From: "Ludovic Courtès" <ludo@gnu.org>
To: paul <goodoldpaul@autistici.org>
Cc: 66160@debbugs.gnu.org
Subject: [bug#66160] [PATCH] gnu: Add oci-container-service-type.
Date: Tue, 24 Oct 2023 17:41:11 +0200 [thread overview]
Message-ID: <874jig81uw.fsf@gnu.org> (raw)
In-Reply-To: <16c3e931-09d2-9e85-97f1-c7f78d5ff2ec@autistici.org> (paul's message of "Thu, 19 Oct 2023 23:16:35 +0200")
Hi,
paul <goodoldpaul@autistici.org> skribis:
[...]
>> In that case, maybe create an “oci-service” account part of the “docker”
>> group, and run ‘docker run’ as that user instead of running it as root?
>> Would that be OK or am I overlooking something?
> I already added such user in the latest version of my patch. I
> probably made a mess with patch subjects.
Oh, my bad; perfect then.
>> What I’m suggesting above is that one would build a list of
>> ‘oci-container-service-type’ instances, like:
>>
>> (list (service oci-container-service-type
>> (oci-container-configuration …))
>> (service oci-container-service-type
>> (oci-container-configuration …))
>> …)
>>
>> Each instance above would correspond to exactly one program in a Docker
>> image.
>>
>> I feel it’s slightly more natural than having a service type that
>> implements support for multiple OCI services at once.
> I agree it's more natural but (list service-a service-b ...) it's the
> same interface exposed by the shepherd-root-service-type, I believe
> for the same reasons I need the oci-nextcloud-service-type to
> instantiate 3 shepherd services but only create a single account,
> activate a single data dir under /var/lib, something like this:
>
> (defineoci-nextcloud-service-type
> (service-type(name'nextcloud)
> (extensions(list(service-extensionoci-container-service-type
> (lambda (config) (make-nextcloud-container config)
> (make-nextcloud-cron-container config)))
[...]
> The only way where oci-container-service-type could support this use
> case by accepting a single configuration is I guess if multiple
> (service-extension oci-container-service-type ...) where allowed, am I
> understanding correctly? Is it legal in Guix to write somthing like:
>
> (extensions(list(service-extensionoci-container-service-type
> make-nextcloud-container)
> (service-extensionoci-container-service-typemake-nextcloud-cron-container)
> (service-extensionaccount-service-type
> (const%nextcloud-accounts))
> (service-extensionactivation-service-type
> %nextcloud-activation)))
If you take the route of one ‘oci-container-service-type’ per
daemon/server that you want to run, then <oci-container-configuration>
should probably have a ‘user’ field to specify under which user to run
the container. ‘oci-container-service-type’ would create exactly one
Shepherd service so, likewise, <oci-container-configuration> would need
a ‘provision’ field to specify the Shepherd service name (the
“provisions”). Likewise, perhaps a field to specify the data directory
is needed.
Does that make sense?
Thanks,
Ludo’.
next prev parent reply other threads:[~2023-10-24 15:41 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-22 20:32 [bug#66160] [PATCH] gnu: Add oci-container-service-type paul via Guix-patches via
2023-09-22 20:34 ` Giacomo Leidi via Guix-patches via
2023-10-05 14:30 ` Ludovic Courtès
2023-10-05 17:30 ` paul via Guix-patches via
2023-10-13 22:53 ` paul via Guix-patches via
2023-10-06 19:09 ` Giacomo Leidi via Guix-patches via
2023-10-14 16:09 ` Ludovic Courtès
2023-10-14 21:29 ` paul via Guix-patches via
2023-10-19 20:13 ` Ludovic Courtès
2023-10-19 21:16 ` paul via Guix-patches via
2023-10-24 15:41 ` Ludovic Courtès [this message]
2023-10-24 20:22 ` paul via Guix-patches via
2023-10-13 22:57 ` Giacomo Leidi via Guix-patches via
2023-10-14 21:36 ` Giacomo Leidi via Guix-patches via
2023-10-14 21:47 ` Giacomo Leidi via Guix-patches via
2023-10-24 20:59 ` [bug#66160] [PATCH v2] " Giacomo Leidi via Guix-patches via
2023-11-23 10:02 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874jig81uw.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=66160@debbugs.gnu.org \
--cc=goodoldpaul@autistici.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).