Start Docker container using systemd socket activation?

Question

Can an individual Docker container, for example a web server, that exposes (listens on) a port be started using systemd's socket activation feature? The idea is to save resources by starting a container only when it is actually needed for the first time (and possibly stop it again when idle to save resources).

Note: This question is not about launching the Docker daemon itself using socket activation (which is already supported), but about starting individual containers on demand.

Answer 1

In short, you can't.

But, if you wanted to approach a solution, you would first need to run a tool like CoreOS or geard that runs each Docker container in a systemd service.

Even then, Docker's support for inheriting the socket has come and gone. I know geard is working on stable support. CoreOS has published generalized support for socket activation in Go. Red Hat folks have also added in related patches to Fedora's Docker packages that use Go's socket activation library and improve "foreground mode," a key component in making it work.

(I am the David Strauss from Lennart's early article on socket activation of containers, and this topic interests me a lot. I've emailed the author of the patch at Red Hat and contacted the geard team. I'll try to keep this answer updated.)

Answer 2

If it has to be using systemd, there was a blog post last month about that, here (haven't tried it myself yet).

If the choice of technology is not a hard constraint, you could just write a small proxy in your favorite programming language, and simply make a Docker API call to ensure the container is started. That's the way snickers (my experimental nodejs proxy) does it.