From d2f96d00309e126232d4c938bbeb66bfdf081304 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Tue, 2 Jul 2019 10:28:47 -0400 Subject: [PATCH] Don't let Systemd kill Conmon on shutdown If we set SIGUSR1, we won't kill Conmon or force a SIGTERM to be sent to the container. Instead, the container will exit as per usual during system shutdown, and conmon will remain alive to record its exit status. Use a 10 minute timeout so we don't permanently halt system shutdown if an error occurs. Signed-off-by: Matthew Heon --- libpod/oci_internal_linux.go | 2 +- utils/utils_supported.go | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/libpod/oci_internal_linux.go b/libpod/oci_internal_linux.go index 48b7370e0e4..c37308b6a76 100644 --- a/libpod/oci_internal_linux.go +++ b/libpod/oci_internal_linux.go @@ -366,7 +366,7 @@ func (r *OCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec.Cmd, } logrus.Infof("Running conmon under slice %s and unitName %s", realCgroupParent, unitName) - if err := utils.RunUnderSystemdScope(cmd.Process.Pid, realCgroupParent, unitName); err != nil { + if err := utils.RunUnderSystemdScope(cmd.Process.Pid, realCgroupParent, unitName, true); err != nil { logrus.Warnf("Failed to add conmon to systemd sandbox cgroup: %v", err) } } else { diff --git a/utils/utils_supported.go b/utils/utils_supported.go index 8b0ba443849..6658a7df638 100644 --- a/utils/utils_supported.go +++ b/utils/utils_supported.go @@ -3,12 +3,15 @@ package utils import ( + "syscall" + systemdDbus "github.com/coreos/go-systemd/dbus" "github.com/godbus/dbus" ) -// RunUnderSystemdScope adds the specified pid to a systemd scope -func RunUnderSystemdScope(pid int, slice string, unitName string) error { +// RunUnderSystemdScope adds the specified pid to a systemd scope. +// If forConmon is set, timeout is increased, and stop signal is set to SIGUSR1. +func RunUnderSystemdScope(pid int, slice string, unitName string, forConmon bool) error { var properties []systemdDbus.Property conn, err := systemdDbus.New() if err != nil { @@ -18,6 +21,12 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error { properties = append(properties, newProp("PIDs", []uint32{uint32(pid)})) properties = append(properties, newProp("Delegate", true)) properties = append(properties, newProp("DefaultDependencies", false)) + if forConmon { + // 10 minute stop timeout + var timeout uint64 = 1000000 * 60 * 10 + properties = append(properties, newProp("TimeoutStopUSec", &timeout)) + properties = append(properties, newProp("KillSignal", syscall.SIGUSR1)) + } ch := make(chan string) _, err = conn.StartTransientUnit(unitName, "replace", properties, ch) if err != nil {