[systemd-devel] [PATCH 1/1] Allow systemd to run without assigning container to machine.slice
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 31 07:00:12 PST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/31/2014 09:51 AM, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Jan 31, 2014 at 08:27:29AM -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 01/30/2014 07:09 PM, Zbigniew Jędrzejewski-Szmek wrote:
>>> On Thu, Jan 30, 2014 at 04:29:14PM -0500, Dan Walsh wrote:
>>>> If I want to run a container as a service, it would be nice if it
>>>> used the service cgroup configuration
>>> Your patch will break the integration with machienctl, etc. Would
>>> instead assigning the slice with --slice be enough?
>>>
>>> Zbyszek
>>>
>> My goal is if I run systemd-nspawn within a systemd unit file, perhaps as
>> a plugin to docker, I want to allow the system administrator to just add
>>
>> MemoryLimit=500m
> You can set the limit on the service, or on the slice.
>
> On the service: #
> /etc/systemd/system/systemd-nspawn@<container>.d/limits.conf [Service]
> MemoryLimit=500M
>
> On the slice: #
> /etc/systemd/system/systemd-nspawn@<container>.d/slice.conf [Service]
> Slice=system-<container>.slice
>
> # /etc/systemd/system/system-<container>.slice # (note that the path here
> makes this slice part of /system not /machine [Slice] MemoryLimit=500M
>
> You can alternatively specify the slice with --slice argument to nspawn.
>
> Zbyszek
>
My plan is not to have the user no they are running systemd-nspawn
Imaging the user is creating a httpd container unit file using docker,
described in this document.
http://welldefinedbehaviour.wordpress.com/2014/01/30/adventures-with-containerization-fedora-docker-and-httpd/
[Unit]
Description=example.com Container
After=docker.service
[Service]
Type=simple
ExecStart=/usr/bin/docker run -v /srv/example.com:/srv httpd-test1
Restart=on-failure
Currently docker uses lxc tools under the covers to launch the container, we
want to add a plugin to use systemd-nspawn.
docker -> systemd-nspawn -> container
But we want the docker, systemd-nspawn and the container all affected by any
Cgroup entries in the unit file. So I want the container to run as a service
slice not a machine slice.
The user will never execute systemd-nspawn in this case.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLrunwACgkQrlYvE4MpobOacACeMMWBJZjJXiHKEhT+Dp8xB4tl
viEAn0pMcKsQriVNSrpltlW2gtG+VhH3
=uJiv
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list