681088951b
Podman on Ubuntu Noble has apparmor config that prevents SIGHUP from being delivered via `podman kill -s HUP` or `docker compose kill -s HUP`. Attempting to do so results in: kernel: audit: type=1400 audit(1739232042.996:129): apparmor="DENIED" operation="signal" class="signal" profile="containers-default-0.57.4-apparmor1" pid=17067 comm="runc" requested_mask="receive" denied_mask="receive" signal=hup peer="podman" This appears to be due to issues with the apparmor configuration that was edited to make other signals work: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/2040483 We work around that by using kill to issue the signal instead which seems to work based on some manual testing. Change-Id: I49435fdda662e25c7192faf24e0ae4b527e943b9
23 lines
844 B
YAML
23 lines
844 B
YAML
# This is necessary because podman kill -s HUP doesn't currently work on
|
|
# Ubuntu Noble. They appear tohave fixed this for other common signals (see
|
|
# https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/2040483 ) but not
|
|
# for HUP. To work around this we use kill directly against the container
|
|
# process.
|
|
#
|
|
# Note that we need the first docker-compose ps here as the container name
|
|
# is different between docker-compose and docker compose.
|
|
- name: Get haproxy container ID
|
|
command: docker-compose ps -q haproxy
|
|
args:
|
|
chdir: /etc/haproxy-docker/
|
|
register: docker_ps
|
|
|
|
- name: Get haproxy container pid
|
|
command: "{{ cmd_str }} {{ docker_ps.stdout }}"
|
|
vars:
|
|
cmd_str: !unsafe "docker inspect --format '{{ .State.Pid }}'"
|
|
register: docker_inspect
|
|
|
|
- name: Send HUP to haproxy
|
|
command: kill -s HUP {{ docker_inspect.stdout }}
|