diff options
| author | Valentin Rothberg <rothberg@redhat.com> | 2021-08-23 17:49:47 +0200 |
|---|---|---|
| committer | Valentin Rothberg <rothberg@redhat.com> | 2021-08-24 10:50:16 +0200 |
| commit | 70801b3d714b067d64744697433c5841926dad4d (patch) | |
| tree | 7c32b2fb385ddc6a7296edd6609f9526d8df20c3 /pkg/systemd/generate/containers.go | |
| parent | eb9d731c68266cd0953b0669f2bc6340aa8df288 (diff) | |
| download | podman-70801b3d714b067d64744697433c5841926dad4d.tar.gz podman-70801b3d714b067d64744697433c5841926dad4d.tar.bz2 podman-70801b3d714b067d64744697433c5841926dad4d.zip | |
generate systemd: custom stop signal
Commit 9ac5267598c3 changed the type of the generated systemd units from
forking to notify. Parts of these changes was also removing the need to
pass any information via the file system (e.g., PIDFILE, container ID).
That in turn implies that systemd takes care of stopping the container.
By default, systemd first sends a SIGTERM and after a certain timeout,
it'll send a SIGKILL. That's pretty much what Podman is doing, unless
the container was created with a custom stop signal which is the case
when the --stop-signal flag was used or systemd is mounted.
Account for that by using systemd's KillSignal option which allows for
changing SIGTERM to another signal. Also make sure that we're using the
correct timeout for units generated with --new.
Fixes: #11304
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'pkg/systemd/generate/containers.go')
| -rw-r--r-- | pkg/systemd/generate/containers.go | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index 78b81b54b..66cf5ca44 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -16,6 +16,7 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/pflag" + "golang.org/x/sys/unix" ) // containerInfo contains data required for generating a container's systemd @@ -32,6 +33,8 @@ type containerInfo struct { // StopTimeout sets the timeout Podman waits before killing the container // during service stop. StopTimeout uint + // KillSignal of the container. + KillSignal string // RestartPolicy of the systemd unit (e.g., no, on-failure, always). RestartPolicy string // PIDFile of the service. Required for forking services. Must point to the @@ -102,6 +105,9 @@ Environment={{{{- range $index, $value := .ExtraEnvs -}}}}{{{{if $index}}}} {{{{ {{{{- end}}}} Restart={{{{.RestartPolicy}}}} TimeoutStopSec={{{{.TimeoutStopSec}}}} +{{{{- if .KillSignal}}}} +KillSignal={{{{.KillSignal}}}} +{{{{- end}}}} {{{{- if .ExecStartPre}}}} ExecStartPre={{{{.ExecStartPre}}}} {{{{- end}}}} @@ -184,6 +190,13 @@ func generateContainerInfo(ctr *libpod.Container, options entities.GenerateSyste containerEnv: envs, } + // Set a custom kill signal for non SIGTERM (already default in + // systemd) signals. + stopSignal := ctr.StopSignal() + if stopSignal != uint(unix.SIGTERM) { + info.KillSignal = fmt.Sprintf("%d", stopSignal) + } + return &info, nil } @@ -359,7 +372,15 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst info.ExecStart = strings.Join(startCommand, " ") } - info.TimeoutStopSec = minTimeoutStopSec + info.StopTimeout + info.TimeoutStopSec = info.StopTimeout + + // For units without --new add an additional 60 seconds to the stop + // timeout to make sure that Podman stop has enough time to properly + // shutdown and cleanup the container before systemd starts to nuke + // everything in the cgroup. + if !options.New { + info.TimeoutStopSec += minTimeoutStopSec + } if info.PodmanVersion == "" { info.PodmanVersion = version.Version.String() |