On Tue, 2014-10-14 at 19:52 -0400, David Vossel wrote:
> 
> ----- Original Message -----
> > Ok, why are you so down on running systemd in a container?
> 
> It goes against the grain.
> 
> From a distributed systems view, we gain quite a bit of control by maintaining
> "one service per container". Containers can be re-organised and re-purposed 
> dynamically.
> If we have systemd trying to manage an entire stack of resources within a 
> container,
> we lose this control.
> 
> From my perspective a containerized application stack needs to be managed 
> externally
> by whatever is orchestrating the containers to begin with. When we take a 
> step back
> and look at how we actually want to deploy containers, systemd doesn't make 
> much sense.
> It actually limits us in the long run.
> 
> Also... recovery. Using systemd to manage a stack of resources within a 
> single container
> makes it difficult for whatever is externally enforcing the availability of 
> that container
> to detect the health of the container.  As it is now, the actual service is 
> pid 1 of a
> container. If that service dies, the container dies. If systemd is pid 1, 
> there can
> be all kinds of chaos occurring within the container, but the external 
> distributed
> orchestration system won't have a clue (unless it invokes some custom health 
> monitoring
> tools within the container itself, which will likely be the case someday.)

I don't really think this is a good argument.  If you're using docker,
docker is the management and orchestration system for the containers.
There's no dogmatic answer to the question should you run init in the
container.

The reason for not running init inside a container managed by docker is
that you want the template to be thin for ease of orchestration and
transfer, so you want to share as much as possible with the host.  The
more junk you put into the container, the fatter and less agile it
becomes, so you should probably share the init system with the host in
this paradigm.

Conversely, containers can be used to virtualize full operating systems.
This isn't the standard way of doing docker, but LXC and OpenVZ by
default do containers this way.  For this type of container, because you
have a full OS running inside the container, you have to also have
systemd (assuming it's the init system) running within the container.

James



_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to