switch to being a systemd service #2
Comments
Open
|
Was thinking about this more recently, and there's an alternative path where we actually default to running in a container instead (maybe crun executed on the host rootfs) - but the point is that we avoid relying on too many systemd features because we ideally also support being executed from a privileged container for updates. |
|
If we ran from a systemd unit by default it'd make it easier to use https://systemd.io/CREDENTIALS/ for container pull secrets; also xref containers/image#1746 |
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now we have a lot of simplicity by not running under systemd. But there are a lot of advantages to doing so; see e.g. https://github.com/coreos/bootupd#questions-and-answers
All of the below applies to us too:
It's not, really. The name was intended to be "bootloader-upDater"
not "bootloader-updater-Daemon"; the choice of a "d" suffix is
in retrospect probably too confusing.
At a technical level, yes there is a socket-activated systemd service
which will spawn a
bootupd.service. However - the service willvery quickly auto exit. There's nothing long-running, so it's
not really a daemon.
The rationale behind this design is:
mechanism.
always consistently ends up in the systemd journal, not e.g.
a transient client SSH connection.
while bootupd is obviously privileged we can still make use
of some of this.
DBus or Cap'n Proto or varlink or something else). Having
a socket (without a defined stable API) is preparatory work for that.
The text was updated successfully, but these errors were encountered: