17

Can an individual Docker container, for example a web server, that exposes (listens on) a port be started using systemd's socket activation feature? The idea is to save resources by starting a container only when it is actually needed for the first time (and possibly stop it again when idle to save resources).

Note: This question is not about launching the Docker daemon itself using socket activation (which is already supported), but about starting individual containers on demand.

Markus Miller
  • 3,695
  • 2
  • 29
  • 33
  • I think it's possible, but difficult to find anything around.. I'm ready to write a blog post, but still can't figure out how to pass the socket from the host to the initiated docker. Maybe just mount it as a volume.. Here some reading: http://0pointer.de/blog/projects/socket-activated-containers.html http://libvirt.org/drvlxc.html#activation – Pierre Ozoux Sep 04 '14 at 14:32
  • Is it a requirement to use systemd's socket activation feature? How about using the Docker API to start and stop containers on demand? – rexposadas Sep 05 '14 at 23:32
  • Did you find a solution to shutdown the process when it is not used ? – Arka Jun 06 '15 at 20:51
  • Arka: I did not spend any time on that yet, as even the socket-activation is still missing. But I guess the server could try to track activity, and when it has been idle long enough trigger a shutdown. – Markus Miller Jun 06 '15 at 21:54
  • 1
    https://developer.atlassian.com/blog/2015/03/docker-systemd-socket-activation/ Is this not what you want ? – Arka Jun 06 '15 at 23:54
  • Arka: Thanks for the link, which shows how systemd-socket-proxyd can be used to work around that Docker apparently does not support it directly. Ideally Docker would support it directly to avoid the need for workarounds such as systemd-socket-proxyd, but maybe this systems-socket-proxyd is as close as we can get for now. – Markus Miller Jun 07 '15 at 12:21

3 Answers3

13

In short, you can't.

But, if you wanted to approach a solution, you would first need to run a tool like CoreOS or geard that runs each Docker container in a systemd service.

Even then, Docker's support for inheriting the socket has come and gone. I know geard is working on stable support. CoreOS has published generalized support for socket activation in Go. Red Hat folks have also added in related patches to Fedora's Docker packages that use Go's socket activation library and improve "foreground mode," a key component in making it work.

(I am the David Strauss from Lennart's early article on socket activation of containers, and this topic interests me a lot. I've emailed the author of the patch at Red Hat and contacted the geard team. I'll try to keep this answer updated.)

David Timothy Strauss
  • 732
  • 1
  • 6
  • 18
  • I read the article after the video actually :) I'm running CoreOS. But even if Docker is in systemd, I never saw one with socket activation. Thanks for your answer, a lot of links to all the discussions :) I have to do some tests, but I'm pretty sure it's doable. I'll keep you informed here :) – Pierre Ozoux Sep 04 '14 at 17:10
  • The key is being able to specify a socket listener in the container as inherited from systemd. I haven't seen a stable implementation of that yet. – David Timothy Strauss Sep 04 '14 at 17:11
  • It's coming :) https://github.com/coreos/rocket/issues/106 not with Docker though :) – Pierre Ozoux Feb 09 '15 at 19:17
  • @PierreOzoux Rocket's developers (the CoreOS team) have long been wonderful members of the systemd community and major contributors to the project. – David Timothy Strauss Feb 10 '15 at 21:29
  • Maybe you could mention that Podman (version >= 3.4.0) supports socket activation of containers? – Erik Sjölund Apr 24 '23 at 18:44
2

If it has to be using systemd, there was a blog post last month about that, here (haven't tried it myself yet).

If the choice of technology is not a hard constraint, you could just write a small proxy in your favorite programming language, and simply make a Docker API call to ensure the container is started. That's the way snickers (my experimental nodejs proxy) does it.

michielbdejong
  • 1,077
  • 9
  • 14
1

Yes, you can with Podman. Podman supports socket activation since version 3.4.0 (released Sep 2021).

(Docker does not yet support socket activation of containers so you would need to use Podman for this)

Example 1: mariadb

I wrote a small example demo of how to set up socket activation with systemd, podman and a MariaDB container:

https://github.com/eriksjolund/mariadb-podman-socket-activation

MariaDB supports socket activation since version 10.6 (released April 2021)

Example 2: nginx

https://github.com/eriksjolund/podman-nginx-socket-activation

See also my answer https://stackoverflow.com/a/71188085/757777

Erik Sjölund
  • 10,690
  • 7
  • 46
  • 74