HomeClusterLabs Projects
Diffusion Resource Agents 462ada6164cb

Generate addition drop-in dependencies for podman containers
462ada6164cb
Actions

Description

Generate addition drop-in dependencies for podman containers

When podman creates a container, it creates two additional systemd
scope files dynamically:

  • libpod-conmon-<CONTAINERID>.scope - runs a conmon process that tracks a container's pid1 into a dedicated pidfile.
  • libpod-<CONTAINERID>.scope - created dynamically by runc, for cgroups accounting

On shutdown, it can happen that systemd stops those scope early,
which in turn sends a SIGTERM to pacemaker-managed containers
before pacemaker has scheduled any stop operation. That
confuses the cluster and may break shutdown.

Add a new option in the resource-agent to inject additional
dependencies into the dynamically created scope files, so that
systemd is not allowed to stop scopes before the pacemaker
service itself is stopped.

When that option is enabled, the scopes look like:

  1. podman ps | grep galera c329819a1227 192.168.122.8:8787/rhosp15/openstack-mariadb:latest dumb-init -- /bin... About an hour ago Up About an hour ago galera-bundle-podman-0
  2. systemctl cat libpod*c329819a1227*
  3. /run/systemd/transient/libpod-conmon-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope
  4. This is a transient unit file, created programmatically via the systemd API. Do not edit. [Scope] Slice=machine.slice Delegate=yes

    [Unit] DefaultDependencies=no
  5. /run/systemd/transient/libpod-conmon-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope.d/dep.conf [Unit] Before=pacemaker.service
  6. /run/systemd/transient/libpod-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope
  7. This is a transient unit file, created programmatically via the systemd API. Do not edit. [Unit] Description=libcontainer container c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b

    [Scope] Slice=machine.slice Delegate=yes MemoryAccounting=yes CPUAccounting=yes BlockIOAccounting=yes

    [Unit] DefaultDependencies=no
  8. /run/systemd/transient/libpod-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope.d/dep.conf [Unit] Before=pacemaker.service

Effectively, this prevents systemd from managing the shutdown of any
pacemaker-managed podman container.

Related: rhbz#1726442

Details

Provenance
Damien Ciabrini <dciabrin@redhat.com>Authored on Jul 9 2019, 5:14 PM
Parents
rR5bba5a0346fb: Merge pull request #1364 from dciabrin/podman-perf
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (1)

PathSize
heartbeat/

rR462ada6164cb

View Options

heartbeat/podman

Loading...