hoakley September 27, 2022 Macs, Technology

Should you run a Linux server on Apple silicon?

No sooner had the pixels dried on yesterday’s article, about running a server on Monterey, than I was being told that I had disappointed by not recommending a Linux server, particularly for Apple silicon Macs. While some may find solace doing that, this article explains some of the obstacles you need to negotiate.

Boot into Linux

There’s only one way to boot an Apple silicon Mac into Linux, and that’s using Asahi Linux. This is currently available in alpha, and runs on several M1 and M2 models using its own bootloader, designed for dual-booting a Mac between Linux and macOS. There’s also support in OpenBSD, if you’d prefer.

What you then get is a full Linux distro, with support for almost all the hardware of your Apple silicon Mac. To learn how to set this up as a server, there’s ample Linux support material. As Asahi runs instead of macOS, Rosetta 2 isn’t available to translate x86 binaries, and only ARM native code can be run without the likes of QEMU.

Virtualise Linux in macOS

Of the two major commercial virtualisation products, only Parallels Desktop currently supports virtualising Linux on Apple silicon. Version 18 supports ARM versions of Ubuntu Linux, Fedora Workstation, Debian GNU/Linux, and Kali Linux. UTM supports a wider range of distros, but of course can still only virtualise those built for ARM processors. I don’t think that either Parallels or UTM currently support the use of Rosetta 2 to run x86 binaries within the VM, although that feature may be available when hosted on Ventura.

Ventura is also expected to bring several new and free lightweight virtualisation apps to run GUI Linux with Rosetta 2 support, among them my own Liviable, which has been working well in Ventura beta-releases. The same macOS framework also supports Linux from the command line in Monterey and later, although I’m not aware of any pre-built command tool that uses it, yet.

One major limitation of Linux VMs on Apple silicon is their inability to use core allocation strategies in the way that macOS does. Virtual CPUs (vCPU) are allocated for guest operating systems as if each vCPU was a thread running at high Quality of Service. There’s no way for the guest operating system to elect to run background services on E cores, for instance. This is shown in the example CPU History window from the host’s Activity Monitor below.

liviable21

Here I’m running two Linux VMs, each allocated 3 vCPUs and 8 GB of memory, within macOS Ventura. Processes running in those VMs are being run on the 8 P cores, labelled as Cores 3 to 10, with some virtualisation and macOS support running on the lightly loaded E cores. Neither the VMs nor the user can transfer any of the VM processes to run on the E cores, except as overspill when the P cores approach maximum active residency. In effect, the 10-core M1 Pro is running as if it was little more than an 8-core SMP processor, like the Intel Xeon in my iMac Pro.

This is worse on a Mac using the original M1 chip, which has only 4 P cores. With no way of knowing which threads to run on which type of core, using 6 vCPUs for Linux VMs would end up running some of the processes in the VMs on the E cores, with much of the host macOS, which could have unexpected effects on performance.

This is an important difference between Linux VMs and booting an Apple silicon Mac in Asahi Linux, which gives full control over the use of the cores.

macOS services

There are some important services that can only be hosted on macOS. The most widely used of these, and irreplaceable for many, is the Content Caching server, which not only provides macOS and App Store updates, but also iCloud content to Macs and devices.

One advantage of virtualising your Linux server in macOS is that the host operating system can still support Content Caching, provided that sufficient core capacity and memory remain.

While backup storage, particularly that for Time Machine, is well supported on non-macOS systems using sparse bundles with SMB, backups over a network are susceptible to performance bottlenecks, and the first full backup can take several days unless the system has been carefully optimised.

Server restart

Relying on a virtualised Linux server makes it impractical for the server to restart automatically in the event of the Mac restarting. This may change with the availability of suitable command-line virtualisation, which could be configured to launch automatically after startup. But current virtualisation software is largely reliant on user interaction with GUI Linux distros. The only potential exception to this is UTM, through its underlying use of QEMU.

If your server is running headless, a start up or restart would require you to connect to the server from another system, log in, launch the virtualiser, then select and launch the VM before its services would become available again.

System administration

If, as the macOS kernel proclaims proudly, XNU is not Unix, then a Linux server isn’t macOS, not in the slightest. Even when managed using GUI utilities, Linux does things differently, and you’ll need to learn how to manage your server, and where to obtain information in the event of problems. For some Mac users this proves straightforward, but for others it just never works out.

Whatever you choose, I wish you success.

