On Tue, 03.02.15 20:45, Mikhail Morfikov (mmorfi...@gmail.com) wrote: > > Also note that using socket activation for cotnainers means that > > systemd instance inside the container also needs to have configuration > > for the socket, to pass it on to the service that ultimately shall > > answer for it. Are you sure that apache2 has support for that, and > > that you set it up? > > Actually, I just want to start the container when someone else tries to > connect to the port 80 of the host, just using the container's IP > address. So, for instance, my host has IP 192.168.1.150, the container > has IP 192.168.10.10 , and I want to type the second address in a web > browser so the system in the container could boot and start apache.
Hmm, to implement something like this I think the best option would be to set up the interface to later pass to the container first on the host, then listen on the container's IP address on the host. When a connection comes in the container would have to be started via socket activation, and would then have to take over the container interface (with --network-interface=), so that all further connections are delivered directly to the container and the host is not involved anymore. This way you'd still have two seperate network namespaces, but the interface would change namespace during activation of the container, so that first the host owns it and processes it and then the container. Of course, either way you'd need socket activation support in your Apache. And I don't think Apache provides that right now out of the box... Also note that ther's a slight security risk here: the socket that is used for activation is from the hosts's namespace. Using the old BSD netdev ioctls like SIOCGIFCONF will reveal the host's network setup, not the container's setup. > Then I could browse the page that is hosted by the apache server inside > of the container. I'm not sure if that's even possible, but apache > inside of the container starts at boot automatically, so I think there's > no need for setting anything in the container -- please correct me if > I'm wrong. Socket activation is somethings daemons need to support explicitly. Many do these days, but I don't think Apache is one of them. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel