Executors
Introduction
ISM uses executors as abstract components to delegate management of processes and network configuration.
This is used to enhance flexibility by enabling the support of multiple runtimes.
It should also help us in reducing the dependency on specific version of other systems, like systemd.
Architecture
ISM describes executors and their API in a contract-like interface contained in gateway/executor-api.go.
This API is kept in the gateway module to separate executors from gateway and prevent circular imports.
executors themselves live in the executors/ directory.
Support Executors
incus: container-native namespace based on incus + lxc used in production.- Requires ISM to run in a container in Incus with priviledged access to the incus socket
- Controls Incus for network, data management and component isolation
- Starts units in LXC containers, supports having multiple enabled isabelle versions
- May run on any host with Incus and LXC (See Incus installation instructions)
- Has Long term support releases, we build on the stable REST API on version LTS 6.x (EOL June 2029)
Planned executors
docker: TBD, if mount refactor works out
Deprecated executors
systemd: The legacy executor formerly used in production, based on transient units and user namespaces- Required systemd to have root access to the systemd dbus
- Uses manually managed bind mounts for data management
- Employs namespaces to isolate service instances
- Starts units in transient units, only supports on isabelle version
- Requires/ Expects isabelle in a standalone binary, expects a NixOS host