[Lxc-users] container shutdown

Serge Hallyn serge.hallyn at canonical.com
Mon Mar 19 13:25:14 UTC 2012


Quoting Daniel Lezcano (daniel.lezcano at free.fr):
> On 03/19/2012 03:50 AM, Serge Hallyn wrote:
> >Quoting Daniel Lezcano (daniel.lezcano at free.fr):
> >>On 03/19/2012 12:00 AM, Serge Hallyn wrote:
> >>>Hi,
> >>>
> >>>Thanks to Jäkel's and Fajar's great ideas, we can now cleanly shut down
> >>>a container by sending it SIGPWR.  I'm attaching two ways to do that.
> >>>In-line is a patch which modifies lxc-stop to take optional -s and -t
> >>>args - -s for shutdown (meaning send SIGPWR), and -t for a timeout,
> >>>after sending SIGPWR, to hard-kill the container.
> >>That may make more sense to implement a lxc-reboot | lxc-shutdow
> >Is there another signal that would make sense for lxc-reboot?
> 
> Yes, SIGINT will make the init process to restart the services. I
> said lxc-reboot but that could be lxc-shutdown -r.

I personally prefer lxc-reboot, but I can imagine people liking
lxc-shutdown -r.  What do others prefer?

> >>script on top of on lxc-kill.
> >>
> >>IMHO, I don't think adding a timeout is a good idea because the
> >>shutdown process may take more than the timeout to stop the services
> >>and the container could be killed while the services are doing some
> >>cleanup or flush or whatever. If this option is present, people will
> >>tend to use it instead of investigating if a service is stuck, or
> >>working, or flushing.
> >>I would recommend to let the shutdown script to handle the timeout
> >>by themselves.
> >By 'let the shutdown script to handle the timeout by themselves", you
> >mean let the scripts calling lxc-shutdown handle the timeout?
> 
> I meant the initrd scripts within the container to be fixed to
> properly shutdown (for example add timeout or optimize the stopping
> services). The init process will send SIGTERM to all the processes
> and then SIGKILL after awhile. I don't think that should be handled
> from outside.

I agree we want to do that where we can.  I disagree that we should
rely on it.

> Some services are bogus because they don't care when
> they are stopped in the shutdown process because they expect to be
> killed. For example, the sshd service was automatically respawned
> after being killed by init at the shutdown time but that was only
> spotted with containers.

Right, and we should (and did) fix that, but lxc shouldn't look
broken when the container misbehaves.

> >leave lxc-shutdown to be as simple as 'lxc-kill -n $1 SIGPWR" ?
> 
> Yes, lxc-shutdown could be in this case very trivial (may be adding
> a couple of things like waiting for the container to stop before
> exiting in order to have a synchronous command).

(I dunno, from there it seems to me the next logical step to add a
timeout :)  But just waiting is fine for me.)

Ok, so

lxc-kill -n $1 SIGPWR
lxc-wait -n $1 STOPPED

I'll wait for comments on lxc-reboot v lxc-shutdown -r.

thanks,
-serge




More information about the lxc-users mailing list