nspawn containers should be able to exit with a non-zero status #1290
Assignees
Milestone
Comments
|
Looks good to me. Note that the |
|
SGTM, thanks @alban ! |
|
btw, I sent SIGINT to the systemd process in the nspawn. The nspawn does reboot. |
|
@yifan-gu yeah, sending SIGINT to PID 1 results in reboot on SysV. The kernel actually never sends SIGINT to the PID1, but instead just reports to nspawn a reboot() called in the container as "killed by signal SIGINT"... |
poettering
added
RFE 🎁
alban
added a commit
to alban/systemd
that referenced
this issue
Sep 18, 2015
alban
added a commit
to alban/systemd
that referenced
this issue
Sep 18, 2015
alban
added a commit
to alban/systemd
that referenced
this issue
Sep 18, 2015
When a systemd service running in a container exits with a non-zero code, it can be useful to terminate the container immediately and get the exit code back to the host, when systemd-nspawn returns. This was not possible to do. This patch adds the following to make it possible: - Add a read-only "ExitCode" property on PID 1's "Manager" bus object. By default, it is 0 so the behaviour stays the same as previously. - Add a method "SetExitCode" on the same object. The method fails when called on baremetal: it is only allowed in containers or in user session. - Add support in systemctl to call "systemctl exit 42". It reuses the existing code for user session. - Add exit.target to the system instance. It has the following condition: ConditionVirtualization=container. - Change main() to actually allow exit() with the correct value. - Update systemctl manpage. I used the following to test it: | $ sudo rkt --debug --insecure-skip-verify run \ | --mds-register=false --local docker://busybox \ | --exec=/bin/chroot -- /proc/1/root \ | systemctl --force exit 42 | ... | Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42. | $ echo $? | 42 I don't know why I have to use --force. Fixes systemd#1290
alban
added a commit
to alban/systemd
that referenced
this issue
Sep 18, 2015
When a systemd service running in a container exits with a non-zero code, it can be useful to terminate the container immediately and get the exit code back to the host, when systemd-nspawn returns. This was not possible to do. This patch adds the following to make it possible: - Add a read-only "ExitCode" property on PID 1's "Manager" bus object. By default, it is 0 so the behaviour stays the same as previously. - Add a method "SetExitCode" on the same object. The method fails when called on baremetal: it is only allowed in containers or in user session. - Add support in systemctl to call "systemctl exit 42". It reuses the existing code for user session. - Add exit.target to the system instance. It has the following condition: ConditionVirtualization=container. - Change main() to actually allow exit() with the correct value. - Update systemctl manpage. I used the following to test it: | $ sudo rkt --debug --insecure-skip-verify run \ | --mds-register=false --local docker://busybox \ | --exec=/bin/chroot -- /proc/1/root \ | systemctl --force exit 42 | ... | Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42. | $ echo $? | 42 I don't know why I have to use --force. Fixes systemd#1290
alban
added a commit
to alban/systemd
that referenced
this issue
Sep 20, 2015
When a systemd service running in a container exits with a non-zero code, it can be useful to terminate the container immediately and get the exit code back to the host, when systemd-nspawn returns. This was not possible to do. This patch adds the following to make it possible: - Add a read-only "ExitCode" property on PID 1's "Manager" bus object. By default, it is 0 so the behaviour stays the same as previously. - Add a method "SetExitCode" on the same object. The method fails when called on baremetal: it is only allowed in containers or in user session. - Add support in systemctl to call "systemctl exit 42". It reuses the existing code for user session. - Add exit.target to the system instance. It has the following condition: ConditionVirtualization=container. - Change main() to actually call systemd-shutdown to exit() with the correct value. - Add verb 'exit' in systemd-shutdown with parameter --exit-code - Update systemctl manpage. I used the following to test it: | $ sudo rkt --debug --insecure-skip-verify run \ | --mds-register=false --local docker://busybox \ | --exec=/bin/chroot -- /proc/1/root \ | systemctl --force exit 42 | ... | Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42. | $ echo $? | 42 Fixes systemd#1290
alban
added a commit
to alban/systemd
that referenced
this issue
Sep 21, 2015
