On 28/05/2014 10:32 PM, Zbigniew Jędrzejewski-Szmek wrote:
On Wed, May 28, 2014 at 05:42:31PM +1000, Jonathan Liu wrote:
On 28 May 2014 14:06, David Timothy Strauss <da...@davidstrauss.net> wrote:
On Tue, May 27, 2014 at 10:55 PM, Jonathan Liu <net...@gmail.com> wrote:
I suspect one downside is that if the container takes longer than the
timeout to shutdown then it will go on a SIGKILL-ing spree... which
could be a problem if a container process was in the middle of saving
to disk while shutting down.
Is it reasonable to have no timeout, though? The weight (in terms of
state and shutdown time) of what runs in most containers isn't more
substantial than what runs in most services. It's not hard to override
the instance if it's necessary to have a longer timeout or no timeout.
There is still a timeout with KillMode=process.
It's not a question of timeouts, but of what is killed. With "process",
only the main process itself is killed. Normally this should be enough,
because the init in the container will kill eveything else. But if it
malfunctions, other processes from the container could be left around.
So we don't want that.
But the default is "control-group", which does not seem right either
in case of containers. IIUC, host's systemd will send SIGTERM to all
processes in the container. We should probably be using "mixed" instead.
Killing systemd-nspawn kills the container processes as well.
I am just following the wiki at
http://fedoraproject.org/wiki/Features/SystemdLightweightContainers
"mixed" was added in 209, much later than this page was written.
Zbyszek
Okay, I will resubmit patch using KillMode=mixed.
Regards,
Jonathan
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
