container.oci

Simplest configuration:

[container#0]
type = oci
image = 83f2a3dd2980 or ubuntu:latest
svcmgr -s <svcname> set --kw container#0.type=oci --kw container#0.image=83f2a3dd2980 or ubuntu:latest

command

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

shlex

The command to execute in the docker container on run.

configs_environment

scopable

True

required

False

provisioning

False

default

[]

inheritance

leaf > head

scope order

specific > generic

convert

shlex

The whitespace separated list of <var>=<config name>/<key path>. A shell expression spliter is applied, so double quotes can be around <config name>/<key path> only or whole <var>=<config name>/<key path>. Variables are uppercased.

detach

scopable

True

required

False

provisioning

False

default

True

inheritance

leaf > head

scope order

specific > generic

convert

boolean

Run container in background. Set to false only for init containers, alongside start_timeout and the nostatus tag.

devices

scopable

True

required

False

provisioning

False

default

[]

inheritance

leaf > head

scope order

specific > generic

convert

shlex

The whitespace separated list of <host devpath>:<containerized devpath>, specifying the host devices the container should have access to.

entrypoint

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

The script or binary executed in the container. Args must be set in command.

environment

scopable

True

required

False

provisioning

False

default

[]

inheritance

leaf > head

scope order

specific > generic

convert

shlex

The whitespace separated list of <var>=<value>. A shell expression spliter is applied, so double quotes can be around values only or whole <var>=<value>. Variables are uppercased.

guestos

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

candidates

unix | windows

The operating system in the virtual machine.

hostname

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

Set the container hostname. If not set, a unique id is used.

image

scopable

True

required

True

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

The docker image pull, and run the container with.

image_pull_policy

scopable

True

required

False

provisioning

False

default

once

inheritance

leaf > head

scope order

specific > generic

candidates

once | always

The docker image pull policy. always pull upon each container start, once pull if not already pulled (default).

interactive

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

tristate

Keep stdin open even if not attached. To use if the container entrypoint is a shell.

ipcns

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

Sets the docker run –ipc argument. If not set, the docker daemon’s default value is used. ipcns=none does not mount /dev/shm. ipcns=private creates a ipcns other containers can not share. ipcns=shareable creates a netns other containers can share. ipcns=container#0 will share the container#0 ipcns.

name

scopable

True

required

False

provisioning

False

default

<autogenerated>

inheritance

leaf > head

scope order

specific > generic

The name to assign to the container on docker run. If none is specified a <namespace>..<name>.container.<rid idx> name is automatically assigned.

netns

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

Sets the docker run –net argument. The default is none if –net is not specified in run_args, meaning the container will have a private netns other containers can share. A ip.netns or ip.cni resource can configure an ip address in this container. A container with netns=container#0 will share the container#0 netns. In this case agent format a –net=container:<name of container#0 docker instance>. netns=host shares the host netns.

no_preempt_abort

scopable

True

required

False

provisioning

False

default

False

inheritance

leaf > head

scope order

specific > generic

candidates

True | False

convert

boolean

If set to true, OpenSVC will preempt scsi reservation with a preempt command instead of a preempt and and abort. Some scsi target implementations do not support this last mode (esx). If set to false or not set, no_preempt_abort can be activated on a per-resource basis.

osvc_root_path

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

If the OpenSVC agent is installed via package in the container, this parameter must not be set. Else the value can be set to the fullpath hosting the agent installed from sources.

pidns

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

Sets the docker run –pid argument. If not set, the container will have a private pidns other containers can share. Usually a pidns sharer will run a google/pause image to reap zombies. A container with pidns=container#0 will share the container#0 pidns. In this case agent format a –pid=container:<name of container#0 docker instance>. Use pidns=host to share the host’s pidns.

privileged

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

tristate

Give extended privileges to the container.

promote_rw

scopable

False

required

False

provisioning

False

default

False

inheritance

leaf > head

scope order

specific > generic

candidates

True | False

convert

boolean

If set to true, OpenSVC will try to promote the base devices to read-write on start.

pull_timeout

scopable

True

required

False

provisioning

False

default

2m

inheritance

leaf > head

scope order

specific > generic

convert

duration

Wait for <duration> before declaring the container action a failure.

registry_creds

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

The name of a secret in the same namespace having a config.json key which value is used to login to the container image registry. If not specified, the node-level registry credential store is used.

rm

scopable

True

required

False

provisioning

False

default

False

inheritance

leaf > head

scope order

specific > generic

convert

boolean

If set to true, add –rm to the docker run args and make sure the instance is removed on resource stop.

run_args

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

expanded_shlex

Extra arguments to pass to the docker run command, like volume and port mappings.

scsireserv

scopable

False

required

False

provisioning

False

default

False

inheritance

leaf > head

scope order

specific > generic

candidates

True | False

convert

boolean

If set to true, OpenSVC will try to acquire a type-5 (write exclusive, registrant only) scsi3 persistent reservation on every path to every disks held by this resource. Existing reservations are preempted to not block service start-up. If the start-up was not legitimate the data are still protected from being written over from both nodes. If set to false or not set, scsireserv can be activated on a per-resource basis.

