diff options
author | Robb Manes <robbmanes@protonmail.com> | 2021-03-16 12:42:02 -0400 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2021-03-29 10:55:12 -0400 |
commit | 505f43c084a710c36195b8fe979c2ccb673c6e0c (patch) | |
tree | 301b3ae7c15609fa06f7b385c3d214e629cbb576 /docs | |
parent | 15da607d137a6b219d08b21f305de335f94d34d7 (diff) | |
download | podman-505f43c084a710c36195b8fe979c2ccb673c6e0c.tar.gz podman-505f43c084a710c36195b8fe979c2ccb673c6e0c.tar.bz2 podman-505f43c084a710c36195b8fe979c2ccb673c6e0c.zip |
Add RequiresMountsFor= to systemd generate
It is rare but possible that storage locations for the graphroot and the
runroot are not mounted at boot time, and therefore might race when
doing container operations. An example we've seen in the wild is that a
slow tmpfs mount for the runroot would suddenly mount over /run, causing
the container to lose all currently-running data, requiring a system
refresh to get it back.
This patch adds RequiresMountsFor= to the systemd.unit header to ensure
the paths for both the graphroot and runroot are mounted prior to
starting any generated unit files.
Signed-off-by: Robb Manes <rmanes@redhat.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/source/markdown/podman-generate-systemd.1.md | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index 00b13669a..43cb30f59 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -61,7 +61,7 @@ Set the systemd unit name separator between the name/id of a container/pod and t ### Generate and print a systemd unit file for a container -Generate a systemd unit file for a container running nginx with an *always* restart policy and 1-second timeout to stdout. +Generate a systemd unit file for a container running nginx with an *always* restart policy and 1-second timeout to stdout. Note that the **RequiresMountsFor** option in the **Unit** section ensures that the container storage for both the GraphRoot and the RunRoot are mounted prior to starting the service. For systems with container storage on disks like iSCSI or other remote block protocols, this ensures that Podman is not executed prior to any necessary storage operations coming online. ``` $ podman create --name nginx nginx:latest @@ -73,6 +73,9 @@ $ podman generate systemd --restart-policy=always -t 1 nginx [Unit] Description=Podman container-de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6.service Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +RequiresMountsFor=/var/lib/containers/storage /var/run/container/storage [Service] Restart=always @@ -101,6 +104,7 @@ Description=Podman container-busy_moser.service Documentation=man:podman-generate-systemd(1) Wants=network.target After=network-online.target +RequiresMountsFor=/var/lib/containers/storage /var/run/container/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n @@ -140,6 +144,9 @@ Description=Podman pod-systemd-pod.service Documentation=man:podman-generate-systemd(1) Requires=container-amazing_chandrasekhar.service container-jolly_shtern.service Before=container-amazing_chandrasekhar.service container-jolly_shtern.service +Wants=network.target +After=network-online.target +RequiresMountsFor=/var/lib/containers/storage /var/run/container/storage [Service] Restart=on-failure |