Show HN: Interactive systemd – a better way to work with systemd units

ww520|1 year ago

Looks nice.

One thing I found systemd really confusing was its treatment of ExecStop in a service script. ExecStart is the command to run when systemd starts the service at system boot up (or when a user tells systemd to start the service). However, ExecStop is run when the starting command has finished running. You have to set RemainAfterExit=yes to have the desired function of running the stop command on system shutdown or on user stopping the service. ExecStop is basically the "on-cleanup" event rather than "to-shutdown-the-service" event.

Cyph0n|1 year ago

I think about them as “on start” and “on stop”.

It is important to keep in mind that systemd is tailored towards daemons. So if your service just runs a command that eventually exits, you need to explicitly tell systemd to treat it differently than a daemon.

Edit: As others noted, you’re probably looking for oneshot + RemainAfterExit.

yread|1 year ago

ExecStop works the way you want for type=forking

wasted_intel|1 year ago

Love this. I use raw CLI commands until it hurts, and have recently embraced tools like lazygit/lazydocker to get visibility into otherwise opaque system/tree states, and it’s been a huge level-up.

I have several user and system level services I manage, but debugging them is tedious. Your opening line that lists common commands and their pain points really resonated with me.

I’m on NixOS, so editing immutable unit files directly won’t work, but the service discovery, visibility, and management will be really helpful. Nice work!

kai-tub|1 year ago

I am also a NixOS user and this is exactly what motivated me to work on this project!

I am planning on adding some "guides" in the documentation but in short: You should check out `systemctl edit --runtime` for debugging units on NixOS. It makes debugging sooo much easier.

ripley12|1 year ago

This looks very good, thanks for sharing! I maintain a similar project and working with the systemd/dbus APIs has been pretty painful; eager to try this and see what I can learn from it.

https://github.com/rgwood/systemctl-tui

gurgeous|1 year ago

This is incredible! I will use this a ton. Only thing missing is a deb package...

Fnoord|1 year ago

At long last, systemd-client: merry meet! Next step is such a TUI for non-Linux such as macOS, FreeBSD, Windows. For macOS I use LaunchControl.app but it isn't a TUI.

Just one thing: I had to do

  $ uv tool install git+https://github.com/isd-project/isd

instead of

  $ uv tool install https://github.com/isd-project/isd/isd@latest

and uvx wouldn't work at all, version: uv 0.5.21. That said, uv is way more quick than pip(x) so I just switched.

kai-tub|1 year ago

Yeah, silly me. It is fixed now, thanks for letting me know!

mahoro|1 year ago

So cool that with uv it becomes so easy to install such tools.

What's missing in the install routine is uv installing this tool ignoring the Python dependency. My box has 3.10 and isd won't work with it. Fixed with `-p 3.13` option. May be worth mention in the docs.

kai-tub|1 year ago

Hey, thanks for mentioning this! I have included the flag in the docs.

johnchristopher|1 year ago

> If you ever became frustrated while typing:

Hey, that's me ! (And I love systemd !)

I haven't installed it yet so quick question: can it connect to remote host ? I often use systemctl --host <hostname> status foo.service (status, timers, logs etc. )

kai-tub|1 year ago

Dang. I have never heard of `systemctl --host`. Sadly not. It is more or less a fancy wrapper around (the local) `systemctl`. But there is also an appimage that should make it (hopefully) easy to run it on remote servers.

Either way, feel free to open an issue and I will have a look at it.

throeurir|1 year ago

I can not install this stuff on remote servers and docker images. I would like multiple backbends to execute commands and gather informations (local, ssh, docker).

It should be installable locally, and run commands on remote machine via ssh! And via 'docker exec' commands.

jchw|1 year ago

> If you have nix installed, this AppImage will not work! Either use the nix or uv installation instructions!

Is this really true? I understand why it does not work on NixOS (I tried just out of curiosity and it seems like it is unable to exec the host systemctl for some reason) but I don't think there's any reason it wouldn't work on other OSes that merely have Nix installed.

