aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorDan Čermák <dcermak@suse.com>2022-09-13 14:43:47 +0200
committerDan Čermák <dcermak@suse.com>2022-09-14 09:37:02 +0200
commit0aedddd3b3ec0f14818aa0f04c24df1f0b2e3f3b (patch)
treec633cca6adfdaa8ed4b825e2772a5e9e90316986 /pkg
parentc64388728f5efec2658cf9097dbe15126f30753e (diff)
downloadpodman-0aedddd3b3ec0f14818aa0f04c24df1f0b2e3f3b.tar.gz
podman-0aedddd3b3ec0f14818aa0f04c24df1f0b2e3f3b.tar.bz2
podman-0aedddd3b3ec0f14818aa0f04c24df1f0b2e3f3b.zip
[systemd] Ensure that podCreateArgs appear last in ExecStartPre=
When creating a new pod without the `--name` flag, e.g.: `podman pod create foobar` it will get the name `foobar` implicitly and this will be recorded as the in the `podCreateArgs`. Unfortunately, the implicit name only works if it appears as the **last** argument of the startup command. With 6e2e3a78ed1d05ee5f23f65b814e8135021961dd we started appending the pod security policy to the startCommand, resulting in the following `ExecStartPre=` line: ``` /usr/bin/podman pod create --infra-conmon-pidfile %t/pod-foobar.pid --pod-id-file %t/pod-foobar.pod-id foobar --exit-policy=stop ``` This fails to launch, as the `pod create` command expects only a single non-flag parameter, but it assumes that `exit-policy=stop` is a second and terminates immediately instead. This fixes https://github.com/containers/podman/issues/15592 Signed-off-by: Dan Čermák <dcermak@suse.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/systemd/generate/pods.go12
-rw-r--r--pkg/systemd/generate/pods_test.go63
2 files changed, 61 insertions, 14 deletions
diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go
index 22f568220..d691688b8 100644
--- a/pkg/systemd/generate/pods.go
+++ b/pkg/systemd/generate/pods.go
@@ -256,14 +256,14 @@ func generatePodInfo(pod *libpod.Pod, options entities.GenerateSystemdOptions) (
return &info, nil
}
-// Unless already specified, the pod's exit policy to "stop".
-func setPodExitPolicy(cmd []string) []string {
+// Determine whether the command array includes an exit-policy setting
+func hasPodExitPolicy(cmd []string) bool {
for _, arg := range cmd {
if strings.HasPrefix(arg, "--exit-policy=") || arg == "--exit-policy" {
- return cmd
+ return true
}
}
- return append(cmd, "--exit-policy=stop")
+ return false
}
// executePodTemplate executes the pod template on the specified podInfo. Note
@@ -364,8 +364,10 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions)
podCreateArgs = append(podCreateArgs, "--replace")
}
+ if !hasPodExitPolicy(append(startCommand, podCreateArgs...)) {
+ startCommand = append(startCommand, "--exit-policy=stop")
+ }
startCommand = append(startCommand, podCreateArgs...)
- startCommand = setPodExitPolicy(startCommand)
startCommand = escapeSystemdArguments(startCommand)
info.ExecStartPre1 = "/bin/rm -f {{{{.PIDFile}}}} {{{{.PodIDFile}}}}"
diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go
index 59f217256..69a654db3 100644
--- a/pkg/systemd/generate/pods_test.go
+++ b/pkg/systemd/generate/pods_test.go
@@ -7,25 +7,26 @@ import (
"github.com/stretchr/testify/assert"
)
-func TestSetPodExitPolicy(t *testing.T) {
+func TestHasPodExitPolicy(t *testing.T) {
tests := []struct {
- input, expected []string
+ input []string
+ expected bool
}{
{
[]string{"podman", "pod", "create"},
- []string{"podman", "pod", "create", "--exit-policy=stop"},
+ false,
},
{
[]string{"podman", "pod", "create", "--exit-policy=continue"},
- []string{"podman", "pod", "create", "--exit-policy=continue"},
+ true,
},
{
[]string{"podman", "pod", "create", "--exit-policy", "continue"},
- []string{"podman", "pod", "create", "--exit-policy", "continue"},
+ true,
},
}
for _, test := range tests {
- assert.Equalf(t, test.expected, setPodExitPolicy(test.input), "%v", test.input)
+ assert.Equalf(t, test.expected, hasPodExitPolicy(test.input), "%v", test.input)
}
}
@@ -229,6 +230,33 @@ Type=forking
[Install]
WantedBy=default.target
`
+ podNoExplicitName := `# pod-123abc.service
+# autogenerated by Podman CI
+
+[Unit]
+Description=Podman pod-123abc.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/run/containers/storage
+Requires=
+Before=
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop foo
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
+PIDFile=%t/pod-123abc.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
+`
podGoodRestartSec := `# pod-123abc.service
# autogenerated by Podman CI
@@ -274,7 +302,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo "bar=arg with space" --replace --exit-policy=stop
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
@@ -302,7 +330,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman --events-backend none --runroot /root pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo "bar=arg with space" --replace --exit-policy=stop
+ExecStartPre=/usr/bin/podman --events-backend none --runroot /root pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace
ExecStart=/usr/bin/podman --events-backend none --runroot /root pod start --pod-id-file %t/pod-123abc.pod-id
ExecStop=/usr/bin/podman --events-backend none --runroot /root pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
ExecStopPost=/usr/bin/podman --events-backend none --runroot /root pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
@@ -330,7 +358,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo --replace --exit-policy=stop
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
@@ -483,6 +511,23 @@ WantedBy=default.target
false,
false,
},
+ {"pod without --name",
+ podInfo{
+ Executable: "/usr/bin/podman",
+ ServiceName: "pod-123abc",
+ InfraNameOrID: "jadda-jadda-infra",
+ PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid",
+ StopTimeout: 10,
+ PodmanVersion: "CI",
+ GraphRoot: "/var/lib/containers/storage",
+ RunRoot: "/var/run/containers/storage",
+ CreateCommand: []string{"podman", "pod", "create", "foo"},
+ },
+ podNoExplicitName,
+ true,
+ false,
+ false,
+ },
{"pod restartSec",
podInfo{
Executable: "/usr/bin/podman",