aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-07-06 17:15:26 -0400
committerGitHub <noreply@github.com>2020-07-06 17:15:26 -0400
commit1a93857acc4ee1e5a9213e2c22f12802d84cd277 (patch)
treed3f8c923e0750fa4aa5ed423dca52640a8ff187c /libpod
parentb1cc781c68964dff3ee4a00ef7ce71f56ae69e7c (diff)
parent10ad46eb7377ff504a65783a7a604b248b50f20a (diff)
downloadpodman-1a93857acc4ee1e5a9213e2c22f12802d84cd277.tar.gz
podman-1a93857acc4ee1e5a9213e2c22f12802d84cd277.tar.bz2
podman-1a93857acc4ee1e5a9213e2c22f12802d84cd277.zip
Merge pull request #6693 from goochjj/libpod-sd-notify-cmdline
Implement --sdnotify cmdline option to control sd-notify behavior
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container.go2
-rw-r--r--libpod/container_internal.go14
-rw-r--r--libpod/define/config.go7
-rw-r--r--libpod/oci_conmon_exec_linux.go2
-rw-r--r--libpod/oci_conmon_linux.go30
-rw-r--r--libpod/options.go22
6 files changed, 70 insertions, 7 deletions
diff --git a/libpod/container.go b/libpod/container.go
index a71692dd8..fa90fef7a 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -414,6 +414,8 @@ type ContainerConfig struct {
// sharing kernel namespaces in a pod
IsInfra bool `json:"pause"`
+ // SdNotifyMode tells libpod what to do with a NOTIFY_SOCKET if passed
+ SdNotifyMode string `json:"sdnotifyMode,omitempty"`
// Systemd tells libpod to setup the container in systemd mode
Systemd bool `json:"systemd"`
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 7a547e565..12132cf41 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -24,6 +24,7 @@ import (
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/idtools"
"github.com/containers/storage/pkg/mount"
+ "github.com/coreos/go-systemd/v22/daemon"
securejoin "github.com/cyphar/filepath-securejoin"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
@@ -1192,6 +1193,19 @@ func (c *Container) start() error {
c.state.State = define.ContainerStateRunning
+ if c.config.SdNotifyMode != define.SdNotifyModeIgnore {
+ payload := fmt.Sprintf("MAINPID=%d", c.state.ConmonPID)
+ if c.config.SdNotifyMode == define.SdNotifyModeConmon {
+ payload += "\n"
+ payload += daemon.SdNotifyReady
+ }
+ if sent, err := daemon.SdNotify(false, payload); err != nil {
+ logrus.Errorf("Error notifying systemd of Conmon PID: %s", err.Error())
+ } else if sent {
+ logrus.Debugf("Notify sent successfully")
+ }
+ }
+
if c.config.HealthCheckConfig != nil {
if err := c.updateHealthStatus(define.HealthCheckStarting); err != nil {
logrus.Error(err)
diff --git a/libpod/define/config.go b/libpod/define/config.go
index 900a363d8..c43601554 100644
--- a/libpod/define/config.go
+++ b/libpod/define/config.go
@@ -75,3 +75,10 @@ const JSONLogging = "json-file"
// NoLogging is the string conmon expects when specifying to use no log driver whatsoever
const NoLogging = "none"
+
+// Strings used for --sdnotify option to podman
+const (
+ SdNotifyModeContainer = "container"
+ SdNotifyModeConmon = "conmon"
+ SdNotifyModeIgnore = "ignore"
+)
diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go
index 1a6fe827b..4196bdcaf 100644
--- a/libpod/oci_conmon_exec_linux.go
+++ b/libpod/oci_conmon_exec_linux.go
@@ -444,7 +444,7 @@ func (r *ConmonOCIRuntime) startExec(c *Container, sessionID string, options *Ex
// }
// }
- conmonEnv, extraFiles, err := r.configureConmonEnv(runtimeDir)
+ conmonEnv, extraFiles, err := r.configureConmonEnv(c, runtimeDir)
if err != nil {
return nil, nil, err
}
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 98e436e78..534622382 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -30,6 +30,7 @@ import (
"github.com/containers/libpod/v2/utils"
pmount "github.com/containers/storage/pkg/mount"
"github.com/coreos/go-systemd/v22/activation"
+ "github.com/coreos/go-systemd/v22/daemon"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label"
@@ -365,8 +366,10 @@ func (r *ConmonOCIRuntime) StartContainer(ctr *Container) error {
return err
}
env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)}
- if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok {
- env = append(env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify))
+ if ctr.config.SdNotifyMode == define.SdNotifyModeContainer {
