Re: Init systems and docker

To: Jose-Luis Rivas <ghostbar@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Init systems and docker
From: "Mathieu Parent (Debian)" <sathieu@debian.org>
Date: Sat, 12 Oct 2019 10:33:08 +0200
Message-id: <[🔎] CAFX5sbxHmGvZM+b5aexTZv-CML0PiFLu6802T+Fz_R0TmDDR-g@mail.gmail.com>
In-reply-to: <[🔎] 0b2f8460-23d1-b242-9fdd-b35894eae0e6@debian.org>
References: <[🔎] 2162169.uOHztH4BnP@l5580> <[🔎] 0b2f8460-23d1-b242-9fdd-b35894eae0e6@debian.org>

Hello,

Le sam. 12 oct. 2019 à 01:26, Jose-Luis Rivas <ghostbar@debian.org> a écrit :
>
> Hello Scott,
>
> On 10/11/19 18:49, Scott Kitterman wrote:
[...]
> In short: they should not be using systemd inside the container and if
> they want to the issue is not on how Debian ships systemd but that they
> are not using the --privilege parameter for launching their container.

While I agree to not recommend using systemd inside docker, it is very useful
in CI. We use this at work to test our salt states (salt is like
puppet/ansible/chef/...).

For this, we use Gitlab CI running test-kitchen with ruby-kitchen-salt
and ruby-kitchen-docker (all in buster).
Another solution would either mean hacking gitlab-runner [1] or
spanning a lot of VMs.

[1]: https://gitlab.com/gitlab-org/gitlab-runner/issues/1585

Also systemd can be run inside Docker without --privileged but
requires careful configuration [2].

[2]: https://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/

Regards

-- 
Mathieu Parent Parent

Reply to:

References:
- Init systems and docker
  - From: Scott Kitterman <debian@kitterman.com>
- Re: Init systems and docker
  - From: Jose-Luis Rivas <ghostbar@debian.org>

Prev by Date: Re: Init systems and docker
Next by Date: Re: Init systems and docker
Previous by thread: Re: Init systems and docker
Next by thread: Re: Init systems and docker
Index(es):
- Date
- Thread