sd-notify: do not hang when NOTIFY_SOCKET is used with create #1807
Conversation
|
@giuseppe can you describe a minimal test case for this ? Would be nice to setup an integration test too. With this, do we even need to pass notifySocket to signalHandler anymore ? |
|
@dqminh currently if the |
|
@giuseppe Couldn't you move the wait for ever functionality out of the run and into the start? |
|
I cannot do that as the socket needs to be opened by |
|
@dqminh We are waiting for reply from you. Would love to get podman support for sd-notify so we can run podman/runc with sd-notify containers. |
|
The cost of the extra process falls on the users of the socket so I am fine with this as there is no simpler way. |
|
LGTM |
|
Could someone @dqminh @avagin @caniszczyk @crosbymichael @cyphar @hqhq, @rjnagal @vmarmol PTAL??? |
|
Hi, sorry for the delay ! Having to spawn one more process is unfortunate, but i cant think of a better way if we want to keep the same flow where the forwarding of notification is setup when we first create the container. (However in this case perhaps we should not overload init and instead give the process a separate operation ). Another way i can think of is to have
In this case, Does that make sense ? |
giuseppe
force-pushed
the
notify-no-block
branch
2 times, most recently
from
db96894 to
cd9b959
Compare
|
what stopped me from doing that in the first iteration was that we cannot create the socket once the container is already created (and the socket bind mounted), so that the listener had to be created from create. |
signals.go
Outdated
| @@ -70,7 +70,7 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach | |||
| h.notifySocket.run(pid1) | |||
| return 0, nil | |||
| } else { | |||
| go h.notifySocket.run(0) | |||
| h.notifySocket.run(os.Getpid()) | |||
There was a problem hiding this comment.
question: does it matter here that we set PID to runc process ? Cant we always set it to the container's process instead ?
There was a problem hiding this comment.
if we keep runc running, the container's process won't be a direct child of systemd and systemd won't get the SIGCHLD once it terminates. Differently, it will get the SIGCHLD for the runc process and can link it to the service being terminated.
|
@giuseppe Thanks ! This looks great and much simpler than before. |
|
Re-ping @dqminh @mrunalp . This is part of the fix for a Podman issue containers/podman#746 |
|
ping, can this be finally reviewed? |
|
I don't know enough about this to be able to give a good review or even test. Someone other maintainers will have to as I wouldn't feel comfortable either way. Sorry. |
|
What does this need in order to be merged? I'd love to have sdnotify support and I'm happy to help out with this PR where I can. |
|
LGTM |
|
@dqminh Could you take a look? |
giuseppe
force-pushed
the
notify-no-block
branch
from
cd9b959 to
7ae4c8d
Compare
|
can someone please take a look? |
|
@giuseppe In #2014 I'm adding support for integration tests in an environment where systemd is running and also a Travis-CI job to run those tests on PRs. Do you think you might be able to add an integration test that would test the NOTIFY_SOCKET feature, perhaps on top of that PR? I guess having a test case pass would make it easier to get this merged. Cheers! |
|
@filbranden thanks for the suggestion. I've looked into it but I don't see any way for using UNIX datagram sockets from a busybox container so that I could communicate back with the systemd socket |
|
@giuseppe Yes busybox will probably not be enough... Can we consider a slightly larger minimal image that would have enough tools (like a somewhat more complete Or, alternatively, can we consider copying a binary into the unpacked tree of busybox image before running the Let me know if I can help in any way. PR #2014 has been merged, so rebasing on top of latest head should already get you the tests including systemd and the Travis CI config to run them as part of every pending PR... Cheers! |
giuseppe
force-pushed
the
notify-no-block
branch
from
a52f7bf to
e3b3789
Compare
|
yes, using Alpine will help, then I can run the equivalent of: |
giuseppe
force-pushed
the
notify-no-block
branch
from
e3b3789 to
3d99c51
Compare
|
The PR was opened almost 2 years ago. Since there is no interest in fixing the issue, I am closing it. |
Hey @giuseppe, now is the time where we're also interested in fixing this bug. May I ask you to re-open the issue that we can finally merge it? 😇 |
|
Yes @giuseppe Let's reopen and see if we can get @AkihiroSuda to review. |
|
Does crun already have this? Can we have an integration test? |
yes crun already supports it. As well as the runc distributed by Fedora/RHEL, where we are backporting this patch. |
giuseppe
force-pushed
the
notify-no-block
branch
from
3d99c51 to
e6e99e9
Compare
if NOTIFY_SOCKET is used, do not block the main runc process waiting for events on the notify socket. Bind mount the parent directory of the notify socket, so that "start" can create the socket and it is still accessible from the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
force-pushed
the
notify-no-block
branch
from
e6e99e9 to
25fd4a6
Compare
|
LGTM, but I'd like to see integration test suite if possible. Can be follow-up PR if difficult. |
|
LGTM |
* Running the etcd container with NOTIFY_SOCKET mounted (to use systemd Type=notify) causes podman to hang so for now just use exec * opencontainers/runc#1807
runc and podman to work with sd_notify
runc and podman to work with sd_notify
if NOTIFY_SOCKET is used, do not block the main runc process waiting for events on the notify socket. Bind mount the parent directory of the notify socket, so that "start" can create the socket and it is still accessible from the container.
Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com