Re: Init systems and docker

To: debian-devel@lists.debian.org
Subject: Re: Init systems and docker
From: Jose-Luis Rivas <ghostbar@debian.org>
Date: Fri, 11 Oct 2019 19:25:54 -0400
Message-id: <[🔎] 0b2f8460-23d1-b242-9fdd-b35894eae0e6@debian.org>
In-reply-to: <[🔎] 2162169.uOHztH4BnP@l5580>
References: <[🔎] 2162169.uOHztH4BnP@l5580>

Hello Scott,

On 10/11/19 18:49, Scott Kitterman wrote:
> I have had bugs filed against more than one package I maintain regarding issues 
> with sysv init scripts when used in docker.
> 
> I have been told by docker users (I'm not one) that systemd as provided on 
> Debian can't be used in docker.  I have no idea if that's true or not.  I try 
> really hard to know as little about init systems as possible and trust our 
> maintainers who work on such things.
> 
> If it is true, then to the extent we want Debian to be useful for docker does 
> that mean we ought to maintain sysv init scripts?  If it's not true, can 
> someone point me to documentation that explains using systemd on Debian in 
> docker?
> 
> Thanks.
> 
> I'm sure I'll fail, but I'm really not trying to start another email list 
> flamefest.  I'd just like to understand this a little better so I can properly 
> maintain my packages.
> 
> Scott K
> 
> 

Here's a little bit of history on trying to make systemd work into
containers and the reason why it was tried (IMO, a silly one):
https://lwn.net/Articles/676831/

In short: they should not be using systemd inside the container and if
they want to the issue is not on how Debian ships systemd but that they
are not using the --privilege parameter for launching their container.

The extended version:

There's not much sense in using systemd inside a docker container, to be
honest. Generally you want to launch your service as custom as possible
and the ENTRYPOINT allows you to do just that. Docker already sends the
SIGKILL to the PID 1, which should be the service you're shipping in
that container.

Ideally (and this is one the best practices I've seen people using)
containers should be built following something like the UNIX paradigm,
so: they ship one service and only one which then communicates with
others via some network protocol. People trying to use systemd inside a
container is probably trying to ship several services in just one image
which is essentially an anti-pattern on containerization.

On the other hand, not all people is using a container to launch a
service installed via the package manager, so very few would benefit
from having systemd doing the init of the service they installed.

In my opinion, there's no requirement at all to maintain sysv scripts,
at least not under the assumption that they are required by docker
containers because they are not. Actually, no init script at all is
required by docker containers.
-- 

   \\\\__.    https://wiki.debian.org/JoseLuisRivas
___\\\\'/___  rsa4096/D278F9C15E5461AA3C1E2FCD13EC43EEB9AC8C43

Reply to:

Follow-Ups:
- Re: Init systems and docker
  - From: Jose-Luis Rivas <ghostbar@debian.org>
- Re: Init systems and docker
  - From: Russell Stuart <russell-debian@stuart.id.au>
- Re: Init systems and docker
  - From: "Mathieu Parent (Debian)" <sathieu@debian.org>
- Re: Init systems and docker
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

References:
- Init systems and docker
  - From: Scott Kitterman <debian@kitterman.com>

Prev by Date: Re: Init systems and docker
Next by Date: Re: Init systems and docker
Previous by thread: Re: Init systems and docker
Next by thread: Re: Init systems and docker
Index(es):
- Date
- Thread