summaryrefslogtreecommitdiff
path: root/pkg/systemd/generate
Commit message (Collapse)AuthorAge
* Improve generate systemd formatDaniel J Walsh2022-09-21
| | | | | | | | Fixes: https://github.com/containers/podman/issues/14897 Followup to #13814 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Revert "generate systemd: drop ExecStop"Valentin Rothberg2022-09-15
| | | | | | | | | | | | This reverts commit c20abf12c714f359c7bbb291c444530f70cb1185. In the absence of `ExecStop` step, systemd will send the stop/kill signals to the main PID while I asummed that systemd would jump directly to an ExecStopPost step instead. Hence revert the commit to let Podman take care of stopping rather than systemd. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* generate systemd: drop ExecStopValentin Rothberg2022-09-15
| | | | | | | | | | | | | | | | Drop the ExecStop step to simplify the generated units a bit. The extra ExecStopPost step was added by commit e5c343294424. If the main PID (i.e., conmon) is killed, systemd will not execute ExecStop (since the main PID is already down) but only execute the *Post steps. Credits to the late Ulrich Obergfell for tracking this issue down; he is missed. The ExecStop step can safely be dropped since the Post step will take of stopping (and removing) in any case. Context: #15686 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* fix ci: update systemd generate unit testValentin Rothberg2022-09-14
| | | | | | | Two PRs have been merged causing a failure in one unit test. Fix the unit test to turn CI green again. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #15777 from vrothberg/fix-14546OpenShift Merge Robot2022-09-14
|\ | | | | generate systemd: fix pod dependencies
| * generate systemd: fix pod dependenciesValentin Rothberg2022-09-13
| | | | | | | | | | | | | | | | | | | | | | | | Change the dependencies from a pod unit to its associated container units from `Requires` to `Wants` to prevent the entire pod from transitioning to a failed state. Restart policies for individual containers can be configured separately. Also make sure that the pod's RunRoot is always set. Fixes: #14546 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | [systemd] Ensure that podCreateArgs appear last in ExecStartPre=Dan Čermák2022-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When creating a new pod without the `--name` flag, e.g.: `podman pod create foobar` it will get the name `foobar` implicitly and this will be recorded as the in the `podCreateArgs`. Unfortunately, the implicit name only works if it appears as the **last** argument of the startup command. With 6e2e3a78ed1d05ee5f23f65b814e8135021961dd we started appending the pod security policy to the startCommand, resulting in the following `ExecStartPre=` line: ``` /usr/bin/podman pod create --infra-conmon-pidfile %t/pod-foobar.pid --pod-id-file %t/pod-foobar.pod-id foobar --exit-policy=stop ``` This fails to launch, as the `pod create` command expects only a single non-flag parameter, but it assumes that `exit-policy=stop` is a second and terminates immediately instead. This fixes https://github.com/containers/podman/issues/15592 Signed-off-by: Dan Čermák <dcermak@suse.com>
* | generate systemd: warn on --restart without --newValentin Rothberg2022-09-13
|/ | | | | | | | | | | Emit a warning to the user when generating a unit with --new on a container that was created with a custom --restart policy. As shown in #15284, a custom --restart policy in that case can lead to issues on system shutdown where systemd attempts to nuke the unit but Podman keeps on restarting the container. Fixes: #15284 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Fix stuttersDaniel J Walsh2022-09-10
| | | | | | | | | | | | | | Podman adds an Error: to every error message. So starting an error message with "error" ends up being reported to the user as Error: error ... This patch removes the stutter. Also ioutil.ReadFile errors report the Path, so wrapping the err message with the path causes a stutter. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add generate systemd -e/--env optionToshiki Sonoda2022-09-06
| | | | | | | | -e/--env option sets environment variables to the systemd unit files. Fixes: #15523 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* podman generate systemd --new: allow -h hostnamePaul Holzinger2022-08-02
| | | | | | | | | | podman run/create can accept `-h <hostname>` as argument. When parsing flags -h throws an help requested error from pflag. To prevent this error we have to define the help flag. Fixes #15124 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* podman generate systemd: handle --sdnotify correctlyPaul Holzinger2022-07-25