secrets_environment

scopable

True

required

False

provisioning

False

default

[]

inheritance

leaf > head

scope order

specific > generic

convert

shlex

A whitespace separated list of <var>=<secret name>/<key path>. A shell expression spliter is applied, so double quotes can be around <secret name>/<key path> only or whole <var>=<secret name>/<key path>. Variables are uppercased.

start_timeout

scopable

True

required

False

provisioning

False

default

5

inheritance

leaf > head

scope order

specific > generic

convert

duration

Wait for <duration> before declaring the container action a failure.

stop_timeout

scopable

True

required

False

provisioning

False

default

120

inheritance

leaf > head

scope order

specific > generic

convert

duration

Wait for <duration> before declaring the container action a failure.

tty

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

tristate

Allocate a pseudo-tty.

user

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

Sets the docker run –user argument.

userns

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

candidates

host | None

Sets the docker run –userns argument. If not set, the container will have a private userns other containers can share. A container with userns=host will share the host’s userns.

utsns

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

candidates

None | host

Sets the docker run –uts argument. If not set, the container will have a private utsns. A container with utsns=host will share the host’s hostname.

volume_mounts

scopable

True

required

False

provisioning

False

default

[]

inheritance

leaf > head

scope order

specific > generic

convert

shlex

The whitespace separated list of <volume name|local dir>:<containerized mount path>:<mount options>. When the source is a local dir, the default <mount option> is rw. When the source is a volume name, the default <mount option> is taken from volume access.

blocking_post_provision

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource provision action. Errors interrupt the action.

blocking_post_start

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource start action. Errors interrupt the action.

blocking_post_startstandby

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource startstandby action. Errors interrupt the action.

blocking_post_stop

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource stop action. Errors interrupt the action.

blocking_post_unprovision

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource unprovision action. Errors interrupt the action.

blocking_pre_provision

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource provision action. Errors interrupt the action.

blocking_pre_start

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource start action. Errors interrupt the action.

blocking_pre_startstandby

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource startstandby action. Errors interrupt the action.

blocking_pre_stop

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource stop action. Errors interrupt the action.

blocking_pre_unprovision

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource unprovision action. Errors interrupt the action.

comment

scopable

False

required

False

provisioning

False

default

inheritance

leaf > head

scope order

specific > generic

Helps users understand the role of the service and resources, which is nice to on-call support people having to operate on a service they are not usually responsible for.

disable

scopable

True

required

False

provisioning

False

default

False

inheritance

leaf

scope order

specific > generic

candidates

True | False

convert

boolean

A disabled resource will be ignored on service startup and shutdown. Its status is always reported n/a.

Set in DEFAULT, the whole service is disabled. A disabled service does not honor start and stop actions. These actions immediately return success.

om <path> disable only sets DEFAULT.disable. As resources disabled state is not changed, om <path> enable does not enable disabled resources.

encap

scopable

True

required

False

provisioning

False

default

False

inheritance

leaf > head

scope order

specific > generic

candidates

True | False

convert

boolean

Set to true to ignore this resource in the nodes context and consider it in the encapnodes context. The resource is thus handled by the agents deployed in the service containers.

monitor

scopable

True

required

False

provisioning

False

default

False

inheritance

leaf > head

scope order

specific > generic

candidates

True | False

convert

boolean

A down monitored resource will trigger a node suicide if the monitor thinks it should be up and the resource can not be restarted.

optional

scopable

True

required

False

provisioning

False

default

true for tasks, syncs and resources tagged “noaction”, else false

inheritance

leaf > head

scope order

specific > generic

convert

tristate

Action failures on optional resources are logged but do not stop the action sequence. Also the optional resource status is not aggregated to the instance “availstatus”, but aggregated to the “overallstatus”. Resource tagged noaction and sync resources are automatically considered optional. Useful for resources like dump filesystems for example.

pg_blkio_weight

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

depends

create_pg in [True]

convert

integer

Block IO relative weight. Value: between 10 and 1000. Kernel default: 1000.

pg_cpu_quota

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

depends

create_pg in [True]

The percent ratio of one core to allocate to the process group if % is specified, else the absolute value to set in the process group parameter. For example, on Linux cgroups, -1 means unlimited, and a positive absolute value means the number of microseconds to allocate each period. 50%@all means 50% of all cores, and 50%@2 means 50% of two cores.

pg_cpu_shares

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

depends

create_pg in [True]

convert

integer

Kernel default value is used, which usually is 1024 shares. In a cpu-bound situation, ensure the service does not use more than its share of cpu ressource. The actual percentile depends on shares allowed to other services.

pg_cpus

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

depends

create_pg in [True]

Allow service process to bind only the specified cpus. Cpus are specified as list or range : 0,1,2 or 0-2

pg_mem_limit

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

depends

create_pg in [True]

convert

size

Ensures the service does not use more than specified memory (in bytes). The Out-Of-Memory killer get triggered in case of tresspassing.

