diff options
| author | Matthew Heon <mheon@redhat.com> | 2020-06-08 13:34:12 -0400 |
|---|---|---|
| committer | Matthew Heon <mheon@redhat.com> | 2020-06-08 13:48:29 -0400 |
| commit | 9d964ffb9fc98ed13f6fec974c917b84c175d39a (patch) | |
| tree | d8865dd121fb910363c17c11e6822811388562d1 /libpod/container_internal.go | |
| parent | b8acc851bb472c7ea9674bf1bf8ca3812ff2ab24 (diff) | |
| download | podman-9d964ffb9fc98ed13f6fec974c917b84c175d39a.tar.gz podman-9d964ffb9fc98ed13f6fec974c917b84c175d39a.tar.bz2 podman-9d964ffb9fc98ed13f6fec974c917b84c175d39a.zip | |
Ensure Conmon is alive before waiting for exit file
This came out of a conversation with Valentin about
systemd-managed Podman. He discovered that unit files did not
properly handle cases where Conmon was dead - the ExecStopPost
`podman rm --force` line was not actually removing the container,
but interestingly, adding a `podman cleanup --rm` line would
remove it. Both of these commands do the same thing (minus the
`podman cleanup --rm` command not force-removing running
containers).
Without a running Conmon instance, the container process is still
running (assuming you killed Conmon with SIGKILL and it had no
chance to kill the container it managed), but you can still kill
the container itself with `podman stop` - Conmon is not involved,
only the OCI Runtime. (`podman rm --force` and `podman stop` use
the same code to kill the container). The problem comes when we
want to get the container's exit code - we expect Conmon to make
us an exit file, which it's obviously not going to do, being
dead. The first `podman rm` would fail because of this, but
importantly, it would (after failing to retrieve the exit code
correctly) set container status to Exited, so that the second
`podman cleanup` process would succeed.
To make sure the first `podman rm --force` succeeds, we need to
catch the case where Conmon is already dead, and instead of
waiting for an exit file that will never come, immediately set
the Stopped state and remove an error that can be caught and
handled.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'libpod/container_internal.go')
| -rw-r--r-- | libpod/container_internal.go | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 43e873bd6..f6fc3c1a4 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1209,13 +1209,35 @@ func (c *Container) stop(timeout uint) error { } } + // Check if conmon is still alive. + // If it is not, we won't be getting an exit file. + conmonAlive, err := c.ociRuntime.CheckConmonRunning(c) + if err != nil { + return err + } + if err := c.ociRuntime.StopContainer(c, timeout, all); err != nil { return err } + c.newContainerEvent(events.Stop) + c.state.PID = 0 c.state.ConmonPID = 0 c.state.StoppedByUser = true + + if !conmonAlive { + // Conmon is dead, so we can't epect an exit code. + c.state.ExitCode = -1 + c.state.FinishedTime = time.Now() + c.state.State = define.ContainerStateStopped + if err := c.save(); err != nil { + logrus.Errorf("Error saving container %s status: %v", c.ID(), err) + } + + return errors.Wrapf(define.ErrConmonDead, "container %s conmon process missing, cannot retrieve exit code", c.ID()) + } + if err := c.save(); err != nil { return errors.Wrapf(err, "error saving container %s state after stopping", c.ID()) } @@ -1225,8 +1247,6 @@ func (c *Container) stop(timeout uint) error { return err } - c.newContainerEvent(events.Stop) - return nil } |