1 |
On 02/04/2019 02:58 PM, Rich Freeman wrote: |
2 |
> So, I think we're miscommunicating a bit here... |
3 |
|
4 |
It happens. |
5 |
|
6 |
> I'm saying that an init.d script shouldn't try to do anything other |
7 |
> than initialize a service, which should be implemented outside the |
8 |
> init.d script. |
9 |
|
10 |
It sounds like you are saying that an init script shouldn't do anything |
11 |
other than (re)start/stop a service and that there should be a separate |
12 |
script (binary / command) that is the service. |
13 |
|
14 |
(I'm going to assume that's accurate unless / until you say otherwise.) |
15 |
|
16 |
Does this apply if the ""service is something as simple as enabling or |
17 |
disabling IP forwarding? Should the init script call a separate script |
18 |
to write the proper value to the requisite proc entry? |
19 |
|
20 |
> So, if you have a shell script that launches a container, then you should |
21 |
> call it from the init.d script. You shouldn't merge them into a single |
22 |
> init.d script that has 30 lines of container setup logic or whatever. |
23 |
|
24 |
I think the issue that I'm having, and part of what you're calling out |
25 |
is that the script for a ""container (network namespace) is more than it |
26 |
should be. |
27 |
|
28 |
Consider the following commands to start the ""container: |
29 |
|
30 |
ip netns add myContainer |
31 |
ip link add myContainer type veth peer name myHost netns myContainer |
32 |
ip link set myContainer up |
33 |
ip addr add 192.0.2.1/24 dev myContainer |
34 |
ip netns exec myContainer ip link set myHost up |
35 |
ip netns exec myContainer ip addr add 192.0.2.2/24 dev myHost |
36 |
|
37 |
Consider the following command to stop the ""container: |
38 |
|
39 |
ip netns del myContainer |
40 |
|
41 |
I feel like those two sections could easily fit within an OpenRC init |
42 |
script: |
43 |
|
44 |
start() { |
45 |
ip netns add myContainer |
46 |
ip link add myContainer type veth peer name myHost netns myContainer |
47 |
ip link set myContainer up |
48 |
ip addr add 192.0.2.1/24 dev myContainer |
49 |
ip netns exec myContainer ip link set myHost up |
50 |
ip netns exec myContainer ip addr add 192.0.2.2/24 dev myHost |
51 |
} |
52 |
|
53 |
stop() { |
54 |
ip netns del myContainer |
55 |
} |
56 |
|
57 |
So, I'm not sure why those commands need to or should live inside |
58 |
something other than the init script. |
59 |
|
60 |
Please help me understand what I'm missing or not understanding. |
61 |
|
62 |
> Of course. That shell script that launches a container could very well |
63 |
> just launch sysvinit which runs openrc which runs another set of init.d |
64 |
> scripts INSIDE the container to initialize it. |
65 |
|
66 |
Now I'm starting to think that you are under the impression that the |
67 |
""container(s) that I'm working with are more complicated and have many |
68 |
things running in them, more akin to a full OS. That's not the case for |
69 |
me or my use case. |
70 |
|
71 |
About the only other added complication might be launching BIRD and / or |
72 |
an additional network interface. |
73 |
|
74 |
> Yup - though I would think the scripts inside the container would be |
75 |
> fairly different, as they are doing different things. The scripts inside |
76 |
> the container aren't starting containers, for a start... |
77 |
|
78 |
The contents of the ""container(s) that I'm using are identical to the |
79 |
host. They actually /are/ the host. I'm not using mount namespaces. |
80 |
So the ""container ~> network namespace sees the exact same files as the |
81 |
host. |
82 |
|
83 |
The only reason that I (sometimes) use the UTS namespace is so that |
84 |
uname (et al) return a different name when run inside the NetNS. |
85 |
|
86 |
> OpenRC/Netifrc are run by sysvinit in Gentoo, as I mention later on. |
87 |
> These two are not mutually exclusive. |
88 |
|
89 |
Okay. |
90 |
|
91 |
> Not sure how much of it would be re-use. The scripts inside/outside |
92 |
> the container would likely have different roles. |
93 |
|
94 |
I would think that I could (re)start / stop BIRD inside the NetNS the |
95 |
exact same way I do on the host. I would expect that I could use the |
96 |
same "rc-service bird …" command inside and outside. |
97 |
|
98 |
> Honestly, I wouldn't go sticking container init.d scripts inside the host |
99 |
> init.d. I mean, I guess you could, but again, separation of concerns |
100 |
> and all that. You're going to have to use a separate /etc/runlevels, |
101 |
> so why not just a whole separate /etc? |
102 |
|
103 |
Why do I need to use a separate /etc/runlevels? |
104 |
|
105 |
Why can't I have a single /etc/runlevels/myContainer that is never used |
106 |
outside of the container and only used inside the container? Remember |
107 |
that the host and container share the same file system. |
108 |
|
109 |
|
110 |
|
111 |
-- |
112 |
Grant. . . . |
113 |
unix || die |