task.docker¶
Simplest configuration:
[task#0]
type = docker
image = 83f2a3dd2980 or ubuntu:latest
svcmgr -s <svcname> set --kw task#0.type=docker --kw task#0.image=83f2a3dd2980 or ubuntu:latest
command¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
convert | shlex |
The command to execute in the docker container on run.
devices¶
scopable | True |
required | False |
provisioning | False |
default | [] |
inheritance | leaf > head |
scope order | specific > generic |
convert | shlex |
The whitespace separated list of <host devpath>:<containerized devpath>
, specifying the host devices the container should have access to.
entrypoint¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
The script or binary executed in the container. Args must be set in command.
environment¶
scopable | True |
required | False |
provisioning | False |
default | [] |
inheritance | leaf > head |
scope order | specific > generic |
convert | shlex |
The whitespace separated list of <var>=<value>
. A shell expression spliter is applied, so double quotes can be around values only or whole <var>=<value>
. Variables are uppercased.
hostname¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
This need to be set if the virtual machine hostname is different from the machine name.
image¶
scopable | True |
required | True |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
The docker image pull, and run the container with.
image_pull_policy¶
scopable | True |
required | False |
provisioning | False |
default | once |
inheritance | leaf > head |
scope order | specific > generic |
candidates | once | always |
The docker image pull policy. always
pull upon each container start, once
pull if not already pulled (default).
interactive¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
convert | tristate |
Keep stdin open even if not attached. To use if the container entrypoint is a shell.
ipcns¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
Sets the docker run --ipc argument. If not set, the docker daemon's default value is used. ipcns=none
does not mount /dev/shm. ipcns=private
creates a ipcns other containers can not share. ipcns=shareable
creates a netns other containers can share. ipcns=container#0
will share the container#0 ipcns.
name¶
scopable | True |
required | False |
provisioning | False |
default | <autogenerated> |
inheritance | leaf > head |
scope order | specific > generic |
The name to assign to the container on docker run. If none is specified a <namespace>..<name>.container.<rid idx>
name is automatically assigned.
netns¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
Sets the docker run --net argument. The default is none
if --net is not specified in run_args, meaning the container will have a private netns other containers can share. A ip.netns or ip.cni resource can configure an ip address in this container. A container with netns=container#0
will share the container#0 netns. In this case agent format a --net=container:<name of container#0 docker instance>. netns=host
shares the host netns.
pidns¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
Sets the docker run --pid argument. If not set, the container will have a private pidns other containers can share. Usually a pidns sharer will run a google/pause image to reap zombies. A container with pidns=container#0
will share the container#0 pidns. In this case agent format a --pid=container:<name of container#0 docker instance>. Use pidns=host
to share the host's pidns.
privileged¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
convert | tristate |
Give extended privileges to the container.
rm¶
scopable | True |
required | False |
provisioning | False |
default | False |
inheritance | leaf > head |
scope order | specific > generic |
convert | boolean |
If set to true
, add --rm to the docker run args and make sure the instance is removed on resource stop.
run_args¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
convert | expanded_shlex |
Extra arguments to pass to the docker run command, like volume and port mappings.
start_timeout¶
scopable | True |
required | False |
provisioning | False |
default | 2 |
inheritance | leaf > head |
scope order | specific > generic |
convert | duration |
Wait for <duration> before declaring the container action a failure.
tty¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
convert | tristate |
Allocate a pseudo-tty.
userns¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
candidates | host | None |
Sets the docker run --userns argument. If not set, the container will have a private userns other containers can share. A container with userns=host
will share the host's userns.
utsns¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
candidates | None | host |
Sets the docker run --uts argument. If not set, the container will have a private utsns. A container with utsns=host
will share the host's hostname.
volume_mounts¶
scopable | True |
required | False |
provisioning | False |
default | [] |
inheritance | leaf > head |
scope order | specific > generic |
convert | shlex |
The whitespace separated list of <volume name|local dir>:<containerized mount path>:<mount options>
. When the source is a local dir, the default <mount option> is rw. When the source is a volume name, the default <mount option> is taken from volume access.
blocking_post_provision¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource provision action. Errors interrupt the action.
blocking_post_run¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource run action. Errors interrupt the action.
blocking_post_start¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource start action. Errors interrupt the action.
blocking_post_stop¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource stop action. Errors interrupt the action.
blocking_post_unprovision¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource unprovision action. Errors interrupt the action.
blocking_pre_provision¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource provision action. Errors interrupt the action.
blocking_pre_run¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource run action. Errors interrupt the action.
blocking_pre_start¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource start action. Errors interrupt the action.
blocking_pre_stop¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource stop action. Errors interrupt the action.
blocking_pre_unprovision¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource unprovision action. Errors interrupt the action.
check¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
candidates | None | last_run |
If set to 'last_run', the last run retcode is used to report a task resource status. If not set (default), the status of a task is always n/a.
comment¶
scopable | False |
required | False |
provisioning | False |
default | |
inheritance | leaf > head |
scope order | specific > generic |
Helps users understand the role of the service and resources, which is nice to on-call support people having to operate on a service they are not usually responsible for.
