From 689d97a1d1c25f572303e67bd73db81fccfa2ed8 Mon Sep 17 00:00:00 2001 From: Ygal Blum Date: Wed, 3 Jan 2024 15:27:30 +0200 Subject: [PATCH] Quadlet - add StopTimeout key for .container file Allow setting the timeout for stopping the container Add test Update man Signed-off-by: Ygal Blum --- docs/source/markdown/podman-systemd.unit.5.md | 9 +++++++++ pkg/systemd/quadlet/quadlet.go | 6 ++++++ test/e2e/quadlet/stoptimeout.container | 5 +++++ test/e2e/quadlet_test.go | 1 + 4 files changed, 21 insertions(+) create mode 100644 test/e2e/quadlet/stoptimeout.container diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md index 908d515997..1876434ab9 100644 --- a/docs/source/markdown/podman-systemd.unit.5.md +++ b/docs/source/markdown/podman-systemd.unit.5.md @@ -212,6 +212,7 @@ Valid options for `[Container]` are listed below: | SecurityLabelNested=true | --security-opt label=nested | | SecurityLabelType=spc_t | --security-opt label=type:spc_t | | ShmSize=100m | --shm-size=100m | +| StopTimeout=20 | --stop-timeout=20 | | SubGIDMap=gtest | --subgidname=gtest | | SubUIDMap=utest | --subuidname=utest | | Sysctl=name=value | --sysctl=name=value | @@ -616,6 +617,14 @@ Size of /dev/shm. This is equivalent to the Podman `--shm-size` option and generally has the form `number[unit]` +### `StopTimeout=` + +Seconds to wait before forcibly stopping the container. + +Note, this value should be lower than the actual systemd unit timeout to make sure the podman rm command is not killed by systemd. + +This is equivalent to the Podman `--stop-timeout` option + ### `SubGIDMap=` Run the container in a new user namespace using the map with name in the /etc/subgid file. diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go index a0bd7bfea4..a7845cade9 100644 --- a/pkg/systemd/quadlet/quadlet.go +++ b/pkg/systemd/quadlet/quadlet.go @@ -138,6 +138,7 @@ const ( KeySecurityLabelType = "SecurityLabelType" KeySetWorkingDirectory = "SetWorkingDirectory" KeyShmSize = "ShmSize" + KeyStopTimeout = "StopTimeout" KeySubGIDMap = "SubGIDMap" KeySubUIDMap = "SubUIDMap" KeySysctl = "Sysctl" @@ -230,6 +231,7 @@ var ( KeySecurityLabelNested: true, KeySecurityLabelType: true, KeyShmSize: true, + KeyStopTimeout: true, KeySubGIDMap: true, KeySubUIDMap: true, KeySysctl: true, @@ -772,6 +774,10 @@ func ConvertContainer(container *parser.UnitFile, names map[string]string, isUse return nil, err } + if stopTimeout, ok := container.Lookup(ContainerGroup, KeyStopTimeout); ok && len(stopTimeout) > 0 { + podman.add("--stop-timeout", stopTimeout) + } + handlePodmanArgs(container, ContainerGroup, podman) if len(image) > 0 { diff --git a/test/e2e/quadlet/stoptimeout.container b/test/e2e/quadlet/stoptimeout.container new file mode 100644 index 0000000000..23827c0e4c --- /dev/null +++ b/test/e2e/quadlet/stoptimeout.container @@ -0,0 +1,5 @@ +## assert-podman-args "--stop-timeout" "20" + +[Container] +Image=localhost/imagename +StopTimeout=20 diff --git a/test/e2e/quadlet_test.go b/test/e2e/quadlet_test.go index 6d568342d1..53eb6889d0 100644 --- a/test/e2e/quadlet_test.go +++ b/test/e2e/quadlet_test.go @@ -812,6 +812,7 @@ BOGUS=foo Entry("selinux.container", "selinux.container", 0, ""), Entry("shmsize.container", "shmsize.container", 0, ""), Entry("shortname.container", "shortname.container", 0, "Warning: shortname.container specifies the image \"shortname\" which not a fully qualified image name. This is not ideal for performance and security reasons. See the podman-pull manpage discussion of short-name-aliases.conf for details."), + Entry("stoptimeout.container", "stoptimeout.container", 0, ""), Entry("subidmapping.container", "subidmapping.container", 0, ""), Entry("subidmapping-with-remap.container", "subidmapping-with-remap.container", 1, "converting \"subidmapping-with-remap.container\": deprecated Remap keys are set along with explicit mapping keys"), Entry("sysctl.container", "sysctl.container", 0, ""),