Interestingly though, on Nix v2.24.11, I can't use the provided Nix command either:

    $ nix run https://github.com/isd-project/isd
    error:
           … while fetching the input 'https://github.com/isd-project/isd'
    
           error: Failed to open archive (Unrecognized archive format)

Even if that did work (you could adjust it into a Git URL to make it work) it would probably not be ideal since Nix has a native GitHub fetcher that is more efficient. I think this should be the actual Nix command:

    nix run github:isd-project/isd

Anyway, this is cool. I actually wanted to make a similar thing using systemd's DBus API and Qt instead of a TUI and even started writing code for it, and if you wanted to I'm sure you'd find that the DBus API probably provides all of the functionality you would need (admittedly it is a lot easier to just call `systemd -H` than to implement your own SSH tunneling, though.) It kind of frustrates me that systemd and modern Linux in general is absolutely teeming with data and interfaces that could be exposed and make administering systems, especially desktop systems that were traditionally very inscrutable, much easier. e.g. in the past, how did you know what was going on when an xdg autostart app failed? Now with systemd running xdg autostart apps in some desktops, it would be really easy to provide a GUI that can show you the failed autostarts and even provide a GUI log viewer, and yet somehow, such a tool does not seem to exist, at least in the realm of things that are maintained and relatively feature-complete. Rather frustrating.

kai-tub|1 year ago

> Is this really true? I understand why it does not work on NixOS (I tried just out of curiosity and it seems like it is unable to exec the host systemctl for some reason) but I don't think there's any reason it wouldn't work on other OSes that merely have Nix installed.

Yeah, it get's complicated and I don't want to recommend it and explain the details. In short, I am creating the AppImage via nix. And the AppImage "mounts" (not overlays!) the AppImage's /nix/ directory. So calls from the TUI that would access /nix/ wouldn't go to the systems `/nix` directory, which leads to all kind of weird issues. For example, you could install your EDITOR via home-manager on Ubuntu. isd would start correctly because systemctl is "accessible" but if you open your EDITOR under `/nix` it wouldn't find it, which is super confusing as a user. -> So it is just easier to say to use the nix installation method if you are already using it :D

And sorry for the wrong docs, it is fixed now.

I also agree with your frustration. Personally, I would really enjoy working on such a tool but it wouldn't be an easy task, and who would support the work? This TUI had a manageable scope but it was still quite a bit of work. So I don't see myself investing too much into "higher-level interfaces".

PS: I have no idea why your post is ill-received :/

jchw|1 year ago

I am completely confused as to why this comment seems to be poorly received. Can someone explain?

elric|1 year ago

Looks great, well done. It's a shame that it's needed at all. The vast majority of my interactions with systemd are trivial: (re)starting a service, looking at a log file to figure out what's wrong, and making sure a service starts on boot. I find it baffling that the ergonomics of systemd for those common tasks are so lacking. But the TUI seems to help, so thanks.

And sure, systemd it's more deterministic and includes the kitchen sink, unlike initd.

Thankfully these days I can automate most of such interactions out of existence, so I no longer feel the burning hatred that I once did. More like a smoldering ember.

kai-tub|1 year ago

I mean, I get why they don't want to "bloat" systemd with a complex/opinionated TUI, but I would've also really liked a more "upstreamed" interface. Though, I guess making systemd more beginner-friendly/accessible is not really that important for their funding?

gchamonlive|1 year ago

How's security handled? Not in terms of system permissions which Linux handles well, but in terms of guarantees that it can't be hijacked and remotely controlled by an external attacker.

kai-tub|1 year ago

Author here: I also find this an important thing to ask yourself when you are running applications/scripts that do anything with sudo and which is why I have written a fairly in-depth "Security" section on the isd documentation page:

https://isd-project.github.io/isd/security/

Let me know if anything is missing!

crabbone|1 year ago

On search and editing system unit files:

1. My life improved a lot after I found that you can do "systemctl status $PID" and systemd will find what service (if any) is responsible for the process in question. This has been a life saver many, many times. But, more search would still be welcome, especially for cases when the system fails to boot, or fails to reach a particular target etc.