configs_environment¶
scopable | True |
required | False |
provisioning | False |
default | [] |
inheritance | leaf > head |
scope order | specific > generic |
convert | shlex |
The whitespace separated list of <var>=<config name>/<key path>
. A shell expression spliter is applied, so double quotes can be around <config name>/<key path>
only or whole <var>=<config name>/<key path>
. Variables are uppercased.
confirmation¶
scopable | True |
required | False |
provisioning | False |
default | False |
inheritance | leaf > head |
scope order | specific > generic |
candidates | True | False |
convert | boolean |
If set to True, ask for an interactive confirmation to run the task. This flag can be used for dangerous tasks like data-restore.
disable¶
scopable | True |
required | False |
provisioning | False |
default | False |
inheritance | leaf |
scope order | specific > generic |
candidates | True | False |
convert | boolean |
A disabled resource will be ignored on service startup and shutdown. Its status is always reported n/a
.
Set in DEFAULT, the whole service is disabled. A disabled service does not honor start and stop actions. These actions immediately return success.
sudo svcmgr -s <path> disable only sets DEFAULT.disable. As resources disabled state is not changed, sudo svcmgr -s <path> enable does not enable disabled resources.
encap¶
scopable | True |
required | False |
provisioning | False |
default | False |
inheritance | leaf > head |
scope order | specific > generic |
candidates | True | False |
convert | boolean |
Set to true
to ignore this resource in the nodes context and consider it in the encapnodes context. The resource is thus handled by the agents deployed in the service containers.
environment¶
scopable | True |
required | False |
provisioning | False |
default | [] |
inheritance | leaf > head |
scope order | specific > generic |
convert | shlex |
The whitespace separated list of <var>=<config name>/<key path>
. A shell expression spliter is applied, so double quotes can be around <config name>/<key path>
only or whole <var>=<config name>/<key path>
. Variables are uppercased.
log¶
scopable | True |
required | False |
provisioning | False |
default | True |
inheritance | leaf > head |
scope order | specific > generic |
convert | boolean |
Log the task outputs in the service log.
monitor¶
scopable | True |
required | False |
provisioning | False |
default | False |
inheritance | leaf > head |
scope order | specific > generic |
candidates | True | False |
convert | boolean |
A down monitored resource will trigger a node suicide if the monitor thinks it should be up and the resource can not be restarted.
on_error¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command to execute on run action if command returned an error.
optional¶
scopable | True |
required | False |
provisioning | False |
default | true for tasks, syncs and resources tagged 'noaction', else false |
inheritance | leaf > head |
scope order | specific > generic |
convert | tristate |
Action failures on optional resources are logged but do not stop the action sequence. Also the optional resource status is not aggregated to the instance 'availstatus', but aggregated to the 'overallstatus'. Resource tagged noaction and sync resources are automatically considered optional. Useful for resources like dump filesystems for example.
pg_blkio_weight¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf |
scope order | specific > generic |
depends | create_pg in [True] |
convert | integer |
Block IO relative weight. Value: between 10 and 1000. Kernel default: 1000.
pg_cpu_quota¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf |
scope order | specific > generic |
depends | create_pg in [True] |
The percent ratio of one core to allocate to the process group if % is specified, else the absolute value to set in the process group parameter. For example, on Linux cgroups, -1
means unlimited, and a positive absolute value means the number of microseconds to allocate each period. 50%@all
means 50% of all cores, and 50%@2
means 50% of two cores.
pg_cpus¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf |
scope order | specific > generic |
depends | create_pg in [True] |
Allow service process to bind only the specified cpus. Cpus are specified as list or range : 0,1,2 or 0-2
pg_mem_limit¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf |
scope order | specific > generic |
depends | create_pg in [True] |
convert | size |
Ensures the service does not use more than specified memory (in bytes). The Out-Of-Memory killer get triggered in case of tresspassing.
pg_mem_oom_control¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf |
scope order | specific > generic |
depends | create_pg in [True] |
convert | integer |
A flag (0 or 1) that enables or disables the Out of Memory killer for a cgroup. If enabled (0), tasks that attempt to consume more memory than they are allowed are immediately killed by the OOM killer. The OOM killer is enabled by default in every cgroup using the memory subsystem; to disable it, write 1.
pg_mem_swappiness¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf |
scope order | specific > generic |
depends | create_pg in [True] |
convert | integer |
Set a swappiness value for the process group.
pg_mems¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf |
scope order | specific > generic |
depends | create_pg in [True] |
Allow service process to bind only the specified memory nodes. Memory nodes are specified as list or range : 0,1,2 or 0-2
pg_vmem_limit¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf |
scope order | specific > generic |
depends | create_pg in [True] |
convert | size |
Ensures the service does not use more than specified memory+swap (in bytes). The Out-Of-Memory killer get triggered in case of tresspassing. The specified value must be greater than pg_mem_limit.
post_provision¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource provision action. Errors do not interrupt the action.
post_run¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource run action. Errors do not interrupt the action.
post_start¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource start action. Errors do not interrupt the action.
post_stop¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource stop action. Errors do not interrupt the action.
post_unprovision¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute after the resource unprovision action. Errors do not interrupt the action.
