New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restart policy users #1039
Restart policy users #1039
Conversation
src/ImageRunModal.jsx
Outdated
@@ -353,6 +354,8 @@ export class ImageRunModal extends React.Component { | |||
componentDidMount() { | |||
this._isMounted = true; | |||
this.onSearchTriggered(this.state.searchText); | |||
cockpit.file(`/var/lib/systemd/linger/${this.props.user}`).read() | |||
.then((content, tag) => this.setState({ userLingeringEnabled: content !== null && tag !== '-' })); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alternative if we don't want to depend on this file existing, call
[jelle@t14s][~/projects/systemd/build]%loginctl show-user jelle | grep Linger
Linger=yes
Or use the DBUS interface:
But we need to get an uid then.
[jelle@t14s][~/projects/systemd/build]%sudo busctl call org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager GetUser u 1000
o "/org/freedesktop/login1/user/_1000"
[jelle@t14s][~/projects/systemd/build]%busctl get-property org.freedesktop.login1 /org/freedesktop/login1/user/_1000 org.freedesktop.login1.User Linger
b true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although, maybe this should watch? As now a user has to reload the browser to notice changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, with very few exceptions we don't require a user to reload the browser for any other changes in Cockpit, really. (The only one I can think of is rebooting in Cockpit, and we should really fix that with a little bit of "PWA" magic. But that's completely out of scope for Cockpit-Podman. 😉 )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But we need to get an uid then
what do you mean? you need the uid for building the path as well, and that path isn't a public API. D-Bus property would really be better, and you should also get a PropertyChanged message for it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at https://freedesktop.org/wiki/Software/systemd/logind/ I am not sure if we even get a PropertyChanged event as the page only mentions PropertyChanged where it seems to emit it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tried:
┃ const loginmanager = client.proxy();
┃ loginmanager.addEventListener("changed", (changes) => console.log(changes));
┃ client.subscribe({
E interface: "org.freedesktop.DBus.Properties", ■ Expected indentation of 12 spaces but found 13.
E member: "PropertiesChanged" ■ Expected indentation of 12 spaces but found 13.
E }, (changes) => console.log(changes)); ■ Block must not be padded by blank lines.
But does not seem to work
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, meh. If you want to implement reacting to changes, can you please file a systemd issue about the missing PropertiesChanged signal, and describe our workaround? Then we can add a file watch to that directory with a # HACK
coomment. This then needs a test to tell us when it stops working (like, the file moves someplace else).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FTR, https://www.freedesktop.org/wiki/Software/systemd/logind/ explicitly documents the signals that do generate a PropertiesChanged. So it's "intended" in some sense. We can still ask for this if it's useful, of course.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a new test, but maybe that's unrequired and we can just check if the file exists? It feels a bit expensive to keep adding tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what you mean by this, but indeed this whole PR is a lot of effort. Honestly I don't quite like that the linger file hack is now at two different places. This shouldn't be necessary -- .watch() always fires its callback immediately with the current file contents.
(FWIW, I still consider this whole feature "unrequired" -- I guess you better land this while I'm on PTO and not watching 😁 ))
2b123ab
to
17708f5
Compare
17708f5
to
2673894
Compare
2673894
to
6766810
Compare
@@ -24,6 +24,9 @@ registries = ['localhost:5000', 'localhost:6000'] | |||
|
|||
NOT_RUNNING = ["Exited", "Stopped"] | |||
|
|||
# Ubuntu 2204 lacks user systemd units https://github.com/containers/podman/commit/9312d458b4254b48e331d1ae40cb2f6d0fec9bd0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Weird .. I remember that bug, and the fix landed two years ago. That isn't a good reference, if it still doesn't work there, it broke again.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is what I get on our image:
admin@ubuntu:~$ cat /etc/os-release | grep VERSION
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
admin@ubuntu:~$ systemctl --user start podman-restart
Failed to start podman-restart.service: Unit podman-restart.service not found.
admin@ubuntu:~$ podman --version
podman version 3.4.4
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't find a bug report here https://launchpad.net/ubuntu/+source/libpod/+bugs should I report a new one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes please. From the changelog it doesn't look intended.
2ab42f0
to
76844e5
Compare
76844e5
to
f50b84c
Compare
@@ -2028,15 +2031,28 @@ class TestApplication(testlib.MachineCase): | |||
def testHealthcheckUser(self): | |||
self._testHealthcheck(False) | |||
|
|||
def testPodmanRestartEnabled(self): | |||
@testlib.skipImage("podman-restart not available in debian/ubuntu", *DISTROS_WITHOUT_PODMAN_USER_RESTART) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does work fine in Debian, right? so somehow the package gets misbuilt in Ubuntu.
src/app.jsx
Outdated
[uid], { type: "u" }) | ||
.then(([userpath]) => { | ||
client.call(userpath, "org.freedesktop.DBus.Properties", "Get", | ||
["org.freedesktop.login1.User", "Linger"], { type: "ss" }).then(([result]) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please always break the line before .then, so that the .catch aligns and this becomes readable.
test/check-application
Outdated
b.wait_visible('#containers-images td[data-label="Image"]:contains("busybox:latest")') | ||
b.click('#containers-images tbody tr:contains("busybox:latest") .ct-container-create') | ||
b.wait_visible('div.pf-c-modal-box header:contains("Create container")') | ||
b.wait_visible("#run-image-dialog-restart-policy") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, this is visible even if podman-restart.service isn't available?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, we do check for it for the system service, but not the user service yet. Also a good point is to check when we can drop that..
4ac5275
to
16e54ee
Compare
16e54ee
to
fe3082b
Compare
This allows users who have lingering enabled to set a restart policy to automatically restart a container on boot for example. We don't want to enable lingering automatically as this is a security concern. Systemd's logind dbus API has no subscription mechanism so we depend on systemd's implementation detail. systemd/systemd#22244 Closes cockpit-project#921
fe3082b
to
c9691ba
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Restart policy available for users with lingering enabled
Although lingering is not recommended, cockpit-podman now supports setting a restart policy when a user has enabled lingering.