2. I think systemd didn't go far enough with unit files. The motivation was to escape the hell of Shell scripts, where each system was defined in its own unique way, and was failing in a dozen of unique ways. While, initially, it might have seemed that a simple INI-style format could manage to describe service requirements... I think, it's way overdue to realize that it doesn't. And sysadmins on the ground "fix" that by embedding more Shell into these configuration files, bringing us back to the many unique ways a service will fail. Perhaps, having a way to edit these unit files so that it doesn't expose the actual format may lead to improvement in the format (more structure, more types, templates).

hedora|1 year ago

This looks almost as easy to use as slackware’s init/syslog back in the Linux 0.9x days.

If you add a sane cli with tab completion support, it’ll come full circle.

jonwest|1 year ago

Maybe a bit of a gross simplification, but would you say this is analogous to something like k9s for Kubernetes? It looks handy, to say the least.

wint3rmute|1 year ago

That was my first thought as well, seems to fill a very similar niche, just for systemd instead of kubernetes

kai-tub|1 year ago

I have never used or touched k9s nor Kubernetes, so... Maybe?

renewiltord|1 year ago

Haha this is great. It’s funny that others also end up doing this enable, start, journalctl, start dance. Good stuff. I shall try it.

My only problem is that I wish there were a way to install it on my machine and have it connect to a remote systemctl but that probably is a lot of work to reliably work (port may not be open etc etc).

kai-tub|1 year ago

Maybe it is possible with `systemctl --host`... Though, I would have to make quite a few changes to the UI design since it would mean that there are "multiple modes". One for local and multiple remotes. So... Check back in a month or so :D

willm|1 year ago

Nice! How did you find working with the Textual library?

kai-tub|1 year ago

It was great! The extensive documentation and the vast amount of widgets were definitely the main reasons why I have chosen to do it in Python/Textual rather than other languages/libraries.

Though I don't agree with all design decisions, and there are some bugs, having such well-maintained documentation and clean repo makes it easy to dive into the project and understand what is going on and how other components are built.

Thanks for the library!

yonatan8070|1 year ago

Looks super cool, I've been working quite a bit with systemd recently, and typing systemctl and journalctl + their flags gets old rather fast.

Can it connect to remote hosts like you can with systemctl --host?

airstrike|1 year ago

This looks super well done and polished. The rich docs are crazy detailed for something that was just released. You're really setting the bar for what other projects should do. Congrats!

kai-tub|1 year ago

Thanks!

I've put quite a lot of work into it and wanted the project to give a good first impression. This was important to me since I believe these "niche" TUI libraries need to immediately show what problems they are solving or how they save time, as users need a reason to _use_ an additional abstraction layer.

egberts1|1 year ago

Keep in mind, systemd is still a default-allow access control list (ACL) and has a very long road ahead in form of Linux security, as long as CAP_SYS_ADMIN continuea to exist.

May make it easier to customize but it doesn't close the security loopholea like SELinux, GRSecurity, TOMOYA, or AppArmor does.

https://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecu...

surajrmal|1 year ago

Honestly it's not all or nothing. It really depends on your threat model. If you assume all native code is both not malicious and incapable of being compromised to run untrusted code then the existing model works. At that point it's more important to focus your security efforts on how native code ends up running, and therefore the distro specific packaging ecosystem.

Now for many that threat model is not sufficient as they both run increasingly less trustworthy software, obtained by less trustworthy mechanisms such as npm or off a website, or simply want to protect against bugs that cause otherwise non malicious software from being compromised and resulting in security incidents. I'm in this latter camp but we can't ignore the fact that there are many who happily operate in the former. There also exist solutions such as we browsers with their sandboxes and VMs that somewhat fill the requirements for running untrusted software for these individuals.

detuur|1 year ago

Yes yes and a reminder that BSD Jails are better than anything Linux does and a bunch of other dead horses we like beating on the regular around here.

