Podman container from `dependsOn` fails to start after reboot due to dependent container

tiez · January 21, 2024, 5:08pm

I have a container parent and container child. child dependsOn on parent. I think there might be a bug where the generated systemd scripts block each other.

The container config looks something along the lines of:

virtualisation.podman.enable = true;
virtualisation.oci-containers.containers = {
    parent= {
      user = "root";
      image = "parent:latest";
    };                                           
    child = {
      dependsOn = ["parent"];
      image = "child:latest";
    };

This works fine for nixos-rebuild switch but after a crash (service probably not stopped properly) and reboot the parent container can not start:

server systemd[1]: Starting podman-parent.service...
server pre-start[90566]: Error: container <HASH_OF_PARENT_CONTAINER> has dependent containers which must be removed before it: <HASH_OF_CHILD_CONTAINER>: container already exists
server podman-parent-start[90618]: Error: container <HASH_OF_PARENT_CONTAINER> has dependent containers which must be removed before it: <HASH_OF_CHILD_CONTAINER>: container already exists

The prestart script of the parent is

#!/nix/store/q1c2flcykgr4wwg5a6h450hxbk4ch589-bash-5.2-p15/bin/bash
set -o errexit
set -o nounset
set -o pipefail

podman rm -f parent || true


rm -f /run/podman-'parent'.ctr-id

I guess this is where it fails while running podman rm -f parent || true because there are still dependent containers.

Shouldn’t NixOS delete all dependent containers first?

JimJ92120 · January 22, 2024, 4:02am

I think it may be relevant to podman itself?
The restart policies behaves slightly differently than Docker.
My understanding is that this must be explicitly enabled or configured per contianer:
https://github.com/containers/podman/issues/10539

Have you tried to create a dedicated systemd service to handle containers restart instead?

e.g:

# in /etc/systemd/system/my-service.service

[Unit]
Description=my-container.service
Wants=network-online.target
After=network-online.target

[Service]
WorkingDirectory=/path/to/project
Type=simple
Restart=on-failure
ExecStart=/usr/bin/docker start something
ExecStop=/usr/bin/docker stop something
ExecStopPost=/usr/bin/docker after stop

[Install]
WantedBy=multi-user.target

Then:

# enable
sudo systemctl enable my-container.service

# start
sudo systemctl start my-container.service

tiez · February 25, 2024, 1:03pm

I haven’t tried creating a systemd file manually, since I want to keep my configuration as declarative as possible . My “solution” was to remove the dependsOn. The dependency between my containers is also enforced by child using the network of the parent.

JimJ92120 · April 1, 2024, 1:24pm

Depending on how you’re trying to enforce (to declare all), converting a systemd into nix sythax may be an option? with systemd.services.my-service maybe also system.activationScripts.my-script to initial set the env

Then add a depency within systemd.services.my-service.requires / systemd.services.my-service.wantedBy