pg_mem_oom_control

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

depends

create_pg in [True]

convert

integer

A flag (0 or 1) that enables or disables the Out of Memory killer for a cgroup. If enabled (0), tasks that attempt to consume more memory than they are allowed are immediately killed by the OOM killer. The OOM killer is enabled by default in every cgroup using the memory subsystem; to disable it, write 1.

pg_mem_swappiness

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

depends

create_pg in [True]

convert

integer

Set a swappiness value for the process group.

pg_mems

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

depends

create_pg in [True]

Allow service process to bind only the specified memory nodes. Memory nodes are specified as list or range : 0,1,2 or 0-2

pg_vmem_limit

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

depends

create_pg in [True]

convert

size

Ensures the service does not use more than specified memory+swap (in bytes). The Out-Of-Memory killer get triggered in case of tresspassing. The specified value must be greater than pg_mem_limit.

post_provision

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource provision action. Errors do not interrupt the action.

post_start

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource start action. Errors do not interrupt the action.

post_startstandby

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource startstandby action. Errors do not interrupt the action.

post_stop

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource stop action. Errors do not interrupt the action.

post_unprovision

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute after the resource unprovision action. Errors do not interrupt the action.

pre_provision

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource provision action. Errors do not interrupt the action.

pre_start

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource start action. Errors do not interrupt the action.

pre_startstandby

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource startstandby action. Errors do not interrupt the action.

pre_stop

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource stop action. Errors do not interrupt the action.

pre_unprovision

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

A command or script to execute before the resource unprovision action. Errors do not interrupt the action.

provision

scopable

True

required

False

provisioning

False

default

True

inheritance

leaf > head

scope order

specific > generic

candidates

True | False

convert

boolean

Set to false to skip the resource on provision and unprovision actions. Warning: Provision implies destructive operations like formating. Unprovision destroys service data.

provision_requires

scopable

True

required

False

provisioning

False

default

inheritance

leaf > head

scope order

specific > generic

A whitespace-separated list of conditions to meet to accept running a “provision” action. A condition is expressed as <rid>(<state>,...). If states are omitted, up,stdby up is used as the default expected states.

restart

scopable

True

required

False

provisioning

False

default

0

inheritance

leaf > head

scope order

specific > generic

convert

integer

The agent will try to restart a resource <n> times before falling back to the monitor action. A resource restart is triggered if :the resource is not disabled and its status is not up, and the node is not frozen, and the service instance is not frozen and its local expect is set to started. If a resource has a restart set to a value >0, its status is evaluated at the frequency defined by DEFAULT.monitor_schedule instead of the frequency defined by DEFAULT.status_schedule. restart_delay defines the interval between two restarts. Standby resources have a particular value to ensure best effort to restart standby resources, default value is 2, and value lower than 2 are changed to 2.

restart_delay

scopable

True

required

False

provisioning

False

default

0

inheritance

leaf > head

scope order

specific > generic

convert

duration

Define minimum delay between two triggered restarts of a same resource (used when :kw:`restart`is defined). Default value is 0 (no delay).

shared

scopable

True

required

False

provisioning

False

default

False

inheritance

leaf > head

scope order

specific > generic

candidates

True | False

convert

boolean

Set to true to skip the resource on provision and unprovision actions if the action has already been done by a peer. Shared resources, like vg built on SAN disks must be provisioned once. All resources depending on a shared resource must also be flagged as shared.

standby

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

tristate

Always start the resource, even on standby instances. The daemon is responsible for starting standby resources. A resource can be set standby on a subset of nodes using keyword scoping.

A typical use-case is sync’ed fs on non-shared disks: the remote fs must be mounted to not overflow the underlying fs.

Avertissement

Don’t set shared resources standby: fs on shared disks for example.

start_requires

scopable

True

required

False

provisioning

False

default

inheritance

leaf > head

scope order

specific > generic

A whitespace-separated list of conditions to meet to accept running a “start” action. A condition is expressed as <rid>(<state>,...). If states are omitted, up,stdby up is used as the default expected states.

stop_requires

scopable

True

required

False

provisioning

False

default

inheritance

leaf > head

scope order

specific > generic

A whitespace-separated list of conditions to meet to accept running a “stop” action. A condition is expressed as <rid>(<state>,...). If states are omitted, up,stdby up is used as the default expected states.

subset

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf

scope order

specific > generic

Assign the resource to a specific subset.

tags

scopable

True

required

False

provisioning

False

default

inheritance

leaf > head

scope order

specific > generic

convert

set

A list of tags. Arbitrary tags can be used to limit action scope to resources with a specific tag. Some tags can influence the driver behaviour. For example noaction avoids any state changing action from the driver and implies optional=true, nostatus forces the status to n/a.

unprovision

scopable

True

required

False

provisioning

False

default

True

inheritance

leaf > head

scope order

specific > generic

candidates

True | False

convert

boolean

Set to false to skip the resource on unprovision actions. Warning: Unprovision destroys service data.

unprovision_requires

scopable

True

required

False

provisioning

False

default

inheritance

leaf > head

scope order

specific > generic

A whitespace-separated list of conditions to meet to accept running a “unprovision” action. A condition is expressed as <rid>(<state>,...). If states are omitted, up,stdby up is used as the default expected states.