Backend: Suport systemd socket activation #3696
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
systemd supports passing an already open TCP or unix socket to an application on startup (enabled via the LISTEN_FDs env variable). Podman supports passing this socket from the host to the container as of version 3.4 (Docker does not support socket activation for containers). Socket activation provides the benefit of only starting a service on demand (reducing overall boot time and potentially reducing memory usage), as well as improving security by allowing running containers with '--network=none' and still being able to be exposed.
This PR adds automatic socket-activation support. If the 'LISTEN_FDS' variable is set, socket activation will automatically be used, otherwise the behavior remains unchanged. Socket activation can work with unix domain sockets or TCP sockets, and will work with TLS if configured
Acceptance Criteria:
I will post a separate PR for documentation updates. There is currently no test infrastructure for the server component that I see, so I'm not sure what to do about writing tests.
This patch does not support AutoTLS. In theory it should be possible to use autotls if 2 ports are socket-activated, but I don't see how AutoTLS can even work today as it opens 2 listeners on the same port, which I believe should fail.