Restart policy users #1039
Restart policy users #1039
Conversation
src/ImageRunModal.jsx
Outdated
| @@ -353,6 +354,8 @@ export class ImageRunModal extends React.Component { | |||
| componentDidMount() { | |||
| this._isMounted = true; | |||
| this.onSearchTriggered(this.state.searchText); | |||
| cockpit.file(`/var/lib/systemd/linger/${this.props.user}`).read() | |||
| .then((content, tag) => this.setState({ userLingeringEnabled: content !== null && tag !== '-' })); | |||
There was a problem hiding this comment.
Alternative if we don't want to depend on this file existing, call
[jelle@t14s][~/projects/systemd/build]%loginctl show-user jelle | grep Linger
Linger=yes
Or use the DBUS interface:
But we need to get an uid then.
[jelle@t14s][~/projects/systemd/build]%sudo busctl call org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager GetUser u 1000
o "/org/freedesktop/login1/user/_1000"
[jelle@t14s][~/projects/systemd/build]%busctl get-property org.freedesktop.login1 /org/freedesktop/login1/user/_1000 org.freedesktop.login1.User Linger
b true
There was a problem hiding this comment.
Although, maybe this should watch? As now a user has to reload the browser to notice changes.
There was a problem hiding this comment.
Yeah, with very few exceptions we don't require a user to reload the browser for any other changes in Cockpit, really. (The only one I can think of is rebooting in Cockpit, and we should really fix that with a little bit of "PWA" magic. But that's completely out of scope for Cockpit-Podman. 😉 )
There was a problem hiding this comment.
But we need to get an uid then
what do you mean? you need the uid for building the path as well, and that path isn't a public API. D-Bus property would really be better, and you should also get a PropertyChanged message for it?
There was a problem hiding this comment.
Looking at https://freedesktop.org/wiki/Software/systemd/logind/ I am not sure if we even get a PropertyChanged event as the page only mentions PropertyChanged where it seems to emit it?
There was a problem hiding this comment.
Tried:
┃ const loginmanager = client.proxy();
┃ loginmanager.addEventListener("changed", (changes) => console.log(changes));
┃ client.subscribe({
E interface: "org.freedesktop.DBus.Properties", ■ Expected indentation of 12 spaces but found 13.
E member: "PropertiesChanged" ■ Expected indentation of 12 spaces but found 13.
E }, (changes) => console.log(changes)); ■ Block must not be padded by blank lines.
But does not seem to work
There was a problem hiding this comment.
OK, meh. If you want to implement reacting to changes, can you please file a systemd issue about the missing PropertiesChanged signal, and describe our workaround? Then we can add a file watch to that directory with a # HACK coomment. This then needs a test to tell us when it stops working (like, the file moves someplace else).
There was a problem hiding this comment.
FTR, https://www.freedesktop.org/wiki/Software/systemd/logind/ explicitly documents the signals that do generate a PropertiesChanged. So it's "intended" in some sense. We can still ask for this if it's useful, of course.
There was a problem hiding this comment.
I added a new test, but maybe that's unrequired and we can just check if the file exists? It feels a bit expensive to keep adding tests.
There was a problem hiding this comment.
Not sure what you mean by this, but indeed this whole PR is a lot of effort. Honestly I don't quite like that the linger file hack is now at two different places. This shouldn't be necessary -- .watch() always fires its callback immediately with the current file contents.
(FWIW, I still consider this whole feature "unrequired" -- I guess you better land this while I'm on PTO and not watching 😁 ))
jelly
force-pushed
the
restart-policy-users
branch
3 times, most recently
from
2b123ab
to
17708f5
Compare
jelly
force-pushed
the
restart-policy-users
branch
from
17708f5
to
2673894
Compare
marusak
force-pushed
the
restart-policy-users
branch
from
2673894
to
6766810
Compare
| @@ -24,6 +24,9 @@ registries = ['localhost:5000', 'localhost:6000'] | |||
|
|
|||
| NOT_RUNNING = ["Exited", "Stopped"] | |||
|
|
|||
| # Ubuntu 2204 lacks user systemd units https://github.com/containers/podman/commit/9312d458b4254b48e331d1ae40cb2f6d0fec9bd0 | |||
There was a problem hiding this comment.
Weird .. I remember that bug, and the fix landed two years ago. That isn't a good reference, if it still doesn't work there, it broke again.
There was a problem hiding this comment.
This is what I get on our image:
admin@ubuntu:~$ cat /etc/os-release | grep VERSION
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
admin@ubuntu:~$ systemctl --user start podman-restart
Failed to start podman-restart.service: Unit podman-restart.service not found.
admin@ubuntu:~$ podman --version
podman version 3.4.4
There was a problem hiding this comment.
I can't find a bug report here https://launchpad.net/ubuntu/+source/libpod/+bugs should I report a new one?
There was a problem hiding this comment.
Yes please. From the changelog it doesn't look intended.
jelly
force-pushed
the
restart-policy-users
branch
2 times, most recently
from
2ab42f0
to
76844e5
Compare
jelly
force-pushed
the
restart-policy-users
branch
from
76844e5
to
f50b84c
Compare
| @@ -2028,15 +2031,28 @@ class TestApplication(testlib.MachineCase): | |||
| def testHealthcheckUser(self): | |||
| self._testHealthcheck(False) | |||
|
|
|||
| def testPodmanRestartEnabled(self): | |||
| @testlib.skipImage("podman-restart not available in debian/ubuntu", *DISTROS_WITHOUT_PODMAN_USER_RESTART) | |||
There was a problem hiding this comment.
It does work fine in Debian, right? so somehow the package gets misbuilt in Ubuntu.
src/app.jsx
Outdated
| [uid], { type: "u" }) | ||
| .then(([userpath]) => { | ||
| client.call(userpath, "org.freedesktop.DBus.Properties", "Get", | ||
| ["org.freedesktop.login1.User", "Linger"], { type: "ss" }).then(([result]) => { |
There was a problem hiding this comment.
Please always break the line before .then, so that the .catch aligns and this becomes readable.
test/check-application
Outdated
| b.wait_visible('#containers-images td[data-label="Image"]:contains("busybox:latest")') | ||
| b.click('#containers-images tbody tr:contains("busybox:latest") .ct-container-create') | ||
| b.wait_visible('div.pf-c-modal-box header:contains("Create container")') | ||
| b.wait_visible("#run-image-dialog-restart-policy") |
There was a problem hiding this comment.
Hmm, this is visible even if podman-restart.service isn't available?
There was a problem hiding this comment.
Good point, we do check for it for the system service, but not the user service yet. Also a good point is to check when we can drop that..
jelly
force-pushed
the
restart-policy-users
branch
from
4ac5275
to
16e54ee
Compare
jelly
force-pushed
the
restart-policy-users
branch
from
16e54ee
to
fe3082b
Compare
This allows users who have lingering enabled to set a restart policy to automatically restart a container on boot for example. We don't want to enable lingering automatically as this is a security concern. Systemd's logind dbus API has no subscription mechanism so we depend on systemd's implementation detail. systemd/systemd#22244 Closes cockpit-project#921
jelly
force-pushed
the
restart-policy-users
branch
from
fe3082b
to
c9691ba
Compare
Restart policy available for users with lingering enabled
Although lingering is not recommended, cockpit-podman now supports setting a restart policy when a user has enabled lingering.