| 1 |
On 02/04/2019 02:58 PM, Rich Freeman wrote: |
| 2 |
> So, I think we're miscommunicating a bit here... |
| 3 |
|
| 4 |
It happens. |
| 5 |
|
| 6 |
> I'm saying that an init.d script shouldn't try to do anything other |
| 7 |
> than initialize a service, which should be implemented outside the |
| 8 |
> init.d script. |
| 9 |
|
| 10 |
It sounds like you are saying that an init script shouldn't do anything |
| 11 |
other than (re)start/stop a service and that there should be a separate |
| 12 |
script (binary / command) that is the service. |
| 13 |
|
| 14 |
(I'm going to assume that's accurate unless / until you say otherwise.) |
| 15 |
|
| 16 |
Does this apply if the ""service is something as simple as enabling or |
| 17 |
disabling IP forwarding? Should the init script call a separate script |
| 18 |
to write the proper value to the requisite proc entry? |
| 19 |
|
| 20 |
> So, if you have a shell script that launches a container, then you should |
| 21 |
> call it from the init.d script. You shouldn't merge them into a single |
| 22 |
> init.d script that has 30 lines of container setup logic or whatever. |
| 23 |
|
| 24 |
I think the issue that I'm having, and part of what you're calling out |
| 25 |
is that the script for a ""container (network namespace) is more than it |
| 26 |
should be. |
| 27 |
|
| 28 |
Consider the following commands to start the ""container: |
| 29 |
|
| 30 |
ip netns add myContainer |
| 31 |
ip link add myContainer type veth peer name myHost netns myContainer |
| 32 |
ip link set myContainer up |
| 33 |
ip addr add 192.0.2.1/24 dev myContainer |
| 34 |
ip netns exec myContainer ip link set myHost up |
| 35 |
ip netns exec myContainer ip addr add 192.0.2.2/24 dev myHost |
| 36 |
|
| 37 |
Consider the following command to stop the ""container: |
| 38 |
|
| 39 |
ip netns del myContainer |
| 40 |
|
| 41 |
I feel like those two sections could easily fit within an OpenRC init |
| 42 |
script: |
| 43 |
|
| 44 |
start() { |
| 45 |
ip netns add myContainer |
| 46 |
ip link add myContainer type veth peer name myHost netns myContainer |
| 47 |
ip link set myContainer up |
| 48 |
ip addr add 192.0.2.1/24 dev myContainer |
| 49 |
ip netns exec myContainer ip link set myHost up |
| 50 |
ip netns exec myContainer ip addr add 192.0.2.2/24 dev myHost |
| 51 |
} |
| 52 |
|
| 53 |
stop() { |
| 54 |
ip netns del myContainer |
| 55 |
} |
| 56 |
|
| 57 |
So, I'm not sure why those commands need to or should live inside |
| 58 |
something other than the init script. |
| 59 |
|
| 60 |
Please help me understand what I'm missing or not understanding. |
| 61 |
|
| 62 |
> Of course. That shell script that launches a container could very well |
| 63 |
> just launch sysvinit which runs openrc which runs another set of init.d |
| 64 |
> scripts INSIDE the container to initialize it. |
| 65 |
|
| 66 |
Now I'm starting to think that you are under the impression that the |
| 67 |
""container(s) that I'm working with are more complicated and have many |
| 68 |
things running in them, more akin to a full OS. That's not the case for |
| 69 |
me or my use case. |
| 70 |
|
| 71 |
About the only other added complication might be launching BIRD and / or |
| 72 |
an additional network interface. |
| 73 |
|
| 74 |
> Yup - though I would think the scripts inside the container would be |
| 75 |
> fairly different, as they are doing different things. The scripts inside |
| 76 |
> the container aren't starting containers, for a start... |
| 77 |
|
| 78 |
The contents of the ""container(s) that I'm using are identical to the |
| 79 |
host. They actually /are/ the host. I'm not using mount namespaces. |
| 80 |
So the ""container ~> network namespace sees the exact same files as the |
| 81 |
host. |
| 82 |
|
| 83 |
The only reason that I (sometimes) use the UTS namespace is so that |
| 84 |
uname (et al) return a different name when run inside the NetNS. |
| 85 |
|
| 86 |
> OpenRC/Netifrc are run by sysvinit in Gentoo, as I mention later on. |
| 87 |
> These two are not mutually exclusive. |
| 88 |
|
| 89 |
Okay. |
| 90 |
|
| 91 |
> Not sure how much of it would be re-use. The scripts inside/outside |
| 92 |
> the container would likely have different roles. |
| 93 |
|
| 94 |
I would think that I could (re)start / stop BIRD inside the NetNS the |
| 95 |
exact same way I do on the host. I would expect that I could use the |
| 96 |
same "rc-service bird …" command inside and outside. |
| 97 |
|
| 98 |
> Honestly, I wouldn't go sticking container init.d scripts inside the host |
| 99 |
> init.d. I mean, I guess you could, but again, separation of concerns |
| 100 |
> and all that. You're going to have to use a separate /etc/runlevels, |
| 101 |
> so why not just a whole separate /etc? |
| 102 |
|
| 103 |
Why do I need to use a separate /etc/runlevels? |
| 104 |
|
| 105 |
Why can't I have a single /etc/runlevels/myContainer that is never used |
| 106 |
outside of the container and only used inside the container? Remember |
| 107 |
that the host and container share the same file system. |
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
-- |
| 112 |
Grant. . . . |
| 113 |
unix || die |
Archives