diff options
author | Joseph Gooch <mrwizard@dok.org> | 2020-06-19 13:29:34 +0000 |
---|---|---|
committer | Joseph Gooch <mrwizard@dok.org> | 2020-07-06 17:47:18 +0000 |
commit | 0b1c1ef461d26b3c373269c3a2e7085124f89eb5 (patch) | |
tree | a49986c0b0c35bf161d8dea0c05b32d7b630016e /cmd | |
parent | 9532509c50113ac9470108e3492e2769bac533e8 (diff) | |
download | podman-0b1c1ef461d26b3c373269c3a2e7085124f89eb5.tar.gz podman-0b1c1ef461d26b3c373269c3a2e7085124f89eb5.tar.bz2 podman-0b1c1ef461d26b3c373269c3a2e7085124f89eb5.zip |
Implement --sdnotify cmdline option to control sd-notify behavior
--sdnotify container|conmon|ignore
With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI
runtime doesn't pass it into the container. We also advertise "ready" when the
OCI runtime finishes to advertise the service as ready.
With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI
runtime passes it into the container for initialization, and let the container advertise further metadata.
This is the default, which is closest to the behavior podman has done in the past.
The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor
any child processes will talk to systemd.
This removes the need for hardcoded CID and PID files in the command line, and
the PIDFile directive, as the pid is advertised directly through sd-notify.
Signed-off-by: Joseph Gooch <mrwizard@dok.org>
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/podman/common/create.go | 6 | ||||
-rw-r--r-- | cmd/podman/common/create_opts.go | 1 | ||||
-rw-r--r-- | cmd/podman/common/specgen.go | 1 |
3 files changed, 8 insertions, 0 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index bbe31d19f..f6fbe8e10 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -6,6 +6,7 @@ import ( "github.com/containers/common/pkg/auth" "github.com/containers/libpod/v2/cmd/podman/registry" + "github.com/containers/libpod/v2/libpod/define" "github.com/spf13/pflag" ) @@ -394,6 +395,11 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet { "rootfs", false, "The first argument is not an image but the rootfs to the exploded container", ) + createFlags.StringVar( + &cf.SdNotifyMode, + "sdnotify", define.SdNotifyModeContainer, + `control sd-notify behavior ("container"|"conmon"|"ignore")`, + ) createFlags.StringArrayVar( &cf.SecurityOpt, "security-opt", containerConfig.SecurityOptions(), diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go index 3183a5cce..eafe7f090 100644 --- a/cmd/podman/common/create_opts.go +++ b/cmd/podman/common/create_opts.go @@ -81,6 +81,7 @@ type ContainerCLIOpts struct { Rm bool RootFS bool SecurityOpt []string + SdNotifyMode string ShmSize string StopSignal string StopTimeout uint diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 225370368..0948e78f1 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -443,6 +443,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string } s.Systemd = c.Systemd + s.SdNotifyMode = c.SdNotifyMode if s.ResourceLimits == nil { s.ResourceLimits = &specs.LinuxResources{} } |