tripleo

Stein: systemd stop dependencies broken during reboot/shutdown

Bug #1838668 reported by Damien Ciabrini
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
In Progress
High
Damien Ciabrini

Bug Description

A paunch container has three systemd files associated with it:
  1. tripleo_*.service - the regular systemd service generated by paunch
  2. libpod-conmon*.scope - created dynamically by podman. runs a conmon
     process that creates a pidfile for tripleo_*.service and monitor it.
  3. libpod-*.scope - created dynamically by runc. for cgroups accounting

Paunch can only set start/stop dependencies on 1., not 2. and 3.
On reboot, systemd is allowed to stop 2. or 3. at any time, which can
cause 1. to stop before its deps as set up by paunch.

To prevent an unexpected stop of 1. from happening, in Master we
inject a additional dependency dynamically in 2. and 3. so that systemd
is forbidden to stop those scopes automatically until
paunch-container-shutdown.service is stopped.

That way, when systemd stops 1., the two scopes 2. and 3. will
finish in sequence and paunch dependencies will be respected.

We need to backport that commit in Stein until podman expose a programmatic
API to configure the dependencies as expected.

Damien Ciabrini (dciabrin)
Changed in tripleo:
milestone: none → train-3
milestone: train-3 → none
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to paunch (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/674090

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/674094

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to paunch (stable/stein)

Reviewed: https://review.opendev.org/674090
Committed: https://git.openstack.org/cgit/openstack/paunch/commit/?id=d105c6e9a21fc70bc5bfdf5a9d9796badb019704
Submitter: Zuul
Branch: stable/stein

commit d105c6e9a21fc70bc5bfdf5a9d9796badb019704
Author: Damien Ciabrini <email address hidden>
Date: Tue Jul 9 22:23:28 2019 +0200

    Generate addition drop-in dependencies for podman containers

    If a container managed by Paunch and has the drop-in file enabled, we
    want to start the containers with the script provided by the Paunch rpm:
    paunch-start-podman-container

    The script will take care of proper ordering when creating systemd scope
    files.

    Partial-Bug: #1838668
    Change-Id: Idaf5d4871ad1231f2592238a7925857af8f40548
    (cherry picked from commit b33aeea9728233aca852a3e132f23fca71ac42df)

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/stein)

Reviewed: https://review.opendev.org/674094
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=0cf066490e1a0527f41d3af7675b6479e5458f9c
Submitter: Zuul
Branch: stable/stein

commit 0cf066490e1a0527f41d3af7675b6479e5458f9c
Author: Damien Ciabrini <email address hidden>
Date: Tue Jul 9 18:53:47 2019 +0200

    Generate addition drop-in dependencies for podman containers

    Adding a new parameter: SystemdDropInDependencies (true by default).
    Which when set to True will create /etc/sysconfig/podman_drop_in on the
    host; to tell paunch to use paunch-start-podman-container script to
    start the containers.

    This file makes paunch generate additional systemd
    dependencies for containers that have special
    start/stop ordering constraints. It ensures that
    those constraints are enforced on reboot/shutdown.

    Closes-Bug: #1838668
    Depends-On: Idaf5d4871ad1231f2592238a7925857af8f40548
    Change-Id: I4f8cd5ba4f747b0169ae0bddf6a14048fa782f32
    (manually cherry picked from commit a06cc5f93f79d8dc0f65f1f42f4277310e2e24cb)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.