Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

healthcheck: support rootless mode #3529

Merged
merged 1 commit into from
Jul 9, 2019
Merged

healthcheck: support rootless mode #3529

merged 1 commit into from
Jul 9, 2019
+45 −4

Conversation

giuseppe
Copy link
Member

@giuseppe giuseppe commented Jul 9, 2019

now that dbus authentication works fine from a user namespace (systemd
241 works fine), we can enable rootless healthchecks.

It uses "systemd-run --user" for creating the healthcheck timer and
communicates with the user instance of systemd listening at
$XDG_RUNTIME_DIR/systemd/private.

Closes: #3523

Signed-off-by: Giuseppe Scrivano [email protected]

@openshift-ci-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giuseppe

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 9, 2019
@giuseppe giuseppe mentioned this pull request Jul 9, 2019
Closed
@giuseppe
healthcheck: support rootless mode
c6c637d 
now that dbus authentication works fine from a user namespace (systemd
241 works fine), we can enable rootless healthchecks.

It uses "systemd-run --user" for creating the healthcheck timer and
communicates with the user instance of systemd listening at
$XDG_RUNTIME_DIR/systemd/private.

Closes: containers#3523

Signed-off-by: Giuseppe Scrivano <[email protected]>
@stefanb2
Copy link
Contributor

stefanb2 commented Jul 9, 2019

Looks like this fixes this issue:

$ podman run --name=docker_mongo_3_4_7 -d ... --healthcheck-command /bin/sh -c docker-healthcheck docker.COMPANY.COM:5004/PATH/mongo:3.4.7 --smallfiles
922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c

$ systemctl --user status 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c
● 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c.service - /usr/bin/podman healthcheck run 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0b>
   Loaded: loaded (/run/user/1000/systemd/transient/922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c.service; transient)
Transient: yes
   Active: inactive (dead) since Tue 2019-07-09 15:30:50 EEST; 6s ago
  Process: 17103 ExecStart=/usr/bin/podman healthcheck run 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c (code=exited, status=0/SUCCESS)
 Main PID: 17103 (code=exited, status=0/SUCCESS)

heinä 09 15:30:50 beckst-lnx systemd[1641]: Started /usr/bin/podman healthcheck run 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c.
heinä 09 15:30:50 beckst-lnx podman[17103]: healthy
heinä 09 15:30:50 beckst-lnx systemd[1641]: 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c.service: Succeeded.

$ systemctl --user status 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c.timer
● 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c.timer - /usr/bin/podman healthcheck run 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5>
   Loaded: loaded (/run/user/1000/systemd/transient/922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c.timer; transient)
Transient: yes
   Active: active (waiting) since Tue 2019-07-09 15:26:10 EEST; 5min ago
  Trigger: Tue 2019-07-09 15:31:51 EEST; 19s left

heinä 09 15:26:10 beckst-lnx systemd[1641]: Started /usr/bin/podman healthcheck run 922d1277cc48418620843ecdc2ea1447c2cbd1322eaa0be5b8fe5c8fbc15e99c.

$ podman container inspect --format '{{json .Config.Healthcheck}}' docker_mongo_3_4_7
{"Test":["/bin/sh","-c","docker-healthcheck"],"Interval":30000000000,"Timeout":30000000000,"Retries":3}

$ podman container inspect --format '{{json .State.Healthcheck}}' docker_mongo_3_4_7
{"Status":"healthy","FailingStreak":0,"Log":[{"Start":"2019-07-09T15:30:50.215217205+03:00","End":"2019-07-09T15:30:50.417395522+03:00","ExitCode":0,"Output":""},{"Start":"2019-07-09T15:31:21.21267606+03:00","End":"2019-07-09T15:31:21.408044864+03:00","ExitCode":0,"Output":""},{"Start":"2019-07-09T15:31:52.215381587+03:00","End":"2019-07-09T15:31:52.41479621+03:00","ExitCode":0,"Output":""},{"Start":"2019-07-09T15:32:23.23313914+03:00","End":"2019-07-09T15:32:23.456162557+03:00","ExitCode":0,"Output":""},{"Start":"2019-07-09T15:32:54.218175701+03:00","End":"2019-07-09T15:32:54.412113251+03:00","ExitCode":0,"Output":""}]}

I'm unsure: should I report this here or on the issue? Is there a comment command I have to write to "acknowledge" the fix?

@giuseppe
Copy link
Member Author

giuseppe commented Jul 9, 2019

@stefanb2 here it is enough. Thanks to have tried it out!

@stefanb2
Copy link
Contributor

stefanb2 commented Jul 9, 2019

... and the service & timer units are removed after the container is stopped.

@rhatdan
Copy link
Member

rhatdan commented Jul 9, 2019

/lgtm
/hold

@openshift-ci-robot openshift-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm Indicates that a PR is ready to be merged. labels Jul 9, 2019
@mheon
Copy link
Member

mheon commented Jul 9, 2019

LGTM, nice work @giuseppe

@mheon
Copy link
Member

mheon commented Jul 9, 2019

/hold cancel

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 9, 2019
@mheon mheon mentioned this pull request Jul 9, 2019
Merged
@openshift-merge-robot openshift-merge-robot merged commit 76aa8f6 into containers:master Jul 9, 2019
@aleks-mariusz aleks-mariusz mentioned this pull request Apr 2, 2020
Closed
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 26, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@TomSweeneyRedHat TomSweeneyRedHat Awaiting requested review from TomSweeneyRedHat

@umohnani8 umohnani8 Awaiting requested review from umohnani8

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Creation of healthcheck service fails in rootless mode
6 participants
@giuseppe @openshift-ci-robot @stefanb2 @rhatdan @mheon @openshift-merge-robot