+ if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok {
+ env = append(env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify))
+ }
}
if path, ok := os.LookupEnv("PATH"); ok {
env = append(env, fmt.Sprintf("PATH=%s", path))
@@ -887,6 +890,12 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
}
}
+ if ctr.config.SdNotifyMode == define.SdNotifyModeIgnore {
+ if err := os.Unsetenv("NOTIFY_SOCKET"); err != nil {
+ logrus.Warnf("Error unsetting NOTIFY_SOCKET %s", err.Error())
+ }
+ }
+
args := r.sharedConmonArgs(ctr, ctr.ID(), ctr.bundlePath(), filepath.Join(ctr.state.RunDir, "pidfile"), ctr.LogPath(), r.exitsDir, ociLog, ctr.LogDriver(), logTag)
if ctr.config.Spec.Process.Terminal {
@@ -940,7 +949,7 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
}
// 0, 1 and 2 are stdin, stdout and stderr
- conmonEnv, envFiles, err := r.configureConmonEnv(runtimeDir)
+ conmonEnv, envFiles, err := r.configureConmonEnv(ctr, runtimeDir)
if err != nil {
return err
}
@@ -1034,6 +1043,13 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
// conmon not having a pid file is a valid state, so don't set it if we don't have it
logrus.Infof("Got Conmon PID as %d", conmonPID)
ctr.state.ConmonPID = conmonPID
+ if ctr.config.SdNotifyMode != define.SdNotifyModeIgnore {
+ if sent, err := daemon.SdNotify(false, fmt.Sprintf("MAINPID=%d", conmonPID)); err != nil {
+ logrus.Errorf("Error notifying systemd of Conmon PID: %s", err.Error())
+ } else if sent {
+ logrus.Debugf("Notify MAINPID sent successfully")
+ }
+ }
}
if ctr.config.PreserveFDs > 0 {
@@ -1137,7 +1153,7 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se
// configureConmonEnv gets the environment values to add to conmon's exec struct
// TODO this may want to be less hardcoded/more configurable in the future
-func (r *ConmonOCIRuntime) configureConmonEnv(runtimeDir string) ([]string, []*os.File, error) {
+func (r *ConmonOCIRuntime) configureConmonEnv(ctr *Container, runtimeDir string) ([]string, []*os.File, error) {
env := make([]string, 0, 6)
env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
env = append(env, fmt.Sprintf("_CONTAINERS_USERNS_CONFIGURED=%s", os.Getenv("_CONTAINERS_USERNS_CONFIGURED")))
@@ -1149,8 +1165,10 @@ func (r *ConmonOCIRuntime) configureConmonEnv(runtimeDir string) ([]string, []*o
env = append(env, fmt.Sprintf("HOME=%s", home))
extraFiles := make([]*os.File, 0)
- if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok {
- env = append(env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify))
+ if ctr.config.SdNotifyMode == define.SdNotifyModeContainer {
+ if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok {
+ env = append(env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify))
+ }
}
if !r.sdNotify {
if listenfds, ok := os.LookupEnv("LISTEN_FDS"); ok {
diff --git a/libpod/options.go b/libpod/options.go
index c1a8fdbe1..61d1676f1 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -4,6 +4,7 @@ import (
"net"
"os"
"path/filepath"
+ "strings"
"syscall"
"github.com/containers/common/pkg/config"
@@ -22,6 +23,10 @@ import (
)
// Runtime Creation Options
+var (
+ // SdNotifyModeValues describes the only values that SdNotifyMode can be
+ SdNotifyModeValues = []string{define.SdNotifyModeContainer, define.SdNotifyModeConmon, define.SdNotifyModeIgnore}
+)
// WithStorageConfig uses the given configuration to set up container storage.
// If this is not specified, the system default configuration will be used
@@ -550,6 +555,23 @@ func WithSystemd() CtrCreateOption {
}
}
+// WithSdNotifyMode sets the sd-notify method
+func WithSdNotifyMode(mode string) CtrCreateOption {
+ return func(ctr *Container) error {
+ if ctr.valid {
+ return define.ErrCtrFinalized
+ }
+
+ // verify values
+ if len(mode) > 0 && !util.StringInSlice(strings.ToLower(mode), SdNotifyModeValues) {
+ return errors.Wrapf(define.ErrInvalidArg, "--sdnotify values must be one of %q", strings.Join(SdNotifyModeValues, ", "))
+ }
+
+ ctr.config.SdNotifyMode = mode
+ return nil
+ }
+}
+
// WithShmSize sets the size of /dev/shm tmpfs mount.
func WithShmSize(size int64) CtrCreateOption {
return func(ctr *Container) error {