[gentoo-user] Re: openrc-run for containers - gentoo-user

From:	Damo <dhatchett2@×××××.com>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] Re: openrc-run for containers
Date:	Sun, 23 May 2021 21:16:29
Message-Id:	`CAE5cDqOp9y36_r+jrDHZM93YWQzOeykVdsi9LTgZViCAfG=Vrg@mail.gmail.com`
In Reply to:	[gentoo-user] openrc-run for containers by Damo

1

Hi,

2

3

I've got the integration working how I imagined. It is using s6-svscan to

4

manage the containers, hopefully not abusing something. General idea is to

5

have supervision control over containers, ie to allow start up in a given

6

runlevel, have the ability to manage dependency start between given

7

containers and start/stop using openrc (referenced

8

https://wiki.gentoo.org/wiki/S6).

9

10

Assuming containers are already running, ie given instance of whoami

11

container:

12

13

*docker run -p 80:80 -d -it --name whoami traefik/whoami*

14

15

The "run" script, /var/svc.d/whoami/run:

16

17

#!/bin/execlineb -P

18

exec docker start -a whoami

19

20

The "finish" script, /var/svc.d/whoami/finish

21

22

23

*#!/bin/execlineb -Ps6-permafailon 60 1 2 exit*

24

25

The init.d, conf.d. Cat /etc/conf.d/container.whoami:

26

27

*INSTANCE=whoami*

28

29

Cat /etc/init.d/container:

*#!/sbin/openrc-rundescription="A supervised test service with a

43

logger"supervisor=s6s6_service_path=/run/openrc/s6-scan/${INSTANCE}depend()

44

{   need s6-svscan}stop_pre() {  docker stop ${INSTANCE}}*

45

46

Finally, [openrc-run, ln -s /etc/init.d/container

47

/etc/init.d/container.whoami] /etc/initd.d/container.whoami start, stop

48

work as expected (docker ps |grep whoami does not return anything, after

49

running "/etc/init.d/container.whoami stop"):

50

51

List containers

52

root@ # *docker ps |grep whoami*

53

68bd2ed585ed   traefik/whoami

54

  "/whoami"                35 minutes ago   Up 34 minutes

55

0.0.0.0:80->80/tcp         whoami

56

57

root@ # *./container.whoami stop*

58

container.whoami       |whoami

59

container.whoami       | * Stopping container.whoami ...

60

61

 [ ok ]

62

63

root@ # *docker ps |grep whoami*

64

65

root@ #* ./container.whoami start*

66

container.whoami       | * Starting container.whoami ...

67

68

 [ ok ]

69

root@ # docker ps |grep whoami

70

68bd2ed585ed   traefik/whoami

71

  "/whoami"                35 minutes ago   Up 3 seconds

72

 0.0.0.0:80->80/tcp         whoami

73

74

root@ # *ps xf -o pid,ppid,pgrp,euser,args*

75

  PID  PPID  PGRP EUSER    COMMAND

76

21056     1 21056 root     /bin/s6-svscan /run/openrc/s6-scan

77

21058 21056 21056 root      \_ s6-supervise whoami/log

78

21059 21056 21056 root      \_ s6-supervise whoami

79

27584 21059 27584 root      |   \_ docker start -a whoami

80

81

Similar to above, using s6-svstat:

82

83

root@ # *s6-svstat /run/openrc/s6-scan/whoami*

84

up (pid 27584) 752 seconds

85

86

root@ # *./container.whoami stop*

87

container.whoami       |whoami

88

container.whoami       | * Stopping container.whoami ...

89

90

 [ ok ]

91

92

root@ #* s6-svstat /run/openrc/s6-scan/whoami*

93

down (exitcode 2) 1 seconds, normally up, ready 1 seconds

94

95

root@ #* ./container.whoami start*

96

container.whoami       | * Starting container.whoami ...

97

98

 [ ok ]

99

root@h003 /e/init.d # s6-svstat /run/openrc/s6-scan/whoami

100

up (pid 6722) 3 seconds

101

102

The goal of all this has been to incorporate containers into

103

/etc/runlevels. I am not sure if there is a better way, have I missed

104

something by not using s6-overlay or the like? I am not familiar enough to

105

know.

106

107

An outstanding issue, in the s6 run script, i would like to parametrize the

108

instance name, I don't know how to do it, as it is currently hard coded:

109

110

The "run" script, /var/svc.d/whoami/run:

111

112

#!/bin/execlineb -P

113

exec docker start -a *whoami*

114

115

But once that is done, then all running containers could be incorporated by

116

updating the conf.d for INSTANCE name, templating a /var/svc.d/<INSTANCE>

117

folder and linking to /etc/init.d/container, ie:

118

119

/etc/init.d/container.whoami

120

/etc/init.d/container.cadvisor

121

/etc/init.d/container.traefik

122

123

[put under control of s6]

124

/etc/runlevels/20/s6-svscan

125

...

