From 8417892f0c8f0250192ef56aeb595e7b46eef32f Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Tue, 31 Aug 2021 15:47:14 +0200 Subject: [PATCH] Wrap stopping podman -t with systemd timeouts (squash) 1) Currently with KillMode=none, if podman -t hangs, the command repeats leaving the process and its cgroup around. But if a stop/start command hangs, we should not start another one. Instead time it out properly via TimeoutStopSec set to the 2x of the timeout given to the managed podman action. Then if it expires, kill its cgroup all the way (KillMode=control-group is a default) before rerunning the same operation. Also note that using KilMode process is not recommended by systemd man pages. Increase the grace stop timeout defaults 10->42s to align it with: https://github.com/containers/podman/pull/8889 2) Make KillMode configurable for service units Libvirt container is a special beast that needs custom killmode value for its tripleo-manager service unit. Add kill_mode for the container values that defaults to control-group. 3) Fix TimeoutStopSec to integer convertion Related: rhbz#2010135 Closes-bug: #1945791 Change-Id: Iefe861f91cefe2a9cf773cae98b2440566ae8b5e Signed-off-by: Bogdan Dobrelya (cherry picked from commit badd5a3c10f0af9e1c69a9b88064e743a36d4f53) --- .../tripleo-container-manage/templates/systemd-service.j2 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tripleo_ansible/roles/tripleo-container-manage/templates/systemd-service.j2 b/tripleo_ansible/roles/tripleo-container-manage/templates/systemd-service.j2 index b93ac12d2..598f64433 100644 --- a/tripleo_ansible/roles/tripleo-container-manage/templates/systemd-service.j2 +++ b/tripleo_ansible/roles/tripleo-container-manage/templates/systemd-service.j2 @@ -10,10 +10,11 @@ ExecStart=/usr/libexec/tripleo-start-podman-container {{ lookup('dict', containe ExecStart=/usr/bin/podman start {{ lookup('dict', container_data).key }} {% endif %} ExecReload=/usr/bin/podman kill --signal HUP {{ lookup('dict', container_data).key }} -ExecStop=/usr/bin/podman stop -t {{ lookup('dict', container_data).value.stop_grace_period | default(10) | int }} {{ lookup('dict', container_data).key }} -ExecStopPost=/usr/bin/podman stop -t {{ lookup('dict', container_data).value.stop_grace_period | default(10) | int }} {{ lookup('dict', container_data).key }} +ExecStop=/usr/bin/podman stop -t {{ lookup('dict', container_data).value.stop_grace_period | default(42) | int }} {{ lookup('dict', container_data).key }} +ExecStopPost=/usr/bin/podman stop -t {{ lookup('dict', container_data).value.stop_grace_period | default(42) | int }} {{ lookup('dict', container_data).key }} SuccessExitStatus=137 142 143 -KillMode=none +TimeoutStopSec={{ 2*(lookup('dict', container_data).value.stop_grace_period | default(42) | int) }} +KillMode={{ lookup('dict', container_data).value.kill_mode | default('control-group') }} Type=forking PIDFile=/var/run/{{ lookup('dict', container_data).key }}.pid {% if lookup('dict', container_data).value.systemd_exec_flags is defined %}