-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/31/2014 09:51 AM, Zbigniew Jędrzejewski-Szmek wrote: > On Fri, Jan 31, 2014 at 08:27:29AM -0500, Daniel J Walsh wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 01/30/2014 07:09 PM, Zbigniew Jędrzejewski-Szmek wrote: >>> On Thu, Jan 30, 2014 at 04:29:14PM -0500, Dan Walsh wrote: >>>> If I want to run a container as a service, it would be nice if it >>>> used the service cgroup configuration >>> Your patch will break the integration with machienctl, etc. Would >>> instead assigning the slice with --slice be enough? >>> >>> Zbyszek >>> >> My goal is if I run systemd-nspawn within a systemd unit file, perhaps as >> a plugin to docker, I want to allow the system administrator to just add >> >> MemoryLimit=500m > You can set the limit on the service, or on the slice. > > On the service: # > /etc/systemd/system/systemd-nspawn@<container>.d/limits.conf [Service] > MemoryLimit=500M > > On the slice: # > /etc/systemd/system/systemd-nspawn@<container>.d/slice.conf [Service] > Slice=system-<container>.slice > > # /etc/systemd/system/system-<container>.slice # (note that the path here > makes this slice part of /system not /machine [Slice] MemoryLimit=500M > > You can alternatively specify the slice with --slice argument to nspawn. > > Zbyszek > My plan is not to have the user no they are running systemd-nspawn
Imaging the user is creating a httpd container unit file using docker, described in this document. http://welldefinedbehaviour.wordpress.com/2014/01/30/adventures-with-containerization-fedora-docker-and-httpd/ [Unit] Description=example.com Container After=docker.service [Service] Type=simple ExecStart=/usr/bin/docker run -v /srv/example.com:/srv httpd-test1 Restart=on-failure Currently docker uses lxc tools under the covers to launch the container, we want to add a plugin to use systemd-nspawn. docker -> systemd-nspawn -> container But we want the docker, systemd-nspawn and the container all affected by any Cgroup entries in the unit file. So I want the container to run as a service slice not a machine slice. The user will never execute systemd-nspawn in this case. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLrunwACgkQrlYvE4MpobOacACeMMWBJZjJXiHKEhT+Dp8xB4tl viEAn0pMcKsQriVNSrpltlW2gtG+VhH3 =uJiv -----END PGP SIGNATURE----- _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel