From 505f43c084a710c36195b8fe979c2ccb673c6e0c Mon Sep 17 00:00:00 2001 From: Robb Manes Date: Tue, 16 Mar 2021 12:42:02 -0400 Subject: Add RequiresMountsFor= to systemd generate It is rare but possible that storage locations for the graphroot and the runroot are not mounted at boot time, and therefore might race when doing container operations. An example we've seen in the wild is that a slow tmpfs mount for the runroot would suddenly mount over /run, causing the container to lose all currently-running data, requiring a system refresh to get it back. This patch adds RequiresMountsFor= to the systemd.unit header to ensure the paths for both the graphroot and runroot are mounted prior to starting any generated unit files. Signed-off-by: Robb Manes --- docs/source/markdown/podman-generate-systemd.1.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'docs/source') diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index 00b13669a..43cb30f59 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -61,7 +61,7 @@ Set the systemd unit name separator between the name/id of a container/pod and t ### Generate and print a systemd unit file for a container -Generate a systemd unit file for a container running nginx with an *always* restart policy and 1-second timeout to stdout. +Generate a systemd unit file for a container running nginx with an *always* restart policy and 1-second timeout to stdout. Note that the **RequiresMountsFor** option in the **Unit** section ensures that the container storage for both the GraphRoot and the RunRoot are mounted prior to starting the service. For systems with container storage on disks like iSCSI or other remote block protocols, this ensures that Podman is not executed prior to any necessary storage operations coming online. ``` $ podman create --name nginx nginx:latest @@ -73,6 +73,9 @@ $ podman generate systemd --restart-policy=always -t 1 nginx [Unit] Description=Podman container-de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6.service Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +RequiresMountsFor=/var/lib/containers/storage /var/run/container/storage [Service] Restart=always @@ -101,6 +104,7 @@ Description=Podman container-busy_moser.service Documentation=man:podman-generate-systemd(1) Wants=network.target After=network-online.target +RequiresMountsFor=/var/lib/containers/storage /var/run/container/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n @@ -140,6 +144,9 @@ Description=Podman pod-systemd-pod.service Documentation=man:podman-generate-systemd(1) Requires=container-amazing_chandrasekhar.service container-jolly_shtern.service Before=container-amazing_chandrasekhar.service container-jolly_shtern.service +Wants=network.target +After=network-online.target +RequiresMountsFor=/var/lib/containers/storage /var/run/container/storage [Service] Restart=on-failure -- cgit v1.2.3-54-g00ecf