Date: Thu, 02 Jan 2025 19:56:47 +0100 From: "Dave Cottlehuber" <dch@skunkwerks.at> To: "JH Foo" <jhfoo@kungfoo.info>, freebsd-jail <freebsd-jail@freebsd.org> Subject: Re: jail services in podman Message-ID: <b8abb79e-f552-41c0-9832-cc90687b804c@app.fastmail.com> In-Reply-To: <9efebe67-e4e4-4919-bfdf-b7e29f4f0079@kungfoo.info> References: <9efebe67-e4e4-4919-bfdf-b7e29f4f0079@kungfoo.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 31 Dec 2024, at 17:16, JH Foo wrote: > Not sure if this is a jail or podman thing: I'm learning about running=20 > apps in Podman, and the recommendation seems to be to include a CMD in=20 > Containerfile/Dockerfile. When the binary called by the CMD ends, the=20 > jail is stopped. In the example=20 > (https://gitlab.com/bergblume/podman-caddy-on-freebsd/-/blob/master/ca= ddy.yml?ref_type=3Dheads),=20 > Caddy is run daemonless using this technique. > > My question is: in the world of sidecars is this still the right way t= o=20 > execute long-running (e.g. API) services? I'm using Bastille now and I=20 > set up Caddy (for example) as a service in /etc/rc.conf. Is this=20 > considered anti-pattern in Podman/OCI containers? Yes.=20 On FreeBSD we=E2=80=99ll need to figure out what the minimal dependencie= s are for each daemon or service. For example I=E2=80=99ve been experimenting with dnsdist which has a doc= ker-style =E2=80=94supervised flag where it runs in foreground and spits= out logging info to stdout. This runs fine, others may require a wrappe= r script to set the appropriate things up. Alternatively add a rc.local that never returns? Then normal rc system c= ould be used. Something like while true do sleep 99d; done? A+ Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b8abb79e-f552-41c0-9832-cc90687b804c>