[systemd-devel] using nsenter and running daemon within a namespace
Mantas Mikulėnas
grawity at gmail.com
Sat Oct 27 18:37:10 UTC 2018
On Sat, Oct 27, 2018 at 1:56 AM Shea Sullivan <sullivanshea at gmail.com>
wrote:
> Hi,
> I am trying to set up systemd unit files for a couple of daemons that
> need to run within a specific network namespace. Specifically, I have
> a namespace called ABC that is tied to the secondary VNIC on my
> machine (ens4) while the default namespace is plumbed to the primary
> VNIC (ens3). So it looks like this:
>
> Primary:
> # ip link show dev ens3
> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP
> mode DEFAULT group default qlen 1000
>
> Secondary/ABC namespace:
> # ip netns exec ABC ip link show dev ens4
> 3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP
> mode DEFAULT group default qlen 1000
>
> Since the 2nd VNIC is connected to a different network, I want a few
> of my internal services to run _there_ instead of in the default.
>
> So here's my question:
> when I set up my service file, I understand I need to give the path to
> the daemon with
> ExecStart=
> ```Unless Type= is oneshot, exactly one command must be given. ```
>
> What do you suggest if I want to run my command like this:
> /bin/nsenter -t {PID} -m -n /usr/bin/squid
>
> where squid (for example) is the daemon itself; but nsenter allows me
> to run it in that namespace?
>
> Just confused about whether that's technically one command or not...
>
It is.
> can I still use Type=Simple?
Usually `nsenter` directly exec()'s the main program. So the correct type
remains exactly the same as with plain Squid.
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20181027/9bd4851e/attachment.html>
More information about the systemd-devel
mailing list