[ClusterLabs] podman containers as resources - ? - with a twist

Reid Wahl nwahl at redhat.com
Thu Dec 29 03:11:35 EST 2022


On Wed, Dec 28, 2022 at 11:32 PM lejeczek via Users
<users at clusterlabs.org> wrote:
>
>
>
> On 28/12/2022 21:53, Reid Wahl wrote:
> > On Wed, Dec 28, 2022 at 6:08 AM lejeczek via Users
> > <users at clusterlabs.org> wrote:
> >> Hi guys.
> >>
> >> I have a situation which begins to look like quite the pickle and I'm in it, with no possible or no elegant at least, way out.
> >> I'm hoping you guys can share your thoughts.
> >> My cluster mounts a path, in two steps
> >> 1) runs systemd luks service
> >> 2) mount that unlocked luks device under a certain path
> >> now...
> >> that certain path is where user(s) home dir resides and... as the result of all that 'systemd' does not pick up user's systemd units. (must be way too late for 'systemd')
> >>
> >> How would you fix that?
> >> Right now I manually poke systemd with, as that given user:
> >> -> $ systemctl --user daemon-reload
> >> only then 'systemd' picks up user units - until then 'systemd' says "Unit ...  could not be found"
> >> Naturally, I do not want 'manually'.
> >>
> >> I'm thinking...
> >> somehow have cluster make OS's 'systemd' redo that user systemd bits, after the resource successful start, or...
> >> have cluster somehow manage that user's systemd units directly, on its own.
> >>
> >> In case it might make it bit more clear - those units are 'podman' containers, non-root containers.
> > You might be able to manage these containers via the
> > ocf:heartbeat:podman resource agent, with `--user=<your_user>` in the
> > `run_opts` resource option along with any other relevant options.
> >
> > If something like that doesn't work, then you could write a simple
> > lsb-class or systemd-class cluster resource to do what you're
> > currently doing manually.
> >
> > There may be other options; those are the two that come to mind.
> >
>  From man pages for that resource I assumed that agent
> creates a new container (from "scratch") each time and - if
> that is the case indeed - I need to control/manage an
> existing ones.

What about the reuse option? (Note: I have not tested this)
  reuse: Allow the container to be reused once it is stopped.  By
default, containers get removed once they are stopped.  Enable this
option to have the particular one persist when this
      happens.

>
> I was thinking about putting these bits I do manually into a
> 'systemd' service but I cannot see how to go about it - I
> understand there is a clear separation of OS/root systemd
> and users' systemd and I don't think - I can be wrong I do
> hope - it is possible to have OS/root (from that namespace)
> sytemd do users systemd/namespaces.

You could probably write a script that sudo's or su's from root to the
target user, and then runs the necessary commands. A little bit of
info about lsb-class Pacemaker resources:
- https://clusterlabs.org/pacemaker/doc/2.1/Pacemaker_Explained/singlehtml/#linux-standard-base
- https://clusterlabs.org/pacemaker/doc/2.1/Pacemaker_Administration/singlehtml/#lsb-resource-agents-init-scripts

>
> many thanks, L.
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>


-- 
Regards,

Reid Wahl (He/Him)
Senior Software Engineer, Red Hat
RHEL High Availability - Pacemaker



More information about the Users mailing list