19Comments

Add yours

1

Joss on September 27, 2022 at 11:38 am

I’m running Ubuntu Server on a small x86-64 mini desktop by Dell with an i5 and 16 GB RAM plus 2 TB SSD internal. Rock solid. Wouldn’t want to tinker with Linux on Apple hardware, though it is interesting to see what’s possible.

LikeLiked by 1 person
2

hstriepe on September 27, 2022 at 4:32 pm

I use my Synology NAS for VM server applications that are Unix or docker appliance based. The CPU on my DS1920+ is not that powerful but has plenty of capacity for background tasks. It supports 20GB of RAM, which is beyond the officially supported limit of 8GB but has not given problems to anybody that has tested it.
My favorite VM application is the Home Assistant, which provides a HomeKit bridge for unsupported devices like my Ecowitt Weather station, WAC ceiling fans, old Harmony remotes, and pool controller. They allow show up in my Home panels.
There are also direct DSM (the Synology OS) application packages like Apache for HTML server staging and testing. A favorite app is CloudSync. For work and private life, I use several cloud drives like Box and DropBox. They are set up as shared folders that are automatically synced, which allows me to keep resource hogs like DropBox off my client Macs. I just mount the shared folders and copy from and to these.
Of course, the NAS also acts as a TimeMachine target. Alas, since it is NOT a Mac, I have to use an older Mac Mini for Content Caching. But the also serves as a media and zoom box for my AV center, so it is not wasted.

LikeLiked by 1 person
- 3
  
  hoakley on September 27, 2022 at 7:38 pm
  
  Thank you. Yes, I think if I wanted such services, I’d look to one of the better NAS. They’re well-packaged for the consumer rather than those who want to tinker with or develop using Linux, and many now work beautifully with Macs.
  Howard.
  
  LikeLike
4

hstriepe on September 27, 2022 at 4:33 pm

And I do wish this comment system would add the capability to edit!

LikeLiked by 2 people
- 5
  
  hoakley on September 27, 2022 at 7:39 pm
  
  I’m sorry, but it’s not a feature that is within my power.
  Howard.
  
  LikeLike
6

Sebby on September 27, 2022 at 6:45 pm

I take it that “commercial” means “commercially available”. VMware Fusion is still in tech preview, and does support Linux ARM VMs on Apple Silicon, of course. Also, it supports auto-start of VMs, so you can indeed reliably restart your Linux server. (It does not yet support user configuration of devices to attach on start though, sadly, which would make it even more useful.) I do indeed look forward to a modernised CLI tool, preferably an official one, for doing Linux VMs in a much more efficient and automatable way, but right now the closest contenders are probably LiMa and vftool.

I look forward to using Asahi as a full-time server. I’d love macOS to get better, too, but there’s no denying the simple joy of using all of a system’s resources for your server purposes. My 2012 Mac Mini is running Linux full time, has been for a while now, and will probably do so until I either retire it or it catches fire.

LikeLiked by 1 person
- 7
  
  hoakley on September 27, 2022 at 7:42 pm
  
  Thank you. I think ‘tech preview’ equates roughly to beta, which means that you can apply to join the programme, but it’s not yet a product you can purchase. While we expect VMware to release this in their Mac product later this year, there’s no guarantee that they will. I’m also unsure whether it supports Rosetta 2, does it?
  Howard.
  
  LikeLike
  - 8
    
    Sebby on September 28, 2022 at 6:53 am
    
    No, no Rosetta as that needs Apple’s file sharing virtio device and hence virtualization.framework. I’m not sure about other binary translators, though those don’t seem to work on Asahi either.
    
    Anyone with a VMware account can get the preview; no special enrollment requirement. Of course, one is probably meant to follow the discussions in the community forums etc. and in fact there is some documentation you might find useful there, but the Linux support is pretty well dusted now, especially if you use a recent distro, at least for servers and simple GUI setups (no 3D, I think, but that’s coming later).
    
    The current Tech Preview is a universal app, so I think it’s fairly clear that this is what the next release looks like. If anything gets pulled, I imagine it’ll be Windows support, which right now is very rough and ready, indeed.
    
    LikeLiked by 1 person
    - 9
      
      hoakley on September 28, 2022 at 8:37 pm
      
      Hmm. That pales in comparison to Parallels, which seems to run Windows 11 for ARM very nicely indeed, offers a fair range of Linux ARM distros, and of course macOS, which VMware doesn’t seem to want to support at all.
      Howard.
      