| | | | | | | | | | | | When a container was created with `--sdnotify value` we would remove this arg instead of using it like with `--sdnotfiy=value`. Also when the arg is set to ignore we should force conmon in order to make the resulting Type=notify units work. Fixes #15052 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* pkg: switch to golang native error wrappingSascha Grunert2022-07-08
| | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
| | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* generate systemd: pods: set exit policyValentin Rothberg2022-05-03
| | | | | | | | | | Unless specified in the create command of the pod, enforce the exit policy to "stop". With "stop", a pod is stopped when the last container exits and does not continue running. This behavior integrates much better into systemd which is now able to tell whether the service running as pod is actually running/active or not. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Pretty print systemd services fileAbhijeet Kasurde2022-04-12
| | | | | | | | | | | Fixes: #13337 I added newline only on options IE Begin with "-" [NO NEW TESTS NEEDED] Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Remove error stutterDaniel J Walsh2022-03-25
| | | | | | | | | | | | | | | | | When podman gets an error it prints out "Error: " before printing the error string. If the error message starts with error, we end up with Error: error ... This PR Removes all of these stutters. logrus.Error() also prints out that this is an error, so no need for the error stutter. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* fix a number of errcheck issuesValentin Rothberg2022-03-22
| | | | | | Numerous issues remain, especially in tests/e2e. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Separator is no longer prepended when prefix is empty on podman generate systemdNirmal Patel2022-03-16
| | | | | | | | | | | | | | When podman generate systemd is invoked, it previously did not check if container-prefix or pod-prefix are empty. When these are empty, the file name starts with the separator, which is hyphen by default. This results in files like '-containername.service'. The code now checks if these prefixes are empty. If they are, the filename no longer adds a separator. Instead, it uses name or ID of the container or pod. Closes #13272 Signed-off-by: Nirmal Patel <npate012@gmail.com>
* Handlers for `generate systemd` with custom dependenciesesendjer2022-01-19
| | | | | | | | | | | | | | This commit includes: * Handlers for generate systemd unit with manually defined dependencies such as: Wants=, After= and Requires= * The new unit and e2e tests for checking generated systemd units for container and pod with custom dependencies * Documented descriptions for custom dependencies options Signed-off-by: Eugene (Evgenii) Shubin <esendjer@gmail.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* generate systemd: support entrypoint JSON stringsValentin Rothberg2021-12-08
| | | | | | | Make sure to preserve the quoting of entrypoint JSON strings. Fixes: #12477 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add restart-sec option to systemd generateOndra Machacek2021-12-03
| | | | Signed-off-by: Ondra Machacek <omachace@redhat.com>
* systemd: replace multi-user with default.targetValentin Rothberg2021-11-30
| | | | | | | | | | Replace `multi-user.target` with `default.target` across the code base. It seems like the multi-user one is not available for (rootless) users on F35 anymore is causing issues in all kinds of ways, for instance, enabling the podman.service or generated systemd units. Fixes: #12438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* generate systemd: add --start-timeout flagValentin Rothberg2021-11-23
| | | | | | | | | Add a new flag to set the start timeout for a generated systemd unit. To make naming consistent, add a new --stop-timeout flag as well and let the previous --time map to it. Fixes: #11618 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* export adding id-specifier code to setContainerNameForTemplateBoaz Shuster2021-11-11
| | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* change from run to create in 250-systemd.batsBoaz Shuster2021-11-09
| | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* add unit test to containers_testBoaz Shuster2021-11-01
| | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* Support template unit files in podman generate systemdBoaz Shuster2021-10-22
| | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* generate systemd: handle --restartValentin Rothberg2021-09-07
| | | | | | | | | Handle custom restart policies of containers when generating the unit files; those should be set on the unit level and removed from ExecStart flags. Fixes: #11438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* generate systemd: clarify limitations of `--new`Valentin Rothberg2021-09-01
