[Lxc-users] container shutdown

Fajar A. Nugraha list at fajar.net
Mon Mar 19 01:45:56 UTC 2012


On Mon, Mar 19, 2012 at 7:05 AM, Daniel Lezcano <daniel.lezcano at free.fr> wrote:
> On 03/19/2012 12:00 AM, Serge Hallyn wrote:
>>
>> Hi,
>>
>> Thanks to Jäkel's and Fajar's great ideas, we can now cleanly shut down
>> a container by sending it SIGPWR.  I'm attaching two ways to do that.
>> In-line is a patch which modifies lxc-stop to take optional -s and -t
>> args - -s for shutdown (meaning send SIGPWR), and -t for a timeout,
>> after sending SIGPWR, to hard-kill the container.
>
>
> That may make more sense to implement a lxc-reboot | lxc-shutdow script on
> top of on lxc-kill.
>
> IMHO, I don't think adding a timeout is a good idea because the shutdown
> process may take more than the timeout to stop the services and the
> container could be killed while the services are doing some cleanup or flush
> or whatever. If this option is present, people will tend to use it instead
> of investigating if a service is stuck, or working, or flushing.
> I would recommend to let the shutdown script to handle the timeout by
> themselves.

IIRC xen's "xm shutdown" command does something like this, which can
be a starting design point:
- check whether the container can handle a clean shutdown, by checking
whether anything on the guest is listening on xenbus. If something is
listening, then it's assumed the guest has PV drivers that can do
clean shutdown.
- if yes, issue clean shutdown command. The shutdown command returns
immediately unless a "-w" is specified
- if no, then it does "xm destroy" (i.e. force kill)

The problem with lxc is that AFAIK there's nothing standard on the
guest that can tell the host "I can do clean shutdown, don't kill me!"
(the equivalent of xenbus listener check).

Personally I like the timeout (so that the guest container will be
shutdown in the end, no matter what). But then again the timeout can
be ommited from lxc-shutdown if:
- it's assumed the user knows what it's doing (i.e. they will manually
force-kill the guest if needed)
- if clean shutdown will be the default action, there will be
additional modification in init/upstart config that can force-kill
guests after a timeout.

-- 
Fajar




More information about the lxc-users mailing list