Which is a fanciful way of saying that I don't understand the relevance of your comment at all to the topic at hand, which is an interactive frontend.

alduin32|1 year ago

This is amazing, I had a bunch of work to do on some remote hosts this night and tried using isd as much as possible, to see how it can help me.

Some feedback :

- it is.. relatively slow ? especially when focusing on different panes (tab/shift+tab). on my machine it takes at least half a second to react

- the unit list is missing page-up/page-down handling

- in some unit attributes, the ordering of some values frequently changes (for example, on unstarted services, in `TriggeredBy`)

- it could be interesting to integrate the output of `systemd-analyse security`

Nice work !

kai-tub|1 year ago

- That the tab pane switching is the slow part is a bit weird. Is there a difference when you see all units and a subset of units? Maybe open an issue and I can provide more possible settings that could be changed.

- Jep, page up/down handling will be added. Thanks!

- Not quite sure when this happens. Maybe an example screen shot (before/after) could help?

- Yeah, that is definitely on the roadmap.

larusso|1 year ago

Need to see this in action. The example videos overuse the fuzzy search for commands in my opinion. Makes it hard to concentrate what the actual action/information is when a huge part of the screen changes. Not to say I don’t like fuzzy searchable command prompts. But it can be clearer to either just type out a command or have a menu system. As I said I need to check this out in action for myself.

cdiamand|1 year ago

The security section is good to see. Thanks for that!

kai-tub|1 year ago

Funny that you mention that. I honestly thought not too many people would care about it.

Though I am by far no security specialist. Please let me know where I can improve the section!

Saris|1 year ago

Isn't `service nginx status` a shorter way to do it? I've always done that instead of the longer systemctl commands.

rglover|1 year ago

Thank you for shipping this. Need to test it but going to add this to the deps bundle for my deployment service (relies heavily on systemd). Looks like it would make day to day maintenance/debugging far less of a headache.

marginalia_nu|1 year ago

Looks very useful. Standard tooling for systemd is such an annoying maze to navigate.

udev4096|1 year ago

This would be extremely helpful. Although, I would love a feature where you can add different linux hosts and manage them all from a single place, using ssh

eliaspro|1 year ago

Most systemd functionality has built-in support for targeting remote hosts and local machines (containers, VMs) and mostly utilizes SSH under the hood to do so.

Check the -H and respective -M flags of many systemd CLI utilities.

greenavocado|1 year ago

I use systemd heavily. I'll definitely check this out!

kai-tub|1 year ago

Happy to hear!

Please open an issue on GitHub if you encounter any silly alpha issues.

amelius|1 year ago

Is there any way I can run a service before a given other service AND as late as possible (without rewriting the other service's unit file)?

distype|1 year ago

You can override the other unit without rewriting. Place you config here.

> /etc/systemd/system/<unit>.service.d

I've used PartOf to enforce "dependency". Lots of other ways to enforce order and dependency once you have the override in place.

alpb|1 year ago

Why have you picked Python for this project? I feel like Rust/Go have better TUI ecosystems and the ability to use native bindings.

kai-tub|1 year ago

Hey, mostly because the underlying TUI framework (textual) is _amazing_.

Not gonna lie, I am not a big fan of Python anymore because of the dependency hell you can run into when working with CUDA libraries but uv is a breath of fresh air and textual is just sooo easy.

Don't get me wrong, I am not saying that I would never consider rewriting it in Rust or Go, but the documentation and guides from Textual were great resources and the creator, Will, also seems like a really nice guy :D

Edit: To be explicit, I believe that Python has currently the most advanced and accessible TUI ecosystem. At least, that was my impression after checking a few examples on an afternoon.

btbuilder|1 year ago

The switching of command and service in the argument order from the init script days still catches me out.

foo restart vs restart foo

rwarfield|1 year ago

I absolutely love this, and love it even more because of the Nix integration. Fantastic job.

geenat|1 year ago

Out of curiosity, any tools that provide a systemd gui minus the fzf dependency?

heywire|1 year ago

This looks very nice, I’ll have to give it a try!

johng|1 year ago

This looks really well done. Congratulations!

