[systemd-devel] dbus inside nspawn container

arnaud gaboury arnaud.gaboury at gmail.com
Fri May 15 05:27:30 PDT 2015 

On Fri, May 15, 2015 at 2:21 PM, Dimitri John Ledkov
<dimitri.j.ledkov at intel.com> wrote:
> On 15 May 2015 at 13:07, arnaud gaboury <arnaud.gaboury at gmail.com> wrote:
>> Maybe a stupid question, but shall every container user start a per
>> user dbus session ?
>> Host has a dbus and user session activated, shall it be same in container?
>>
>> Thank you for hints
>
> Depends what your container is... If it is a full system
> installation/chroot the first pid inside container would be something
> like an init which may start both system and user dbus when one logs
> into it. (think VPS)

Container is Fedora server. It will deploy usual web services and many
admin users have access.
With one logged user in container:
------------------------------------------------------------------------
# systemd-cgls
─1 /usr/lib/systemd/systemd
├─system.slice
│ ├─dbus.service
│ │ └─35 /usr/bin/dbus-daemon --system --address=systemd: --nofork
--nopidfile --systemd-activation
│ ├─fail2ban.service
│ │ └─101 /usr/bin/python -Es /usr/bin/fail2ban-server -s
/var/run/fail2ban/fail2ban.sock -p /var/run/fail
│ ├─postfix.service
│ │ ├─26547 /usr/libexec/postfix/master -w
│ │ ├─26564 qmgr -l -t unix -u
│ │ └─31987 pickup -l -t unix -u
│ ├─nginx.service
│ │ ├─29015 nginx: master process /usr/sbin/ngin
│ │ ├─29016 nginx: worker proces
│ │ ├─29017 nginx: worker proces
│ │ ├─29018 nginx: worker proces
│ │ ├─29019 nginx: worker proces
│ │ ├─29020 nginx: worker proces
│ │ ├─29021 nginx: worker proces
│ │ ├─29022 nginx: worker proces
│ │ └─29023 nginx: worker proces
│ ├─systemd-journald.service
│ │ └─24 /usr/lib/systemd/systemd-journald
│ ├─vsftpd.service
│ │ └─96 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
│ ├─systemd-logind.service
│ │ └─34 /usr/lib/systemd/systemd-logind
│ ├─system-container\x2dgetty.slice
│ │ └─container-getty at 0.service
│ │   └─27376 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
│ ├─sshd.service
│ │ └─27394 /usr/sbin/sshd -D
│ ├─polkit.service
│ │ └─2662 /usr/lib/polkit-1/polkitd --no-debug
│ ├─postgresql.service
│ │ ├─18288 /usr/bin/postgres -D /db/postgres/data
│ │ ├─18316 postgres: logger process
│ │ ├─18346 postgres: checkpointer process
│ │ ├─18347 postgres: writer process
│ │ ├─18348 postgres: wal writer process
│ │ ├─18349 postgres: autovacuum launcher process
│ │ └─18350 postgres: stats collector process
│ ├─redis-server.service
│ │ └─15677 /usr/bin/redis-server 127.0.0.1:0
│ └─console-getty.service
│   └─73 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
└─user.slice
  └─user-1000.slice
    ├─user at 1000.service
    │ ├─733 /usr/lib/systemd/systemd --user
    │ └─734 (sd-pam)
    ├─session-c5.scope
    │ ├─25186 login -- poisonivy
    │ ├─25189 -zsh
    │ ├─32198 sudo systemd-cgls
    │ ├─32199 systemd-cgls
    │ └─32200 less
    └─session-c1.scope
      ├─21399 /opt/gitlab/embedded/bin/ruby
/opt/gitlab/embedded/bin/omnibus-ctl gitlab /opt/gitlab/embedd
      ├─21401 sh -c find /var/log/gitlab/nginx/gitlab_error.log -type
f -not -path */sasl/* | grep -E -v '
      ├─21404 xargs tail --follow=name --retry
      └─21405 tail --follow=name --retry /var/log/gitlab/nginx/gitlab_error.log
---------------------------------------------------------------------------------------------------

