From a similar Github issue [1], the suggested way of implementing "stop
commands" on top of s6 is running these two commands:
```
s6-svc -O /path/to/service
stop-command
```
I'm not aware of any s6-rc sugar around it.
Indeed.
Every long-lived program should have a graceful stop signal,
Is there an equivalent chainloader ("envfile"-style) that can be plugged
into the instanced user service directories' command line?
Having the same configuration file be read by tools with different
behaviors (for instance, it appears the pam_env's quoting support is far
more limited than
That said, it might be of interest to you, that s6-setlock does not appear
here: https://skarnet.org/software/s6/index.html.
Whoops. And nobody noticed that in 13 years? Shame on all of you. :P
Fixed, thanks!
--
Laurent
Good point. If I understood everything correctly, this can be easily solved by the
"flock" command, right?
Yes - but since you're using s6 anyway, you also have s6-setlock,
which features more options than flock. ;)
--
Laurent
Should every s6-log daemon have it's own config file or shall they all share
one?
What kind of stuff are you putting in the config file? Is it just a
template for a logging script?
Is there any general issue with the global env's from s6-linux-init's env
directory, which makes sourcing
Wouldn't anything this does be solved by just dropping privileges of the
corresponding daemons in their startup scripts?
No, because the point is to allow users to have their own services,
and you definitely don't want them to have access to the root
supervision tree. So you basically have to
Concerning the system tree loggers, my first idea is to set an environment
variable somewhere in the scripts s6-linux-init provides.
Is this even possible?
What would be the best place to do this?
Any environment variable you want to make available for a whole
supervision tree should be
1) A service monitoring logged in users, starting the user supervision tree on
the first login of a user and stopping it once the user logs out from the last
shell/display manager
Ah, user services. They're a complicated matter, and their exact
definition varies depending on the distro.
- EXECLINE_EXTBINPREFIX "foreground { ") < 0
+ EXECLINE_EXTBINPREFIX "foreground { tryexec {") < 0
Good idea. Applied, thanks!
--
Laurent
Hello,
New versions of some skarnet.org packages are available. This is a
light update, focused on quality of life, improved support
for old platforms, and in preparation for larger updates later. The
exception is a breaking change to s6, which adds support for addressing
a service's process
Let me say that a $daemon i.e. wpa_supplicant or iwd providing
$service=WiFi{wpa} has been pulled into the s6-rc compiled db and
started in the supervision tree.
But the system doesn't have the hardware to support that, or some
important resource is unavailable.
So, here's my question: if
Should the lh-bootstrap README be changed so that:
Yes, I updated the README.md, good point.
Indeed, my version of make doesn't have the --jobserver-style option. If I
remove the reference to --jobserver-style option from ./make the package builds
without any obvious errors but doesn't appear to be a complete build.
Yeah, for some reason parallel builds weren't fully working before
It is a very elegant implementation of s6
Vocabulary nitpick: no, 66 is not an "implementation of s6".
s6 is not a specification. It is a software package. So, there is no
other
"implementation of s6" than the s6 software package itself.
66 is a service manager than runs on top of the s6
was probably going to use a simple runit configuration because the s6 universe
seemed to complex for me to figure out in a reasonable amount of time. I haven't
A basic s6 system is barely more complex than a runit system. This page
should help you start:
I'm building a Linux system based on musl and Busybox. I'm considering using
s6/s6-rc as an init/supervision system. I see there are good docs on all the
skanet.org programs, but I can't find an example of a working configuration
that puts them together. Is there an example available
I have been using `--print-pid=3` as readiness notification for dbus-daemon
for quite a while now on my user services and I haven't had any problems
with it so far. IIRC, looking at dbus-daemon code, it actually prints the
socket address first then its pid. So, I use the `--print-address=` option
But then, there is a problem if one actually wants the server address
information that --print-address provides. Alexis' 'run' script for
example wants to save that to a file (apparently in a directory
suitable for s6-envdir). If the output is sent to the notification
pipe instead,
2) The presence of a notification-fd file tells s6 that dbus-daemon
can be somehow coerced into producing an s6-style readiness
notification using file descriptor 3 without changing its code, are
you sure that's the case with this script? My service definition for
the system-wide message bus
Hi, I would like to have some kind of dependency handling across
multiple scandirs.