IshKebab|1 year ago

Is there no GUI for SystemD?

abdellah123|1 year ago

kudos, this is super neat and useful !! Thank you

owyn|1 year ago

This looks neat. I have to look up the very fiddly and unintuitive systemd commands all the time. service start? service.foo start? start foo.service? Oh right, sudo systemctl start service.foo

And the feedback is so bad. It should know everything in its own config dir and tell me how to do what I want to do. Was it enabled? I forget. How do I look at logs? Oh right journalctl. Also the layout of things with lots of symlinks and weird directories in places that annoy my 90's linux sysadmin brain. Why am I looking at /lib/systemd/system

I am annoyed by the redundant "systemd/system" directory name every time I have to go there. At this point, just promote it to /etc/systemd and build a better CLI.

As a very occasional linux sysadmin just trying to make things work, the "typing at a console" systemd interfaces are not fun to work with. Maybe nobody should be doing that. In an enterprise, sure that's different. I think interfaces should be human, and linux should still be fun.

pkkm|1 year ago

> I have to look up the very fiddly and unintuitive systemd commands all the time. service start? service.foo start? start foo.service? Oh right, sudo systemctl start service.foo

I don't get this complaint. It's the same order as almost every other command-line utility that has subcommands: <command> <subcommand> <thing to operate on>. To me, that kind of consistency is very intuitive.

    systemctl stop my-service
    systemctl status my-service
    git add my-file
    git remote remove upstream
    apt install my-package
    docker run my-container
    adb push local-file remote-file

zamadatix|1 year ago

My biggest annoyance is "systemctl status" gives you just enough of the service's log to make the output take up most of the terminal each time you run it but never enough of the service's log to get a useful picture of what's actually happened with the service lately.

Not to mention unless the problem with the service completely prevented it from running (it advises some commands to run in that case) you're supposed to just always remember "journalctl -xeu $SERVICE" was the incantation, less you want to go look up the flags again or manually parse the entire "journalctl" output.

Overall I generally like systemd though. The syntax can just be a burden sometimes.

Denvercoder9|1 year ago

> I am annoyed by the redundant "systemd/system" directory name

It's not redundant, you also have /etc/systemd/user (and /lib/systemd/user) where units that run in the user context (as opposed to system-wide context) are stored.

greenavocado|1 year ago

This is why I have instated a policy of using systemd --user services whenever possible.

If you don't need elevated permissions this is ideal.

All you have to do is enable linger using loginctl if you want your service to auto start as the user on boot unattended.

Your user services live in ~/.config/systemd/user

rcxdude|1 year ago

I find that at least systemd means that it's consistent across distros. I spent way more time looking up this kind of thing when every distro rolled their own init system.

kai-tub|1 year ago

Author here: Yeah, I agree.

It is a bit weird. On the one hand, I understand that it makes sense to have [command] [verb] [object] on a "logical" level and that viewing logs should be a separate command (`journalctl`), but it is definitely not ergonomic. Especially if you frequently have to switch between start/stop/restart.

> As a very occasional linux sysadmin just trying to make things work, the "typing at a console" systemd interfaces are not fun to work with. Maybe nobody should be doing that. In an enterprise, sure that's different. I think interfaces should be human, and linux should still be fun.

This was precisely the case for me. I "enjoy" playing around with systemd and am super interested in better understanding it, but the feedback loop just felt sooo slow. So hopefully this TUI can make it "fun" again :)

kjkjadksj|1 year ago

It is a bit crazy to me how everyone says “dont use cron systemd is in now” but cron just does what it says on the tin with no problems. I have lines that work fine ran in script or on my crontab but when wrapped in a launchd command no longer work (log says things work until the db is to be updated which tells me launchd ran processes lack sufficient permissions perhaps to update my db but its not clear why this is the case or how I can elevate launchd sufficiently.

noumuon|1 year ago

Fiddly and unintuitive? A lack of exposure to something does not really allow room for valid criticism of the thing.

