Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
etc
 
 
 
 
 
 

README.md

Devuan + Runit for Amazon EC2

"Do one thing, do it well." - Doug McIllroy

"Do everything, do it in PID1" - systemd

About

htop

This project aims to provide a viable alternative to the systemd-monotheistic AWS offering. The goal is to track progress and maintain documentation for a fast, stable and secure general-purpose operating system for Amazon EC2.

Devuan seems to be the practical and stable choice for administrators running servers in datacenters. Devuan which runs SysVinit by default was modified to use Runit as init and PID1 process. The AWS EC2 specific code is in this repository, the runit-init infrastructure is in the runit-base repository, and the installation/update scripts are implemented as modules of Simple Installer.


Why bother?

Because of systemd and its real world performance: http://cloux.org/init/#systemd

systemd became the single most widespread Linux init system. And it doesn't just do init, it also does login, pam, getty, syslog, udev, cryptsetup, cron, at, dbus, acpi, gnome-session, autofs, tcpwrappers, audit, chroot, mount(1), network management, DNS, Firewall, UEFI(2), su(3), HTTP server(4) ... and on saturdays it also does your laundry. Adopted by all major distributions, there seems to be no real alternative. systemd is not just a default software choice. Many packages depend directly on it, which makes it IMPOSSIBLE to remove or switch to something else later on. Even if you use systemd on a daily basis and everything goes well, you might want to have some alternative. So, what alternatives are available?

EC2 Linux AMI Comparison

Free-Tier Eligible general purpose GNU/Linux systems on AWS, as of 2018-03:

AMI Name Init System Category Packages EBS Size*1 Boot Time*2 (±SD) License
Amazon Linux AMI 2017.09.1 upstart Quick Start rpm 8 GB 7.2 s (±1.1) EULA
Amazon Linux 2 LTS Candidate AMI 2017.12.0 systemd Quick Start rpm 8 GB 26.6 s (±0.2) EULA
Red Hat Enterprise Linux 7.4 systemd Quick Start rpm 10 GB 13.0 s (±0.5) EULA
SUSE Linux Enterprise Server 12 SP3 systemd Quick Start rpm 10 GB 44.2 s (±1.3) EULA, Terms
Ubuntu Server 16.04 LTS systemd Quick Start apt 8 GB 10.5 s (±1.6) EULA
CentOS 7 systemd Marketplace rpm 8 GB 15.0 s (±0.8) Free
Debian GNU/Linux 9.3 Stretch systemd Marketplace apt 8 GB 7.0 s (±0.9) Free
Devuan Runit 2018-12-06 Runit Community apt 4 GB 3.6 s (±0.9) Free

*1) Smallest possible storage size for a new instance
*2) Determined by ec2-benchmark-osboot.sh, on t2.micro in us-east-1a, averaged 5 consecutive runs

This is not a comprehensive comparison. Some AMIs might not qualify as general-purpose on EC2: while Gentoo uses OpenRC and not systemd, it is limited to very few instance types. However, if it works for your use case, Gentoo is definitely worth a try.
Amazon Linux 2017.09 looks like it's running SysVinit, but PID1 uses obsolete upstart v0.6.5. Either way, this OS is considered end-of-life and should not be used for any new projects.

All major Linux distributions already transitioned to systemd. If you want to use something else on Amazon EC2, you are pretty much out of luck. This is where the Devuan + Runit distribution comes in:


Features

Currently available Devuan AMI offers:

  • Runit as init and service supervisor
  • Small footprint with only 4 GB minimal EBS volume size
  • Fast direct boot without Initrd
  • Custom compiled stable kernel from https://www.kernel.org
    • Included network drivers Amazon ENA v1.3.0K (25Gb) + Intel ixgbevf 4.1.0-k (10Gb)
  • Fully automated AMI release cycle, always with the latest kernel
  • Easily configurable logging, with all logs being textfiles in /var/log
    • svlogd used for services writing to stdout
    • socklog used as runit-compatible syslog facility
  • Preinstalled cloud-init
  • Preinstalled oomd - efficient Out-Of-Memory userspace killer based on PSI
  • Preinstalled amazon-ssm-agent
  • Preinstalled Hiawatha, advanced and secure webserver
    • Fully automated domain TLS certificate management, requests and renewals
  • Docker support: apt-get install docker.io and it's up and running!