For example an instanced service that starts and waits for a dependency
before the first instace has been started.
It's generally a bad idea to add, in a service's run script itself,
conditions for your
Hi, I am using the Artix Linux runit service for OpenVPN, available here:
https://gitea.artixlinux.org/packages/openvpn-runit
Sounds like two compounding problems:
1. the default logging place for the runit supervision tree is the same
terminal you're using to log in
2. there is no
Hello,
I don't normally spam all of you for bugfix releases, but this one is
important. You definitely want to grab the 2.12.0.2 version of s6, not
the 2.12.0.1 one. The bug could prevent a shutdown from completing.
https://skarnet.org/software/s6/
git://git.skarnet.org/s6
Sorry about
Hello,
New versions of some skarnet.org packages are available.
This is mostly a bugfix release, addressing the problems that were
reported since the big release two weeks ago.
Despite that, s6-dns got a minor version bump because the fixes
needed an additional interface; and
> I believe (have not yet tested) that I can relatively simply create
the
maintenance system on the fly by copying a subset of the root fs into a
ramdisk, so it doesn't take any space until it's needed.
The problem with that approach is that your maintenance system now
depends on your
This may be a weird question, maybe: is there any way to persuade
s6-svscan (as pid 1) to restart _without_ doing a full hardware reboot?
The use case I have in mind is: starting from a regular running system,
I want to create a small "recovery" system in a ramdisk and switch to it
with
calling s6-svunlink for a s6-svlink'ed service hangs with s6-2.12.0.0
and succeeds with previous s6-2.11.3.2
It's very probably caused by a known issue with s6-svscan. Could you
please try with the latest s6 git and tell me whether it's fixed there?
--
Laurent
Hello,
New versions of all the skarnet.org packages are available.
This is a big one, fixing a lot of small bugs, optimizing a lot behind
the scenes, adding some functionality. Some major version bumps were
necessary, which means compatibility with previous versions is not
guaranteed;
I agree with all you're saying here...
... except that this case makes no sense in the first place. A consumer
and a non-consumer are fundamentally different things.
A running service that is not a consumer does not read anything on its
stdin. It runs autonomously.
A consumer, by essence,
Hi all,
I am running s6 on buildroot with a bunch of custom services (and bundles) with
dependencies. Was there a way to turn on timestamps for s6-rc logging? I am
currently logging with -v 2 option set. Or is there any timing information
saved between a service starting and successfully
what I can do, if it is of
interest to you, is list all the directives in a service file and
rate their conversion difficulty, so you can then evaluate your own
service files and assess the feasability of an automated conversion tool.
It took way longer than expected, and was a harrowing task,
I don't know exactly what u mean with "TAI-10".
I guess u are refering to those 10seconds
Yes. You cannot set your system clock to TAI, unless you want wildly
incorrect results from time() and similar system calls. Setting it 10
seconds earlier than TAI is the best you can do; and that's what
My boxes use TAI (international atomic time) in order to have SI-seconds and
60sec minutes and 24hrs days...
If your system clock is set to TAI-10, then *all* the time-handling
software on your machine must be aware of it, in order to perform
time computations accurately. It is not sufficient
An mdoc(7) port of the documentation for s6-rc is now available:
That's awesome, thanks a lot Alexis! 拾
--
Laurent
Hello,
New versions of some skarnet.org packages are available. They fix a few
visible bugs, so users are encouraged to upgrade.
I usually do not announce bugfix releases. This e-mail is sent because
two new functionalities were also in git when the bugfixes needed to be
made, so they're
Artix Linux achieves this with
pipeline -dw { s6-log ... } actual-oneshot
Not ideal due to the lack of supervision for s6-log, but it works.
