/srv/irclogs.ubuntu.com/2014/02/27/#ubuntu-us-pa.txt

InHisName2Morning07:53
=== jthan_ is now known as than
=== than is now known as jthan
rmg51Morning10:24
teddy-dbearMorning peoples, dogs, turkey, hamsters and everything else13:19
JonathanDhiya13:24
teddy-dbearo/13:28
InHisName2jthan: y did u drop the "j" for 3 seconds, --> missed typing a key ?13:37
InHisName2Morning again13:37
ChinnoDoghi16:25
lazyPowero/16:45
ChinnoDogIs there a way to channel a terminal program or a screen session through a unix socket or named pipe? I know this seems like a strange question.17:19
ChinnoDogThis is too complicated. Maybe I would rather not try to do that.17:58
square-r00tscreen sessions already use sockets17:59
square-r00t/var/run/screen18:00
ChinnoDogoh.18:00
ChinnoDogSo how do I connect to screen via socket then?18:00
ChinnoDogMeaning... If I have access to the file system containing the screen socket but screen is not running on the system I can see it from, how do I connect to it?18:02
square-r00twhen you start a screen session, it opens a new socket.18:04
square-r00ti'm going to take a guess here and assume you're trying to attach to a process that was initiated remotely and not within screen/dtach?18:05
ChinnoDogActually no but.. can I do that?18:06
ChinnoDogThat would be even better if I could run processes that aren't attached to a screen or terminal and connect to them later.18:07
square-r00tno, you can't. hah18:10
ChinnoDogThis conversation is creating more questions than answers now. What I am trying to do is figure out how to isolate CLI programs inside docker containers.18:11
square-r00toh, ps auxf|less18:11
square-r00thit / (search)18:11
square-r00tsearch for the dock name18:11
square-r00tps auxf prints all processes, their full execution path, in "tree" mode18:11
ChinnoDogI don't understand how that helps me18:12
square-r00tso you can see what processes another process spawns18:12
square-r00tif it's running from the dock, you'll be able to find the process of the dock, and check out the children processes18:12
ChinnoDogHow do I communicate with a process that is running in a container if it doesn't have network ports or a unix socket in the filesystem?18:12
square-r00t*most* docks, iirc, spawn them that way18:12
square-r00tsimple answer, you don't18:12
square-r00tyou can send KILL sigs and that's it18:13
square-r00t(e.g. HUP, USR1, etc.)18:13
ChinnoDogNot a dock, Docker18:13
square-r00thttp://www.linux.org/threads/kill-commands-and-signals.4423/18:13
square-r00toh...thehell. looks like some kind of UML clone18:14
square-r00tthe process tree *should* still show the process18:14
square-r00tultimately, What Are you Trying to Specifically Do(TM)18:15
ChinnoDogThe only connection I have to processes running in docker containers is network ports and file system access18:15
square-r00tthrough the docker interface/API, sure18:16
ChinnoDogEnable me to run multiple versions of a CLI environment at the same time by isolating the applications within containers18:16
square-r00tbut unless it's running in a paravirt mode or fully virtualized hardware (and it doesn't look like Docker does that; it looks more like chroots) you should be able to still see and interact (via SIG at least) the processes within the container18:17
square-r00tbut grain of salt, i'm not using docker or anything18:17
ChinnoDogBut that won't let me attach it to an arbitrary terminal or screen.. will it?18:18
ChinnoDogIt seems to me that to do this properly will create far too much overhead. I /could/ run an sshd in every container and then redirect users that ssh in to the correct container18:25
ChinnoDogThat will create 1 sshd per application though plus 1 just to get in.18:25
ChinnoDogIt might be better to abandon Docker for this. If I do that though I will need a safe way to update the system.18:26
ChinnoDogActually, this could be a good use for btrfs snapshots.18:28
ChinnoDogTo perform safe modifications I could snapshot the root file system, chroot into the snapshot to perform and test updates, and then remount root to the new snapshot.18:29
ChinnoDogsquare-r00t: What do you think?18:29
square-r00tChinnoDog: that's what you gotta do, re: sshd18:30
ChinnoDogI don't want to run that many sshds18:30
square-r00tbut no, unless it has some sort of hypervisor or such you're not going to be able to get a tty (or pty) to that container18:31
square-r00tyou might want to check out virtuozzo/openvz18:41
square-r00tit doesn't quite need a hypervisor like fully virtualized hardware, and you can easily enter containers18:41
ChinnoDogThat will have even more overhead. Resources for an entire system in every VM.18:42
square-r00tbad news is they're full OS installs for each container, not just a chrooted application18:42
square-r00tit's not virt'd hardware18:42
square-r00tit just takes up more disk space18:42
square-r00twould use the same ram/cpu per container as docker18:42
ChinnoDogI know it is paravirt but every system is going to be running all the normal processes18:42
square-r00t(roughly)18:42
square-r00tno, it's *not* paravirt.18:43
square-r00tthat's what i'm saying18:43
square-r00tvz = chroots with some isolated device special files, etc.18:43
square-r00teach container's going to be running about 4-5 processes as overhead, and that's all running via host kernel hooks18:44
square-r00t(so yeah, you need a custom kernel)18:44
square-r00tbut you can't have your cake and eat it too18:44
square-r00t(paravirt means it's able to, and does, run its own kernel inside the container on fully virtualized hardware)18:46
square-r00tpoint being, you need to decide what you actually wanna do, because you're not gonna have a way of getting interactive shell with processes running inside a container without modifying the kernel18:46
ChinnoDogThat is also more overhead than I want. My alternate plan seems more practical here. Abandon containers entirely and do system updates using file system snapshots. It is not the same level of isolation but it won't take down running processes and I can test the results before I commit.18:46
square-r00t(shrug)18:47
ChinnoDogI don't want more to manage, I want less to manage.18:47
square-r00tlol. sounds like your solution has a hell of a lot more to manage than me, but what do i know; i'm a linux sysadmin18:48
square-r00ts/than/to/18:48
ChinnoDogSnapshots allows me to manage one system. With OpenVZ I would have to manage one system per user. With containers I would have to manage one container per apps and additional apps to connect the containers.18:49
ChinnoDogNone of these approaches is perfect.18:49
square-r00tbtrfs is also beta, you'd be hacking the thing together yourself, and you won't be able to run them in parallel effectively. to me, that's a higher nightmare18:50
ChinnoDogSeems stable enough to me. I've been running it for years.18:51
ChinnoDogI had more problems with "stable" resierfs code than I ever did with btrfs.18:52
square-r00tin-house always has the benefit of doing it "exactly" the way you want something done (assuming the skillsets are available to make that happen), but at the cost of admin/dev time.18:52
square-r00tthat's because reiserfs is trash18:52
square-r00tbut 1.) that's anecdotal evidence, 2.) still says nothing about the other two major issues i presented18:53
square-r00tgranted, you still haven't told me *why* you're doing this, so i have no idea of the use case18:53
ChinnoDogTo host an application on the internet for users to access.18:54
ChinnoDogSince I am hosting it stability as well as density is important.18:54
square-r00tstable, density, convenient; choose two18:55
MutantTurkeytwo?19:01
MutantTurkeyyou're lucky if you get one in the end!19:02

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!