On host:
% machinectl status poppy
poppy
           Since: Fri 2015-05-08 13:01:52 CEST; 6 days ago
          Leader: 753 (systemd)
         Service: nspawn; class container
            Root: /var/lib/machines/poppy
           Iface: br0
         Address: 192.168.1.94
                  fe80::c7f:c3ff:fefb:25b1%3
              OS: Fedora 22 (Twenty Two)
            Unit: systemd-nspawn at poppy.service
                  ├─718 /usr/bin/systemd-nspawn --quiet --keep-unit
--boot --link-journal=try-guest --netw
                  ├─753 /usr/lib/systemd/systemd
                  ├─system.slice
                  │ ├─dbus.service
                  │ │ └─798 /usr/bin/dbus-daemon --system
--address=systemd: --nofork --nopidfile --system
                  │ ├─fail2ban.service
                  │ │ └─876 /usr/bin/python -Es
/usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.soc
                  │ ├─postfix.service
                  │ │ ├─14345 pickup -l -t unix -u
                  │ │ ├─23509 /usr/libexec/postfix/master -w
                  │ │ └─23536 qmgr -l -t unix -u
                  │ ├─nginx.service
                  │ │ ├─27291 nginx: master process /usr/sbin/ngin
                  │ │ ├─27292 nginx: worker proces
                  │ │ ├─27293 nginx: worker proces
                  │ │ ├─27294 nginx: worker proces
                  │ │ ├─27295 nginx: worker proces
                  │ │ ├─27297 nginx: worker proces
                  │ │ ├─27298 nginx: worker proces
                  │ │ ├─27299 nginx: worker proces
                  │ │ └─27300 nginx: worker proces
                  │ ├─systemd-journald.service
                  │ │ └─780 /usr/lib/systemd/systemd-journald
                  │ ├─vsftpd.service
                  │ │ └─862 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
                  │ ├─systemd-logind.service
                  │ │ └─797 /usr/lib/systemd/systemd-logind
                  │ ├─system-container\x2dgetty.slice
                  │ │ └─container-getty at 0.service
                  │ │   └─9110 /sbin/agetty --noclear --keep-baud
pts/0 115200 38400 9600 vt220
                  │ ├─sshd.service
                  │ │ └─24556 /usr/sbin/sshd -D
                  │ ├─polkit.service
                  │ │ └─7934 /usr/lib/polkit-1/polkitd --no-debug
                  │ ├─postgresql.service
                  │ │ ├─643 /usr/bin/postgres -D /db/postgres/data
                  │ │ ├─681 postgres: logger process
                  │ │ ├─752 postgres: checkpointer process
                  │ │ ├─754 postgres: writer process
                  │ │ ├─755 postgres: wal writer process
                  │ │ ├─756 postgres: autovacuum launcher process
                  │ │ └─758 postgres: stats collector process
                  │ ├─redis-server.service
                  │ │ └─14078 /usr/bin/redis-server 127.0.0.1:0
                  │ └─console-getty.service
                  │   └─837 /sbin/agetty --noclear --keep-baud console
115200 38400 9600 vt220
                  └─user.slice
                    └─user-1000.slice
                      ├─user at 1000.service
                      │ ├─3917 /usr/lib/systemd/systemd --user
                      │ └─3919 (sd-pam)
                      ├─session-c5.scope
                      │ ├─ 4189 -zsh
                      │ └─29161 login -- poisonivy
                      └─session-c1.scope
                        ├─2134 /opt/gitlab/embedded/bin/ruby
/opt/gitlab/embedded/bin/omnibus-ctl gitlab /
                        ├─2147 sh -c find
/var/log/gitlab/nginx/gitlab_error.log -type f -not -path */sasl
                        ├─2155 xargs tail --follow=name --retry
                        └─2157 tail --follow=name --retry
/var/log/gitlab/nginx/gitlab_error.log
------------------------------------------------------------------------------

> If you are executing a workload alone inside the container, that is
> first pid is some httpd server then clearly one wouldn't have dbus at
> all... (think workers / kubernetts / docker fleets etc.)
>
> --
> Regards,
>
> Dimitri.
> Pura Vida!
>
> https://clearlinux.org
> Open Source Technology Center
> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.



-- 

google.com/+arnaudgabourygabx

More information about the systemd-devel mailing list