container.oci
Minimal configlet:
[container#1]
type = oci
Minimal setup command:
om test/svc/foo set --kw="type=oci"
blocking_post_provision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors interrupt the action.
blocking_post_start
required: false
scopable: true
A command or script to execute after the resource start action.
Errors interrupt the action.
blocking_post_stop
required: false
scopable: true
A command or script to execute after the resource stop action.
Errors interrupt the action.
blocking_post_unprovision
required: false
scopable: true
A command or script to execute after the resource unprovision action.
Errors interrupt the action.
blocking_pre_provision
required: false
scopable: true
A command or script to execute before the resource provision action.
Errors interrupt the action.
blocking_pre_start
required: false
scopable: true
A command or script to execute before the resource start action.
Errors interrupt the action.
blocking_pre_stop
required: false
scopable: true
A command or script to execute before the resource stop action.
Errors interrupt the action.
blocking_pre_unprovision
required: false
scopable: true
A command or script to execute before the resource unprovision action.
Errors interrupt the action.
command
required: false
scopable: true
convert: shlex
Example:
command = /opt/tomcat/bin/catalina.sh
The command to execute in the docker container on run.
comment
required: false
scopable: false
Comments help the users understand the role of the object and its resources.
configs_environment
required: false
scopable: true
convert: shlex
Example:
configs_environment = PORT=http/port webapp/app1* {name}/* {name}-debug/settings
A whitespace-separated list of <var>=<cfg name>/<key path> or
<cfg name>/<key matcher>.
If the cfg or config key doesn't exist then start and stop actions on
the resource will fail with a non 0 exit code.
A shell expression splitter is applied, so double quotes can be around
<cfg name>/<key path> only or whole <var>=<cfg name>/<key path>.
Example with,
-
<ns>/cfg/nginxa config having auserkey with valueuser1. -
<ns>/cfg/cfg1a config having akey1key with valueval1.
configs_environment = NGINX_USER=nginx/user cfg1/* creates the following
variables in the container command execution environment:
NGINX_USER=user1
key1=val1
cwd
required: false
scopable: true
Example:
cwd = /opt/foo
The current working directory set for the executed command.
detach
required: false
scopable: true
default: true
convert: bool
Run container in background.
Set to false only for init containers, alongside start_timeout and the nostatus tag.
devices
required: false
scopable: true
convert: shlex
Example:
devices = myvol1:/dev/xvda myvol2:/dev/xvdb
The whitespace-separated list of <host devpath>:<containerized devpath>
exposing host devices as container devices.
disable
required: false
scopable: true
convert: bool
A disabled resource will be ignored on start, stop, provision and
unprovision actions.
A disabled resource status is n/a.
If set in the DEFAULT section of an object, the object is disabled and
ignores start, stop, shutdown, provision and unprovision actions.
These actions immediately return success.
om <path> disable sets DEFAULT.disable=true.
om <path> enable sets DEFAULT.disable=false.
Note: The
enableanddisableactions preserve the individual resourcedisablestate.
dns_search
required: false
scopable: true
convert: list
Example:
dns_search = opensvc.com
The whitespace-separated list of DNS domains to search for shortname lookups.
If empty or not set, the list will be <name>.<namespace>.svc.<clustername> <namespace>.svc.<clustername> svc.<clustername>.
encap
required: false
scopable: false
convert: bool
Set to true to ignore this resource in the nodes context and consider it in the encapnodes context. The resource is thus handled by agents deployed in the service containers.
entrypoint
required: false
scopable: true
convert: shlex
Example:
entrypoint = /bin/sh
The script or binary executed in the container.
The entrypoint args must be set in command.
environment
required: false
scopable: true
convert: shlex
Example:
environment = KEY=cert1/server.key PASSWORD=db/password
A whitespace-separated list of <var>=<value>.
A shell expression spliter is applied, so double quotes can be around
<value> only or whole <var>=<value>.
guest_os
required: false
scopable: true
candidates: unix, windows
default: unix
Example:
guest_os = unix
The name of the operating system in the virtual machine.
hostname
required: false
scopable: true
Example:
hostname = nginx1
Set the container hostname. If not set, a unique id is used.
image
required: false
scopable: true
default: ghcr.io/opensvc/pause
The docker image pull, and run the container with.
image_pull_policy
required: false
scopable: true
candidates: once, always
Example:
image_pull_policy = once
The docker image pull policy.
-
alwaysPull upon each container start.
-
oncePull if not already pulled (default).
init
required: false
scopable: true
default: true
convert: bool
Run an init inside the container that forwards signals and reaps processes.
interactive
required: false
scopable: true
convert: bool
Keep stdin open even if not attached.
