On 22/04/2015 21:56, Aristomenis Pikeas wrote:
> Feedback appreciated - do this stage1 (init)/stage2 (init-2)/stage3
> (finish) work? Have I broken anything, and is anything missing?
"Hey, I took your work, gutted it, removed all the flesh, and kept the
skeleton. Have I broken anything ?"
Well... tell us. Try it! Is it working? Does it do what you want it to?
If it does, great. If it doesn't... maybe you should put a little flesh
back on.
Remember that s6-overlay is something generic, that aims to be used in
a wide variety of situations, so there's code to handle a lot of cases.
If it's too generic for you, by all means, take out what you don't need,
build your own minimal script, but don't ask us "is it good?" afterwards!
If it was good for our needs, it's what we would have done instead of
the more complex overlay. :P
The thing is, for instance this simple requirement:
> - Ability to run services only, or services + given command.
generates more complexity than you think. You actually want to run the
command in an environment you control, and give to your "docker run"
invocation; but you do not want to run the supervision tree with that
environment, because if you do, then the behaviour of the supervision
tree depends on variables that a user can define! It's even worse with
terminals. You definitely do not want to run the supervision tree with
the same controlling terminal as your given command!
Even without controlling terminals: you commented out the
"redirfd -r 0 /dev/null" line in stage 1. That means your supervision tree,
and all your services, will run with stdin pointing outside the container.
The same stdin that will be given to the command. If one of your services
mistakenly reads from stdin, it's game over.
You put your scandir in /etc/services. Can you guarantee that it will
always be correct, containing exactly the service directories you want,
with the right permissions, and that it will be mounted read-write?
Maybe you can guarantee it for your case, and that's great; but we cannot
guarantee it in general, because the overlay can be used with a whole
variety of systems, including very braindead ones, and we wanted it
hardened.
So... "does it work?" In the general case, no, it doesn't. In your case,
maybe it does - you're the only one who can tell. So please try it and
do tell :)
--
Laurent
Received on Wed Apr 22 2015 - 21:34:58 UTC