Fix podman leaking conmon processes

When running in the background without a full-blown init system,
`podman system service` will leak `conmon` processes for every
gitlab-runner job that executes via the docker socket API.  These
`conmon` processes almost immediately becomes zombies, and are never
cleaned up.  Eventually the zombies will consume all available PIDs.

Many attempts to fix this in various ways have all failed.  In all cases
the GitLab Runner process will start behaving strangely (or fail
completely) after an amount of time dependent on its usage executing
jobs.

Fix this by entirely reimplementing *pipglr* to utilize systemd and a
pair of lingering user-slices.  One for podman, another for the gitlab
runner.  Include a systemd timer service to affect runner cleanup,
periodically. Also update documentation and examples accordingly.

Signed-off-by: Chris Evich <chris_gitlab@icuc.me>

This commit is contained in:

Chris Evich

2023-01-06 11:53:11 -05:00

parent f44e9891d1

commit 6cb20272e4

14 changed files with 361 additions and 329 deletions

									
										11

podman.socket
									
										Normal file
									
												View File
												
				@@ -0,0 +1,11 @@

				[Unit]

				Description=Podman API Socket

				Documentation=man:podman-system-service(1)

				[Socket]

				ListenStream=/home/runner/podman.sock

				SocketGroup=runner

				SocketMode=0660

				[Install]

				WantedBy=sockets.target

Fix podman leaking conmon processes

11 podman.socket Normal file Unescape Escape View File

11

podman.socket Normal file

View File