runtime-spec icon indicating copy to clipboard operation
runtime-spec copied to clipboard
verified publisher icon opencontainers

support PostExit Hook

Open fahedouch opened this issue 2 years ago • 11 comments

What is the problem I am trying to solve ?

Looking at the list of supported hooks, we are missing a hooks for configuring custom actions related to the exit lifecycle ( i.e normal exist / killing a container ..)

In nerdctl project, we need a hooks to deal with container deps when the container exit, such as cleaning some state files.

Describe the solution

add new hook PostExit to the hooks list

fahedouch avatar Feb 14 '23 09:02 fahedouch

Did you mean "exist" or "exit" ?

AkihiroSuda avatar Feb 14 '23 09:02 AkihiroSuda

And how would it be different from poststop hooks?

AkihiroSuda avatar Feb 14 '23 09:02 AkihiroSuda

@AkihiroSuda

Did you mean "exist" or "exit" ?

Yes exit

And how would it be different from poststop hooks?

poststop hook is called after the container is deleted but before the delete operation returns.

PostExit should be called after the container exit

fahedouch avatar Feb 14 '23 10:02 fahedouch

PostExit should be called after the container exit

How implementable?

AkihiroSuda avatar Feb 14 '23 10:02 AkihiroSuda

PostExit should be called after the container exit

How implementable?

did not get your question ? You mean how to introduce a runtime implementation. If yes I believe that we can easily do this in runc for example, but I have to dig into before answering this question.

fahedouch avatar Feb 14 '23 13:02 fahedouch

An OCI runtime process disappears on exec(2)-ing the container process, so I'm not sure how this proposal is implementable.

AkihiroSuda avatar Feb 15 '23 02:02 AkihiroSuda

@AkihiroSuda would please give me more details about exec(2)-ing the container process or may be link code or article around this. I am looking for an entrypoint to understand what are saying. thanks

fahedouch avatar Feb 15 '23 17:02 fahedouch

@AkihiroSuda would please give me more details about exec(2)-ing the container process or may be link code or article around this. I am looking for an entrypoint to understand what are saying. thanks

https://github.com/opencontainers/runc/blob/v1.1.4/docs/terminals.md#detached

In contrast to foreground mode, in detached mode there is no long-running foreground runc process once the container has started. In fact, there is no long-running runc process at all.

AkihiroSuda avatar Feb 15 '23 17:02 AkihiroSuda

@AkihiroSuda would please give me more details about exec(2)-ing the container process or may be link code or article around this. I am looking for an entrypoint to understand what are saying. thanks

https://github.com/opencontainers/runc/blob/v1.1.4/docs/terminals.md#detached

In contrast to foreground mode, in detached mode there is no long-running foreground runc process once the container has started. In fact, there is no long-running runc process at all.

got the point. Do we have a hook mechanism into containerd that may catch container exit ?

fahedouch avatar Feb 21 '23 16:02 fahedouch

Do we have a hook mechanism into containerd that may catch container exit ?

Feel free to submit a proposal in the containerd repo. Maybe we can extend its restart monitor plugin.

AkihiroSuda avatar Feb 21 '23 16:02 AkihiroSuda

opened ticket https://github.com/containerd/containerd/issues/8163

fahedouch avatar Feb 25 '23 12:02 fahedouch