Docker Vs Systemd
Daniel J Walsh
Consulting Engineer
Twitter: @rhatdan
Blog: danwalsh.livejournal.com
Email: dwalsh@redhat.com
Docker Vs Systemd
 |
VS |
 |
Docker Vs Systemd
As Rodney King said
Systemd working with docker daemon
Who owns Restart
autorestart in docker
docker run in a unit file with autorestart
restarting docker daemon stops all containers
SD_Notify - Docker
docker daemon does sd_notify now!
Socket Activation - Docker
docker daemon can do socket activation - /var/run/docker.sock
disabled
breaks autorestart in docker
Note: systemd used to break uid setting on /var/run/docker.sock
Systemd working with docker containers
SD_Notify
Docker Containers
Docker client-server operation
Systemd reqests SD_NOTIFY from docker client
Client sends SD_NOTIFY message to server
Server sets up container to do SD_NOTIFY
Server gets SD_NOTIFY from container
Server sends SD_NOTIFY message to client
Client sets SD_NOTIFY to tell systemd docker container is ready
Patches not accepted by docker
Socket Activation
Docker Containers
Didn't even try
CGroup Configuration of Docker Containers
Docker manages cgroups itself
docker run in unit file
Modifying cgroup settings in unit file
or via systemctl
affects client
not container processes
runc
runc from opencontainers does not use client server model
runc containers in unit files work well with systemd
SD_Notify Merged
Socket Activation Merged
Modifying cgroup unit file settings or via systemctl works
docker logs journald support
Logging of container output local to docker
docker rm container-id
removes all logs
docker-1.9 supports --log-driver=journald
Making journald default log-driver in Rawhide, F24
Systemd in base image
Minimal image size
But packages require /usr/bin/systemctl, for postinstall scripts
Pulls in systemd and all of its requirements
v1: fakesystemd - RHEL7.0
v2: systemd-container - RHEL7.1
v3: systemd - RHEL7.2
Running Systemd in Container
systemd in container benefits
Proper pid 1 - Cleanup Zombies
Default docker containers: writes to syslog == /dev/null
Journald support, get syslog messages on the host journalctl
Running apps as designed by packager
#cat Dockerfile FROM fedora RUN yum -y install httpd; yum clean all; systemctl enable httpd; CMD [ "/sbin/init" ]
How have I Failed?
Set container_uuid environment #7685 Closed
Patch set to support systemd as PID1 in container #13525 Closed
Implement journalctl to see journald data within a docker container #10994 Closed
Have docker register its machine with systemd #13526 Closed
Latest attempt
runc/dockerhooks
Add dockerhooks program to run hooks under runc #17021
Closed
But we will carry in docker-1.10
machinectl
oci-register-machine hook
All containers will be registered with machinectl
# machinectl MACHINE CLASS SERVICE 9a65036e4a6dc769d0e40fa80871f95a container docker fd493b71a79c2b7913be54a1c9c77f1c container runc 2 machines listed.
Running systemd
Without --privilege
oci-systemd hook
mounts tmpfs on /run and /tmp
creates directory /var/log/journald/UUID on host
Mounts it on /var/log/journald in container
Creates /etc/machine-id in container with containers UUID
Eventually will mount /sys/fs/cgroup/systemd into container
Making docker stop work
Docker defaults to SIGTERM
systemd does not like sigterm
docker run --stop-signal=SIGPWR ...