When a systemd service running in a container exits with a non-zero code, it can be useful to terminate the container immediately and get the exit code back to the host, when systemd-nspawn returns. This was not possible to do. This patch adds the following to make it possible: - Add a read-only "ExitCode" property on PID 1's "Manager" bus object. By default, it is 0 so the behaviour stays the same as previously. - Add a method "SetExitCode" on the same object. The method fails when called on baremetal: it is only allowed in containers or in user session. - Add support in systemctl to call "systemctl exit 42". It reuses the existing code for user session. - Add exit.target to the system instance. It has the following condition: ConditionVirtualization=container. - Change main() to actually call systemd-shutdown to exit() with the correct value. - Add verb 'exit' in systemd-shutdown with parameter --exit-code - Update systemctl manpage. I used the following to test it: | $ sudo rkt --debug --insecure-skip-verify run \ | --mds-register=false --local docker://busybox \ | --exec=/bin/chroot -- /proc/1/root \ | systemctl --force exit 42 | ... | Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42. | $ echo $? | 42 Fixes systemd#1290
For the record, this feature will be available in v227. |
alban
added a commit
to alban/systemd
that referenced
this issue
Sep 21, 2015
When a systemd service running in a container exits with a non-zero code, it can be useful to terminate the container immediately and get the exit code back to the host, when systemd-nspawn returns. This was not possible to do. This patch adds the following to make it possible: - Add a read-only "ExitCode" property on PID 1's "Manager" bus object. By default, it is 0 so the behaviour stays the same as previously. - Add a method "SetExitCode" on the same object. The method fails when called on baremetal: it is only allowed in containers or in user session. - Add support in systemctl to call "systemctl exit 42". It reuses the existing code for user session. - Add exit.target to the system instance. It has the following condition: ConditionVirtualization=container. - Change main() to actually call systemd-shutdown to exit() with the correct value. - Add verb 'exit' in systemd-shutdown with parameter --exit-code - Update systemctl manpage. I used the following to test it: | $ sudo rkt --debug --insecure-skip-verify run \ | --mds-register=false --local docker://busybox \ | --exec=/bin/chroot -- /proc/1/root \ | systemctl --force exit 42 | ... | Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42. | $ echo $? | 42 Fixes systemd#1290
alban
added a commit
to alban/systemd
that referenced
this issue
Sep 21, 2015
When a systemd service running in a container exits with a non-zero code, it can be useful to terminate the container immediately and get the exit code back to the host, when systemd-nspawn returns. This was not possible to do. This patch adds the following to make it possible: - Add a read-only "ExitCode" property on PID 1's "Manager" bus object. By default, it is 0 so the behaviour stays the same as previously. - Add a method "SetExitCode" on the same object. The method fails when called on baremetal: it is only allowed in containers or in user session. - Add support in systemctl to call "systemctl exit 42". It reuses the existing code for user session. - Add exit.target and systemd-exit.service to the system instance. - Change main() to actually call systemd-shutdown to exit() with the correct value. - Add verb 'exit' in systemd-shutdown with parameter --exit-code - Update systemctl manpage. I used the following to test it: | $ sudo rkt --debug --insecure-skip-verify run \ | --mds-register=false --local docker://busybox \ | --exec=/bin/chroot -- /proc/1/root \ | systemctl --force exit 42 | ... | Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42. | $ echo $? | 42 Fixes systemd#1290
ghost
mentioned this issue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a nspawn container running systemd as pid1, and it runs several services. I would like that if any service fails, the container terminates and nspawn returns an non-zero exit code ($? in the shell).
I can configure the services to run
halt.targeton failure and the container will shutdown. Butsystemd-nspawnwill always return the exit code 0. At the moment, this is not possible to return a different value when a service in the container fails.The way it currently works in the container is:
systemctl haltsystemdcallssystemd-shutdownsystemd-shutdowncalls the system callreboot()sendpretend thatSIGINTto pid1 (systemd)SIGINTis sent to pid1 (systemd). Thesystemdprocess and all processes in the container get terminated.systemd-nspawnnotices thatsystemdwas killed bySIGINTand understands that as a normal shutdownsystemd-nspawnreturns the exit code 0After discussion on irc, it could be implemented in this way:
This feature request was inspired by rkt/rkt#1407 (comment)
/cc @yifan-gu @iaguis @poettering
The text was updated successfully, but these errors were encountered: