From: Michael Fritch Date: Fri, 5 Feb 2021 15:03:49 +0000 (-0700) Subject: cephadm: run containers using `--init` by default X-Git-Tag: v17.1.0~3026^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=9ac2ab85cb1b828bd35b88c5ac2b477fd6f8e8e2;p=ceph.git cephadm: run containers using `--init` by default generally all ceph containers need an init process to both reap any zombie pids and/or perform signal handling (e.g. coredumps, etc.) Signed-off-by: Michael Fritch --- diff --git a/doc/man/8/cephadm.rst b/doc/man/8/cephadm.rst index d66123437aa..db0c0698c37 100644 --- a/doc/man/8/cephadm.rst +++ b/doc/man/8/cephadm.rst @@ -12,7 +12,7 @@ Synopsis | **cephadm**** [-h] [--image IMAGE] [--docker] [--data-dir DATA_DIR] | [--log-dir LOG_DIR] [--logrotate-dir LOGROTATE_DIR] | [--unit-dir UNIT_DIR] [--verbose] [--timeout TIMEOUT] -| [--retry RETRY] +| [--retry RETRY] [--no-container-init] | {version,pull,inspect-image,ls,list-networks,adopt,rm-daemon,rm-cluster,run,shell,enter,ceph-volume,unit,logs,bootstrap,deploy,check-host,prepare-host,add-repo,rm-repo,install} | ... @@ -28,7 +28,6 @@ Synopsis | **cephadm** **adopt** [-h] --name NAME --style STYLE [--cluster CLUSTER] | [--legacy-dir LEGACY_DIR] [--config-json CONFIG_JSON] | [--skip-firewalld] [--skip-pull] -| [--container-init] | **cephadm** **rm-daemon** [-h] --name NAME --fsid FSID [--force] | [--force-delete-data] @@ -78,7 +77,6 @@ Synopsis | [--registry-username REGISTRY_USERNAME] | [--registry-password REGISTRY_PASSWORD] | [--registry-json REGISTRY_JSON] -| [--container-init] @@ -86,7 +84,6 @@ Synopsis | [--config-json CONFIG_JSON] [--keyring KEYRING] | [--key KEY] [--osd-fsid OSD_FSID] [--skip-firewalld] | [--tcp-ports TCP_PORTS] [--reconfig] [--allow-ptrace] -| [--container-init] | **cephadm** **check-host** [-h] [--expect-hostname EXPECT_HOSTNAME] @@ -157,6 +154,10 @@ Options max number of retries (default: 10) +.. option:: --no-container-init + + do not run podman/docker with `--init` (default: False) + Commands ======== @@ -190,7 +191,6 @@ Arguments: * [--config-json CONFIG_JSON] Additional configuration information in JSON format * [--skip-firewalld] Do not configure firewalld * [--skip-pull] do not pull the latest image before adopting -* [--container-init] Run podman/docker with `--init` bootstrap @@ -239,7 +239,6 @@ Arguments: * [--registry-username REGISTRY_USERNAME] username of account to login to on custom registry * [--registry-password REGISTRY_PASSWORD] password of account to login to on custom registry * [--registry-json REGISTRY_JSON] JSON file containing registry login info (see registry-login command documentation) -* [--container-init] Run podman/docker with `--init` ceph-volume @@ -290,7 +289,6 @@ Arguments: * [--tcp-ports List of tcp ports to open in the host firewall * [--reconfig] Reconfigure a previously deployed daemon * [--allow-ptrace] Allow SYS_PTRACE on daemon container -* [--container-init] Run podman/docker with `--init` enter diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm index 1eac0707c3d..2dc8bf7431e 100755 --- a/src/cephadm/cephadm +++ b/src/cephadm/cephadm @@ -10,6 +10,7 @@ LOGROTATE_DIR = '/etc/logrotate.d' UNIT_DIR = '/etc/systemd/system' LOG_DIR_MODE = 0o770 DATA_DIR_MODE = 0o700 +CONTAINER_INIT=True CONTAINER_PREFERENCE = ['podman', 'docker'] # prefer podman to docker MIN_PODMAN_VERSION = (2, 0, 2) CUSTOM_PS1 = r'[ceph: \u@\h \W]\$ ' @@ -122,6 +123,7 @@ class BaseConfig: self.retry: int = DEFAULT_RETRY self.env: List[str] = [] + self.container_init: bool = CONTAINER_INIT self.container_path: str = "" def set_from_args(self, args: argparse.Namespace): @@ -2438,7 +2440,6 @@ def get_container(ctx: CephadmContext, envs=envs, privileged=privileged, ptrace=ptrace, - init=ctx.container_init, host_network=host_network, ) @@ -2961,7 +2962,7 @@ class CephContainer: privileged: bool = False, ptrace: bool = False, bind_mounts: Optional[List[List[str]]] = None, - init: bool = False, + init: Optional[bool] = None, host_network: bool = True, ) -> None: self.ctx = ctx @@ -2975,7 +2976,7 @@ class CephContainer: self.privileged = privileged self.ptrace = ptrace self.bind_mounts = bind_mounts if bind_mounts else [] - self.init = init + self.init = init if init else ctx.container_init self.host_network = host_network def run_cmd(self) -> List[str]: @@ -3882,8 +3883,7 @@ def command_bootstrap(ctx): cli(['config', 'set', 'mgr', 'mgr/cephadm/registry_username', ctx.registry_username, '--force']) cli(['config', 'set', 'mgr', 'mgr/cephadm/registry_password', ctx.registry_password, '--force']) - if ctx.container_init: - cli(['config', 'set', 'mgr', 'mgr/cephadm/container_init', str(ctx.container_init), '--force']) + cli(['config', 'set', 'mgr', 'mgr/cephadm/container_init', str(ctx.container_init), '--force']) if ctx.with_exporter: cli(['config-key', 'set', 'mgr/cephadm/exporter_enabled', 'true']) @@ -3906,7 +3906,6 @@ def command_bootstrap(ctx): logger.info('Deploying cephadm exporter service with default placement...') cli(['orch', 'apply', 'cephadm-exporter']) - if not ctx.skip_dashboard: prepare_dashboard(ctx, uid, gid, cli, wait_for_mgr_restart) @@ -7097,6 +7096,11 @@ def _get_parser(): action='append', default=[], help='set environment variable') + parser.add_argument( + '--no-container-init', + action='store_true', + default=not CONTAINER_INIT, + help='Do not run podman/docker with `--init`') subparsers = parser.add_subparsers(help='sub-command') @@ -7165,7 +7169,8 @@ def _get_parser(): parser_adopt.add_argument( '--container-init', action='store_true', - help='Run podman/docker with `--init`') + default=CONTAINER_INIT, + help=argparse.SUPPRESS) parser_rm_daemon = subparsers.add_parser( 'rm-daemon', help='remove daemon instance') @@ -7459,7 +7464,8 @@ def _get_parser(): parser_bootstrap.add_argument( '--container-init', action='store_true', - help='Run podman/docker with `--init`') + default=CONTAINER_INIT, + help=argparse.SUPPRESS) parser_bootstrap.add_argument( '--with-exporter', action='store_true', @@ -7517,7 +7523,8 @@ def _get_parser(): parser_deploy.add_argument( '--container-init', action='store_true', - help='Run podman/docker with `--init`') + default=CONTAINER_INIT, + help=argparse.SUPPRESS) parser_check_host = subparsers.add_parser( 'check-host', help='check host configuration') @@ -7637,9 +7644,22 @@ def _get_parser(): def _parse_args(av): parser = _get_parser() + args = parser.parse_args(av) if 'command' in args and args.command and args.command[0] == "--": args.command.pop(0) + + # workaround argparse to deprecate the subparser `--container-init` flag + # container_init and no_container_init must always be mutually exclusive + container_init_args = ('--container-init', '--no-container-init') + if set(container_init_args).issubset(av): + parser.error('argument %s: not allowed with argument %s' % (container_init_args)) + elif '--container-init' in av: + args.no_container_init = not args.container_init + else: + args.container_init = not args.no_container_init + assert args.container_init is not args.no_container_init + return args diff --git a/src/pybind/mgr/cephadm/module.py b/src/pybind/mgr/cephadm/module.py index 9e0232f433f..ffb2e10929a 100644 --- a/src/pybind/mgr/cephadm/module.py +++ b/src/pybind/mgr/cephadm/module.py @@ -262,7 +262,7 @@ class CephadmOrchestrator(orchestrator.Orchestrator, MgrModule, Option( 'container_init', type='bool', - default=False, + default=True, desc='Run podman/docker with `--init`' ), Option( @@ -349,7 +349,7 @@ class CephadmOrchestrator(orchestrator.Orchestrator, MgrModule, self.warn_on_stray_daemons = True self.warn_on_failed_host_check = True self.allow_ptrace = False - self.container_init = False + self.container_init = True self.prometheus_alerts_path = '' self.migration_current: Optional[int] = None self.config_dashboard = True diff --git a/src/pybind/mgr/cephadm/serve.py b/src/pybind/mgr/cephadm/serve.py index 71d3678b2c0..1b7a3d5310b 100644 --- a/src/pybind/mgr/cephadm/serve.py +++ b/src/pybind/mgr/cephadm/serve.py @@ -925,22 +925,27 @@ class CephadmServe: final_args = [] + # global args if env_vars: for env_var_pair in env_vars: final_args.extend(['--env', env_var_pair]) if image: final_args.extend(['--image', image]) + + if not self.mgr.container_init: + final_args += ['--no-container-init'] + + # subcommand final_args.append(command) + # subcommand args if not no_fsid: final_args += ['--fsid', self.mgr._cluster_fsid] - if self.mgr.container_init: - final_args += ['--container-init'] - final_args += args + # exec self.log.debug('args: %s' % (' '.join(final_args))) if self.mgr.mode == 'root': if stdin: