subject:"\[systemd\-devel\] dbus inside nspawn container"

Re: [systemd-devel] dbus inside nspawn container

2015-05-15 Thread arnaud gaboury

 On Fri, May 15, 2015, 4:22 PM Simon McVittie <
simon.mcvit...@collabora.co.uk> wrote:

On 15/05/15 14:17, Lennart Poettering wrote:
> On Fri, 15.05.15 14:07, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>> Maybe a stupid question, but shall every container user start a per
>> user dbus session ?
>
> We make not real distinction there. We intend to provide the same
> execution environment to processes running in a container as to those
> running on the host

Yes. As a result, you would have a `dbus-daemon --session` per user
inside the container, if and only if the same OS running on real
hardware would have a `dbus-daemon --session` per user (the "user bus"
model).

 The host is Archlinux and has dbus- daemon per user. I am the only user
and most of my services are started on a per user basis.
Container is Fedora with a few allowed admins. But I cant see any debus
user session when they are logged.

In practice this means you get a `dbus-daemon --session` per user if you
have dbus >= 1.9.14 compiled with the --enable-user-session option, and
systemd, inside the container.

 Yes systemd is managing services in Fedora 22, the container

Similarly, kdbus systems (inside or outside a container) always get a
"user bus" per user, as far as I understand it.

--
Simon McVittie
Collabora Ltd. 

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] dbus inside nspawn container

2015-05-15 Thread Simon McVittie

On 15/05/15 14:17, Lennart Poettering wrote:
> On Fri, 15.05.15 14:07, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>> Maybe a stupid question, but shall every container user start a per
>> user dbus session ?
> 
> We make not real distinction there. We intend to provide the same
> execution environment to processes running in a container as to those
> running on the host

Yes. As a result, you would have a `dbus-daemon --session` per user
inside the container, if and only if the same OS running on real
hardware would have a `dbus-daemon --session` per user (the "user bus"
model).

In practice this means you get a `dbus-daemon --session` per user if you
have dbus >= 1.9.14 compiled with the --enable-user-session option, and
systemd, inside the container.

Similarly, kdbus systems (inside or outside a container) always get a
"user bus" per user, as far as I understand it.

-- 
Simon McVittie
Collabora Ltd. 

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] dbus inside nspawn container

2015-05-15 Thread Lennart Poettering

On Fri, 15.05.15 14:07, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

> Maybe a stupid question, but shall every container user start a per
> user dbus session ?
> Host has a dbus and user session activated, shall it be same in container?

We make not real distinction there. We intend to provide the same
execution environment to processes running in a container as to those
running on the host, and that includes a per-user systemd
instance. Hence we do spawn a per-user systemd instance for each
logged in user, regardless if host or container.

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] dbus inside nspawn container

2015-05-15 Thread arnaud gaboury

On Fri, May 15, 2015 at 2:21 PM, Dimitri John Ledkov
 wrote:
> On 15 May 2015 at 13:07, arnaud gaboury  wrote:
>> Maybe a stupid question, but shall every container user start a per
>> user dbus session ?
>> Host has a dbus and user session activated, shall it be same in container?
>>
>> Thank you for hints
>
> Depends what your container is... If it is a full system
> installation/chroot the first pid inside container would be something
> like an init which may start both system and user dbus when one logs
> into it. (think VPS)

Container is Fedora server. It will deploy usual web services and many
admin users have access.
With one logged user in container:

# systemd-cgls
─1 /usr/lib/systemd/systemd
├─system.slice
│ ├─dbus.service
│ │ └─35 /usr/bin/dbus-daemon --system --address=systemd: --nofork
--nopidfile --systemd-activation
│ ├─fail2ban.service
│ │ └─101 /usr/bin/python -Es /usr/bin/fail2ban-server -s
/var/run/fail2ban/fail2ban.sock -p /var/run/fail
│ ├─postfix.service
│ │ ├─26547 /usr/libexec/postfix/master -w
│ │ ├─26564 qmgr -l -t unix -u
│ │ └─31987 pickup -l -t unix -u
│ ├─nginx.service
│ │ ├─29015 nginx: master process /usr/sbin/ngin
│ │ ├─29016 nginx: worker proces
│ │ ├─29017 nginx: worker proces
│ │ ├─29018 nginx: worker proces
│ │ ├─29019 nginx: worker proces
│ │ ├─29020 nginx: worker proces
│ │ ├─29021 nginx: worker proces
│ │ ├─29022 nginx: worker proces
│ │ └─29023 nginx: worker proces
│ ├─systemd-journald.service
│ │ └─24 /usr/lib/systemd/systemd-journald
│ ├─vsftpd.service
│ │ └─96 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
│ ├─systemd-logind.service
│ │ └─34 /usr/lib/systemd/systemd-logind
│ ├─system-container\x2dgetty.slice
│ │ └─container-getty@0.service
│ │   └─27376 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
│ ├─sshd.service
│ │ └─27394 /usr/sbin/sshd -D
│ ├─polkit.service
│ │ └─2662 /usr/lib/polkit-1/polkitd --no-debug
│ ├─postgresql.service
│ │ ├─18288 /usr/bin/postgres -D /db/postgres/data
│ │ ├─18316 postgres: logger process
│ │ ├─18346 postgres: checkpointer process
│ │ ├─18347 postgres: writer process
│ │ ├─18348 postgres: wal writer process
│ │ ├─18349 postgres: autovacuum launcher process
│ │ └─18350 postgres: stats collector process
│ ├─redis-server.service
│ │ └─15677 /usr/bin/redis-server 127.0.0.1:0
│ └─console-getty.service
│   └─73 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
└─user.slice
  └─user-1000.slice
├─user@1000.service
│ ├─733 /usr/lib/systemd/systemd --user
│ └─734 (sd-pam)
├─session-c5.scope
│ ├─25186 login -- poisonivy
│ ├─25189 -zsh
│ ├─32198 sudo systemd-cgls
│ ├─32199 systemd-cgls
│ └─32200 less
└─session-c1.scope
  ├─21399 /opt/gitlab/embedded/bin/ruby
/opt/gitlab/embedded/bin/omnibus-ctl gitlab /opt/gitlab/embedd
  ├─21401 sh -c find /var/log/gitlab/nginx/gitlab_error.log -type
f -not -path */sasl/* | grep -E -v '
  ├─21404 xargs tail --follow=name --retry
  └─21405 tail --follow=name --retry /var/log/gitlab/nginx/gitlab_error.log
---

On host:
% machinectl status poppy
poppy
   Since: Fri 2015-05-08 13:01:52 CEST; 6 days ago
  Leader: 753 (systemd)
 Service: nspawn; class container
Root: /var/lib/machines/poppy
   Iface: br0
 Address: 192.168.1.94
  fe80::c7f:c3ff:fefb:25b1%3
  OS: Fedora 22 (Twenty Two)
Unit: systemd-nspawn@poppy.service
  ├─718 /usr/bin/systemd-nspawn --quiet --keep-unit
--boot --link-journal=try-guest --netw
  ├─753 /usr/lib/systemd/systemd
  ├─system.slice
  │ ├─dbus.service
  │ │ └─798 /usr/bin/dbus-daemon --system
--address=systemd: --nofork --nopidfile --system
  │ ├─fail2ban.service
  │ │ └─876 /usr/bin/python -Es
/usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.soc
  │ ├─postfix.service
  │ │ ├─14345 pickup -l -t unix -u
  │ │ ├─23509 /usr/libexec/postfix/master -w
  │ │ └─23536 qmgr -l -t unix -u
  │ ├─nginx.service
  │ │ ├─27291 nginx: master process /usr/sbin/ngin
  │ │ ├─27292 nginx: worker proces
  │ │ ├─27293 nginx: worker proces
  │ │ ├─27294 nginx: worker proces
  │ │ ├─27295 nginx: worker proces
  │ │ ├─27297 nginx: worker proces
  │ │ ├─27298 nginx: worker proces
  │ │ ├─27299 nginx: worker proces
  │ │ └─27300 nginx: worker proces
  │ ├─systemd-journald.service
  │ │ └─780 /usr/lib/systemd/systemd-journald
  │ ├─vsftpd.service
  │ │ └─862 /usr/sbin/vsftpd /etc/v

Re: [systemd-devel] dbus inside nspawn container

2015-05-15 Thread Dimitri John Ledkov

On 15 May 2015 at 13:07, arnaud gaboury  wrote:
> Maybe a stupid question, but shall every container user start a per
> user dbus session ?
> Host has a dbus and user session activated, shall it be same in container?
>
> Thank you for hints

Depends what your container is... If it is a full system
installation/chroot the first pid inside container would be something
like an init which may start both system and user dbus when one logs
into it. (think VPS)
If you are executing a workload alone inside the container, that is
first pid is some httpd server then clearly one wouldn't have dbus at
all... (think workers / kubernetts / docker fleets etc.)

-- 
Regards,

Dimitri.
Pura Vida!

https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] dbus inside nspawn container

2015-05-15 Thread arnaud gaboury

Maybe a stupid question, but shall every container user start a per
user dbus session ?
Host has a dbus and user session activated, shall it be same in container?

Thank you for hints

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] dbus inside nspawn container

Re: [systemd-devel] dbus inside nspawn container

Re: [systemd-devel] dbus inside nspawn container

Re: [systemd-devel] dbus inside nspawn container

Re: [systemd-devel] dbus inside nspawn container

[systemd-devel] dbus inside nspawn container

6 matches

Site Navigation

Mail list logo

Footer information