| | | | | | | | | | | | | `generate systemd --new` is looking at the "create command" of the container/pod which is simply the os.Args at creation time. It does not work on containers or pods created via the REST API since the create command is not set. `--new` does work on such containers and pods since there is no reliable way to reverse-map their configs to command-line arguments of podman. Fixes: #11370 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* generate systemd: use --cidfile againValentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | Commit 9ac5267 changed the type of the generated systemd units from `forking` to `notify`. It further stopped using `--cidfile` and instead intended systemd to take care of stopping the container, which turned out to be a bad idea. Systemd will send the stop/kill signals to conmon which in turn may exit non-zero, depending on the signal, and ultimately breaking container cleanup. Hence, we need to use --cidfile again and let podman stop and remove the container to make sure that everything's in order. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Revert "generate systemd: custom stop signal"Valentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | This reverts commit 70801b3d714b067d64744697433c5841926dad4d. It turns out that letting systemd handle stopping the container is not working as I thought it will. Conmon is receiving the stop/kill signals and may exit non-zero, which in turn lets the systemd service transition into the `failed` state. We need to get back to letting Podman stop the containers and do a partial revert of commit 9ac5267 which removed using --cidfile. Happening in a following commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* generate systemd: custom stop signalValentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | | | Commit 9ac5267598c3 changed the type of the generated systemd units from forking to notify. Parts of these changes was also removing the need to pass any information via the file system (e.g., PIDFILE, container ID). That in turn implies that systemd takes care of stopping the container. By default, systemd first sends a SIGTERM and after a certain timeout, it'll send a SIGKILL. That's pretty much what Podman is doing, unless the container was created with a custom stop signal which is the case when the --stop-signal flag was used or systemd is mounted. Account for that by using systemd's KillSignal option which allows for changing SIGTERM to another signal. Also make sure that we're using the correct timeout for units generated with --new. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* auto-update: simple rollbackValentin Rothberg2021-08-05
| | | | | | | | | | | | | | | | | | | Add support for simple rollbacks during `podman auto-update`. Rollbacks are enabled by default. If a systemd unit cannot be restarted after an update, the previous image will be retagged and the unit will be restarted a second time. Add system tests for rollbacks. Also fix a bug in the restart sequence; we have to use the channel to actually know whether the restart was successful or not. NOTE: To make rollbacks really useful, users must run their containers with `--sdnotify=container` such that the containers send the ready message over the (mounted) socket. This way, restarting the systemd units during auto update will block until the message has been received (or a timeout kicked in). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* systemd: require network*-online*.targetValentin Rothberg2021-07-16
| | | | | | | | | Require the network to be online in all (generated) systemd units to make sure that containers and Podman run only after the network has been fully configured. Fixes: #10655 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Remove GetStore function from LibpodMatthew Heon2021-07-08
| | | | | | | | | | | | We should not be exposing the store outside of Libpod. We want to encapsulate it as an internal implementation detail - there's no reason functions outside of Libpod should directly be manipulating container storage. Convert the last use to invoke a method on Libpod instead, and remove the function. [NO TESTS NEEDED] as this is just a refactor. Signed-off-by: Matthew Heon <mheon@redhat.com>
* systemd/generate: change type to notifyValentin Rothberg2021-06-04
| | | | | | | | | | | | | | Change the type of units generated with --new from "forking" to "notify". This brings Podman closer to systemd and opens up Podman to a number of use cases (see #5572). Units generated without --new remain with `type=forking`. I experimented a bit with adding a `--sdnotify` flag to `podman start` but it doesn't really work well since we're competing with the default sdnotify mode set during container creation. Fixes: #5572 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* generate systemd: make mounts portableValentin Rothberg2021-05-31
