task.docker

Simplest configuration:

[task#0]
type = docker
image = 83f2a3dd2980 or ubuntu:latest
svcmgr -s <svcname> set --kw task#0.type=docker --kw task#0.image=83f2a3dd2980 or ubuntu:latest

command

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert shlex

The command to execute in the docker container on run.

devices

scopable True
required False
provisioning False
default []
inheritance leaf > head
scope order specific > generic
convert shlex

The whitespace separated list of <host devpath>:<containerized devpath>, specifying the host devices the container should have access to.

entrypoint

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

The script or binary executed in the container. Args must be set in command.

environment

scopable True
required False
provisioning False
default []
inheritance leaf > head
scope order specific > generic
convert shlex

The whitespace separated list of <var>=<value>. A shell expression spliter is applied, so double quotes can be around values only or whole <var>=<value>. Variables are uppercased.

hostname

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

This need to be set if the virtual machine hostname is different from the machine name.

image

scopable True
required True
provisioning False
default None
inheritance leaf > head
scope order specific > generic

The docker image pull, and run the container with.

image_pull_policy

scopable True
required False
provisioning False
default once
inheritance leaf > head
scope order specific > generic
candidates once | always

The docker image pull policy. always pull upon each container start, once pull if not already pulled (default).

interactive

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert tristate

Keep stdin open even if not attached. To use if the container entrypoint is a shell.

ipcns

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

Sets the docker run --ipc argument. If not set, the docker daemon's default value is used. ipcns=none does not mount /dev/shm. ipcns=private creates a ipcns other containers can not share. ipcns=shareable creates a netns other containers can share. ipcns=container#0 will share the container#0 ipcns.

name

scopable True
required False
provisioning False
default <autogenerated>
inheritance leaf > head
scope order specific > generic

The name to assign to the container on docker run. If none is specified a <namespace>..<name>.container.<rid idx> name is automatically assigned.

netns

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

Sets the docker run --net argument. The default is none if --net is not specified in run_args, meaning the container will have a private netns other containers can share. A ip.netns or ip.cni resource can configure an ip address in this container. A container with netns=container#0 will share the container#0 netns. In this case agent format a --net=container:<name of container#0 docker instance>. netns=host shares the host netns.

pidns

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

Sets the docker run --pid argument. If not set, the container will have a private pidns other containers can share. Usually a pidns sharer will run a google/pause image to reap zombies. A container with pidns=container#0 will share the container#0 pidns. In this case agent format a --pid=container:<name of container#0 docker instance>. Use pidns=host to share the host's pidns.

privileged

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert tristate

Give extended privileges to the container.

rm

scopable True
required False
provisioning False
default False
inheritance leaf > head
scope order specific > generic
convert boolean

If set to true, add --rm to the docker run args and make sure the instance is removed on resource stop.

run_args

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert expanded_shlex

Extra arguments to pass to the docker run command, like volume and port mappings.

start_timeout

scopable True
required False
provisioning False
default 2
inheritance leaf > head
scope order specific > generic
convert duration

Wait for <duration> before declaring the container action a failure.

tty

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert tristate

Allocate a pseudo-tty.

userns

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
candidates host | None

Sets the docker run --userns argument. If not set, the container will have a private userns other containers can share. A container with userns=host will share the host's userns.

utsns

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
candidates None | host

Sets the docker run --uts argument. If not set, the container will have a private utsns. A container with utsns=host will share the host's hostname.

volume_mounts

scopable True
required False
provisioning False
default []
inheritance leaf > head
scope order specific > generic
convert shlex

The whitespace separated list of <volume name|local dir>:<containerized mount path>:<mount options>. When the source is a local dir, the default <mount option> is rw. When the source is a volume name, the default <mount option> is taken from volume access.

blocking_post_provision

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource provision action. Errors interrupt the action.

blocking_post_run

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource run action. Errors interrupt the action.

blocking_post_start

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource start action. Errors interrupt the action.

blocking_post_stop

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource stop action. Errors interrupt the action.

blocking_post_unprovision

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource unprovision action. Errors interrupt the action.

blocking_pre_provision

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource provision action. Errors interrupt the action.

blocking_pre_run

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource run action. Errors interrupt the action.

blocking_pre_start

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource start action. Errors interrupt the action.

blocking_pre_stop

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource stop action. Errors interrupt the action.

blocking_pre_unprovision

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource unprovision action. Errors interrupt the action.

check

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
candidates None | last_run

If set to 'last_run', the last run retcode is used to report a task resource status. If not set (default), the status of a task is always n/a.

comment

scopable False
required False
provisioning False
default  
inheritance leaf > head
scope order specific > generic

Helps users understand the role of the service and resources, which is nice to on-call support people having to operate on a service they are not usually responsible for.

configs_environment

scopable True
required False
provisioning False
default []
inheritance leaf > head
scope order specific > generic
convert shlex

The whitespace separated list of <var>=<config name>/<key path>. A shell expression spliter is applied, so double quotes can be around <config name>/<key path> only or whole <var>=<config name>/<key path>. Variables are uppercased.

confirmation

scopable True
required False
provisioning False
default False
inheritance leaf > head
scope order specific > generic
candidates True | False
convert boolean

If set to True, ask for an interactive confirmation to run the task. This flag can be used for dangerous tasks like data-restore.

disable

scopable True
required False
provisioning False
default False
inheritance leaf
scope order specific > generic
candidates True | False
convert boolean

A disabled resource will be ignored on service startup and shutdown. Its status is always reported n/a.

Set in DEFAULT, the whole service is disabled. A disabled service does not honor start and stop actions. These actions immediately return success.

sudo svcmgr -s <path> disable only sets DEFAULT.disable. As resources disabled state is not changed, sudo svcmgr -s <path> enable does not enable disabled resources.

encap

scopable True
required False
provisioning False
default False
inheritance leaf > head
scope order specific > generic
candidates True | False
convert boolean

Set to true to ignore this resource in the nodes context and consider it in the encapnodes context. The resource is thus handled by the agents deployed in the service containers.

environment

scopable True
required False
provisioning False
default []
inheritance leaf > head
scope order specific > generic
convert shlex

The whitespace separated list of <var>=<config name>/<key path>. A shell expression spliter is applied, so double quotes can be around <config name>/<key path> only or whole <var>=<config name>/<key path>. Variables are uppercased.

log

scopable True
required False
provisioning False
default True
inheritance leaf > head
scope order specific > generic
convert boolean

Log the task outputs in the service log.

monitor

scopable True
required False
provisioning False
default False
inheritance leaf > head
scope order specific > generic
candidates True | False
convert boolean

A down monitored resource will trigger a node suicide if the monitor thinks it should be up and the resource can not be restarted.

on_error

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command to execute on run action if command returned an error.

optional

scopable True
required False
provisioning False
default true for tasks, syncs and resources tagged 'noaction', else false
inheritance leaf > head
scope order specific > generic
convert tristate

Action failures on optional resources are logged but do not stop the action sequence. Also the optional resource status is not aggregated to the instance 'availstatus', but aggregated to the 'overallstatus'. Resource tagged noaction and sync resources are automatically considered optional. Useful for resources like dump filesystems for example.

pg_blkio_weight

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic
depends create_pg in [True]
convert integer

Block IO relative weight. Value: between 10 and 1000. Kernel default: 1000.

pg_cpu_quota

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic
depends create_pg in [True]

The percent ratio of one core to allocate to the process group if % is specified, else the absolute value to set in the process group parameter. For example, on Linux cgroups, -1 means unlimited, and a positive absolute value means the number of microseconds to allocate each period. 50%@all means 50% of all cores, and 50%@2 means 50% of two cores.

pg_cpu_shares

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic
depends create_pg in [True]
convert integer

Kernel default value is used, which usually is 1024 shares. In a cpu-bound situation, ensure the service does not use more than its share of cpu ressource. The actual percentile depends on shares allowed to other services.

pg_cpus

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic
depends create_pg in [True]

Allow service process to bind only the specified cpus. Cpus are specified as list or range : 0,1,2 or 0-2

pg_mem_limit

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic
depends create_pg in [True]
convert size

Ensures the service does not use more than specified memory (in bytes). The Out-Of-Memory killer get triggered in case of tresspassing.

pg_mem_oom_control

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic
depends create_pg in [True]
convert integer

A flag (0 or 1) that enables or disables the Out of Memory killer for a cgroup. If enabled (0), tasks that attempt to consume more memory than they are allowed are immediately killed by the OOM killer. The OOM killer is enabled by default in every cgroup using the memory subsystem; to disable it, write 1.

pg_mem_swappiness

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic
depends create_pg in [True]
convert integer

Set a swappiness value for the process group.

pg_mems

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic
depends create_pg in [True]

Allow service process to bind only the specified memory nodes. Memory nodes are specified as list or range : 0,1,2 or 0-2

pg_vmem_limit

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic
depends create_pg in [True]
convert size

Ensures the service does not use more than specified memory+swap (in bytes). The Out-Of-Memory killer get triggered in case of tresspassing. The specified value must be greater than pg_mem_limit.

post_provision

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource provision action. Errors do not interrupt the action.

post_run

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource run action. Errors do not interrupt the action.

post_start

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource start action. Errors do not interrupt the action.

post_stop

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource stop action. Errors do not interrupt the action.

post_unprovision

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute after the resource unprovision action. Errors do not interrupt the action.

pre_provision

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource provision action. Errors do not interrupt the action.

