[WIP] cnispawn: run container in detached transient unit #257
Conversation
With that, the container lifetime is not tied to the lifetime of the slice in which kube-spawn is running. This commit doesn't add code to shutdown and remove the network namespace when the cluster is stopped. This is yet to be done.
I'm not sure yet how to do that best and maybe want to combine it with refactoring the code. Input welcome. |
|
xref #212 |
|
kube-spawn should check if the version of systemd-nspawn on the host is v236 before using rkt has a similar version test. Unfortunately, we need fallback code because v236 is not in every distro. |
| env = append(env, "SYSTEMD_NSPAWN_USE_CGNS=0") | ||
|
|
||
| _, err = syscall.ForkExec(systemdNspawnPath, args, &syscall.ProcAttr{ | ||
| _, err = syscall.ForkExec(systemdRunPath, args, &syscall.ProcAttr{ |
There was a problem hiding this comment.
We could use systemd-run --service-type=notify together with systemd-nspawn --notify-ready=yes right now. We could then debug more easily with systemctl status run-xxxx.service.
Possibly use systemd-run --unit= using a user-friendly generated name too. And --slice=machine.slice (I had a look at /usr/lib/systemd/system/systemd-nspawn@.service).
And lastly, but it might require more refactoring so maybe in a future step: instead of syscall.ForkExec(), use os.exec so you can catch the stdout/stderr and exit status, and print those in case of errors. We would need to start the 3 nodes in parallel (in case of a 3-node cluster) and I don't know if the current code does this in parallel (hence the need for refactoring).
With that, the container lifetime is not tied to the lifetime of the
slice in which kube-spawn is running.
This commit doesn't add code to shutdown and remove the network
namespace when the cluster is stopped. This is yet to be done.