3:14 p.m.
Thanks, I didn't really want to disable the cgroups but I checked the
options again an option is actually `--cgroupns=host`. This way systemd
is able to kill the podman process when the main process of the unit is
being killed. Given that podman had no chance to react the state of the
container is wrong after that and `podman ps` shows the container as
running and an error is logged when stopping the container. So it's an
option but I think it's cleaner to let my unit be restarted on-failure
and then cleanup the state.
On 6/7/21 8:24 PM, Matt Heon wrote:
You could use `--cgroups=disabled` when starting Podman, which will
keep it in the same cgroup as the systemd unit and allow systemd to
kill the container process as well. This does require the use of the
`crun` OCI runtime (the default everywhere what's not RHEL and CentOS)
and disable some Podman features, though (most notably resource
limits, but a few more as well).
Thanks,
Matt Heon
On Mon, Jun 7, 2021 at 11:57 AM Hendrik Haddorp
<hendrik.haddorp(a)gmx.net <mailto:hendrik.haddorp@gmx.net>> wrote:
I actually tested about the same. My outer process is running as a
systemd service and then starts a podman container as part of its
work.//This also does not make sure that the container gets killed
when the service gets kill. Systemd kills all process that are
part of the service (using KillMode=mixed) but it is not able to
kill all podman processes. I assume it is due to them not being in
the same cgroup. I can only somewhat resolve it by systemd
restarting my service on failure and then I can cleanup any still
running container