Merge pull request #21142 from ygalblum/quadlet-stop-params

Quadlet - add StopTimeout key for .container file

docs/source/markdown/podman-systemd.unit.5.md

@@ -212,6 +212,7 @@ Valid options for `[Container]` are listed below:
 | SecurityLabelNested=true             | --security-opt label=nested                          |
 | SecurityLabelType=spc_t              | --security-opt label=type:spc_t                      |
 | ShmSize=100m                         | --shm-size=100m                                      |
+| StopTimeout=20                       | --stop-timeout=20                                    |
 | SubGIDMap=gtest                      | --subgidname=gtest                                   |
 | SubUIDMap=utest                      | --subuidname=utest                                   |
 | Sysctl=name=value                    | --sysctl=name=value                                  |
@@ -616,6 +617,14 @@ Size of /dev/shm.
 
 This is equivalent to the Podman `--shm-size` option and generally has the form `number[unit]`
 
+### `StopTimeout=`
+
+Seconds to wait before forcibly stopping the container.
+
+Note, this value should be lower than the actual systemd unit timeout to make sure the podman rm command is not killed by systemd.
+
+This is equivalent to the Podman `--stop-timeout` option
+
 ### `SubGIDMap=`
 
 Run the container in a new user namespace using the map with name in the /etc/subgid file.

pkg/systemd/quadlet/quadlet.go

@@ -138,6 +138,7 @@ const (
 	KeySecurityLabelType     = "SecurityLabelType"
 	KeySetWorkingDirectory   = "SetWorkingDirectory"
 	KeyShmSize               = "ShmSize"
+	KeyStopTimeout           = "StopTimeout"
 	KeySubGIDMap             = "SubGIDMap"
 	KeySubUIDMap             = "SubUIDMap"
 	KeySysctl                = "Sysctl"
@@ -230,6 +231,7 @@ var (
 		KeySecurityLabelNested:   true,
 		KeySecurityLabelType:     true,
 		KeyShmSize:               true,
+		KeyStopTimeout:           true,
 		KeySubGIDMap:             true,
 		KeySubUIDMap:             true,
 		KeySysctl:                true,
@@ -772,6 +774,10 @@ func ConvertContainer(container *parser.UnitFile, names map[string]string, isUse
 		return nil, err
 	}
 
+	if stopTimeout, ok := container.Lookup(ContainerGroup, KeyStopTimeout); ok && len(stopTimeout) > 0 {
+		podman.add("--stop-timeout", stopTimeout)
+	}
+
 	handlePodmanArgs(container, ContainerGroup, podman)
 
 	if len(image) > 0 {

test/e2e/quadlet/stoptimeout.container

@@ -0,0 +1,5 @@
+## assert-podman-args "--stop-timeout" "20"
+
+[Container]
+Image=localhost/imagename
+StopTimeout=20

test/e2e/quadlet_test.go

@@ -812,6 +812,7 @@ BOGUS=foo
 		Entry("selinux.container", "selinux.container", 0, ""),
 		Entry("shmsize.container", "shmsize.container", 0, ""),
 		Entry("shortname.container", "shortname.container", 0, "Warning: shortname.container specifies the image \"shortname\" which not a fully qualified image name. This is not ideal for performance and security reasons. See the podman-pull manpage discussion of short-name-aliases.conf for details."),
+		Entry("stoptimeout.container", "stoptimeout.container", 0, ""),
 		Entry("subidmapping.container", "subidmapping.container", 0, ""),
 		Entry("subidmapping-with-remap.container", "subidmapping-with-remap.container", 1, "converting \"subidmapping-with-remap.container\": deprecated Remap keys are set along with explicit mapping keys"),
 		Entry("sysctl.container", "sysctl.container", 0, ""),