Keep the shutdown helper active during normal system operation and run the
managed container stop path from ExecStop when shutdown begins.
This makes the container stop happen before the general system teardown,
so network and CCCS are still available and reboot is less likely to
block waiting for late shutdown ordering.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Currently only the CCMP25 and CC95 will officially support containers.
For these platforms, "/root" is a common path with enough free space.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
As cc-containerd uses DRM to publish metrics, start the service after
cccs (this is optional, as the container will retry it) and stop our
service before cccsd (to do our best to try to upload the STOP status
to DRM)
https://onedigi.atlassian.net/browse/DEL-10035
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
There is no need to have a dedicated folder, as we only use a configuration
file. Other data is stored in a different path.
https://onedigi.atlassian.net/browse/DEL-10035
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Enable netavark bridge networking in the trimmed Podman recipe
so container images support publish-port arguments
such as -p 80:8080 and restore iptables dependency.
It's needed to install iptables-modules because it is not
populated due to NO_RECOMMENDATIONS.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Mark the trimmed runtime variants as conflicting with the standard
packages so images cannot include both Podman or LXC flavors at the
same time.
This avoids ambiguous runtime layouts and configuration ownership when a
minimal container-manager image uses the trimmed packages while other
images may select the standard runtimes.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Generate /etc/containers/containers.conf so Podman does not depend on
its internal default network backend at runtime.
If not, at runtime, the default podman network fails with:
"""
Error: could not find "netavark" in one of {[/usr/local/libexec/podman /usr/local/l
ib/podman /usr/libexec/podman /usr/lib/podman] {<nil>}}. To resolve this error, se
t the helper_binaries_dir key in the `[engine]` section of containers.conf to the d
irectory containing your helper binaries.
"""
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Set KillMode=process in the systemd unit so 'systemctl stop
cc-containerd' only terminates the daemon itself.
Without this, systemd uses the default control-group kill mode and
can terminate container processes that share the service cgroup,
which changes container runtime state when the service is stopped.
https://onedigi.atlassian.net/browse/DEL-9963https://onedigi.atlassian.net/browse/DEL-10005
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Add dedicated trimmed runtime wrappers for LXC and Podman in
meta-digi-containers so dey-image-container-manager can install
reduced container runtimes without affecting other DEY images.
https://onedigi.atlassian.net/browse/DEL-9996
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Isaac Hermida