Re: [pcp] pcp updates: qa, containers

To:	"Frank Ch. Eigler" <fche@xxxxxxxxxx>, Nathan Scott <nathans@xxxxxxxxxx>
Subject:	Re: [pcp] pcp updates: qa, containers
From:	Mark Goodwin <mgoodwin@xxxxxxxxxx>
Date:	Wed, 18 Mar 2015 12:02:24 +1100
Cc:	pcp <pcp@xxxxxxxxxxx>
Delivered-to:	pcp@xxxxxxxxxxx
In-reply-to:	<y0m7fufmqxd.fsf@xxxxxxxx>
References:	<839234551.7808463.1426575003930.JavaMail.zimbra@xxxxxxxxxx> <1452631543.7808485.1426575023285.JavaMail.zimbra@xxxxxxxxxx> <y0m7fufmqxd.fsf@xxxxxxxx>
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0

On 03/18/2015 05:15 AM, Frank Ch. Eigler wrote:

Nathan Scott <nathans@xxxxxxxxxx> writes:

Nathan Scott (6):
       docker: switch to using Marks env var suggestion
[...]


the env var was actually in response to an anticipated need for PCP
container meta-data, the most obvious and pressing of which is "am I
running in a container?". Interesting to note that container meta-data
has been a hot topic out there in dockerland and upstream have now
settled on container "labels", which are similar to env-vars but not
quite the same. See https://github.com/docker/docker/pull/9882

I don't know how yet, but PCP PMDAs (other than those that are default
pre-installed) are probably going to need meta-data if they end up running
in separate containers, if that's how things end up. e.g. maybe to share
pcp.conf variables and so forth. Perhaps even the default PMDAs should be
in their own containers and we make use of container linking with the
pcp-pmcd container? See --link in docker-run(1).  A lot of this depends
on how the pcp packaging re-split works out .. Lukas?

Amongst other things, I think this would allow PMDA containers to talk to
the pmcd container via private virtual network interfaces set up by the
container linkage, i.e. yet another pmda-pmcd ipc mechanism. THis should
help avoid the need for PMDA containers to be ultra-privileged in order to
access the host network interfaces or pmcd unix domain sockets directly.

Any thoughts?


By the way, have y'all considered using the daemons in foreground mode
("pmcd -f" et al.) as the contained pid-1 process, instead of
inventions such as pmsleep?  Something like the patches below
[1] or even [2] (untested!).

Beyond removing an unnecessary part, another benefit would be that the
container pid-1 would actually exit when the daemon does, so that the
orchestrator could possibly restart the thing.


It's unclear to me just how important the pid-1 requirement is and how
signals and child pids are managed by orchestrators .. I assume the
daemon waits for pid-1 and pid-1 is responsible for it's own children.
At the very least, I guess it should work with the prevailing "docker run
--restart" policy to apply when a container exits (no, on-failure[:max-retry],
or always).

Cheers
-- Mark

<Prev in Thread]	Current Thread	[Next in Thread>
pcp updates: qa, containers, Nathan Scott Re: pcp updates: qa, containers, Frank Ch. Eigler Re: [pcp] pcp updates: qa, containers, Mark Goodwin <= Re: [pcp] pcp updates: qa, containers, Nathan Scott Re: [pcp] pcp updates: qa, containers, Frank Ch. Eigler Re: [pcp] pcp updates: qa, containers, Nathan Scott

Previous by Date:	Re: QA resource leaks, Nathan Scott
Next by Date:	Re: [pcp] pcp updates: qa, containers, Nathan Scott
Previous by Thread:	Re: pcp updates: qa, containers, Frank Ch. Eigler
Next by Thread:	Re: [pcp] pcp updates: qa, containers, Nathan Scott
Indexes:	[Date] [Thread] [Top] [All Lists]