From 702f155288e2f45bcd764ab4952e5a06e265678b Mon Sep 17 00:00:00 2001 From: Ygal Blum Date: Wed, 11 Oct 2023 18:20:43 +0300 Subject: [PATCH 1/2] Quadlet - support oneshot .kube files Allow users to manually set the Service Type Add test Update README Signed-off-by: Ygal Blum --- docs/source/markdown/podman-systemd.unit.5.md | 12 ++++++++++++ pkg/systemd/quadlet/quadlet.go | 14 +++++++++++--- test/e2e/quadlet/oneshot.kube | 19 +++++++++++++++++++ test/e2e/quadlet_test.go | 1 + 4 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 test/e2e/quadlet/oneshot.kube diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md index a032696425..97dd772fb9 100644 --- a/docs/source/markdown/podman-systemd.unit.5.md +++ b/docs/source/markdown/podman-systemd.unit.5.md @@ -59,6 +59,18 @@ Adding the following snippet to a Quadlet file extends the systemd timeout to 15 TimeoutStartSec=900 ``` +### Service Type + +By default, the `Type` field of the `Service` section of the Quadlet file does not need to be set. +Quadlet will set it to `notify` for `.container` and `.kube` files and to `oneshot` for `.volume`, `.network` and `.image` files. + +However, the value may be explicitly set to `oneshot` for `.container` and `.kube` files when the no containers are expected +to run once `podman` exits. + +Examples for such cases: +- `.container` file with an image that exit after their entrypoint has finished +- `.kube` file pointing to a Kubernetes Yaml file that does not define any containers. E.g. PVCs only + ### Enabling unit files The services created by Podman are considered transient by systemd, which means they don't have the same diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go index 73fdab4b3f..edb020fb49 100644 --- a/pkg/systemd/quadlet/quadlet.go +++ b/pkg/systemd/quadlet/quadlet.go @@ -1063,9 +1063,17 @@ func ConvertKube(kube *parser.UnitFile, names map[string]string, isUser bool) (* // Need the containers filesystem mounted to start podman service.Add(UnitGroup, "RequiresMountsFor", "%t/containers") - service.Setv(ServiceGroup, - "Type", "notify", - "NotifyAccess", "all") + // Allow users to set the Service Type to oneshot to allow resources only kube yaml + serviceType, ok := service.Lookup(ServiceGroup, "Type") + if ok && serviceType != "notify" && serviceType != "oneshot" { + return nil, fmt.Errorf("invalid service Type '%s'", serviceType) + } + + if serviceType != "oneshot" { + service.Setv(ServiceGroup, + "Type", "notify", + "NotifyAccess", "all") + } if !kube.HasKey(ServiceGroup, "SyslogIdentifier") { service.Set(ServiceGroup, "SyslogIdentifier", "%N") diff --git a/test/e2e/quadlet/oneshot.kube b/test/e2e/quadlet/oneshot.kube new file mode 100644 index 0000000000..1b96e10337 --- /dev/null +++ b/test/e2e/quadlet/oneshot.kube @@ -0,0 +1,19 @@ +## assert-podman-args "kube" +## assert-podman-args "play" +## assert-podman-final-args-regex .*/podman_test.*/quadlet/deployment.yml +## assert-podman-args "--replace" +## assert-podman-args "--service-container=true" +## assert-podman-stop-post-args "kube" +## assert-podman-stop-post-args "down" +## assert-podman-stop-post-final-args-regex .*/podman_test.*/quadlet/deployment.yml +## assert-key-is "Unit" "RequiresMountsFor" "%t/containers" +## assert-key-is "Service" "KillMode" "mixed" +## assert-key-is "Service" "Type" "oneshot" +## assert-key-is "Service" "Environment" "PODMAN_SYSTEMD_UNIT=%n" +## assert-key-is "Service" "SyslogIdentifier" "%N" + +[Kube] +Yaml=deployment.yml + +[Service] +Type=oneshot diff --git a/test/e2e/quadlet_test.go b/test/e2e/quadlet_test.go index 99266d9be3..d50cd3ee04 100644 --- a/test/e2e/quadlet_test.go +++ b/test/e2e/quadlet_test.go @@ -764,6 +764,7 @@ BOGUS=foo Entry("Kube - Working Directory already in Service", "workingdir-service.kube", 0, ""), Entry("Kube - global args", "globalargs.kube", 0, ""), Entry("Kube - Containers Conf Modules", "containersconfmodule.kube", 0, ""), + Entry("Kube - Service Type=oneshot", "oneshot.kube", 0, ""), Entry("Network - Basic", "basic.network", 0, ""), Entry("Network - Disable DNS", "disable-dns.network", 0, ""), From 7b84b55daa15093776a59c2bae7946cc011c8568 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 12 Oct 2023 07:45:41 -0400 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: Valentin Rothberg Signed-off-by: Daniel J Walsh --- docs/source/markdown/podman-systemd.unit.5.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md index 97dd772fb9..c0dee51f51 100644 --- a/docs/source/markdown/podman-systemd.unit.5.md +++ b/docs/source/markdown/podman-systemd.unit.5.md @@ -64,11 +64,12 @@ TimeoutStartSec=900 By default, the `Type` field of the `Service` section of the Quadlet file does not need to be set. Quadlet will set it to `notify` for `.container` and `.kube` files and to `oneshot` for `.volume`, `.network` and `.image` files. -However, the value may be explicitly set to `oneshot` for `.container` and `.kube` files when the no containers are expected +However, `Type` may be explicitly set to `oneshot` for `.container` and `.kube` files when no containers are expected to run once `podman` exits. Examples for such cases: -- `.container` file with an image that exit after their entrypoint has finished +- `.container` file with an image that exits after their entrypoint has finished +`` - `.kube` file pointing to a Kubernetes Yaml file that does not define any containers. E.g. PVCs only ### Enabling unit files