To use if the container entrypoint is a shell.
ipcns
required: false
scopable: true
Example:
ipcns = container#0
-
empty
The docker daemon's default value is used.
-
none
Do not mount /dev/shm.
-
privateCreate a ipcns other containers can not share.
-
shareableCreate a ipcns other containers can share.
-
container#<i>Share the
container#<i>ipcns.
log_outputs
required: false
scopable: true
default: false
convert: bool
Log the container run commands stdout and stderr
Set to true to enable logging of container run commands.
monitor
required: false
scopable: true
convert: bool
A resource with monitor=true will trigger the monitor_action
(crash or reboot the node, freezestop or switch the service) if:
-
The resource is
down. -
The instance has
local_expect=startedin its daemon monitor data, which means the daemon considers this instance is and should remain started. -
All restart tentatives failed.
name
required: false
scopable: true
default: Autogenerated using a `<namespace>..<object name>.container.<resource index>`
template.
Example:
name = osvcprd..rundeck.container.db
The name to assign to the container on docker run.
If not set, a <namespace>..<name>.container.<rid idx> name is automatically
assigned.
netns
required: false
scopable: true
Example:
netns = container#0
-
empty or
noneThe container has a private netns other
container,ip.netnsorip.cniresources can share. -
<rid>The id of the resource that has the network namespace this container joins.
For example, a container with
netns=container#0will share thecontainer#0netns. -
hostShare the host network namespace.
no_preempt_abort
required: false
scopable: true
convert: bool
If true, the agent will preempt the scsi3 persistent reservation with a preempt
command instead of a preempt and and abort.
Some scsi target implementations do not support preempt and and abort (esx).
optional
required: false
scopable: true
convert: bool
Action errors on optional resources are logged but do not interrupt the action sequence.
The status of optional resources is not included in the instance availability status but is considered in the overall status.
The status of task and sync resources is always included in the overall status, regardless of whether they are marked as optional.
Resources tagged as noaction are considered optional by default.
Dump filesystems are a typical use case for optional=true.
osvc_root_path
required: false
scopable: true
Example:
osvc_root_path = /opt/opensvc
If the OpenSVC agent is installed via package in the container, this keyword must not be set.
Else the value can be set to the fullpath hosting the agent installed from sources.
pg_blkio_weight
required: false
scopable: true
Example:
pg_blkio_weight = 50
Block IO relative weight. Value: between 10 and 1000.
The kernel default is 1000.
pg_cpu_quota
required: false
scopable: true
Example:
pg_cpu_quota = 50%@all
The kernel default value is used, which usually is 1024 shares.
In a cpu-bound situation, this setting ensures the service does not use more than its share of cpu resource. The actual percentile depends on shares allowed to other services.
pg_cpu_shares
required: false
scopable: true
convert: size
Example:
pg_cpu_shares = 512
The kernel default value is used, which usually is 1024 shares.
In a cpu-bound situation, this setting ensures the service does not use more than its share of cpu resource. The actual percentile depends on shares allowed to other services.
pg_cpus
required: false
scopable: true
depends: create_pg=true
Example:
pg_cpus = 0-2
Allow service process to bind only the specified cpus.
Cpus are specified as list or range : 0,1,2 or 0-2.
pg_mem_limit
required: false
scopable: true
convert: size
Example:
pg_mem_limit = 512m
Ensures the service does not use more than specified memory (in bytes).
The Out-Of-Memory killer is triggered in case of tresspassing.
pg_mem_oom_control
required: false
scopable: true
Example:
pg_mem_oom_control = 1
A flag (0 or 1) that enables or disables the Out of Memory killer for the processes of the group.
- If enabled (0), tasks that attempt to consume more memory than they are allowed are immediately killed by the OOM killer.
- If disabled (1), tasks are allowed to continue to try allocating memory, stressing the system.
The OOM killer is enabled by default in every cgroup using the memory controller.
pg_mem_swappiness
required: false
scopable: true
Example:
pg_mem_swappiness = 40
Set a swappiness percentile value for the process group.
pg_mems
required: false
scopable: true
Example:
pg_mems = 0-2
Allow service process to bind only the specified memory nodes.
Memory nodes are specified as list or range : 0,1,2 or 0-2.
pg_vmem_limit
required: false
scopable: true
convert: size
Example:
pg_vmem_limit = 1g
Ensures the service does not use more than specified memory+swap (in bytes).
The Out-Of-Memory killer is triggered in case of tresspassing.
The specified value must be greater than pg_mem_limit.
pidns
required: false
scopable: true
Example:
pidns = container#0
-
empty
The container has a private pidns other containers can share. Usually a pidns sharer will run a
pauseimage to reap zombies. -
container#<i>Share
container#<i>pidns. -
hostShare the host's pidns.
post_provision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
post_start
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
post_stop
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
post_unprovision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
pre_provision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
pre_start
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
pre_stop
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
pre_unprovision
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
privileged
required: false
scopable: true
convert: bool
Give extended privileges to the container.
prkey
required: false
scopable: true
A specific scsi3 persistent reservation key for the resource.
It overrides the object-level prkey and the node-level prkey.
provision
required: false
scopable: false
default: true
convert: bool
Set to false to ignore the provision and unprovision actions on the
resource.
Warning:
provisionandunprovisionuse data-destructive operations like formatting.
It is recommended to set provision=false on long-lived critical objects,
to force administrators to remove this setting when they really want to
destroy data.
provision_requires
required: false
scopable: false
Example:
provision_requires = ip#0 fs#0(down,stdby down)
A whitespace-separated list of conditions to meet to accept a 'provision' action.
A condition is expressed as <rid>(<state>,...).
If states are omitted, up,stdby up is used as the default expected states.
provision_timeout
required: false
scopable: true
convert: duration
Example:
provision_timeout = 1m30s
Wait for <duration> before declaring the action a failure.
Takes precedence over timeout.
pull_timeout
required: false
scopable: true
default: 2m
convert: duration
Example:
pull_timeout = 2m
Wait for <duration> before declaring the container action a failure.
registry_creds
required: false
scopable: true
Example:
registry_creds = creds-registry-opensvc-com
The name of a secret in the same namespace having a config.json key which
value is used to login to the container image registry.
If not specified, the node-level registry credential store is used.
restart
required: false
scopable: true
default: 0
convert: int
The daemon will try to restart a resource if:
-
The resource is
down,stdby downorwarn. -
The instance has
local_expect=startedin its daemon monitor data, which means the daemon considers this instance is and should remain started. -
The node is not frozen
-
The instance is not frozen
In this case, the daemon try restart=<n> times before falling back to the
monitor action.
The restart_delay keyword sets the interval after a failed restart before
the next tentative.
Resources with standby=true have restart forced to a minimum of 2, to
increase chances of a restart success.
restart_delay
required: false
scopable: true
default: 500ms
convert: duration
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
rm
required: false
scopable: true
convert: bool
Example:
rm = false
If rm=true, the container instance is removed when the resource is stopped. If detach=false, the driver automatically behaves as if rm=true.
run_args
required: false
scopable: true
convert: shlex
Example:
run_args = -v /opt/docker.opensvc.com/vol1:/vol1:rw -p 37.59.71.25:8080:8080
Extra arguments to pass to the docker run command, like volume and port mappings.
scsireserv
required: false
scopable: false
convert: bool
If true, try to acquire a type-5 (write exclusive, registrant only) scsi3
persistent reservation on every path to every disk used by this resource.
Existing reservations are preempted to not block service failover.
If the start was not legitimate the data are still protected from being
written concurrently from all nodes.
secrets_environment
required: false
scopable: true
convert: shlex
Example:
secrets_environment = CRT=cert1/server.pem sec1/*
A whitespace-separated list of <var>=<sec name>/<key path> or
<sec name>/<key matcher>.
If the sec or secret key doesn't exist then start and stop actions on
the resource will fail with a non 0 exit code.
A shell expression splitter is applied, so double quotes can be around
<sec name>/<key path> only or whole <var>=<sec name>/<key path>.
Example with,
-
<ns>/sec/cert1a secret having aserver.pemkey with valuemycrt. -
<ns>/sec/sec1a secret having akey1key with valueval1.
secrets_environment = CRT=cert1/server.pem sec1/* creates the following
variables in the container command execution environment:
CRT=mycrt
key1=val1
shared
required: false
scopable: true
convert: bool
If true, the resource will be considered shared during provision and
unprovision actions.
A shared resource driver can implement a different behaviour depending on weither it is run from the leader instance, or not:
-
When
--leaderis set, the driver creates and configures the system objects. For example the disk.disk driver allocates a SAN disk and discover its block devices. -
When
--leaderis not set, the driver does not redo the actions already done by the leader, but may do some. For example, the disk.disk driver skips the SAN disk allocation, but discovers the block devices.
The daemon takes care of setting the --leader flags on the commands
it submits during deploy, purge, provision and unprovision
orchestrations.
Warning: If admins want to submit
--localprovision or unprovision commands themselves, they have to set the--leaderflag correctly.
Flex objects usually don't use shared resources. But if they do, only
the flex primary gets --leader commands.
Warning: All resources depending on a shared resource must also be flagged as shared.
standby
required: false
scopable: true
convert: bool
If true, always start the resource, even on non-started instances.
The daemon is responsible for starting standby resources.
A resource can be set standby on a subset of nodes using keyword scoping.
A typical use-case is a synchronized filesystem on non-shared disks. The remote filesystem must be mounted to not overflow the underlying filesystem.
Warning: In most situation, don't set shared resources standby, a non-clustered fs on shared disks for example.
start_requires
required: false
scopable: false
Example:
start_requires = ip#0 fs#0(down,stdby down)
A whitespace-separated list of conditions to meet to accept a 'start' action.
A condition is expressed as <rid>(<state>,...).
If states are omitted, up,stdby up is used as the default expected states.
start_timeout
required: false
scopable: true
default: 5s
convert: duration
Example:
start_timeout = 1m5s
Wait for <duration> before declaring the container action a failure.
stat_timeout
required: false
scopable: true
convert: duration
The fs resources status evaluation includes a stat syscall test. This keyword defines the maximum wait time for those stat calls to respond.
When expired, the resource status is degraded is to warn, which can trigger a monitor action (reboot or crash the node) if the resource is monitored.
status_timeout
required: false
scopable: true
default: 1m
convert: duration
Example:
status_timeout = 10s
The maximum duration of the instance status evaluation.
For example, the total start action duration is constrained by different timeouts:
-
the
start_timeoutLimiting the start action duration. -
the
stop_timeoutLimiting the start rollback duration triggered by start errors. -
the
status_timeoutLimiting the post-start instance status evaluation duration.
stop_requires
required: false
scopable: false
Example:
stop_requires = ip#0 fs#0(down,stdby down)
A whitespace-separated list of conditions to meet to accept a 'stop' action.
A condition is expressed as <rid>(<state>,...).
If states are omitted, up,stdby up is used as the default expected states.
stop_timeout
required: false
scopable: true
default: 2m30s
convert: duration
Example:
stop_timeout = 2m
Wait for <duration> before declaring the container action a failure.
subset
required: false
scopable: true
A command or script to execute after the resource provision action.
Errors do not interrupt the action.
sync_timeout
required: false
scopable: true
convert: duration
Example:
sync_timeout = 1m30s
Wait for <duration> before declaring the action a failure.
Takes precedence over timeout.
tags
required: false
scopable: true
convert: set
A whitespace-separated list of tags.
Tags can be used for resource selection by tag.
Some tags can influence the driver behaviour:
-
noactionSkip any state changing action on the resource and imply
optional=true. -
nostatusForce the status
n/a.
timeout
required: false
scopable: true
default: 1h
convert: duration
Example:
timeout = 2h
Wait for <duration> before declaring a state-changing action a failure.
A per-action <action>_timeout can override this value.
tty
required: false
scopable: true
convert: bool
Allocate a pseudo-tty.
type
required: false
scopable: false
The resource driver name.
unprovision
required: false
scopable: false
default: true
convert: bool
Set to false to ignore the unprovision action on the resource.
Warning:
unprovisionuse data-destructive operations like formatting.
It is recommended to set provision=false on long-lived critical objects,
to force administrators to remove this setting when they really want to
destroy data.
unprovision_requires
required: false
scopable: false
Example:
unprovision_requires = ip#0 fs#0(down,stdby down)
A whitespace-separated list of conditions to meet to accept a 'unprovision' action.
A condition is expressed as <rid>(<state>,...).
If states are omitted, up,stdby up is used as the default expected states.
unprovision_timeout
required: false
scopable: true
convert: duration
Example:
unprovision_timeout = 1m30s
Wait for <duration> before declaring the action a failure.
Takes precedence over timeout.
user
required: false
scopable: true
Example:
user = guest
The user that will run the command inside the container.
Also support the <user>:<group> syntax.
userns
required: false
scopable: true
Example:
userns = container#0
If not set, the container will have a private userns other containers can share.
A container with userns=host will share the host's userns.
utsns
required: false
scopable: true
candidates: , host
Example:
utsns = container#0
-
empty
The container has a private utsns.
-
hostThe container shares the host's hostname.
volume_mounts
required: false
scopable: true
convert: shlex
Example:
volume_mounts = myvol1:/vol1 myvol2:/vol2:rw /localdir:/data:ro
The whitespace-separated list of <volume name|local dir>:<containerized mount path>:<mount options>.
When the source is a local dir, the default <mount option> is rw.
When the source is a volume name, the default <mount option> is taken from volume access.