Hi all,
isn’t it worried anyone that systemd becomes a must to use Unprivileged containers on cgroupv2 OS?
Shortening the lomg story with my use case:
- software managing Unprivileged LXC containers written with official Python binding library.
- is starting from systemd service as system user (id <1000).
- and is just waiting in the background for client requests and doing something with containers.
It’s working perfectly on Ubuntu 18.04.
But, recently started migration to Ubuntu 22.04 and of course I faced off the known problems.
Finally I gave up on a clean solution and created systemd service which is running external script as my user (“User=” directive) which is running my app by systemd-run:
OWNER=$(whoami)
export XDG_RUNTIME_DIR=/run/user/$(id -u)
export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
exec systemd-run --machine=${OWNER}@.host --user --scope --collect -p "Delegate=yes" -- /usr/bin/mydaemon.py
So, first service is running systemd-run which is creating the second service…
At least it’s working and even can be stopped and restarted by systemctl on fail.
Actually, I thought it’s working, but it’s not. Not after reboot.
After reboot there is user session missing - so it won’t start automatically.
Solution is: # loginctl enable-linger myuser
Simple, right? No, it’s not.
From this moment Ubuntu 22.04 becomes into madness.
-
The slightest problem are the dozen of my system user processes running - it’s not big deal but looks confusing for single process daemon.
-
The worst is snapd which started heavily flooding into the logs:
Dec 1 15:26:05 ubuntu systemd[2756]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Dec 1 15:26:05 ubuntu systemd[2756]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Dec 1 15:26:05 ubuntu snapd-desktop-i[117940]: Not loading module “atk-bridge”: The functionality is provided by GTK natively. Please try to not load it.
Dec 1 15:26:06 ubuntu systemd[808]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Scheduled restart job, restart counter is at 1341.
Dec 1 15:26:06 ubuntu systemd[808]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Dec 1 15:26:06 ubuntu systemd[808]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Dec 1 15:26:06 ubuntu snapd-desktop-integration.snapd-desktop-integration[118007]: Sorry, home directories outside of /home are not currently supported.
Dec 1 15:26:06 ubuntu snapd-desktop-integration.snapd-desktop-integration[118007]: See Support for non /home homedirs - snapd - snapcraft.io for details.
Dec 1 15:26:06 ubuntu systemd[808]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Main process exited, code=exited, status=1/FAILURE
Dec 1 15:26:06 ubuntu systemd[808]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Failed with result ‘exit-code’.
Dec 1 15:26:07 ubuntu systemd[2756]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Scheduled restart job, restart counter is at 1286
After hours it’s not stopping. Ok, maybe Ubuntu will fix and put updated version in the next year… it’s not LXC issue.
- And another mess appears into the user (system user) home directory.
Should there be snap located? gvfs? pulseaudio? gstreamer cache? tracker-miner cache? such mess created into the system user home directory?
I’m fully aware that this is not Ubuntu forum nor systemd!
But it really destroys opinion of LXC. It’s something that can be observed - discussions here and there.
And this makes me worry because LXC is fascinating project. But I’m afraid if becomes less and less usable because of such intrusive behavior of other software.
Is there anything that could be done in LXC to immune such strong dependency on systemd?