From 9d964ffb9fc98ed13f6fec974c917b84c175d39a Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Mon, 8 Jun 2020 13:34:12 -0400 Subject: Ensure Conmon is alive before waiting for exit file This came out of a conversation with Valentin about systemd-managed Podman. He discovered that unit files did not properly handle cases where Conmon was dead - the ExecStopPost `podman rm --force` line was not actually removing the container, but interestingly, adding a `podman cleanup --rm` line would remove it. Both of these commands do the same thing (minus the `podman cleanup --rm` command not force-removing running containers). Without a running Conmon instance, the container process is still running (assuming you killed Conmon with SIGKILL and it had no chance to kill the container it managed), but you can still kill the container itself with `podman stop` - Conmon is not involved, only the OCI Runtime. (`podman rm --force` and `podman stop` use the same code to kill the container). The problem comes when we want to get the container's exit code - we expect Conmon to make us an exit file, which it's obviously not going to do, being dead. The first `podman rm` would fail because of this, but importantly, it would (after failing to retrieve the exit code correctly) set container status to Exited, so that the second `podman cleanup` process would succeed. To make sure the first `podman rm --force` succeeds, we need to catch the case where Conmon is already dead, and instead of waiting for an exit file that will never come, immediately set the Stopped state and remove an error that can be caught and handled. Signed-off-by: Matthew Heon --- libpod/define/errors.go | 3 +++ 1 file changed, 3 insertions(+) (limited to 'libpod/define') diff --git a/libpod/define/errors.go b/libpod/define/errors.go index 16df2a1cc..083553b7e 100644 --- a/libpod/define/errors.go +++ b/libpod/define/errors.go @@ -141,6 +141,9 @@ var ( // ErrConmonOutdated indicates the version of conmon found (whether via the configuration or $PATH) // is out of date for the current podman version ErrConmonOutdated = errors.New("outdated conmon version") + // ErrConmonDead indicates that the container's conmon process has been + // killed, preventing normal operation. + ErrConmonDead = errors.New("conmon process killed") // ErrImageInUse indicates the requested operation failed because the image was in use ErrImageInUse = errors.New("image is being used") -- cgit v1.2.3-54-g00ecf From 636881ece56f77df4c6a25dc5faa68a740607e3f Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Thu, 28 May 2020 10:54:17 +0200 Subject: pod config: add a `CreateCommand` field Add a `CreateCommand` field to the pod config which includes the entire `os.Args` at pod-creation. Similar to the already existing field in a container config, we need this information to properly generate generic systemd unit files for pods. It's a prerequisite to support the `--new` flag for pods. Also add the `CreateCommand` to the pod-inspect data, which can come in handy for debugging, general inspection and certainly for the tests that are added along with the other changes. Signed-off-by: Valentin Rothberg --- libpod/define/pod_inspect.go | 3 +++ libpod/options.go | 12 ++++++++++++ libpod/pod.go | 4 ++++ libpod/pod_api.go | 1 + pkg/specgen/generate/pod_create.go | 1 + test/e2e/pod_inspect_test.go | 22 ++++++++++++++++++++++ 6 files changed, 43 insertions(+) (limited to 'libpod/define') diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go index 26fd2cab4..7f06e16fc 100644 --- a/libpod/define/pod_inspect.go +++ b/libpod/define/pod_inspect.go @@ -18,6 +18,9 @@ type InspectPodData struct { Namespace string `json:"Namespace,omitempty"` // Created is the time when the pod was created. Created time.Time + // CreateCommand is the full command plus arguments of the process the + // container has been created with. + CreateCommand []string `json:"CreateCommand,omitempty"` // State represents the current state of the pod. State string `json:"State"` // Hostname is the hostname that the pod will set. diff --git a/libpod/options.go b/libpod/options.go index 8e0d3df86..75d098815 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -1538,6 +1538,18 @@ func WithPodHostname(hostname string) PodCreateOption { } } +// WithPodCreateCommand adds the full command plus arguments of the current +// process to the pod config. +func WithPodCreateCommand() PodCreateOption { + return func(pod *Pod) error { + if pod.valid { + return define.ErrPodFinalized + } + pod.config.CreateCommand = os.Args + return nil + } +} + // WithPodLabels sets the labels of a pod. func WithPodLabels(labels map[string]string) PodCreateOption { return func(pod *Pod) error { diff --git a/libpod/pod.go b/libpod/pod.go index 8afaa6052..38fe1fd2c 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -64,6 +64,10 @@ type PodConfig struct { // Time pod was created CreatedTime time.Time `json:"created"` + // CreateCommand is the full command plus arguments of the process the + // container has been created with. + CreateCommand []string `json:"CreateCommand,omitempty"` + // ID of the pod's lock LockID uint32 `json:"lockID"` } diff --git a/libpod/pod_api.go b/libpod/pod_api.go index e2c4b515d..c8605eb69 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -489,6 +489,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { Name: p.Name(), Namespace: p.Namespace(), Created: p.CreatedTime(), + CreateCommand: p.config.CreateCommand, State: podState, Hostname: p.config.Hostname, Labels: p.Labels(), diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go index cd2d69cfb..51b7835b2 100644 --- a/pkg/specgen/generate/pod_create.go +++ b/pkg/specgen/generate/pod_create.go @@ -93,5 +93,6 @@ func createPodOptions(p *specgen.PodSpecGenerator) ([]libpod.PodCreateOption, er options = append(options, libpod.WithInfraContainerPorts(ports)) } options = append(options, libpod.WithPodCgroups()) + options = append(options, libpod.WithPodCreateCommand()) return options, nil } diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go index 8040adf1e..f1acd3750 100644 --- a/test/e2e/pod_inspect_test.go +++ b/test/e2e/pod_inspect_test.go @@ -57,4 +57,26 @@ var _ = Describe("Podman pod inspect", func() { podData := inspect.InspectPodToJSON() Expect(podData.ID).To(Equal(podid)) }) + + It("podman pod inspect (CreateCommand)", func() { + podName := "myTestPod" + createCommand := []string{"pod", "create", "--name", podName, "--hostname", "rudolph", "--share", "net"} + + // Create the pod. + session := podmanTest.Podman(createCommand) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Inspect the pod and make sure that the create command is + // exactly how we created the pod. + inspect := podmanTest.Podman([]string{"pod", "inspect", podName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.IsJSONOutputValid()).To(BeTrue()) + podData := inspect.InspectPodToJSON() + // Let's get the last len(createCommand) items in the command. + inspectCreateCommand := podData.CreateCommand + index := len(inspectCreateCommand) - len(createCommand) + Expect(inspectCreateCommand[index:]).To(Equal(createCommand)) + }) }) -- cgit v1.2.3-54-g00ecf