[systemd-devel] Container, private network and socket activation
Lennart Poettering
mztabzr at 0pointer.de
Wed Feb 4 04:08:35 PST 2015
On Wed, 04.02.15 04:40, Mikhail Morfikov (mmorfikov at gmail.com) wrote:
> 1. When I try to connect for the very first time, I get a timeout, even though the container
> is working. I can cancel the connection immediately, and reconnect after 2-3 sec and then the
> page shows up. All subsequent connections work without a problem, just the first one gets
> a timeout. Is there a way to fix this, so the first connection that boots the system could
> be somehow delayed, so after a while the page would show up?
That indicates that the systemd or apache inside the container do not
correctly make use of the the socket passed into them. You need to
make sure that inside the container you have pretty much the same
.socket unit running as on the host. The ListStream lines must be
identical, so that systemd inside the container recognizes the sockets
passed in from the host as the ones to use for apache. The only
difference for the socket units is that on the host they should
activate the container, in the container they should activate apache.
> 2. Is there a way to shut down the container automatically after
> some period of inactivity? Let's say there's no traffic for 30min,
> and after this time the container goes down.
No, this is not available. It's hard to know when a process is idle
from the outside. While some strategies here are thinkable, no code
for it exists.
> 3. How to stop the container manually? I'm asking because when I try via
> "systemctl stop mycontainer.service" , it stops, but:
>
> ...
> Feb 04 04:15:58 morfikownia systemd-nspawn[14346]: Halting system.
> Feb 04 04:15:58 morfikownia systemd-machined[14353]: Machine debian-tree terminated.
> Feb 04 04:15:58 morfikownia systemd-nspawn[14346]: Container debian-tree has been shut down.
> Feb 04 04:15:58 morfikownia systemd[1]: Starting My little
> container...
Well, because the socket wasn't passed on right the connection on it
will still be queued after the container exits again. systemd will
thus immediately spawn the container again.
Basically, if you fix your issue #1, your issue #3 will be magically
fixed too.
> 4. Is there a way to persist the interfaces (veth0 and veth1)? Because after the container
> goes down, they're deleted, so I have to create them anew.
Hmm, good question. I don't think the kernel allows that... It
destroys veth links when either side's network namespace dies... Not
sure if we can do anything about this in a robust way...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list