| | | | | | | | | | | | | | | | | | | Commit 748826fc88fc fixed a bug where slow mounting of the runroot was causing issues when the units are started at boot. The fix was to add the container's runroot to the required mounts; the graph root has been added as well. Hard-coding the run- and graphroot to the required mounts, however, breaks the portability of units generated with --now. Those units are intended to be running on any machine as, theoreticaly, any user. Make the mounts portable by using the `%t` macro for the run root. Since the graphroot's location varies across root and ordinary users, drop it from the list of required mounts. The graphroot was not causing issues. Fixes: #10493 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add envars to the generated systemd unitPaul Holzinger2021-05-10
| | | | | | | | | | | | | | | The with --new generated systemd unit loses the environment variables when the create command only contains the key without the value. Since podman tries to lookup those values from the environment the unit can fail. This commits ensures that we will add the environment variables to the unit file when this is the case. The container environment variables are looked up in the container spec. Fixes #10101 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Fixes from make codespellDaniel J Walsh2021-04-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman generate systemd --new do not duplicate paramsPaul Holzinger2021-03-28
| | | | | | | | | | | | | | | | | podman generate systemd --new inserts extra idfile arguments. The generated unit can break when the user did provide their own idfile arguments as they overwrite the arguments added by generate systemd. This also happens when a user tries to generate the systemd unit on a container already create with a --new unit. This should now create a identical unit. The solution is to remove all user provided idfile arguments. This commit also ensures that we do not remove arguments that are part off the containers entrypoint. Fixes #9776 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Add RequiresMountsFor= to systemd generateRobb Manes2021-03-26
| | | | | | | | | | | | | | | It is rare but possible that storage locations for the graphroot and the runroot are not mounted at boot time, and therefore might race when doing container operations. An example we've seen in the wild is that a slow tmpfs mount for the runroot would suddenly mount over /run, causing the container to lose all currently-running data, requiring a system refresh to get it back. This patch adds RequiresMountsFor= to the systemd.unit header to ensure the paths for both the graphroot and runroot are mounted prior to starting any generated unit files. Signed-off-by: Robb Manes <rmanes@redhat.com>
* Do not leak libpod package into the remote clientPaul Holzinger2021-03-15
| | | | | | | | | | | | | | | | | | Some packages used by the remote client imported the libpod package. This is not wanted because it adds unnecessary bloat to the client and also causes problems with platform specific code(linux only), see #9710. The solution is to move the used functions/variables into extra packages which do not import libpod. This change shrinks the remote client size more than 6MB compared to the current master. [NO TESTS NEEDED] I have no idea how to test this properly but with #9710 the cross compile should fail. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9445 from jmguzik/no-header-info-for-systemd-generationOpenShift Merge Robot2021-02-22
|\ | | | | No header info for systemd generation
| * --no-header flag implementation for generate systemdJakub Guzik2021-02-22
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | bump go module to v3Valentin Rothberg2021-02-22
|/ | | | | | | | | We missed bumping the go module, so let's do it now :) * Automated go code with github.com/sirkon/go-imports-rename * Manually via `vgrep podman/v2` the rest Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix broken podman generate systemd --new with podsPaul Holzinger2021-02-16
| | | | | | | | | | | The unit generation accidentally escaped the %t in the pod id file path. This is a regression caused by #9178. This was not caught by the tests because the test itself was wrong. It used a full path instead of the systemd variable %t like the actual code does. Fixes #9373 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Enable whitespace linterPaul Holzinger2021-02-11
| | | | | | | | Use the whitespace linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Fix podman generate systemd --new special char handlingPaul Holzinger2021-02-01
| | | | | | | | | | In a systemd unit dollar and percent signs are used for variables. A backslash is used for escape sequences. If any of these characters are used in the create command we have to properly escape them so systemd does not try to interpret them. Fixes #9176 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>