I have been having a lot of internal debate about the idea of running more than one service in a docker container. A Docker container is built to run a single process in the foreground and to live for only as long as that process is running. This is great in a utopian world where servers are immutable and sysadmins drink tiki drinks on the beach, however it doesn’t always translate well to the real world.
Examples where you might want to be able to run multiple servers span from the simple use case of running
sshd as well as your application to running a web app such as
wordpress where you might want both
mysql running in the same container.
Wrapping your applications in a supervisor daemon such as
runit seems like a perfect fit for this. All you need to do is install
runit as part of your
dockerfile and then create appropriate service directories for the apps you want to run in the container. I was doing some testing of this when I realized a quirk of
runit which I could exploit for evil.
To start or stop a service with
runit is simply a matter of creating or deleting a symlink in a service directory, so in theory if you could expose that directory to the server hosting the container you could exploit that to start and stop services from outside of the container.
Docker volume mapping allows exactly this!
Below you will find examples of running three services (logstash,elasticsearch,kibana) that make up the
Read on →