126

127

This is kind of asymmetric, ie container start is in s6, whereas stop

128

[docker] is in openrc, but I am not seeing a different way, the goal is to

129

have robust services running. When system boots, s6-scan will start all the

130

containers automatically, but then further operations, ie for things like

131

manual failover etc, is possible using standard platform openrc -

132

effectively docker - start/stop commands.

133

134

135

kind regards

On Thu, May 13, 2021 at 5:17 AM Damo <dhatchett2@×××××.com> wrote:

141

142

> Hi,

143

>

144

> I've been running docker containers for a while, where I pass

145

> "--restart=always" into the run command, so the containers restart

146

> automatically after reboot. I want to have more control over the startup

147

> order of the containers, ie integrate into openrc start/stop and put into

148

> different runlevels.

149

>

150

> I've had mixed success so far. I would be interested if someone else has

151

> working solution. My runlevels look something like this:

152

>

153

> rl100

154

>   container.registry

155

> rl90

156

>   container.auth

157

>   container.router

158

> boot

159

>  ...

160

>

161

> FYI, i've found systemd is doing it nicely, where systemctl start/stop

162

> <CONTAINER> works as I would expect. I see a hardcoded dependency into the

163

> container PID in the unit file (podman in this case):

164

>

165

> [root@]# cat /usr/lib/systemd/system/container-libvirt-exporter.service

166

>

167

> #

168

>

169

> [Unit]

170

> Description=Podman container-libvirtd-exporter.service

171

> Documentation=man:podman-generate-systemd(1)

172

>

173

> [Service]

174

> Restart=always

175

> ExecStart=/usr/bin/podman start libvirtd-exporter

176

> ExecStop=/usr/bin/podman stop -t 10 libvirtd-exporter

177

> KillMode=none

178

> Type=forking

179

>

180

> PIDFile=/var/run/containers/storage/overlay-containers/9037e389e61ed01eb5dfce16fa750b6f0f01827a67640e4748e6527bbfcb6276/userdata/conmon.pid

181

>

182

> [Install]

