k8systemd: run k8s workloads in systemd

Support running `podman play kube` in systemd by exploiting the
previously added "service containers".  During `play kube`, a service
container is started before all the pods and containers, and is stopped
last.  The service container communicates its conmon PID via sdnotify.

Add a new systemd template to dispatch such k8s workloads.  The argument
of the template is the path to the k8s file.  Note that the path must be
escaped for systemd not to bark:

Let's assume we have a `top.yaml` file in the home directory:
```
$ escaped=$(systemd-escape ~/top.yaml)
$ systemctl --user start podman-play-kube@$escaped.service
```

Closes: https://issues.redhat.com/browse/RUN-1287
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>

1 files changed, 19 insertions, 15 deletions

diff --git a/test/system/700-play.bats b/test/system/700-play.bats
index 2e5327a85..6c2a8c8b1 100644
--- a/test/system/700-play.bats
+++ b/test/system/700-play.bats
@@ -103,10 +103,9 @@ RELABEL="system_u:object_r:container_file_t:s0"
 @test "podman play --service-container" {
     skip_if_remote "service containers only work locally"
 
-    TESTDIR=$PODMAN_TMPDIR/testdir
-    mkdir -p $TESTDIR
-
-yaml="
+    # Create the YAMl file
+    yaml_source="$PODMAN_TMPDIR/test.yaml"
+    cat >$yaml_source <<EOF
 apiVersion: v1
 kind: Pod
 metadata:
@@ -120,13 +119,16 @@ spec:
     image: $IMAGE
     name: test
     resources: {}
-"
+EOF
+    run_podman play kube --service-container=true $yaml_source
 
-    echo "$yaml" > $PODMAN_TMPDIR/test.yaml
-    run_podman play kube --service-container=true $PODMAN_TMPDIR/test.yaml
+    # The name of the service container is predictable: the first 12 characters
+    # of the hash of the YAML file followed by the "-service" suffix
+    yaml_sha=$(sha256sum $yaml_source)
+    service_container="${yaml_sha:0:12}-service"
 
     # Make sure that the service container exists and runs.
-    run_podman container inspect "352a88685060-service" --format "{{.State.Running}}"
+    run_podman container inspect $service_container --format "{{.State.Running}}"
     is "$output" "true"
 
     # Stop the *main* container and make sure that
@@ -135,24 +137,26 @@ spec:
     #  #) The service container is marked as an service container
     run_podman stop test_pod-test
     _ensure_pod_state test_pod Exited
-    run_podman container inspect "352a88685060-service" --format "{{.State.Running}}"
-    is "$output" "false"
-    run_podman container inspect "352a88685060-service" --format "{{.IsService}}"
+    _ensure_container_running $service_container false
+    run_podman container inspect $service_container --format "{{.IsService}}"
     is "$output" "true"
 
     # Restart the pod, make sure the service is running again
     run_podman pod restart test_pod
-    run_podman container inspect "352a88685060-service" --format "{{.State.Running}}"
+    run_podman container inspect $service_container --format "{{.State.Running}}"
     is "$output" "true"
 
+    # Check for an error when trying to remove the service container
+    run_podman 125 container rm $service_container
+    is "$output" "Error: container .* is the service container of pod(s) .* and cannot be removed without removing the pod(s)"
+
     # Kill the pod and make sure the service is not running
     run_podman pod kill test_pod
-    run_podman container inspect "352a88685060-service" --format "{{.State.Running}}"
-    is "$output" "false"
+    _ensure_container_running $service_container false
 
     # Remove the pod and make sure the service is removed along with it
     run_podman pod rm test_pod
-    run_podman 1 container exists "352a88685060-service"
+    run_podman 1 container exists $service_container
 }
 
 @test "podman play --network" {