Hello, I'm planning to set up a router on an old x86 box with a couple of NIC's for the fun/experience of it. I'm looking at using one of the BSD's as the operating system, since I haven't used those before. I started looking at how to configure daemons/services on OpenBSD and FreeBSD and am a little surprised at what I found. As far as I can tell, OpenBSD's rc assumes that services will background themselves and does no supervision at all. It seems like FreeBSD's daemon(8) has some supervision capabilities with the -r flag, but it is unclear to me how widely used that is. Given the apparently poor state of supervision, I'm considering using s6 when I configure this system. In searching, I found some messages on the Skaware lists about running s6 as PID 1 on FreeBSD; has that work been published anywhere? I'm not sure if I want to go so far as replacing PID 1 right out of the gate, but having some existing service directories would be nice. Have I correctly understood how daemons/services work on the BSD's? If not, what am I missing? Are the daemons included with the distributions so incredibly stable that they don't need supervision in order to keep the system functional? Finally, if you wanted to create a router that you could (metaphorically) put in a closet and forget about for 5 years, what approach would you take? My initial thought was OpenBSD + s6, but I worry now that there could be an impedance mismatch between these systems. Any thoughts people have on this will be greatly appreciated. Thanks, Scott Colby
"Scott Colby" <scott@scolby.com> writes:
> I started looking at how to configure daemons/services on
> OpenBSD
> and FreeBSD and am a little surprised at what I found. As far as
> I
> can tell, OpenBSD's rc assumes that services will background
> themselves and does no supervision at all. It seems like
> FreeBSD's
> daemon(8) has some supervision capabilities with the -r flag,
> but
> it is unclear to me how widely used that is.
>
> Given the apparently poor state of supervision, I'm considering
> using s6 when I configure this system.
i run two OpenBSD servers, one of which i'd be happy to do some
s6-related tinkering on, so i'm following this discussion with
interest. :-)
Alexis.
I too had been surprised by the lack of supervision in OpenBSD. On Sat, Apr 9, 2022, at 05:38, Scott Colby wrote: > As far as I > can tell, OpenBSD's rc assumes that services will background > themselves and does no supervision at all. > ... > Have I correctly understood how daemons/services work on the BSD's? About OpenBSD, almost: You can set rc_bg if the daemon doesn't background itself. See rc.subr(8). > If not, what am I missing? /etc/daily runs "rcctl ls failed", so you get an email of the failed daemons. This is not supervision, but it is close enough for me. Maybe I prefer it actually. > Are the daemons included with the > distributions so incredibly stable that they don't need supervision > in order to keep the system functional? Yes
>In searching, I found some messages on the Skaware lists about >running s6 as PID 1 on FreeBSD; has that work been published anywhere? >I'm not sure if I want to go so far as replacing PID 1 right out >of the gate, but having some existing service directories would be >nice. I have done some experiments and my conclusion was that to replace pid 1 on FreeBSD, a real s6-freebsd-init package was needed, because the way the BSDs organize their init and shutdown is radically different from the way Linux does it, and the conversion is far from obvious. However, you don't need to replace pid 1 to run s6 on a BSD. As mentioned in https://skarnet.org/software/s6/s6-svscan-not-1.html , you can start a supervision tree from /etc/ttys, and run your services under it. It will work like on any other system. Quite a few people on the #s6 channel on IRC (OFTC network) are using s6 on a BSD, so if you're looking for example service directories, and various tips and tricks, I suggest you join the channel and ask them. ;) >Have I correctly understood how daemons/services work on the BSD's? >If not, what am I missing? Are the daemons included with the >distributions so incredibly stable that they don't need supervision >in order to keep the system functional? The BSDs are tightly integrated systems, more than "distributions", and especially with OpenBSD, daemons are carefully audited and patched so they are indeed super stable. Which is a very good thing - but because of that, the BSD community tends to look down on supervision, without understanding that it has other benefits than auto-restarting crashed daemons. >Finally, if you wanted to create a router that you could (metaphorically) >put in a closet and forget about for 5 years, what approach would >you take? My initial thought was OpenBSD + s6, but I worry now that >there could be an impedance mismatch between these systems. OpenBSD + s6 will definitely work. Just make sure not to get in the way of how OpenBSD does things; run an s6 supervision tree at boot time and start your services under it as you see fit, independently from OpenBSD's rc. Since the BSDs don't care for supervision, though, depending on upstreams it may be difficult to find options for your packaged daemons that stop autobackgrounding and that are not debugging options. Just a small practical hurdle, but when it happens it can be infuriating. -- Laurent
[-- Attachment #1: Type: text/plain, Size: 1350 bytes --] On Sat, 09 Apr 2022 11:36:35 +0000 "Ramarro Marrone" <rm@allmail.net> wrote: > I too had been surprised by the lack of supervision in OpenBSD. > > Are the daemons included with the > > distributions so incredibly stable that they don't need supervision > > in order to keep the system functional? > > Yes It's just a question of chance and big numbers. So if you're responsible for a big fleet of things and you have costs to handle every failure, it makes sense to have supervision to reduce these costs. Most users with a few machines never observed any failure ever, independent of the operating system and (server) software. If this would be the argument to decide if supervision is necessary, nobody would need it. And yes, the BSD world tries to be conservative compared to Linux and yes, OpenBSD tends to be the most conservative BSDs related to changes. But I think that isn't the most important thing for decision. I.e. your super stable BSD doesn't help against DoS attacks (read as overload), unstable hardware, misconfiguration of services, packet loss, ... Best Regards Oli -- Automatic-Server AG ••••• Oliver Schad Geschäftsführer Hardstr. 46 9434 Au | Schweiz www.automatic-server.com | oliver.schad@automatic-server.com Tel: +41 71 511 31 11 | Mobile: +41 76 330 03 47 [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 181 bytes --]
On 04/09, Scott Colby wrote: > Finally, if you wanted to create a router that you could (metaphorically) > put in a closet and forget about for 5 years, what approach would > you take? My initial thought was OpenBSD + s6, but I worry now that > there could be an impedance mismatch between these systems. > > Any thoughts people have on this will be greatly appreciated. Hi, Scott! Re putting it in a closet and forgetting about it for five years, one thing to note is that according to https://www.openbsd.org/errata70.html OpenBSD's stable branch is supported for one year, so if you were tracking that, you'd have to upgrade every year. NetBSD's stable branch is supported for longer than one year based on https://www.netbsd.org/releases/formal.html#history but they don't say exactly how long. The trend to me looks like at least three years. They currently support their 8 and 9 stable branches which were released on July 17, 2018, and February 14, 2020, respectively. FreeBSD's stable branch is supported for five years according to https://www.freebsd.org/security/#sup And of course there are other BSDs that I haven't listed. Regards, Lewis