pre_provision¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource provision action. Errors do not interrupt the action.
pre_run¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource run action. Errors do not interrupt the action.
pre_start¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource start action. Errors do not interrupt the action.
pre_stop¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource stop action. Errors do not interrupt the action.
pre_unprovision¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
A command or script to execute before the resource unprovision action. Errors do not interrupt the action.
provision¶
scopable | True |
required | False |
provisioning | False |
default | True |
inheritance | leaf > head |
scope order | specific > generic |
candidates | True | False |
convert | boolean |
Set to false to skip the resource on provision and unprovision actions. Warning: provisioning implies destructive operations like formating. Unprovisioning does not keep a copy of the service data.
provision_requires¶
scopable | True |
required | False |
provisioning | False |
default | |
inheritance | leaf > head |
scope order | specific > generic |
A whitespace-separated list of conditions to meet to accept running a 'provision' action. A condition is expressed as <rid>(<state>,...)
. If states are omitted, up,stdby up
is used as the default expected states.
restart¶
scopable | True |
required | False |
provisioning | False |
default | 0 |
inheritance | leaf > head |
scope order | specific > generic |
convert | integer |
The agent will try to restart a resource <n> times before falling back to the monitor action. A resource restart is triggered if the resource is not disabled and its status is not up, and the node is not frozen, and the service instance is not frozen and its local expect is set to started
. If a resource has a restart set to a value >0, its status is evaluated at the frequency defined by DEFAULT.monitor_schedule instead of the frequency defined by DEFAULT.status_schedule.
run_requires¶
scopable | True |
required | False |
provisioning | False |
default | |
inheritance | leaf > head |
scope order | specific > generic |
A whitespace-separated list of conditions to meet to accept running a 'run' action. A condition is expressed as <rid>(<state>,...)
. If states are omitted, up,stdby up
is used as the default expected states.
schedule¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
Set the this task run schedule. See usr/share/doc/node.conf
for the schedule syntax reference.
secrets_environment¶
scopable | True |
required | False |
provisioning | False |
default | [] |
inheritance | leaf > head |
scope order | specific > generic |
convert | shlex |
A whitespace separated list of <var>=<secret name>/<key path>
. A shell expression spliter is applied, so double quotes can be around <secret name>/<key path>
only or whole <var>=<secret name>/<key path>
. Variables are uppercased.
snooze¶
scopable | True |
required | False |
provisioning | False |
default | 0 |
inheritance | leaf > head |
scope order | specific > generic |
convert | duration |
Snooze the service before running the task, so if the command is known to cause a service status degradation the user can decide to snooze alarms for the duration set as value.
standby¶
scopable | True |
required | False |
provisioning | False |
default | False |
inheritance | leaf > head |
scope order | specific > generic |
candidates | True | False |
convert | boolean |
Always start the resource, even on standby instances. The daemon is responsible for starting standby resources. A resource can be set standby on a subset of nodes using keyword scoping.
A typical use-case is sync'ed fs on non-shared disks: the remote fs must be mounted to not overflow the underlying fs.
Warning
Don't set shared resources standby: fs on shared disks for example.
start_requires¶
scopable | True |
required | False |
provisioning | False |
default | |
inheritance | leaf > head |
scope order | specific > generic |
A whitespace-separated list of conditions to meet to accept running a 'start' action. A condition is expressed as <rid>(<state>,...)
. If states are omitted, up,stdby up
is used as the default expected states.
stop_requires¶
scopable | True |
required | False |
provisioning | False |
default | |
inheritance | leaf > head |
scope order | specific > generic |
A whitespace-separated list of conditions to meet to accept running a 'stop' action. A condition is expressed as <rid>(<state>,...)
. If states are omitted, up,stdby up
is used as the default expected states.
subset¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf |
scope order | specific > generic |
Assign the resource to a specific subset.
tags¶
scopable | True |
required | False |
provisioning | False |
default | |
inheritance | leaf > head |
scope order | specific > generic |
convert | set |
A list of tags. Arbitrary tags can be used to limit action scope to resources with a specific tag. Some tags can influence the driver behaviour. For example noaction avoids any state changing action from the driver and implies optional=true
, nostatus forces the status to n/a.
timeout¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
convert | duration |
Wait for <duration> before declaring the task run action a failure. If no timeout is set, the agent waits indefinitely for the task command to exit.
unprovision¶
scopable | True |
required | False |
provisioning | False |
default | True |
inheritance | leaf > head |
scope order | specific > generic |
candidates | True | False |
convert | boolean |
Set to false to skip the resource on unprovision actions. Warning: Unprovisioning does not keep a copy of the service data.
unprovision_requires¶
scopable | True |
required | False |
provisioning | False |
default | |
inheritance | leaf > head |
scope order | specific > generic |
A whitespace-separated list of conditions to meet to accept running a 'unprovision' action. A condition is expressed as <rid>(<state>,...)
. If states are omitted, up,stdby up
is used as the default expected states.
user¶
scopable | True |
required | False |
provisioning | False |
default | None |
inheritance | leaf > head |
scope order | specific > generic |
The user to impersonate when running the task command. The default user is root.