[Lxc-users] container shutdown

Daniel Lezcano daniel.lezcano at free.fr
Mon Mar 19 09:34:48 UTC 2012


On 03/19/2012 02:45 AM, Fajar A. Nugraha wrote:
> On Mon, Mar 19, 2012 at 7:05 AM, Daniel Lezcano<daniel.lezcano at free.fr>  wrote:
>> On 03/19/2012 12:00 AM, Serge Hallyn wrote:
>>> Hi,
>>>
>>> Thanks to Jäkel's and Fajar's great ideas, we can now cleanly shut down
>>> a container by sending it SIGPWR.  I'm attaching two ways to do that.
>>> In-line is a patch which modifies lxc-stop to take optional -s and -t
>>> args - -s for shutdown (meaning send SIGPWR), and -t for a timeout,
>>> after sending SIGPWR, to hard-kill the container.
>>
>> That may make more sense to implement a lxc-reboot | lxc-shutdow script on
>> top of on lxc-kill.
>>
>> IMHO, I don't think adding a timeout is a good idea because the shutdown
>> process may take more than the timeout to stop the services and the
>> container could be killed while the services are doing some cleanup or flush
>> or whatever. If this option is present, people will tend to use it instead
>> of investigating if a service is stuck, or working, or flushing.
>> I would recommend to let the shutdown script to handle the timeout by
>> themselves.
> IIRC xen's "xm shutdown" command does something like this, which can
> be a starting design point:
> - check whether the container can handle a clean shutdown, by checking
> whether anything on the guest is listening on xenbus. If something is
> listening, then it's assumed the guest has PV drivers that can do
> clean shutdown.
> - if yes, issue clean shutdown command. The shutdown command returns
> immediately unless a "-w" is specified
> - if no, then it does "xm destroy" (i.e. force kill)
>
> The problem with lxc is that AFAIK there's nothing standard on the
> guest that can tell the host "I can do clean shutdown, don't kill me!"
> (the equivalent of xenbus listener check).

I am not sure to understand what you mean by 'clean shutdown'. Can you 
elaborate ?
Do you mean 'reboot' is supported by the kernel when not in the initial 
pid namespace ?

> Personally I like the timeout (so that the guest container will be
> shutdown in the end, no matter what). But then again the timeout can
> be ommited from lxc-shutdown if:
> - it's assumed the user knows what it's doing (i.e. they will manually
> force-kill the guest if needed)

IMO, this is the correct approach. Note I am not saying a timeout is not 
necessary but I think that should not be implemented in lxc directly but 
in an upper script if it makes sense and that should be trivial with 
lxc-kill.

> - if clean shutdown will be the default action, there will be
> additional modification in init/upstart config that can force-kill
> guests after a timeout.
>

Do you mean when the host is shutdown, the upstart scripts will shutdown 
all the containers ?






More information about the lxc-users mailing list