diff options
author | Dan Čermák <dcermak@suse.com> | 2022-09-13 14:43:47 +0200 |
---|---|---|
committer | Dan Čermák <dcermak@suse.com> | 2022-09-14 09:37:02 +0200 |
commit | 0aedddd3b3ec0f14818aa0f04c24df1f0b2e3f3b (patch) | |
tree | c633cca6adfdaa8ed4b825e2772a5e9e90316986 /pkg | |
parent | c64388728f5efec2658cf9097dbe15126f30753e (diff) | |
download | podman-0aedddd3b3ec0f14818aa0f04c24df1f0b2e3f3b.tar.gz podman-0aedddd3b3ec0f14818aa0f04c24df1f0b2e3f3b.tar.bz2 podman-0aedddd3b3ec0f14818aa0f04c24df1f0b2e3f3b.zip |
[systemd] Ensure that podCreateArgs appear last in ExecStartPre=
When creating a new pod without the `--name` flag, e.g.:
`podman pod create foobar`
it will get the name `foobar` implicitly and this will be recorded as the in the
`podCreateArgs`. Unfortunately, the implicit name only works if it appears as
the **last** argument of the startup command.
With 6e2e3a78ed1d05ee5f23f65b814e8135021961dd we started appending the pod
security policy to the startCommand, resulting in the following `ExecStartPre=`
line:
```
/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-foobar.pid --pod-id-file %t/pod-foobar.pod-id foobar --exit-policy=stop
```
This fails to launch, as the `pod create` command expects only a single
non-flag parameter, but it assumes that `exit-policy=stop` is a second and
terminates immediately instead.
This fixes https://github.com/containers/podman/issues/15592
Signed-off-by: Dan Čermák <dcermak@suse.com>
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/systemd/generate/pods.go | 12 | ||||
-rw-r--r-- | pkg/systemd/generate/pods_test.go | 63 |
2 files changed, 61 insertions, 14 deletions
diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go index 22f568220..d691688b8 100644 --- a/pkg/systemd/generate/pods.go +++ b/pkg/systemd/generate/pods.go @@ -256,14 +256,14 @@ func generatePodInfo(pod *libpod.Pod, options entities.GenerateSystemdOptions) ( return &info, nil } -// Unless already specified, the pod's exit policy to "stop". -func setPodExitPolicy(cmd []string) []string { +// Determine whether the command array includes an exit-policy setting +func hasPodExitPolicy(cmd []string) bool { for _, arg := range cmd { if strings.HasPrefix(arg, "--exit-policy=") || arg == "--exit-policy" { - return cmd + return true } } - return append(cmd, "--exit-policy=stop") + return false } // executePodTemplate executes the pod template on the specified podInfo. Note @@ -364,8 +364,10 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions) podCreateArgs = append(podCreateArgs, "--replace") } + if !hasPodExitPolicy(append(startCommand, podCreateArgs...)) { + startCommand = append(startCommand, "--exit-policy=stop") + } startCommand = append(startCommand, podCreateArgs...) - startCommand = setPodExitPolicy(startCommand) startCommand = escapeSystemdArguments(startCommand) info.ExecStartPre1 = "/bin/rm -f {{{{.PIDFile}}}} {{{{.PodIDFile}}}}" diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go index 59f217256..69a654db3 100644 --- a/pkg/systemd/generate/pods_test.go +++ b/pkg/systemd/generate/pods_test.go @@ -7,25 +7,26 @@ import ( "github.com/stretchr/testify/assert" ) -func TestSetPodExitPolicy(t *testing.T) { +func TestHasPodExitPolicy(t *testing.T) { tests := []struct { - input, expected []string + input []string + expected bool }{ { []string{"podman", "pod", "create"}, - []string{"podman", "pod", "create", "--exit-policy=stop"}, + false, }, { []string{"podman", "pod", "create", "--exit-policy=continue"}, - []string{"podman", "pod", "create", "--exit-policy=continue"}, + true, }, { []string{"podman", "pod", "create", "--exit-policy", "continue"}, - []string{"podman", "pod", "create", "--exit-policy", "continue"}, + true, }, } for _, test := range tests { - assert.Equalf(t, test.expected, setPodExitPolicy(test.input), "%v", test.input) + assert.Equalf(t, test.expected, hasPodExitPolicy(test.input), "%v", test.input) } } @@ -229,6 +230,33 @@ Type=forking [Install] WantedBy=default.target ` + podNoExplicitName := `# pod-123abc.service +# autogenerated by Podman CI + +[Unit] +Description=Podman pod-123abc.service +Documentation=man:podman-generate-systemd(1) +Wants=network-online.target +After=network-online.target +RequiresMountsFor=/var/run/containers/storage +Requires= +Before= + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop foo +ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id +ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 +ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id +PIDFile=%t/pod-123abc.pid +Type=forking + +[Install] +WantedBy=default.target +` podGoodRestartSec := `# pod-123abc.service # autogenerated by Podman CI @@ -274,7 +302,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo "bar=arg with space" --replace --exit-policy=stop +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id @@ -302,7 +330,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman --events-backend none --runroot /root pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo "bar=arg with space" --replace --exit-policy=stop +ExecStartPre=/usr/bin/podman --events-backend none --runroot /root pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace ExecStart=/usr/bin/podman --events-backend none --runroot /root pod start --pod-id-file %t/pod-123abc.pod-id ExecStop=/usr/bin/podman --events-backend none --runroot /root pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 ExecStopPost=/usr/bin/podman --events-backend none --runroot /root pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id @@ -330,7 +358,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo --replace --exit-policy=stop +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id @@ -483,6 +511,23 @@ WantedBy=default.target false, false, }, + {"pod without --name", + podInfo{ + Executable: "/usr/bin/podman", + ServiceName: "pod-123abc", + InfraNameOrID: "jadda-jadda-infra", + PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", + StopTimeout: 10, + PodmanVersion: "CI", + GraphRoot: "/var/lib/containers/storage", + RunRoot: "/var/run/containers/storage", + CreateCommand: []string{"podman", "pod", "create", "foo"}, + }, + podNoExplicitName, + true, + false, + false, + }, {"pod restartSec", podInfo{ Executable: "/usr/bin/podman", |