Yes, it works. The lack of supervision doesn't matter here because
the s6-log is short-lived: it will die when actual-oneshot exits. The
main drawback
The default stderr for oneshot services is the default stderr of the
supervision tree you're running s6-rc with.
So, if you're using s6-linux-init, stderr for oneshot services goes
directly to the catch-all logger and you don't need the redirection.
If you want your oneshots to log to a
We've discussed internally if we change that process and try to write a
systemd unit parser, because all units are there in Ubuntu.
If we could catch 90% of all cases, we need, we would be happy.
If it would take 2 weeks of work, that would be fine.
Did somebody of you try to implement
Hello,
New versions of some skarnet.org packages are available. It hasn't been
long since the last release, but lots of small things have happened and
it doesn't make much sense to let them rot in git.
The main addition is a new multicall configuration for the execline,
s6-portable-utils
Hello,
New versions of the skarnet.org packages are available. This release
is overdue, sorry for the delay - but finally, happy new year everyone!
skalibs' strerr_* functions and macros, meant to provide shortcuts for
error message composition and output, have been rewritten; they're no
if s6-svstat myserver; then
client_binary
else
send_email_to_admin
faux_client_binary
fi
Please don't do this.
- As Steve would be able to tell you if he had read the documentation
page for s6-svstat (https://skarnet.org/software/s6/s6-svstat.html),
"s6-svstat myserver"'s exit code
You have a program that can be started normally or as a service
that accepts connections through a socket. For client
connections, an additional binary is supplied.
The simplest way to make sure that the program launches
regardless of whether there's a server running or not is a
wrapper script
-file named S6_FDHOLDER_STORE_REGEX is found is the env/
+file named S6_FDHOLDER_STORE_REGEX is found in the env/
Applied, thanks.
-service readiness, you should give this option along with up: the
service is ready iff
+service readiness, you should give this option along with up: the
I am trying to figure out if I can set up svscan catchall logger in such
a way that it prepends a service name to every log line, so that it can
be clear where the log came from.
I am trying to avoid s6-rc setup where I need to explicitly create a
matching logger service.
You are saying "I
The user of s6-rc gets no error message, and waits forever.
The error message is captured by s6-svscan (or a corresponding logger
for that service) and is either saved into a log file, or printed to a
tty on which svscan is running.
The user is almost never on the same tty with svscan. The
Thanks Peter, this was actually helpful and enchanced my mental model.
I think I get get away for now with a user's tree rooted in the system
tree. My graphics environment (sway) can start necessary services
when it is started.
Yeah, it's a recurring discussion on the IRC channels, and my
Perhaps a higher-level orchestration tool(s) is/are needed, that
will accomplish most typical workflows like: (...)
These are all valid points, and things that ultimately s6-frontend,
the future UI over s6/s6-linux-init/s6-rc, aims to solve.
"Higher-level interface" is the (now) #1 feature
Perhaps I can offer a few suggestions how to improve usability:
- combine compile + svscan on empty dir + init steps into one, like
`s6-rc init source_dir` and it does those steps under the hood.
No, because these are operations that are ideally done at different
times.
- Compilation
1. First we create 'scandir1', and put services there. Each service is a
svcdir. We put dependencies file and type file in each svcdir.
(We do not run svcscn on it, because it doesn't really manage
dependencies)
That's a bad reason. :)
The real reason why you don't run s6-svscan on a
To me this seems like a relevant improvement that would catch a problematic
edge case issue.
I pushed such a change to the s6 git. A new numbered release should
be cut soon-ish.
--
Laurent
(I was on vacation, sorry for the delayed answer.)
Could you please elaborate on the possible race condition? This is simply for
curiosity and educational purposes. It feels like a
lot of thought was put into s6 codebase, and a lot of ideas are not
immediatedly obvious for people not
I feel like this whole thread comes from mismatched expectations of
how s6 should behave.
s6 always waits for one second before two successive starts of a
service. This ensures it never hogs the CPU by spamming a crashing
service. (With an asterisk, see below.)
