Configure HealthCheck with podman update

[Honny1]

New flags in a podman update can change the configuration of HealthCheck when the container is started, without having to restart or recreate the container.

This can help determine why a given container suddenly started failing HealthCheck without interfering with the services it provides. For example, reconfigure HealthCheck to keep logs longer than the usual last X results, store logs to other destinations, etc.

These flags are added to the podman update command:

• --health-cmd string: set a healthcheck command for the container ('none' disables the existing healthcheck)
• --health-interval string: set an interval for the healthcheck (a value of disable results in no automatic timer setup)(Changing this setting resets timer.) (default "30s")
• --health-log-destination string:  set the destination of the HealthCheck log. Directory path, local or events_logger (local use container state file)(Warning: Changing this setting may cause the loss of previous logs.) (default "local")
• --health-max-log-count uint: set maximum number of attempts in the HealthCheck log file. ('0' value means an infinite number of attempts in the log file) (default 5)
• --health-max-log-size uint: set maximum length in characters of stored HealthCheck log. ('0' value means an infinite log length) (default 500)
• --health-on-failure string: action to take once the container turns unhealthy (default "none")
• --health-retries uint: the number of retries allowed before a healthcheck is considered to be unhealthy (default 3)
• --health-start-period string: the initialization time needed for a container to bootstrap (default "0s")
• --health-startup-cmd string: Set a startup healthcheck command for the container
• --health-startup-interval string: Set an interval for the startup healthcheck. Changing this setting resets the timer, depending on the state of the container. (default "30s")
• --health-startup-retries uint: Set the maximum number of retries before the startup healthcheck will restart the container
• --health-startup-success uint: Set the number of consecutive successes before the startup healthcheck is marked as successful and the normal healthcheck begins (0 indicates any success will start the regular healthcheck)
• --health-startup-timeout string: Set the maximum amount of time that the startup healthcheck may take before it is considered failed (default "30s")
• --health-timeout string:  the maximum time allowed to complete the healthcheck before an interval is considered failed (default "30s")
• --no-healthcheck: Disable healthchecks on container

Fixes: https://issues.redhat.com/browse/RHEL-60561

Does this PR introduce a user-facing change?

Configure HealthCheck with podman update

[packit-as-a-service]

Ephemeral COPR build failed. @containers/packit-build please check.

[Luap99]

not really a full review just a quick look:

Can you remove all the flag description from the commit? I do not see how they add any value there. If I want to know what a flag does one should look at the docs or I can see that already in the diff here anyway.

[Luap99]

all these strings seem to be used in many places so can you define them as constants somewhere, ie. libpod/define and then use the constants over the string duplication

[Honny1]

Thanks, I have an idea of how to simplify it overall.

[mheon]

What does this mean?

[Honny1]

My note, I'll delete it.

[mheon]

"Updates the configuration of an existing container, allowing changes to resource limits and healthchecks"

[mheon]

This and startupHealthCheck should be pointers - will make returning nil a lot easier

[mheon]

I think you can JSONDeepCopy this and save a lot of code

[mheon]

Same here, investigate JSONDeepCopy, I don't think this is performance critical at all.

[mheon]

I don't like leaking entities into Libpod. Maybe move UpdateHealthCheckConfig into libpod and make the entities version just contain it?

[mheon]

Actually, no. We should probably move this parsing code out of Libpod. Instead we should accept a manifest.Schema2HealthConfig and define.StartupHealthCheck in Update in libpod, and do all the validation in the frontend.

[mheon]

If you're calling this from Update() this is unnecessary, we only want one and it should be in Update itself

[Luap99]

This comment here still seems to be open, we should not be creating two events

[Honny1]

@mheon and @Luap99 I have edited the PR according to your comments.

[mheon]

noHealthCheck can probably be healthCheckConfig == nil

[mheon]

And I think we might want to compute changedTimer in here, instead of requiring the user pass it in - moving the rest of the parsing out of libpod was good but this was maybe a step too far.

[mheon]

Maybe make a GlobalHealthCheckOptions struct that contains all of these? Arguments list is a little long

[mheon]

Maybe Paused as well? Do we stop the timers when we pause a container?

[Honny1]

I haven't found any code that can stop the timer.