NOTE: not everybody wants to run a webserver or amazon-ssm-agent. For convenience, these services are preinstalled and activated, since they are not directly available from the repository. If you don't need it, simply use the svdeactivate command, see service management.

Main changes

The setup differences compared to a clean Devuan installation mainly address runit compatibility with Devuan and AWS EC2 environment integration:

Preinstalled tools

# apt-get install acpid apache2-utils aptitude bison certbot cpulimit curl dnsutils ethtool eudev flex fuse gawk htop incron iptraf jq kexec-tools lsof lynx mc multitail ncdu ncftp nfs-common nfswatch nfstrace ntp p7zip-full pciutils pigz php php-cgi procmail pwgen rename rsync screen sntop telnet whois zip

Compiled from source

Sources are placed in /usr/src and /root/inst inside the AMI.


Installation

"Devuan Runit YYYY-MM-DD (Unofficial)" AMIs are available in the Amazon EC2 us-east-1 (N. Virginia) region in the Community AMIs category. This git repository serves as documentation and development base for Devuan AMIs inside AWS EC2, and cannot be directly used for AWS management, installation, or upgrades.

Why 'Unofficial': This project is not affiliated with the official Devuan GNU/Linux distribution in any way.

How to find freshest AMI ID with awscli and jq:

aws ec2 describe-images --region us-east-1 --owners 771240843992 --filters 'Name=name,Values=Devuan Runit *' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId'

Vagrant

The Vagrant base box is available for download at https://app.vagrantup.com/cloux/boxes/ColibriOS

This image is built by the same principles as the AWS EC2, featuring:

  • Rebranding to ColibriOS
  • Small image size ~200 MB
  • Direct boot without initrd
  • Kernel optimized for VirtualBox
  • Many tools including oomd, wireguard and sin

NOTE: Unlike AWS EC2, the Vagrant images are not released automatically with each new kernel. New releases are available ad-hoc, depending on the amount of accumulated fixes.


Usage

A few useful commands to get you up and running quickly.

Login

  • The default SSH user is admin
  • For an easy access, use ssh-login
    or use the command ssh -i INSTANCE-KEY.pem admin@INSTANCE-IP

Runit service management

In addition to standard Runit service control, these commands were added for convenience:

  • svactivate - include and start services in Runit supervisor
  • svdeactivate - stop services and disable supervision
  • svstat - show status of a service, or all supervised services when run without parameter

System Updates

Updates and additional installations outside of the repository are available through the Simple Installer:

  • sin kernel - compile and update the kernel from latest source on kernel.org
  • sin install oomd amazon-ssm-agent - update the oomd and ssm-agent from source

License

This work is free. You can redistribute it and/or modify it under the terms of the Do What The Fuck You Want To Public License, Version 2, as published by Sam Hocevar. See http://www.wtfpl.net for more details. If you feel that releasing this work under WTFPL is not appropriate, since some of the code might be derivative and thus possibly breaking some other license... just do WTF you want to.

Trademarks

"AWS" and "Amazon EC2" are registered trademarks of Amazon.com Inc., "Devuan" is a registered trademark of the Dyne.org foundation, "Debian" is a registered trademark of Software in the Public Interest Inc., "Ubuntu" is a registered Trademark of Canonical Inc., "SuSE" is a registered trademark of SUSE IP Development Ltd., Red Hat is a trademark or registered trademark of Red Hat Inc. or its subsidiaries, Linux is a registered trademark of Linus Torvalds. All other possibly and impossibly mentioned trademarks are the property of their respective owners.


Author

This repository is maintained by cloux@rote.ch

Disclaimer

I am not involved or in any way affiliated with the development of any particular init system. I do not participate in any public discussion or flamewar about init. I am not a fanboy, nor a hater. I do not have any personal feelings towards any init, or any other software, or its developers. As a sysadmin I could not care less which init system is in use, as long as it works. Also, I do not claim fitness of this project for any particular purpose and do not take any responsibility for its use. You should always choose your system and all of its components very carefully, if something breaks it's on you. See license.

NOTE: Much of the Runit base structure is "borrowed" from the void-runit, and modified to integrate with Devuan inside cloud environment.

Contributing

I will keep this project alive as long as I can, and as long as there is some interest. This is however a private project, so my support is fairly limited. Any help with further development, testing, and bugfixing will be appreciated. If you want to report a bug, please either raise an issue, or fork the project and send me a pull request.

Thanks to


About

systemd-free GNU/Linux for AWS Cloud Environment

Resources

License

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.