It does not wait for one
I wonder what is the reason behind the naming convention? What is the
downside of simply writing to any present fifo file ?
It could work like you're suggesting. But :
- checking the type of a file is an additional fstat() system call
- there may be reasons in the future to store other
I am a bit ashamed to admit I cannot find the logs. From reading
https://wiki.gentoo.org/wiki/S6_and_s6-rc-based_init_system#logger I thought
maybe I should be looking for file /run/uncaught-logs but could not find any
such file in my docker instance(I understand, docker is not Gentoo).
Hoping this is the right place to ask for some help as I am very new to s6 and
not well versed on any init system.
s6-overlay questions are normally asked in the "Issues" section of the
s6-overlay GitHub repository, but since yours are really s6-rc
questions,
it's fine :) (even though the
That would just move 3 components to another level but they are
still needed: scanning existing service directories, diffing between
desired and current state and applying - so creating or removing
directories.
So, diffing between desired and current state, and applying the
modifications
- we need an scanning component for the desired state of running
instances (something like 'find /etc/openvpn -name "*conf"')
- we need an scanning component for the current state in process list
- we need a diffing component
- we need a state applier component
That sounds very much like what
I'm looking for a pattern to solve a problem, where you have to
discover dynamically the services you have to start.
Examples could be VPN configurations, where you discover the
configuration files and start for every file an instance of the VPN
service.
Hi Oliver,
Dynamic instantiation is
What do we as a community need to do
to get S6 into a "corporate friendly" state?
What can I do to help?
"Corporate-friendly" is not really the problem here. The problem is
more "distro-friendly".
Distributions like integrated systems. Integrated systems make their
lives easier, because
I find it symptomatic of the fact that a guy wrote some Rube Goldberg code and a
corporation decided it would be a great idea to spend millions getting the Rube
Goldberg code into many major distros. As far as us running our of road with the
Unix API, systemd solves no problem and offers no
I'm trying to set up services, which are in subdirectories of other services.
This is supported, according to the second paragraph of the runsvdir man page:
runsvdir starts a runsv(8) process for each subdirectory, or
symlink to a directory, in the services directory dir, up to
a limit of
Hello,
New versions of some skarnet.org packages are available.
skalibs has undergone a major update, mostly to yet again revamp
librandom. This time I am happy with the API and implementation: I
believe
it finally addresses all the cases in a satisfying way, providing cross-
platform
I have been using simple privilege escalation to poweroff the machine,
but looking through the source code for s6-linux-init-shutdownd and
friends, it appears the only constraint on interacting with the daemon
is the permissions on run-image/service/s6-linux-init-shutdownd/fifo.
The default
Is the purpose of executing setsid() in s6-supervise to allow for the
services to continue beyond the termination of the supervision tree?
It's actually the opposite: it's to protect the supervision tree
against misbehaved services. :) setsid() makes sure the service is
isolated, and a
In searching, I found some messages on the Skaware lists about
running s6 as PID 1 on FreeBSD; has that work been published anywhere?
I'm not sure if I want to go so far as replacing PID 1 right out
of the gate, but having some existing service directories would be
nice.
I have done some
s6-linux-init: warning: unable to ttyname stdout: No such device
I suspect this is due to the mechanism described on
https://github.com/lxc/lxd/issues/1724#issuecomment-194412831, although I’m not
using LXD, only lxc (which does not have a daemon running as root).
You're right, it's the
Hello,
New versions of some skarnet.org packages are available.
The changes are minor, mostly quality-of-life and small additions
driven
by the new version of s6-overlay.
There are bugfixes all around, so users are encouraged to upgrade even
if they're not using s6-overlay.
The new
What's the cleanest way to wait on s6-svscan to shut down after issuing of
a SIGTERM (say s6 via-svscanctl -t)?
Be its parent, and wait for it. :)
On SIGTERM, s6-svscan will not exit until the supervision tree is
entirely down, so that will work.