Just a tip, if you remember the service name, status will show the directory the unit file is in. That will hopefully get you over your issues with directories. Complaining about Linux directories seems weird though. Have you looked at... anything else at all?

PhilipRoman|1 year ago

I just wish systemd allowed abbreviations for the subcommands, like "ip" (and git, for long options).

SoftTalker|1 year ago

By the time you have it all memorized, they'll change it. Again. Because... because.

mixmastamyk|1 year ago

I haven’t had much trouble with the cli, but it is kinda wordy. I made this alias:

    alias sc='sudo systemctl'

Now it matches the sc utility introduced in Windows many years back. Then remember the verb goes first.

BrouteMinou|1 year ago

I am going to be that guy, but I went full runit for similar reasons.

Give me files for my logs, give me a single place for my service definitions, be simple.

After years of systemd, I have never really "got it", while it took a weekend for runit.

It's not always our choice, corporate world is something else, I know...

unknown|1 year ago

[deleted]

egberts1|1 year ago

Why did a single person tossed out decades of CLI wisdoms devised by many gray-beards?

Bring back the verb-last CLI.

    systemctl rsyslog stop
    systemctl rsyslog start

Don't be suggesting `^op^art` over up-CtrlW This is worse than pacman.

crabbone|1 year ago

Because this is awful? The way most other tools work is <command> <subcomand> <sub-subcommand> --option=argument argument.

There are so many ways to recall the command you typed from history... I don't understand your complains at all.

zbentley|1 year ago

I think this isn't shoddy engineering; I think you disagree with a design tradeoff that was consciously made here.

If CLIs are designed around facilitating the easiest means of editing the most commonly-edited word, different programs will end up with semantically very different CLIs. In some programs, the "noun" (e.g. file path) will be the thing most frequently edited. In some others, like systemctl, it'll be the "verb", like start/stop. That means that different programs designed around this principle will be semantically extremely inconsistent with each other.

On the other hand, if consistency of "base_command sub_command --subcommand-arg sub_sub_command --option argument" is taken as the guiding principle, many different tools will act semantically similarly. This enables unfamiliar users (talking first-time users or people who have just opened the manpage for the first time) to intuit the right way to present commands to those tools, rather than expecting them to memorize (or re-look-up as needed) each one's specific semantics.

While there's merit to both, I think the second one--systemd's CLI approach--is better. Put another way: the user-centric and consistent (with other applications) design are sometimes at odds in this way. A tool that is hyper-focused on optimizing the most common tasks for its (power) users risks oddball status and hostility to new users. It's important to pick a point on the spectrum that appropriately balances those two concerns. Python ("There should be one-- and preferably only one --obvious way to do it") and the Apple HIG ecosystem both understand the truth of this: that it is sometimes necessary to trade away efficiency for familiarity/consistency. There's a reason Perl languished while Python grew.

Like, I get it. I've been a sysadmin/devops for decades, and the paper cuts add up. But it's easy to forget the paper cuts I'm not getting: modern tools are (generally, with exceptions) more consistent; there are fewer commands that are resistant to memorization and need to be looked up each time; fewer commands that lead to questions like "wait, is it 'cmd help subcommand', 'cmd --help subcommand', or 'cmd subcommand --help'? Am I going to have to Google how to get the help output of this command?"

somerandomqaguy|1 year ago

Cause you can manipulate multiple services in a single command? Not a big deal when you're looking at one or two services but when you've got a 5 to 15 interlinked and interdependent services and in situations where you may not want to restart everything, it's nice to just have one CLI with tab completion to deal with that.

BenjiWiebe|1 year ago

Are there other cases of verb-last besides pre-systemd init systems?

apt-get/yum/dnf install foo git add file

And the normal CLI utilities: rm/touch/cat/ls/mv/cp etc are all verbs, and they act on nouns that come last.

unknown|1 year ago

[deleted]

204 comments