183

> WantedBy=multi-user.target

184

>

185

>

186

> Kind regards,

187

> Damo

188

>

189

>

1	Hi,
2
3	I've got the integration working how I imagined. It is using s6-svscan to
4	manage the containers, hopefully not abusing something. General idea is to
5	have supervision control over containers, ie to allow start up in a given
6	runlevel, have the ability to manage dependency start between given
7	containers and start/stop using openrc (referenced
8	https://wiki.gentoo.org/wiki/S6).
9
10	Assuming containers are already running, ie given instance of whoami
11	container:
12
13	docker run -p 80:80 -d -it --name whoami traefik/whoami
14
15	The "run" script, /var/svc.d/whoami/run:
16
17	#!/bin/execlineb -P
18	exec docker start -a whoami
19
20	The "finish" script, /var/svc.d/whoami/finish
21
22
23	#!/bin/execlineb -Ps6-permafailon 60 1 2 exit
24
25	The init.d, conf.d. Cat /etc/conf.d/container.whoami:
26
27	INSTANCE=whoami
28
29	Cat /etc/init.d/container:
30
31
32
33
34
35
36
37
38
39
40
41
42	*#!/sbin/openrc-rundescription="A supervised test service with a
43	logger"supervisor=s6s6_service_path=/run/openrc/s6-scan/${INSTANCE}depend()
44	{ need s6-svscan}stop_pre() { docker stop ${INSTANCE}}*
45
46	Finally, [openrc-run, ln -s /etc/init.d/container
47	/etc/init.d/container.whoami] /etc/initd.d/container.whoami start, stop
48	work as expected (docker ps \|grep whoami does not return anything, after
49	running "/etc/init.d/container.whoami stop"):
50
51	List containers
52	root@ # docker ps \|grep whoami
53	68bd2ed585ed traefik/whoami
54	"/whoami" 35 minutes ago Up 34 minutes
55	0.0.0.0:80->80/tcp whoami
56
57	root@ # ./container.whoami stop
58	container.whoami \|whoami
59	container.whoami \| * Stopping container.whoami ...
60
61	[ ok ]
62
63	root@ # docker ps \|grep whoami
64
65	root@ #* ./container.whoami start*
66	container.whoami \| * Starting container.whoami ...
67
68	[ ok ]
69	root@ # docker ps \|grep whoami
70	68bd2ed585ed traefik/whoami
71	"/whoami" 35 minutes ago Up 3 seconds
72	0.0.0.0:80->80/tcp whoami
73
74	root@ # ps xf -o pid,ppid,pgrp,euser,args
75	PID PPID PGRP EUSER COMMAND
76	21056 1 21056 root /bin/s6-svscan /run/openrc/s6-scan
77	21058 21056 21056 root \_ s6-supervise whoami/log
78	21059 21056 21056 root \_ s6-supervise whoami
79	27584 21059 27584 root \| \_ docker start -a whoami
80
81	Similar to above, using s6-svstat:
82
83	root@ # s6-svstat /run/openrc/s6-scan/whoami
84	up (pid 27584) 752 seconds
85
86	root@ # ./container.whoami stop
87	container.whoami \|whoami
88	container.whoami \| * Stopping container.whoami ...
89
90	[ ok ]
91
92	root@ #* s6-svstat /run/openrc/s6-scan/whoami*
93	down (exitcode 2) 1 seconds, normally up, ready 1 seconds
94
95	root@ #* ./container.whoami start*
96	container.whoami \| * Starting container.whoami ...
97
98	[ ok ]
99	root@h003 /e/init.d # s6-svstat /run/openrc/s6-scan/whoami
100	up (pid 6722) 3 seconds
101
102	The goal of all this has been to incorporate containers into
103	/etc/runlevels. I am not sure if there is a better way, have I missed
104	something by not using s6-overlay or the like? I am not familiar enough to
105	know.
106
107	An outstanding issue, in the s6 run script, i would like to parametrize the
108	instance name, I don't know how to do it, as it is currently hard coded:
109
110	The "run" script, /var/svc.d/whoami/run:
111
112	#!/bin/execlineb -P
113	exec docker start -a whoami
114
115	But once that is done, then all running containers could be incorporated by
116	updating the conf.d for INSTANCE name, templating a /var/svc.d/<INSTANCE>
117	folder and linking to /etc/init.d/container, ie:
118
119	/etc/init.d/container.whoami
120	/etc/init.d/container.cadvisor
121	/etc/init.d/container.traefik
122
123	[put under control of s6]
124	/etc/runlevels/20/s6-svscan
125	...
126
127	This is kind of asymmetric, ie container start is in s6, whereas stop
128	[docker] is in openrc, but I am not seeing a different way, the goal is to
129	have robust services running. When system boots, s6-scan will start all the
130	containers automatically, but then further operations, ie for things like
131	manual failover etc, is possible using standard platform openrc -
132	effectively docker - start/stop commands.
133
134
135	kind regards
136
137
138
139
140	On Thu, May 13, 2021 at 5:17 AM Damo <dhatchett2@×××××.com> wrote:
141
142	> Hi,
143	>
144	> I've been running docker containers for a while, where I pass
145	> "--restart=always" into the run command, so the containers restart
146	> automatically after reboot. I want to have more control over the startup
147	> order of the containers, ie integrate into openrc start/stop and put into
148	> different runlevels.
149	>
150	> I've had mixed success so far. I would be interested if someone else has
151	> working solution. My runlevels look something like this:
152	>
153	> rl100
154	> container.registry
155	> rl90
156	> container.auth
157	> container.router
158	> boot
159	> ...
160	>
161	> FYI, i've found systemd is doing it nicely, where systemctl start/stop
162	> <CONTAINER> works as I would expect. I see a hardcoded dependency into the
163	> container PID in the unit file (podman in this case):
164	>
165	> [root@]# cat /usr/lib/systemd/system/container-libvirt-exporter.service
166	>
167	> #
168	>
169	> [Unit]
170	> Description=Podman container-libvirtd-exporter.service
171	> Documentation=man:podman-generate-systemd(1)
172	>
173	> [Service]
174	> Restart=always
175	> ExecStart=/usr/bin/podman start libvirtd-exporter
176	> ExecStop=/usr/bin/podman stop -t 10 libvirtd-exporter
177	> KillMode=none
178	> Type=forking
179	>
180	> PIDFile=/var/run/containers/storage/overlay-containers/9037e389e61ed01eb5dfce16fa750b6f0f01827a67640e4748e6527bbfcb6276/userdata/conmon.pid
181	>
182	> [Install]
183	> WantedBy=multi-user.target
184	>
185	>
186	> Kind regards,
187	> Damo
188	>
189	>

Gentoo Archives: gentoo-user