Skip to content

Commit 0e11b26

Browse files
coderbirjucoderbirju
committed
support rootless healthchecks
Signed-off-by: Arjun Raja Yogidas <[email protected]>
1 parent 66f3f5e commit 0e11b26

File tree

1 file changed

+27
-49
lines changed

1 file changed

+27
-49
lines changed

pkg/healthcheck/healthcheck_manager_linux.go

Lines changed: 27 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,10 @@ func CreateTimer(ctx context.Context, container containerd.Container) error {
5050
log.G(ctx).Debugf("Creating healthcheck timer unit: %s", hcName)
5151

5252
cmd := []string{}
53+
if rootlessutil.IsRootless() {
54+
cmd = append(cmd, fmt.Sprintf("--uid=%d", rootlessutil.ParentEUID()))
55+
}
56+
5357
if path := os.Getenv("PATH"); path != "" {
5458
cmd = append(cmd, "--setenv=PATH="+path)
5559
}
@@ -62,11 +66,11 @@ func CreateTimer(ctx context.Context, container containerd.Container) error {
6266
cmd = append(cmd, "--debug")
6367
}
6468

65-
conn, err := dbus.NewSystemConnectionContext(context.Background())
66-
if err != nil {
67-
return fmt.Errorf("systemd DBUS connect error: %w", err)
68-
}
69-
defer conn.Close()
69+
// conn, err := dbus.NewSystemConnectionContext(context.Background())
70+
// if err != nil {
71+
// return fmt.Errorf("systemd DBUS connect error: %w", err)
72+
// }
73+
// defer conn.Close()
7074

7175
log.G(ctx).Debugf("creating healthcheck timer with: systemd-run %s", strings.Join(cmd, " "))
7276
run := exec.Command("systemd-run", cmd...)
@@ -88,7 +92,13 @@ func StartTimer(ctx context.Context, container containerd.Container) error {
8892
}
8993

9094
hcName := hcUnitName(container.ID(), true)
91-
conn, err := dbus.NewSystemConnectionContext(context.Background())
95+
var conn *dbus.Conn
96+
var err error
97+
if rootlessutil.IsRootless() {
98+
conn, err = dbus.NewUserConnectionContext(ctx)
99+
} else {
100+
conn, err = dbus.NewSystemConnectionContext(ctx)
101+
}
92102
if err != nil {
93103
return fmt.Errorf("systemd DBUS connect error: %w", err)
94104
}
@@ -115,44 +125,6 @@ func RemoveTransientHealthCheckFiles(ctx context.Context, container containerd.C
115125
return ForceRemoveTransientHealthCheckFiles(ctx, container.ID())
116126
}
117127

118-
// RemoveTransientHealthCheckFilesByID stops and cleans up the transient timer and service using just the container ID.
119-
// This function is deprecated and no longer used. Use ForceRemoveTransientHealthCheckFiles instead.
120-
/*
121-
func RemoveTransientHealthCheckFilesByID(ctx context.Context, containerID string) error {
122-
log.G(ctx).Debugf("Removing healthcheck timer unit: %s", containerID)
123-
124-
conn, err := dbus.NewSystemConnectionContext(context.Background())
125-
if err != nil {
126-
return fmt.Errorf("systemd DBUS connect error: %w", err)
127-
}
128-
defer conn.Close()
129-
130-
unitName := hcUnitName(containerID, true)
131-
timer := unitName + ".timer"
132-
service := unitName + ".service"
133-
134-
// Stop timer
135-
tChan := make(chan string)
136-
if _, err := conn.StopUnitContext(context.Background(), timer, "ignore-dependencies", tChan); err == nil {
137-
if msg := <-tChan; msg != "done" {
138-
log.G(ctx).Warnf("timer stop message: %s", msg)
139-
}
140-
}
141-
142-
// Stop service
143-
sChan := make(chan string)
144-
if _, err := conn.StopUnitContext(context.Background(), service, "ignore-dependencies", sChan); err == nil {
145-
if msg := <-sChan; msg != "done" {
146-
log.G(ctx).Warnf("service stop message: %s", msg)
147-
}
148-
}
149-
150-
// Reset failed units
151-
_ = conn.ResetFailedUnitContext(context.Background(), service)
152-
return nil
153-
}
154-
*/
155-
156128
// ForceRemoveTransientHealthCheckFiles forcefully stops and cleans up the transient timer and service
157129
// using just the container ID. This function is non-blocking and uses timeouts to prevent hanging
158130
// on systemd operations. It logs errors as warnings but continues cleanup attempts.
@@ -174,7 +146,13 @@ func ForceRemoveTransientHealthCheckFiles(ctx context.Context, containerID strin
174146
go func() {
175147
defer close(errChan)
176148

177-
conn, err := dbus.NewSystemConnectionContext(timeoutCtx)
149+
var conn *dbus.Conn
150+
var err error
151+
if rootlessutil.IsRootless() {
152+
conn, err = dbus.NewUserConnectionContext(ctx)
153+
} else {
154+
conn, err = dbus.NewSystemConnectionContext(ctx)
155+
}
178156
if err != nil {
179157
log.G(ctx).Warnf("systemd DBUS connect error during force cleanup: %v", err)
180158
errChan <- fmt.Errorf("systemd DBUS connect error: %w", err)
@@ -300,10 +278,10 @@ func shouldSkipHealthCheckSystemd(hc *Healthcheck) bool {
300278
return true
301279
}
302280

303-
// Skip healthchecks in rootless environments to avoid systemd DBUS permission issues
304-
if rootlessutil.IsRootless() {
305-
return true
306-
}
281+
// // Skip healthchecks in rootless environments to avoid systemd DBUS permission issues
282+
// if rootlessutil.IsRootless() {
283+
// return true
284+
// }
307285

308286
// Don't proceed if health check is nil, empty, explicitly NONE or interval is 0.
309287
if hc == nil || len(hc.Test) == 0 || hc.Test[0] == "NONE" || hc.Interval == 0 {

0 commit comments

Comments
 (0)