On Tue, 2014-10-14 at 19:52 -0400, David Vossel wrote: > > ----- Original Message ----- > > Ok, why are you so down on running systemd in a container? > > It goes against the grain. > > From a distributed systems view, we gain quite a bit of control by maintaining > "one service per container". Containers can be re-organised and re-purposed > dynamically. > If we have systemd trying to manage an entire stack of resources within a > container, > we lose this control. > > From my perspective a containerized application stack needs to be managed > externally > by whatever is orchestrating the containers to begin with. When we take a > step back > and look at how we actually want to deploy containers, systemd doesn't make > much sense. > It actually limits us in the long run. > > Also... recovery. Using systemd to manage a stack of resources within a > single container > makes it difficult for whatever is externally enforcing the availability of > that container > to detect the health of the container. As it is now, the actual service is > pid 1 of a > container. If that service dies, the container dies. If systemd is pid 1, > there can > be all kinds of chaos occurring within the container, but the external > distributed > orchestration system won't have a clue (unless it invokes some custom health > monitoring > tools within the container itself, which will likely be the case someday.)
I don't really think this is a good argument. If you're using docker, docker is the management and orchestration system for the containers. There's no dogmatic answer to the question should you run init in the container. The reason for not running init inside a container managed by docker is that you want the template to be thin for ease of orchestration and transfer, so you want to share as much as possible with the host. The more junk you put into the container, the fatter and less agile it becomes, so you should probably share the init system with the host in this paradigm. Conversely, containers can be used to virtualize full operating systems. This isn't the standard way of doing docker, but LXC and OpenVZ by default do containers this way. For this type of container, because you have a full OS running inside the container, you have to also have systemd (assuming it's the init system) running within the container. James _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