[mheon]

That's interesting. We should talk about this at standup on Monday. Not something we should solve in this PR but it does sound like a bug.

[Honny1]

The timer runs even after the container is paused. Systemctl displays an error for a few seconds:

Nov 15 18:08:33 fedora podman[42]: error: container <id> is not running

We can discuss it on standup, but on Monday, I am going to midterm. I can create an Issue so we don't forget about it and then we can discuss it.

[Honny1]

• HealthCheck timer tries to execute HealthCheck when container is paused #24590

[edsantiago]

Thank you for updating and rebasing and for your initiative in cleaning up more than I asked for.

Tests LGTM. One comment inline, not a blocker.

[edsantiago]

I don't understand this new action (splitting into two commands) nor its comment. I will assume it makes sense to everyone else, and won't block on it but will point it out in case others are puzzled by it too.

[Honny1]

Because I found a bug. When you try to change any resource using podman update, it overwrites the current resource configuration. Here is an example:

$ ./bin/podman run -dt --replace --name hc1 quay.io/libpod/alpine:latest top
$ ./bin/podman inspect hc1 --format {{.HostConfig.PidsLimit}}
2048
$ ./bin/podman update hc1 --pids-limit 1024
$ ./bin/podman inspect hc1 --format {{.HostConfig.PidsLimit}}
1024
$ ./bin/podman update hc1 --cpus 2 # Change any other resource.
$ ./bin/podman inspect hc1 --format {{.HostConfig.PidsLimit}}
0  <— this value should be 1024

I want to make sure this is not happening for Healtcheck as well.

[Honny1]

@mheon @TomSweeneyRedHat @Luap99 I have updated the PR according to your comments.

[Luap99]

I need some more time to undersatnd this.

[Luap99]

This comment here still seems to be open, we should not be creating two events

[Luap99]

why is this accepting interfaces, this makes API design super fragile and error prone. We should not be mixing so many types. reflection is difficult to understand and use correctly.

[Luap99]

Wait this is no longer true now, if you call this from outside podman healtchcheck run we have big problems espically for the system service as this overwrites the global exit code on signals.

[Luap99]

That is extremely ugly, setting a container to not valid like this is not sane if the pointer is shared acorrs several threads another container may see a invalid container and bail out. I don't think we that is a huge risk as we not really share these structs at the same time but still.

And calling CtrCreateOption function somehwere else is just not nice to read. Please just split out the validation bits into another function and then call it from here and WithHealthCheckLogDestination()

[Luap99]

can you just call (ic *ContainerEngine) ContainerUpdate() from like many other endpoints do to avoid duplication

[Luap99]

this entire flow makes updates not atomic which seems bad. Every time you call into libpod we have to lock again. sync the state again and then do whatever we do save the db config and state again. Doing this multiple times is slow and not atomic which means ugly race conditions most likely.

I rather have this moved into one libpod function that acts under one lock.

[Luap99]

cobra imports should not be in specgen, cli parts should all stay under cmd/podman.
I See noe reason why the function is here.

[Luap99]

all these errors must be handled and returned.

[Luap99]

I don't get why we loop here at all over all flags? Can't we just access all the flags directly if we have to list out all name anyway.

[Honny1]

Visit visits only those flags that have been set.

[Luap99]

you can use .Changed() on a flag to know if was set or not

[Honny1]

/packit retest-failed

[TomSweeneyRedHat]

If @Luap99 is happy with the answers to your conversations, then LGTM
Happy Green Test Buttons.

[Luap99]

Thanks this looks pretty good now but I think we can get rid of the last interface{} type casting as well.

[Luap99]

Thanks, I like this abstraction over the interface{}/any casting with reflect.

[Luap99]

I think this can use the new IHealthCheckConfig type here instead the reflect logic in this function?
You might need to move the IHealthCheckConfig definition out of libpod for that so it can be imported on the remote client. (i.e. move it to libpod/define)

[Honny1]

@Luap99 I reworked the code to reduce code duplication, which removed the use of interface{}.

[Luap99]

LGTM

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: edsantiago, Honny1, Luap99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Luap99,edsantiago]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rhatdan]

@mheon PTAL

[mheon]

/lgtm