pre_run

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource run action. Errors do not interrupt the action.

pre_start

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource start action. Errors do not interrupt the action.

pre_stop

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource stop action. Errors do not interrupt the action.

pre_unprovision

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

A command or script to execute before the resource unprovision action. Errors do not interrupt the action.

provision

scopable True
required False
provisioning False
default True
inheritance leaf > head
scope order specific > generic
candidates True | False
convert boolean

Set to false to skip the resource on provision and unprovision actions. Warning: provisioning implies destructive operations like formating. Unprovisioning does not keep a copy of the service data.

provision_requires

scopable True
required False
provisioning False
default  
inheritance leaf > head
scope order specific > generic

A whitespace-separated list of conditions to meet to accept running a 'provision' action. A condition is expressed as <rid>(<state>,...). If states are omitted, up,stdby up is used as the default expected states.

restart

scopable True
required False
provisioning False
default 0
inheritance leaf > head
scope order specific > generic
convert integer

The agent will try to restart a resource <n> times before falling back to the monitor action. A resource restart is triggered if the resource is not disabled and its status is not up, and the node is not frozen, and the service instance is not frozen and its local expect is set to started. If a resource has a restart set to a value >0, its status is evaluated at the frequency defined by DEFAULT.monitor_schedule instead of the frequency defined by DEFAULT.status_schedule.

run_requires

scopable True
required False
provisioning False
default  
inheritance leaf > head
scope order specific > generic

A whitespace-separated list of conditions to meet to accept running a 'run' action. A condition is expressed as <rid>(<state>,...). If states are omitted, up,stdby up is used as the default expected states.

schedule

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

Set the this task run schedule. See usr/share/doc/node.conf for the schedule syntax reference.

secrets_environment

scopable True
required False
provisioning False
default []
inheritance leaf > head
scope order specific > generic
convert shlex

A whitespace separated list of <var>=<secret name>/<key path>. A shell expression spliter is applied, so double quotes can be around <secret name>/<key path> only or whole <var>=<secret name>/<key path>. Variables are uppercased.

shared

scopable True
required False
provisioning False
default False
inheritance leaf > head
scope order specific > generic
candidates True | False
convert boolean

Set to true to skip the resource on provision and unprovision actions if the action has already been done by a peer. Shared resources, like vg built on SAN disks must be provisioned once. All resources depending on a shared resource must also be flagged as shared.

snooze

scopable True
required False
provisioning False
default 0
inheritance leaf > head
scope order specific > generic
convert duration

Snooze the service before running the task, so if the command is known to cause a service status degradation the user can decide to snooze alarms for the duration set as value.

standby

scopable True
required False
provisioning False
default False
inheritance leaf > head
scope order specific > generic
candidates True | False
convert boolean

Always start the resource, even on standby instances. The daemon is responsible for starting standby resources. A resource can be set standby on a subset of nodes using keyword scoping.

A typical use-case is sync'ed fs on non-shared disks: the remote fs must be mounted to not overflow the underlying fs.

Warning

Don't set shared resources standby: fs on shared disks for example.

start_requires

scopable True
required False
provisioning False
default  
inheritance leaf > head
scope order specific > generic

A whitespace-separated list of conditions to meet to accept running a 'start' action. A condition is expressed as <rid>(<state>,...). If states are omitted, up,stdby up is used as the default expected states.

stop_requires

scopable True
required False
provisioning False
default  
inheritance leaf > head
scope order specific > generic

A whitespace-separated list of conditions to meet to accept running a 'stop' action. A condition is expressed as <rid>(<state>,...). If states are omitted, up,stdby up is used as the default expected states.

subset

scopable True
required False
provisioning False
default None
inheritance leaf
scope order specific > generic

Assign the resource to a specific subset.

tags

scopable True
required False
provisioning False
default  
inheritance leaf > head
scope order specific > generic
convert set

A list of tags. Arbitrary tags can be used to limit action scope to resources with a specific tag. Some tags can influence the driver behaviour. For example noaction avoids any state changing action from the driver and implies optional=true, nostatus forces the status to n/a.

timeout

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert duration

Wait for <duration> before declaring the task run action a failure. If no timeout is set, the agent waits indefinitely for the task command to exit.

unprovision

scopable True
required False
provisioning False
default True
inheritance leaf > head
scope order specific > generic
candidates True | False
convert boolean

Set to false to skip the resource on unprovision actions. Warning: Unprovisioning does not keep a copy of the service data.

unprovision_requires

scopable True
required False
provisioning False
default  
inheritance leaf > head
scope order specific > generic

A whitespace-separated list of conditions to meet to accept running a 'unprovision' action. A condition is expressed as <rid>(<state>,...). If states are omitted, up,stdby up is used as the default expected states.

user

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

The user to impersonate when running the task command. The default user is root.