From: Efraim Flashner <efraim@flashner.co.il>
To: conjaroy <conjaroy@gmail.com>
Cc: help-guix@gnu.org
Subject: Re: Is anyone using `guix system container` in production?
Date: Sun, 2 Aug 2020 11:34:52 +0300 [thread overview]
Message-ID: <20200802083452.GA1134@E5400> (raw)
In-Reply-To: <CABWzUjUBTKLzxn5xVrd6=_hgE91bdzTwoaPCxmhnS91TJH3H3g@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2456 bytes --]
We've switched from using systemd to manage guix containers and services
to using systemd user services to launch an instance of shepherd which
manages guix containers and services, with some custom sudo rules. As
far as using systemd and guix containers, here's one config that I still
have around¹
Our upgrade scheme was to run 'guix pull' about weekly and then restart
the container. Assuming it didn't break we'd let it ride. If it did
break then we'd have 'guix pull --roll-back' to roll-back and wait it
out or fix it.
On Wed, Jul 29, 2020 at 06:17:44PM -0400, conjaroy wrote:
> I'm interested in deploying several system containers to a single cloud
> VPS, and I had originally planned to build those via `guix system
> docker-image`. Although Docker has some nice CLI tools for
> starting/stopping/listing active containers, it occurs to me that an
> alternative (`guix system container`) has at least one significant
> advantage: containers come online in seconds, as opposed to the minutes it
> takes to build and import a Docker image (or tens of minutes, if the build
> host is a VM without /dev/kvm.) It might also be the case that using
> /gnu/store for all containers is more disk-space-efficient than creating
> self-contained Docker images for each one.
>
> So I was wondering if anyone has experience running long-lived containers
> built via `guix system container` in a production setting. Since I'm
> running Guix on a foreign distro (Debian 10), it seems reasonable to build
> a systemd service around the container script, but there may be pitfalls I
> haven't considered:
>
> # build container script and register it as a gc root with a well-known
> name.
> guix build --root=/home/guix/my-awesome-container $(guix system container
> -d my-awesome-container.scm)
>
> cat << EOF > /etc/systemd/system/my-awesome-container.service
> [Unit]
> Description=My Awesome Container
>
> [Service]
> ExecStart=/home/guix/my-awesome-container
> TimeoutStopSec=30
> StandardOutput=syslog
> StandardError=syslog
>
> [Install]
> WantedBy=multi-user.target
> EOF
¹ http://git.genenetwork.org/guix-bioinformatics/guix-bioinformatics/src/branch/master/gn/services/bnw.service
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-08-02 8:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-29 22:17 Is anyone using `guix system container` in production? conjaroy
2020-08-02 8:34 ` Efraim Flashner [this message]
2020-08-02 15:40 ` conjaroy
2020-08-03 6:53 ` Efraim Flashner
2020-08-04 12:40 ` conjaroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200802083452.GA1134@E5400 \
--to=efraim@flashner.co.il \
--cc=conjaroy@gmail.com \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.