[openstack-dev] [kolla] on Dockerfile patterns

James Bottomley James.Bottomley at HansenPartnership.com
Wed Oct 15 07:43:35 UTC 2014


On Tue, 2014-10-14 at 19:52 -0400, David Vossel wrote:
> 
> ----- Original Message -----
> > Ok, why are you so down on running systemd in a container?
> 
> It goes against the grain.
> 
> From a distributed systems view, we gain quite a bit of control by maintaining
> "one service per container". Containers can be re-organised and re-purposed dynamically.
> If we have systemd trying to manage an entire stack of resources within a container,
> we lose this control.
> 
> From my perspective a containerized application stack needs to be managed externally
> by whatever is orchestrating the containers to begin with. When we take a step back
> and look at how we actually want to deploy containers, systemd doesn't make much sense.
> It actually limits us in the long run.
> 
> Also... recovery. Using systemd to manage a stack of resources within a single container
> makes it difficult for whatever is externally enforcing the availability of that container
> to detect the health of the container.  As it is now, the actual service is pid 1 of a
> container. If that service dies, the container dies. If systemd is pid 1, there can
> be all kinds of chaos occurring within the container, but the external distributed
> orchestration system won't have a clue (unless it invokes some custom health monitoring
> tools within the container itself, which will likely be the case someday.)

I don't really think this is a good argument.  If you're using docker,
docker is the management and orchestration system for the containers.
There's no dogmatic answer to the question should you run init in the
container.

The reason for not running init inside a container managed by docker is
that you want the template to be thin for ease of orchestration and
transfer, so you want to share as much as possible with the host.  The
more junk you put into the container, the fatter and less agile it
becomes, so you should probably share the init system with the host in
this paradigm.

Conversely, containers can be used to virtualize full operating systems.
This isn't the standard way of doing docker, but LXC and OpenVZ by
default do containers this way.  For this type of container, because you
have a full OS running inside the container, you have to also have
systemd (assuming it's the init system) running within the container.

James





More information about the OpenStack-dev mailing list