If you're not the parent, then you'll have
I noticed that in some cases s6-log exits cleanly but does not log
anything. What's worse, it depends on the message content.
Hi Vallo,
That's the difference between '!zstd -q' and '!zstd' -q ;)
When -q isn't a part of your processor command, but a part of the
s6-log command line, it is
I think trying to explain s6-linux-init + s6-rc through the lens of
runit's stages isn't a good idea.
Carlos is correct - both here and in his explanation of s6-linux-init
stages.
When designing s6-linux-init, I kept runit's "stage" terminology
because at the time it was a useful framework
Hello,
New versions of all the skarnet.org packages are available.
The changes are, for the most part, minimal: essentially, the new
versions fix a bug in the build system that made cross-building under
slashpackage more difficult than intended. Very few people should
have been impacted
Why not have the grepper listen on the log file directly? You'll need to have a
timestamp in the log and know where the log is, but those can be known at the
time of writing the service script.
There's no such thing as "the log file". There's the log backendS,
which can be one or more
Well, I do realise the lifespan issue of the loggrep program, which is
why I asked the question in the first place. But I really never thought
of directly inserting loggrep into the logging chain as a new node;
instead, what I have thought is making loggrep a program "attachable" to
the logger.
Any idea on how the log "teeing" may be done cleanly (and portably
if possible; something akin to `tail -f' seems unsuitable because of
potential log rotation), and perhaps any flaw or redundancy in the
design above?
The obstacle I have always bumped against when trying to do similar
things is
we have a fair number of services which allow (and occasionally require) user
interaction via a (built-in) shell. All the shell interaction is supposed to be
logged, in addition to all the messages that are issued spontaneously by the
process. So we cannot directly use a logger attached to the
Yes, in my usecase this would be used at the place where sd_notify()
is used if the service runs under systemd. Then periodically executed
watchdog could check the service makes progress and react if it
doesn't.
The question is how to implement the watchdog then - it could be either
a global
Hi Carlos,
I'm supervising an instance of an X Server using s6.
X.Org has a built-in readiness notification mechanism: it sends a USR1
to its parent process once it's ready. From what I know, it would be
s6-supervise.
This... this is appalling.
This mechanism is a terrible way to
just a minor thing. You probably didn't push to s6-rc repository.
I don't see the new v0.5.2.3 version commit and tag.
Weird. I must have missed a case with my script.
Thanks for the report; it should be fixed now. :)
--
Laurent
Hello,
New versions of all the skarnet.org packages are available.
skalibs has undergone a major update, with a few APIs having
disappeared,
and others having changed. Compatibility with previous versions is
*not*
assured.
Consequently, all the rest of the skarnet.org software has
Forgiving privilege separation failures and minor grammatical mistakes, does it
look as if I understand the fifo trick's application in practice?
Hi Ellenor,
Yes, I think you have the right idea.
The goal here is to redirect s6-svscan's own stdout and stderr to
the stdin of the catch-all
# /usr/local/bin/s6-rc-init -c /s/comp -l /s/run /s/scan
s6-rc-init: fatal: unable to supervise service directories in
/s/run/servicedirs: No such file or directory
I've completed a disk-disk copy, as I need to integrate s6 into
hardenedbsd.
Do you have a s6-svscan process running on /s/scan ?
Thanks Laurent for the detailed explanations. We did a bootup speed
comparison between S6 and systemd. S6 is able to boot up slightly faster
than systemd. Actual result is 4-4.5% faster but we were expecting
something near to 20%.
Ours is a bit complex setup with more than 140 services
Do you think this is any better?
=
#!/bin/sh
test_for_myrequirement || exit 1
exec mydaemon -myarg1 -myarg2
=
This does not accomplish the same thing at all: it does not ensure
that myrequirement is at least attempted before mydaemon
I thought the way to do what the OP asked is:
=
#!/bin/sh
s6-svc -u myrequirement || exit 1
exec mydaemon -myarg1 -myarg2
=
This is not a good idea in a s6-rc installation, because it sends
raw s6 commands, which may mess with the
1. In systemd, the services are grouped as targets and each target depends
on another target as well. They start as targets. [ex: Reached
local-fs.target, Reached network.target, Reached UI target,...]. Is there
any way in S6 to start the init system based on bundles?
