summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2022-06-15 10:46:12 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2022-06-15 15:43:12 +0200
commit751ba07a76a15ba2965886597c85152c541f3517 (patch)
tree9f2a0ccc296baf7c4222c8d182134e2be033485e
parent576c739e5ff01c760b383a258c62ed3ca7e1c30c (diff)
downloadpodman-751ba07a76a15ba2965886597c85152c541f3517.tar.gz
podman-751ba07a76a15ba2965886597c85152c541f3517.tar.bz2
podman-751ba07a76a15ba2965886597c85152c541f3517.zip
libpod: improve check to create conmon cgroup
commit 1951ff168a63157fa2f4711fde283edfc4981ed3 introduced a check so that conmon is not moved to a new cgroup when podman is running inside of a systemd service. This is helpful to integrate podman in systemd so that the spawned conmon lives in the same cgroup as the service that created it. Unfortunately this breaks when podman daemon is running in a systemd service since the same check is in place thus all the conmon processes end up in the same cgroup as the podman daemon. When the podman daemon systemd service stops the conmon processes are also terminated as well as the containers they monitor. Improve the check to exclude podman running as a daemon. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2052697 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--libpod/oci_conmon_linux.go2
-rw-r--r--test/system/250-systemd.bats25
-rw-r--r--test/system/helpers.systemd.bash4
3 files changed, 30 insertions, 1 deletions
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 6aa7ce6dc..058c23e68 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1435,7 +1435,7 @@ func (r *ConmonOCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec
}
// $INVOCATION_ID is set by systemd when running as a service.
- if os.Getenv("INVOCATION_ID") != "" {
+ if ctr.runtime.RemoteURI() == "" && os.Getenv("INVOCATION_ID") != "" {
mustCreateCgroup = false
}
diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats
index 110d425d2..cf57d2589 100644
--- a/test/system/250-systemd.bats
+++ b/test/system/250-systemd.bats
@@ -362,4 +362,29 @@ EOF
run_podman 1 pod exists test_pod
}
+@test "podman-system-service containers survive service stop" {
+ skip_if_remote "N/A under podman-remote"
+
+ SERVICE_NAME=podman-service-$(random_string)
+ port=$(random_free_port)
+ URL=tcp://127.0.0.1:$port
+
+ systemd-run --unit=$SERVICE_NAME $PODMAN system service $URL --time=0
+ wait_for_port 127.0.0.1 $port
+
+ # Start a long-running container.
+ cname=keeps-running
+ run_podman --url $URL run -d --name $cname $IMAGE top -d 2
+
+ run_podman container inspect -l --format "{{.State.Running}}"
+ is "$output" "true" "This should never fail"
+
+ systemctl stop $SERVICE_NAME
+
+ run_podman container inspect $cname --format "{{.State.Running}}"
+ is "$output" "true" "Container is still running after podman server stops"
+
+ run_podman rm -f -t 0 $cname
+}
+
# vim: filetype=sh
diff --git a/test/system/helpers.systemd.bash b/test/system/helpers.systemd.bash
index 4bde912a4..d9abc087d 100644
--- a/test/system/helpers.systemd.bash
+++ b/test/system/helpers.systemd.bash
@@ -28,3 +28,7 @@ systemctl() {
journalctl() {
command journalctl $_DASHUSER "$@"
}
+
+systemd-run() {
+ command systemd-run $_DASHUSER "$@";
+}