      LikeLike
10

Andrew Reilly on September 28, 2022 at 7:20 am

While XNU might say that it isn’t Unix, Darwin is (or at least was) one of the few remaining UNIX’s that could legitimately use the name, since Apple had it pass the necessary compliance tests. Perhaps they’ve stopped doing that, but it still seems to be pretty Unixy to me. I still think of it as the best Unix workstation ever built.

And as such, I was confused by your article about servers yesterday, just as I’m a bit confused about the “use linux” response today. Perhaps you mean something different when you say “server” than I do? To me a server is a network-facing process that runs (usually from startup) and performs a service until shut-down or told not to. MacOS runs a bunch of them, either by default or with a little prodding. I run the sshd on all of my macs so that I can log into them remotely: that makes them all servers. I run a little third-party service on this one that interacts with my network audio system, and I start it from launchd as a service. I believe that file sharing over SMB is still available to turn on.

All of the Linux services that you could usually choose to run on linux machines are available in both MacPorts and Brew, and should run natively on Arm (M1/M2) systems.

LikeLiked by 1 person
- 11
  
  hoakley on September 28, 2022 at 8:56 pm
  
  Thank you.
  To me a server is primarily intended to provide its services to other computers, not for itself. Otherwise every workstation and client is also a server, and the term becomes meaningless.
  In this case that’s exactly what I mean: a Mac whose primary purpose is to provide services to other computers. Maybe as a file server, web server, media server, update and content caching server, DNS server, and so on.
  While you and I may be content to run such services in macOS, there are also many others who prefer to run them in Linux, even when that’s running on a Mac. One attraction of doing so on an Apple silicon Mac is that you can run each Linux server in a VM, which many users like to do, however much that might puzzle others.
  Howard.
  
  LikeLike
- 12
  
  Sebby on September 29, 2022 at 1:14 pm
  
  I certainly agree with you that the “UNIX” in macOS is still a very much worthwhile reason to use it, albeit that it has undergone a few crash tests and no longer looks like a conventional UNIX system, even by the standards of earlier releases of Mac OS X due to neglect and pointless GPL wars, tragically. It is certainly in a better place than Windows natively for running *NIX software, of course, especially with the aid of MacPorts.
  
  But on the other hand the reality of Linux’s success and dominance means that in practice it is easier to use that operating system for certain functions that are either exclusive to that platform because of kernel features (containers, superior packet filtering ALGs, etc) or because of packaged software that is maintained and available for convenient installation and updates. In some ways macOS is now in the same place that Microsoft were with their “Subsystem for UNIX Applications”, which for those who remember it provided an experience of UNIX that was superior to Windows ports or cygwin and made it possible to use useful software like Sendmail, but which could in no sense be seen as a credible alternative to Linux or even *BSD, and even despite the heroic efforts of NetBSD’s “pkgsrc” portable package system. Love them or loathe them, it was a masterstroke by Microsoft (can I still call them “M$” or “Micros~1” and be taken seriously?) to learn an important lesson and, for both WSL1 and WSL2 (the latter, of course, essentially just being a lightweight Linux VM with tight host integration) provide a Linux-compatible environment for binaries, which gave them more-or-less complete support for all the useful software (including package managers) and workflows that Linux admins expect and want. Who knows? It might be what’s behind Apple’s Linux VM virtualisation–and LiMa, for instance, would be an excellent candidate to use it.
  
  Hideously ironic counterexample: Exim (MTA) dropped support for macOS because the authors didn’t have time to maintain compatibility with it, so now it runs fine under Linux and Windows (cygwin or WSL 1/2) but not macOS. Great shame. Exim is not without its attractions.
  
  LikeLiked by 1 person
  - 13
    
    Andrew Reilly on September 29, 2022 at 9:00 pm
    
    It is increasingly the case that the GNU acronym (Gnu’s not Unix) is true. There are quite a few GNU partisans who make things unnecessarily difficult for non-Linux compatibility. I recently discovered that the author of Fetchmail had deliberately broken it’s build for systems that used the Libressl library, due to (IMO) a misunderstanding of the terms of the GPL and its relationship with system libraries. (Easily worked-around and by no means fundamental.) There are many other examples, especially around use of magic files in /proc and the (many) functions of systemd. I’ve not used exim: I moved from qmail to postfix when the former stagnated to the point of not supporting IPv6, but I’m not terribly surprised that small development teams just stick to what they have access to. This is, IMO, more Linux drifting away from Unix than the other (mostly BSD-based) systems changing. Certainly once some significant Linux infrastructure starts to require IO-uring, it will only ever run on Linux. Linux with IO-uring is not really a Unix process model at all (however good an idea it might be).
    
