Re: Init systems and docker

To: Scott Kitterman <debian@kitterman.com>
Cc: debian-devel@lists.debian.org
Subject: Re: Init systems and docker
From: Anuradha Weeraman <aweeraman@gmail.com>
Date: Mon, 14 Oct 2019 09:08:09 -0400
Message-id: <[🔎] 20191014130809.GB25657@weeraman.com>
In-reply-to: <[🔎] 2162169.uOHztH4BnP@l5580>
References: <[🔎] 2162169.uOHztH4BnP@l5580>

On Fri, Oct 11, 2019 at 06:49:37PM -0400, Scott Kitterman wrote:
> I have been told by docker users (I'm not one) that systemd as provided on 
> Debian can't be used in docker.  I have no idea if that's true or not.  I try 
> really hard to know as little about init systems as possible and trust our 
> maintainers who work on such things.

Hey Scott, this can be a bit of an opinionated topic and the following
may not directly apply to your issue at hand, but here's my two cents
from prior experience.

To keep the container small and to make sure you do only one thing and
one thing well in the context of the container, what I would do is to
keep the OS as lightweight as possible, and only start the process needed
when the container starts up using Docker's entrypoint. It can invoke a
helper script to assist with starting up the application. In order to get
some supervisory capability on the process I would use use supervisord
which I could trigger directly from the entrypoint as this is lot easier
to manage and you don't need to use the --privilege parameter, not to
mention not having to deal with init/systemd related complexity (IMHO).

See this for an example:
https://advancedweb.hu/2018/07/03/supervisor_docker/

Some could argue that even the use of supervisord is an anti-pattern
since orchestration systems provide that capability, in which case it
becomes even more simpler and you can just spin up the process directly
through a helper, init-like script and let the orchestrator supervise
the container through health and readiness hooks that you expose in the
application.

All logs go to standard out so that it can be aggregated and logged in an
orchestrated environment, and so fits in with the paradigm where you don't
keep the logs in the container. As mentioned by others on this trail,
I would also suggest against treating the container like a traditional
VM and instead use the new primitives and best practices available to
compose the solution, and err on the side of simplicity and keeping
things self-contained and lightweight.

Hope this helps.

-- 
Regards
Anuradha

Reply to:

References:
- Init systems and docker
  - From: Scott Kitterman <debian@kitterman.com>

Prev by Date: Re: Init systems and docker
Next by Date: Bug#942317: ITP: euslisp -- Lisp based integrated programming system for intelligent robots
Previous by thread: Re: Init systems and docker
Next by thread: Re: Init systems and docker
Index(es):
- Date
- Thread