summaryrefslogtreecommitdiff
path: root/pkg/specgen
diff options
context:
space:
mode:
authorJoseph Gooch <mrwizard@dok.org>2020-06-19 13:29:34 +0000
committerJoseph Gooch <mrwizard@dok.org>2020-07-06 17:47:18 +0000
commit0b1c1ef461d26b3c373269c3a2e7085124f89eb5 (patch)
treea49986c0b0c35bf161d8dea0c05b32d7b630016e /pkg/specgen
parent9532509c50113ac9470108e3492e2769bac533e8 (diff)
downloadpodman-0b1c1ef461d26b3c373269c3a2e7085124f89eb5.tar.gz
podman-0b1c1ef461d26b3c373269c3a2e7085124f89eb5.tar.bz2
podman-0b1c1ef461d26b3c373269c3a2e7085124f89eb5.zip
Implement --sdnotify cmdline option to control sd-notify behavior
--sdnotify container|conmon|ignore With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI runtime doesn't pass it into the container. We also advertise "ready" when the OCI runtime finishes to advertise the service as ready. With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI runtime passes it into the container for initialization, and let the container advertise further metadata. This is the default, which is closest to the behavior podman has done in the past. The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor any child processes will talk to systemd. This removes the need for hardcoded CID and PID files in the command line, and the PIDFile directive, as the pid is advertised directly through sd-notify. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
Diffstat (limited to 'pkg/specgen')
-rw-r--r--pkg/specgen/container_validate.go7
-rw-r--r--pkg/specgen/generate/container_create.go4
-rw-r--r--pkg/specgen/specgen.go5
3 files changed, 16 insertions, 0 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 8063bee38..bf03ff0e7 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -3,6 +3,7 @@ package specgen
import (
"strings"
+ "github.com/containers/libpod/v2/libpod/define"
"github.com/containers/libpod/v2/pkg/rootless"
"github.com/containers/libpod/v2/pkg/util"
"github.com/pkg/errors"
@@ -13,6 +14,8 @@ var (
ErrInvalidSpecConfig = errors.New("invalid configuration")
// SystemDValues describes the only values that SystemD can be
SystemDValues = []string{"true", "false", "always"}
+ // SdNotifyModeValues describes the only values that SdNotifyMode can be
+ SdNotifyModeValues = []string{define.SdNotifyModeContainer, define.SdNotifyModeConmon, define.SdNotifyModeIgnore}
// ImageVolumeModeValues describes the only values that ImageVolumeMode can be
ImageVolumeModeValues = []string{"ignore", "tmpfs", "anonymous"}
)
@@ -40,6 +43,10 @@ func (s *SpecGenerator) Validate() error {
if len(s.ContainerBasicConfig.Systemd) > 0 && !util.StringInSlice(strings.ToLower(s.ContainerBasicConfig.Systemd), SystemDValues) {
return errors.Wrapf(ErrInvalidSpecConfig, "--systemd values must be one of %q", strings.Join(SystemDValues, ", "))
}
+ // sdnotify values must be container, conmon, or ignore
+ if len(s.ContainerBasicConfig.SdNotifyMode) > 0 && !util.StringInSlice(strings.ToLower(s.ContainerBasicConfig.SdNotifyMode), SdNotifyModeValues) {
+ return errors.Wrapf(ErrInvalidSpecConfig, "--sdnotify values must be one of %q", strings.Join(SdNotifyModeValues, ", "))
+ }
//
// ContainerStorageConfig
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 1ab576869..8df5b996e 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -175,6 +175,10 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
options = append(options, libpod.WithSystemd())
}
+ if len(s.SdNotifyMode) > 0 {
+ options = append(options, libpod.WithSdNotifyMode(s.SdNotifyMode))
+ }
+
if len(s.Name) > 0 {
logrus.Debugf("setting container name %s", s.Name)
options = append(options, libpod.WithName(s.Name))
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index fe735bc1f..b4e10fa87 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -107,6 +107,11 @@ type ContainerBasicConfig struct {
// If not specified, "false" will be assumed.
// Optional.
Systemd string `json:"systemd,omitempty"`
+ // Determine how to handle the NOTIFY_SOCKET - do we participate or pass it through
+ // "container" - let the OCI runtime deal with it, advertise conmon's MAINPID
+ // "conmon-only" - advertise conmon's MAINPID, send READY when started, don't pass to OCI
+ // "ignore" - unset NOTIFY_SOCKET
+ SdNotifyMode string `json:"sdnotifyMode,omitempty"`
// Namespace is the libpod namespace the container will be placed in.
// Optional.
Namespace string `json:"namespace,omitempty"`