Comments (2)
systemd-nspawn recognizes the LISTEN_FDS environment variable and propagates it down to the container intact.
The interesting part is what systemd does with the inherited file descriptors in stage1 post-nspawn, LISTEN_FDS is not utilized. At an early stage systemd will try match all open files found in /proc/self/fd to available unit files. If any of the fds match socket units then those socket units will utilize the inherited fds rather than attempting to bind again. Emphasis is placed on early because in our minimal rocket rootfs where we only have a default.target, the appropriate place to integrate sockets.target is not obvious. Adding Requires/After sockets.target to default.target in ineffective.
This is because there are a limited set of units integrated at the pre-distribute-open-fds phase of startup:
-.mount
local-fs.target
proc-sys-kernel-random-boot_id.mount
umount.target
system.slice
-.slice
shutdown.target
systemd-journald.socket
local-fs-pre.target
Note default.target, basic.target, and sysinit.target are not included as one might expect. It is in the transition out of this phase that default.target becomes loaded, but that is after the open fd distribution has occurred.
In order to get socket activation working with the current minimal rocket rootfs one can add a local-fs.target like so:
[Unit]
Description=Hook into early systemd for socket activation
DefaultDependencies=false
Requires=sockets.target
Then add a sockets.target and simply link the appropriate .socket files into the sockets.target.wants directory.
from rkt.
As of v0.8, this is now possible and documented: #1211
from rkt.
Related Issues (20)
- update vendored "github.com/cznic/..."
- rkt-1.30.0 with lkvm stage1: builtin-run.c:412:28: error: ā%sā directive output may be truncated writing up to 4095 bytes into a region of size 4091 [-Werror=format-truncation=] HOT 1
- Self-built stage1 host image using wrong systemd path HOT 1
- [Question] Common procedures for dealing with crashes from docker containers in rkt HOT 2
- rkt container not running on raspberrypi 3
- Expired key for deb.asc files HOT 5
- tests: TestFetchNoStoreCacheControl fails on SemaphoreCI HOT 1
- rkt enter lacks isolation features HOT 2
- rkt can be tricked into executing helper binaries inside pods
- make unit-check fails HOT 1
- FYI: Archiving Rkt in CNCF HOT 2
- gc: Add --quiet flag
- Unable to fetch ubuntu 16.04 image
- Suggestion: Continuous Fuzzing
- rkt downloads and extracts every docker image layer
- rkt have some Problems with SELinux in Enforce Mode
- Can't specify tags in urls on official docker images HOT 1
- broken by Golang 1.13: extracttar error HOT 1
- rkt run docker's image mysql, error
- Ending and archiving the rkt project HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rkt.