevels Modes (services,dependencies,vars) start, stop, respawn Father process provides, requires BSD R T n ° Y . R o y o n & S . F r ´ e n o t Focus ConfigurationManagement Life CycleInstrumentation Life CycleMonitoring Expression ofDependencies LicensePardus
Speed Numberedrunlevels start, stop Rc scripts (/var) need GPL
LSB
Standardizedependencies Numberedrunlevels start, stop, restart Rc scripts provides,required-to-start,required-to-stop - svscan
ServiceManagement Directories of runscripts start, respawn Father process es No freedist minit
Size No respawn /var ? GPL jinit need(8) deps No respawn /var ? need GPL cinit
Size, runlevels Unswitchableprofiles respawn Scripts (/var) wants, needs GPL monit
ServiceManagement No(Groups of jobs) start, stop, restart,quotas Scripts (/var) depends GPL
NetBSDrc.d
Have rc scripts No start, stop, restart Rc scripts require, provide,before BSD
SMF
HeavyManagement Milestones andprofiles start, stop, restart+ persist +self-healing Father Process /kernel require, optionalon URIs (svc, file...) Closedsource I N R I A nité de recherche INRIA Rhône-Alpes655, avenue de l’Europe - 38334 Montbonnot Saint-Ismier (France) Unité de recherche INRIA Futurs : Parc Club Orsay Université - ZAC des Vignes4, rue Jacques Monod - 91893 ORSAY Cedex (France)Unité de recherche INRIA Lorraine : LORIA, Technopôle de Nancy-Brabois - Campus scientifique615, rue du Jardin Botanique - BP 101 - 54602 Villers-lès-Nancy Cedex (France)Unité de recherche INRIA Rennes : IRISA, Campus universitaire de Beaulieu - 35042 Rennes Cedex (France)Unité de recherche INRIA Rocquencourt : Domaine de Voluceau - Rocquencourt - BP 105 - 78153 Le Chesnay Cedex (France)Unité de recherche INRIA Sophia Antipolis : 2004, route des Lucioles - BP 93 - 06902 Sophia Antipolis Cedex (France)ÉditeurINRIA - Domaine de Voluceau - Rocquencourt, BP 105 - 78153 Le Chesnay Cedex (France)