    Still, the fact that all of these sorts of things do in fact run inside various virtualization platforms (Ubuntu multipass is my favourite: a very thin layer on top of macOS’ native hypervisor) shows that all of these incompatibilities are not fundamental, just incidental.
    
    Also: Microsoft has been doing great work with WSL. WSL2 is just about as good as multipass as an Ubuntu environment, and I’ve been told that under Windows-11 it will support GUI applications (which is straying from the server subject a bit…)
    
    LikeLiked by 1 person
    - 14
      
      Sebby on October 3, 2022 at 5:15 pm
      
      I mean, FWIW, I’ll not disagree about systemd, and for myself continue to run with sysvinit on my Linux systems as my init system, but you need to beware the creep to *BSDs as there seems to be some envy/”modern thinking” going on there. Launchd, in any case, kind of explodes arguments about *NIX compatibility on macOS since that’s clearly a big point of difference and makes using traditional *NIX software much harder, both practically for the sysadmin configuring it and in expectations for services, even by the standards of other supervisors like daemontools by DJB (and related software), which I really enjoy using. If we had moved from sysvinit to something like S6 or runit, I would certainly have been a lot more sanguine. (I write my launchd jobs in json and then convert them to XML, because editing XML by hand is absolutely horrid.) There are other differences, yes; *BSD has kqueue() which Linux does not have, for example, and the interfaces to various kernel facilities are much tidier and more integrated and documented, if often more feature-sparse. IMO, though, there is generally no real issue of portability for most POSIX-adjacent API usage, which is true for most server software, and there’s generally respect in FLOSS circles for portability which certainly includes most of GNU’s own stuff. It’s all about management, packaging, and extra features. The desktop is certainly a different story though.
      
      You might try getmail instead of fetchmail. It’s a bit more robust, I’ve found. I use OpenSMTPD on macOS for handling system mail and queueing mail for submission upstream. It’s terrific for that. You could always use LMTP to deliver mail into a VM with your preferred choice of mail store too, of course. Unfortunately Postfix is baked into the system and it’s very outdated, and you can’t change what /usr/sbin/sendmail links to to use system software with your MTA. I sent feedback about that as FB9578556, in case you’d like to dupe it.
      
      I took a look at Multipass. Interesting, thanks. It seems to use a Xhyve/Bhyve base, so is using Hypervisor.framework as its monitor. I wonder if we’ll ever get a true “native” solution based purely on Virtualization.framework. I’d definitely love to see Apple bring something first-party to the table, even a command-line Linux-only offering, so they could compete directly with WSL.
      
      LikeLiked by 1 person
    - 15
      
      hoakley on October 3, 2022 at 7:12 pm
      
      “I wonder if we’ll ever get a true “native” solution based purely on Virtualization.framework”
      Well, I’m unsure what you’re wishing for, but Monterey already has full support for command line Linux virtualisation on Apple silicon Macs, without Rosetta 2. Ventura support extends that to GUI Linux with Rosetta 2 to run x86 binaries within them. Apple provides extensive sample code, from which I have produced my Liviable, which runs native on M-series chips.
      So what are you wishing for, as it should be possible, at least in Ventura?
      Howard.
      
      LikeLike
    - 16
      
      Sebby on October 3, 2022 at 8:18 pm
      
      Yes, essentially a modern vftool with the machine configuration fully customisable, including virtio file sharing and preferably also bridged networking. I don’t think the APIs should prevent this, if I’m reading it correctly it’s added to what is in Monterey, so just adding command line options for using them. Of course if vftool works for you now, you can still use that, but I’d love to see it keep up.
      
      LikeLiked by 1 person
    - 17
      
      hoakley on October 3, 2022 at 9:46 pm
      
      I don’t think command line configuration is suitable. There’s a lot that needs to be set, and much of it could more easily be accessed from a Property List rather better.
      Howard.
      
      LikeLike
    - 18
      
      Sebby on October 5, 2022 at 3:15 am
      
      Well, I don’t really mind how it’s done, as long as it’s feasible and especially from a launchd job so your Linux VMs can start with the system and provide supervised servers that you might need for things macOS doesn’t run natively. Obviously it won’t always be the best option, but for many of us I think it’ll be an excellent choice, especially when combined with an LTS distribution with support for automatic software updates. Right now, although close, Asahi cannot quite yet make this claim.
      
      LikeLiked by 1 person
    - 19
      
      hoakley on October 5, 2022 at 7:15 am
      
      Thank you.
      Howard.
      
      LikeLike

·Comments are closed.

Share this:

Like this:

Related