From 0b1c1ef461d26b3c373269c3a2e7085124f89eb5 Mon Sep 17 00:00:00 2001 From: Joseph Gooch Date: Fri, 19 Jun 2020 13:29:34 +0000 Subject: Implement --sdnotify cmdline option to control sd-notify behavior --sdnotify container|conmon|ignore With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI runtime doesn't pass it into the container. We also advertise "ready" when the OCI runtime finishes to advertise the service as ready. With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI runtime passes it into the container for initialization, and let the container advertise further metadata. This is the default, which is closest to the behavior podman has done in the past. The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor any child processes will talk to systemd. This removes the need for hardcoded CID and PID files in the command line, and the PIDFile directive, as the pid is advertised directly through sd-notify. Signed-off-by: Joseph Gooch --- pkg/specgen/generate/container_create.go | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'pkg/specgen/generate') diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 1ab576869..8df5b996e 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -175,6 +175,10 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. options = append(options, libpod.WithSystemd()) } + if len(s.SdNotifyMode) > 0 { + options = append(options, libpod.WithSdNotifyMode(s.SdNotifyMode)) + } + if len(s.Name) > 0 { logrus.Debugf("setting container name %s", s.Name) options = append(options, libpod.WithName(s.Name)) -- cgit v1.2.3-54-g00ecf