是否建议在docker容器中运行systemd？ [英] Is it recommended to run systemd inside docker container?

问题描述

我计划在容器内使用 systemd。根据我阅读的文章，每个容器最好限制一个过程。

I am planning to use 'systemd' inside the container. Based on the articles I have read, it is preferable to limit only one process per container.

但是，如果我在容器中配置 systemd，则最终将运行许多进程。

But if I configure 'systemd' inside the container, I will end up running many processes.

在我做出任何决定之前，了解在容器内使用systemd的利弊是非常棒的。

It would be great to understand the pros and cons of using systemd inside the container before I take any decision.

推荐答案

我建议您尽量避免在容器中系统化。

I'd advise you to avoid systemd in a container if at all possible.

Systemd 挂载文件系统，控制多个内核参数，具有自己的内部系统来捕获进程输出，配置系统交换空间，配置巨大的页面和POSIX消息队列，启动进程间消息总线，启动每终端登录提示，并管理大量系统服务。其中许多就是Docker为您做的事情。其他是Docker默认情况下会阻止的系统级控件（有充分的理由）。

Systemd mounts filesystems, controls several kernel parameters, has its own internal system for capturing process output, configures system swap space, configures huge pages and POSIX message queues, starts an inter-process message bus, starts per-terminal login prompts, and manages a swath of system services. Many of these are things Docker does for you; others are system-level controls that Docker by default prevents (for good reason).

通常，您希望容器做一件 的事情，有时需要多个协调流程，但是您通常不希望它执行systemd提供的超出流程管理器的任何工作。由于systemd更改了许多主机级参数，因此您通常需要以-特权身份运行它，这会破坏Docker隔离，通常是一个坏主意。

Usually you want a container to do one thing, which occasionally requires multiple coordinating processes, but you usually don't want it to do any of the things systemd does beyond provide the process manager. Since systemd changes so many host-level parameters you often need to run it as --privileged which breaks the Docker isolation, which is usually a bad idea.

正如您在问题中所说，通常认为每个容器运行一个件是最好的。如果您无法执行此操作，则需要一个轻量级的进程管理器，例如 supervisord ，该进程管理器会执行最少的初始化过程来对于Docker和Unix哲学来说，都是更好的选择。

As you say in the question, running one "piece" per container is usually considered best. If you can't do this then a light-weight process manager like supervisord that does the very minimum an init process is required to is a better match, both for the Docker and Unix philosophies.

这篇关于是否建议在docker容器中运行systemd？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！