From 7fc1a329bd014d61f9895fc212aef452f6fb8f84 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 22 Jun 2018 16:44:59 -0400 Subject: Add `podman container cleanup` to CLI When we run containers in detach mode, nothing cleans up the network stack or the mount points. This patch will tell conmon to execute the cleanup code when the container exits. It can also be called to attempt to cleanup previously running containers. Signed-off-by: Daniel J Walsh Closes: #942 Approved by: mheon --- libpod/container.go | 4 ++++ libpod/container_inspect.go | 1 + libpod/container_internal.go | 19 +++++++++++++------ libpod/oci.go | 6 ++++++ libpod/options.go | 12 ++++++++++++ 5 files changed, 36 insertions(+), 6 deletions(-) (limited to 'libpod') diff --git a/libpod/container.go b/libpod/container.go index 37dabd80d..b7189ae0b 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -314,6 +314,10 @@ type ContainerConfig struct { // TODO log options for log drivers PostConfigureNetNS bool `json:"postConfigureNetNS"` + + // ExitCommand is the container's exit command. + // This Command will be executed when the container exits + ExitCommand []string `json:"exitCommand,omitempty"` } // ContainerStatus returns a string representation for users diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 7dc4d34b9..1381341c2 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -71,6 +71,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data) }, ImageID: config.RootfsImageID, ImageName: config.RootfsImageName, + ExitCommand: config.ExitCommand, Rootfs: config.Rootfs, ResolvConfPath: resolvPath, HostnamePath: hostnamePath, diff --git a/libpod/container_internal.go b/libpod/container_internal.go index ba6cbe5aa..5c5bf8062 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -695,7 +695,8 @@ func (c *Container) stop(timeout uint) error { return err } - return c.cleanup() + // Container should clean itself up + return nil } // Internal, non-locking function to pause a container @@ -928,11 +929,17 @@ func (c *Container) cleanup() error { } if err := c.cleanupCgroups(); err != nil { - if lastError != nil { - logrus.Errorf("Error cleaning up container %s CGroups: %v", c.ID(), err) - } else { - lastError = err - } + /* + if lastError != nil { + logrus.Errorf("Error cleaning up container %s CGroups: %v", c.ID(), err) + } else { + lastError = err + } + */ + // For now we are going to only warn on failures to clean up cgroups + // We have a conflict with running podman containers cleanup in same cgroup as container + logrus.Warnf("Ignoring Error cleaning up container %s CGroups: %v", c.ID(), err) + } // Unmount storage diff --git a/libpod/oci.go b/libpod/oci.go index 871069627..dfed3d6b8 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -268,6 +268,12 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string) (er if ctr.config.ConmonPidFile != "" { args = append(args, "--conmon-pidfile", ctr.config.ConmonPidFile) } + if len(ctr.config.ExitCommand) > 0 { + args = append(args, "--exit-command", ctr.config.ExitCommand[0]) + for _, arg := range ctr.config.ExitCommand[1:] { + args = append(args, []string{"--exit-command-arg", arg}...) + } + } args = append(args, "--socket-dir-path", r.socketsDir) if ctr.config.Spec.Process.Terminal { args = append(args, "-t") diff --git a/libpod/options.go b/libpod/options.go index 02bcb8628..9f07db7ed 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -485,6 +485,18 @@ func WithIDMappings(idmappings storage.IDMappingOptions) CtrCreateOption { } } +// WithExitCommand sets the ExitCommand for the container, appending on the ctr.ID() to the end +func WithExitCommand(exitCommand []string) CtrCreateOption { + return func(ctr *Container) error { + if ctr.valid { + return ErrCtrFinalized + } + + ctr.config.ExitCommand = append(exitCommand, ctr.ID()) + return nil + } +} + // WithIPCNSFrom indicates the the container should join the IPC namespace of // the given container. // If the container has joined a pod, it can only join the namespaces of -- cgit v1.2.3-54-g00ecf