[lxc-devel] Shutting down containers properly

Serge Hallyn serge.hallyn at canonical.com
Fri May 25 16:03:07 UTC 2012 

Quoting Stéphane Graber (stgraber at ubuntu.com):
> On 05/25/2012 11:24 AM, Christian Seiler wrote:
> > Hi,
> > 
> >> Have you looked at the lxc-shutdown script we have in Ubuntu and the
> >> integration we have with upstart?
> > 
> > No, not yet, but I'll look at it later.
> > 
> >> lxc-shutdown sends two different signals:
> >>  reboot => SIGINT
> >>  shutdown => SIGPWR
> >>
> >> These are caught by upstart and will trigger a clean reboot or 
> >> shutdown
> >> of the container. It's what happens on shutdown of the host in 12.04 
> >> LTS.
> > 
> > On a Debian container I had lying around here it had no effect 
> > whatsoever, because there's nothing in the /etc/inittab catching it.
> > 
> > Is it document behaviour that upstart shuts down on SIGPWR? (upstart 
> > has no /etc/inittab where this may be configured, right?) Because if it 
> > is that easy to cause upstart deterministically to shut down, then that 
> > is definitely something we should use.
> 
> Upstart sends an event when it gets SIGPWR, in 12.04, I introduced a new
> job in upstart that triggers on it and triggers the shutdown:
> 
> stgraber at castiana:~$ cat /etc/init/shutdown.conf
> # Trigger an immediate shutdown when upstart receives SIGPWR
> # this is useful for some UPS monitoring tools and for clean
> # shutdown of containers
> 
> description "Trigger an immediate shutdown on SIGPWR"
> start on power-status-changed
> 
> task
> exec shutdown -h now "SIGPWR received"
> 
> > 
> > Still, I think my initial rationale still holds that lxc-stop should 
> > shut down by default, because I certainly didn't expect lxc-stop to kill 
> > everything with SIGKILL when I tried it for the first time. So basically 
> > all I'm saying is that Ubuntu's lxc-shutdown logic should be implemented 
> > in lxc-stop and that it should be a bit more generic with the 
> > possibility that the user can configure different methods in the config 
> > file.
> 
> I remember Serge and I discussed that at some point and ended up making
> it a separate tool. I can't remember the exact rational for this so I'll
> let Serge answer :)

We just didn't want to change lxc-stop's behavior without it first
being discussed upstream.  I'm fine with moving lxc-stop to attempt
a clean shutdown, by default with a 5 sec timeout before hard kill.
With options to either immediately hard-kill or to have a longer (or
infinite) timeout, and to wait or not wait.

I do think it's important that the default (lxc-stop -n p1) not
surprise anyone who didn't read about the change.  That's why I
suggest the default be try a clean shutdown, wait a short bit, then
kill it hard.

-serge

More information about the lxc-devel mailing list