Yes, that is what bundles
I believe the finish script is not being called by s6-svc. When I run it
manually , the finish script runs and kills the process and graceful
shutdown is happening as expected.
What may be the cause for not triggering the finish script of critical
service.
The finish script, which is entirely
I have checked the Private_Dirty memory in "smaps" of a s6-supervise
process and I don't see any consuming above 8kB. Just posting it here
for reference.
Indeed, each mapping is small, but you have *a lot* of them. The
sum of all the Private_Dirty in your mappings, that should be shown
in
Any pointers on how I can go about this? Is there any hack or tricks that could
be done in s6-log to achieve this?
Sorry, but no, nothing comes to mind - s6-log was not designed for
this.
I don't think expecting services to keep running while not logging to
disk, whether or not in
1. Why do we need to have separate supervisors for producer and consumer
long run services? Is it possible to have one supervisor for both producer
and consumer, because anyhow the consumer service need not to run when the
producer is down. I can understand that s6 supervisor is
Don't set the bitposition (which is 0 for 'flag-essential')
to the flags, but the bit at the position.
Ha, nice catch. Applied, thanks!
--
Laurent
Hello,
As some of you are aware of, last week, the Freenode IRC network was
subjected to a forceful change of its operational control. The history
and details of the change are deeply political in nature and very much
off-topic for our lists, and I really do not wish this event to be
Hello,
ezmlm-cgi, the web interface to the archives of the skarnet.org
mailing-lists, has been broken for... forever, resulting in an
inability to display certain messages. I tried debugging it, but
could not find out what was happening within a reasonable amount
of time dedicated to it.
A
I am trying to log the prints coming from daemons like dropbear using
s6-log, but couldn't make it.
Am I missing something?
You really need to improve on your way of asking for help.
"couldn't make it" is not an actionable report. You need to say:
- exactly what you did (you did that, good,
Since it requires individual instances of inotifyd for each service(s)
[which depends on multiple files/paths modifications) to get started]
Have you tried it and noticed an impact on your boot times?
(AKA: "Profile, don't speculate.")
--
Laurent
inotifyd (or something similar) + s6-svc (or s6-rc)?
Thought of the same but I have many such services;Just thinking of cpu
overhead during the initial boot up.
What makes you think this would have a noticeable impact on your CPU
load?
--
Laurent
(Apologies for the broken threading, I originally sent my answer with
the incorrect From: and it was rightfully rejected.)
I do not really understand their excuse here. CLI incompatibility is
trivially solvable by creating links (or so) for `halt' / `poweroff' /
`reboot', and even the `shutdown' command can be a wrapper for an `atd'
based mechanism.
The options! The options need to be all compatible. :) And
Services can fix their own permissions so if s6-rc is going to grow that
functionality it should be in the generated run, not in some rarely used
outboard helper service.
As answered on IRC, for ML completeness: no, because permissions should
be fixed when the supervisor starts, not when the
The s6-svperms is a great feature but it only handle permissions control of a
service at runtime. That means that we need to change the permissions of the
service everytime that a reboot occurs.
For a server, this is not really a big deal but for a desktop machine this can
be really hard to
Is there a way to set a timer option on a particular service 'X', so that
'X' gets restarted for every timer seconds ?
You can achieve that with another service that just sleeps for
'timer' seconds then sends a s6-svc -r command to the service you want
restarted.
--
Laurent
For the normal case you are absolutly right. But with stage 2 as a service
you have a race condition between stage 2 and s6-svscan-log. The usual
trick for stage 2 solves this problem.
Ah, now I get it: stage 2 must not start before the catch-all logger
is ready, so you open the fifo for
1 - 100 of 501 matches
Mail list logo