PoC: run containers in systemd services

Change-Id: I3d55ad828c1e1e123f023f27ce21a9cbf71042ee
stackhpc · Jan 21, 2021 · e44d4b0 · markgoddard · Feb 8, 2021 · e44d4b0
1 parent 059c735
commit e44d4b0
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 18 deletions.
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
@@ -90,6 +90,12 @@ database_connection_recycle_time: 10
 database_max_pool_size: 1
 
 
+####################
+# Container engine options
+####################
+container_binary: "docker"
+
+
 ####################
 # Docker options
 ####################

diff --git a/ansible/roles/glance/handlers/main.yml b/ansible/roles/glance/handlers/main.yml
@@ -4,16 +4,10 @@
     service_name: "glance-api"
     service: "{{ glance_services[service_name] }}"
   become: true
-  kolla_docker:
-    action: "recreate_or_restart_container"
-    common_options: "{{ docker_common_options }}"
-    name: "{{ service.container_name }}"
-    image: "{{ service.image }}"
-    privileged: "{{ service.privileged }}"
-    environment: "{{ service.environment }}"
-    volumes: "{{ service.volumes|reject('equalto', '')|list }}"
-    dimensions: "{{ service.dimensions }}"
-    healthcheck: "{{ service.healthcheck | default(omit) }}"
+  service:
+    name: "{{ service_name }}"
+    state: restarted
+    enabled: true
   when:
     - kolla_action != "config"
 
@@ -22,13 +16,9 @@
     service_name: "glance-tls-proxy"
     service: "{{ glance_services[service_name] }}"
   become: true
-  kolla_docker:
-    action: "recreate_or_restart_container"
-    common_options: "{{ docker_common_options }}"
-    name: "{{ service.container_name }}"
-    image: "{{ service.image }}"
-    volumes: "{{ service.volumes|reject('equalto', '')|list }}"
-    dimensions: "{{ service.dimensions }}"
-    healthcheck: "{{ service.healthcheck | default(omit) }}"
+  service:
+    name: "{{ service_name }}"
+    state: restarted
+    enabled: true
   when:
     - kolla_action != "config"
diff --git a/ansible/roles/glance/tasks/config.yml b/ansible/roles/glance/tasks/config.yml
@@ -66,6 +66,22 @@
   notify:
     - Restart {{ item.key }} container
 
+- name: Copying over systemd unit files
+  become: true
+  merge_configs:
+    sources:
+      - "{{ role_path }}/templates/{{ item.key }}.service.j2"
+      - "{{ node_custom_config }}/glance/{{ item.key }}.service"
+      - "{{ node_custom_config }}/glance/{{ inventory_hostname }}/{{ item.key }}.service"
+    dest: "/etc/systemd/system/{{ item.key }}.service"
+    mode: "0660"
+  when:
+    - item.value.enabled | bool
+    - item.value.host_in_groups | bool
+  with_dict: "{{ glance_services }}"
+  notify:
+    - Restart {{ item.key }} container
+
 - name: Copying over glance-api.conf
   vars:
     glance_api: "{{ glance_services['glance-api'] }}"

diff --git a/ansible/roles/glance/templates/glance-api.service.j2 b/ansible/roles/glance/templates/glance-api.service.j2
@@ -0,0 +1,51 @@
+[Unit]
+Description=Glance API
+{% if container_binary == 'docker' %}
+After=docker.service
+Requires=docker.service
+{% else %}
+After=network.target
+{% endif %}
+
+[Service]
+EnvironmentFile=-/etc/environment
+{% if container_binary == 'podman' %}
+ExecStartPre=-/usr/bin/rm -f /%t/%n-pid /%t/%n-cid
+ExecStartPre=-/usr/bin/{{ container_binary }} rm --storage {{ item.value.container_name }}
+{% else %}
+ExecStartPre=-/usr/bin/{{ container_binary }} stop {{ item.value.container_name }}
+{% endif %}
+ExecStartPre=-/usr/bin/{{ container_binary }} rm {{ item.value.container_name }}
+{# TODO: dimensions, healthcheck #}
+ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
+{% if container_binary == 'podman' %}
+  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
+{% endif %}
+{% for volume in item.value.volumes | select | list %}
+  -v {{ volume }} \
+{% endfor %}
+  --name={{ item.value.container_name }} \
+{% if item.value.privileged | bool %}
+  --privileged \
+{% endif %}
+{% for key, value in item.value.environment.items() %}
+  --env {{ key }}={{ value }} \
+{% endfor %}
+  {{ item.value.image }}
+{% if container_binary == 'podman' %}
+ExecStop=-/usr/bin/sh -c "/usr/bin/{{ container_binary }} rm -f `cat /%t/%n-cid`"
+{% else %}
+ExecStopPost=-/usr/bin/{{ container_binary }} stop {{ item.value.container_name }}
+{% endif %}
+KillMode=none
+Restart=always
+RestartSec=10s
+TimeoutStartSec=120
+TimeoutStopSec=15
+{% if container_binary == 'podman' %}
+Type=forking
+PIDFile=/%t/%n-pid
+{% endif %}
+
+[Install]
+WantedBy=multi-user.target