Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

batou_ext.oci: Add support for podman #204

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

batou_ext.oci: Add support for podman #204

wants to merge 4 commits into from

Conversation

Ma27
Copy link
Member

@Ma27 Ma27 commented Nov 29, 2024

FC-37959

We mostly want this for healthchecks that must pass before the unit is actually active.

@Ma27
batou_ext.oci: Add support for podman
3476623 
FC-37959

We mostly want this for healthchecks that must pass before the unit is
actually active.
@Ma27 Ma27 marked this pull request as ready for review December 30, 2024 14:34
@Ma27 Ma27 requested a review from PhilTaken December 30, 2024 14:35
@PhilTaken
Copy link
Member

Considering how considerable the differences between podman and docker are I'd almost think about splitting it up into two Components 🤔 that might however introduce a bunch of copy-pasted code. This would also eliminate the need to specifiy the backend for every single container.

@Ma27
Copy link
Member Author

Ma27 commented Jan 9, 2025

Given that

I'd argue that it would be fine to keep it as-is.

This would also eliminate the need to specifiy the backend for every single container.

Hmm... I'd have to check whether the current approach allows podman & docker in parallel in the first place now that I think of it. You set the backend globally in NixOS.
So perhaps we need to structure that part in a different way anyways.

@Ma27
Copy link
Member Author

Ma27 commented Jan 17, 2025

Hmm... I'd have to check whether the current approach allows podman & docker in parallel in the first place now that I think of it. You set the backend globally in NixOS.

Yeah, backend is set globally, so doing it per-container here doesn't make sense.

Ma27 added 3 commits January 17, 2025 12:43
@Ma27
batou_ext.oci: add PodmanRuntime component
ec28e3f 
FC-37959

This component is used to indicate that a host uses podman instead of
docker to run containers. NixOS only allows to set this globally, so it
doesn't make sense to configure it per-container in here.
@Ma27
batou_ext.oci.Container: only create cgroup delegation for sdnotify=h…
5dabf0e 
…ealthy

Otherwise the startup seems to run into a timeout.

FC-37959
@Ma27
batou_ext.oci: small fixes
c642316 
* I don't really know how to get 'container' to work, but it's probably
  irrelevant anyways (app in container is supposed to `sd_notify(3)`
  there)

* Turn off lingering for conmon, this seems pretty broken. Also make
  sure the dependencies are set up correctly for strategy healthy.
@Ma27
Copy link
Member Author

Ma27 commented Jan 17, 2025

@PhilTaken the backend setting is now done via another component.

Ma27
Ma27 commented Jan 17, 2025
View reviewed changes
src/batou_ext/resources/oci-template.nix
users.users."{{ component.user }}".linger = true;
# {% endif %}
# {% if component.sd_notify == "conmon" %}
users.users."{{ component.user }}".linger = false;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This means btw we can't have conmon & healthy for containers running as the same user, unfortunately :(

@PhilTaken
Copy link
Member

I like the podmanruntime component here, that simplifies usage a bunch. I still think theres almost too much complexity in the ocicontainer component here but I cannot think of a good solution.

Did you test this with a reasonably complex deployment?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PhilTaken PhilTaken Awaiting requested review from PhilTaken

Assignees

@PhilTaken PhilTaken

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Ma27 @PhilTaken