pkg/systemd: expose [Pod] ExitPolicy key for pod create --exit-policy

Add ExitPolicy key to pod quadlets with logic to default to stop.

Docs updated with clarifcation on default value and usage example.

Simple assert added to bats to verify default constraint exists.

Changed argument order in ginkgo basic pod unit test

Signed-off-by: Neil Bailey <nbsp@nbailey.net>

docs/source/markdown/podman-pod-create.1.md.in

@@ -76,7 +76,7 @@ Set the exit policy of the pod when the last container exits.  Supported policie
 | Exit Policy        | Description                                                                                                                |
 | ------------------ | -------------------------------------------------------------------------------------------------------------------------- |
 | *continue*         | The pod continues running, by keeping its infra container alive, when the last container exits. Used by default.           |
-| *stop*             | The pod (including its infra container) is stopped when the last container exits. Used in `kube play`.                     |
+| *stop*             | The pod (including its infra container) is stopped when the last container exits. Used in `kube play` and quadlets.        |
 
 @@option gidmap.pod
 

docs/source/markdown/podman-systemd.unit.5.md

@@ -1006,6 +1006,7 @@ Valid options for `[Pod]` are listed below:
 | DNS=192.168.55.1                    | --dns=192.168.55.1                     |
 | DNSOption=ndots:1                   | --dns-option=ndots:1                   |
 | DNSSearch=example.com               | --dns-search example.com               |
+| ExitPolicy=stop                     | --exit-policy stop                     |
 | GIDMap=0:10000:10                   | --gidmap=0:10000:10                    |
 | GlobalArgs=--log-level=debug        | --log-level=debug                      |
 | HostName=name                       | --hostname=name                        |
@@ -1059,6 +1060,12 @@ Set custom DNS search domains. Use **DNSSearch=.** to remove the search domain.
 
 This key can be listed multiple times.
 
+### `ExitPolicy=`
+
+Set the exit policy of the pod when the last container exits. Default for quadlets is **stop**.
+
+To keep the pod active, set `ExitPolicy=continue`.
+
 ### `GIDMap=`
 
 Create the pod in a new user namespace using the supplied GID mapping.
@@ -2175,6 +2182,39 @@ Exec=sh -c "sleep inf"
 Pod=test.pod
 ```
 
+Example for a Pod with a oneshot Startup Task:
+
+`test.pod`
+```
+[Pod]
+PodName=test
+ExitPolicy=continue
+```
+
+`startup-task.container`
+```
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+
+[Container]
+Pod=test.pod
+Image=quay.io/centos/centos:latest
+Exec=sh -c "echo 'setup starting'; sleep 2; echo 'setup complete'"
+```
+
+`app.container`
+```
+[Unit]
+Requires=startup-task.container
+After=startup-task.container
+
+[Container]
+Pod=test.pod
+Image=quay.io/centos/centos:latest
+Exec=sh -c "echo 'app running.'; sleep 30"
+```
+
 Example `s3fs.volume`:
 
 For further details, please see the [s3fs-fuse](https://github.com/s3fs-fuse/s3fs-fuse) project.

pkg/systemd/quadlet/quadlet.go

@@ -86,6 +86,7 @@ const (
 	KeyEnvironmentHost       = "EnvironmentHost"
 	KeyExec                  = "Exec"
 	KeyExitCodePropagation   = "ExitCodePropagation"
+	KeyExitPolicy            = "ExitPolicy"
 	KeyExposeHostPort        = "ExposeHostPort"
 	KeyFile                  = "File"
 	KeyForceRM               = "ForceRM"
@@ -472,6 +473,7 @@ var (
 				KeyDNS:                  true,
 				KeyDNSOption:            true,
 				KeyDNSSearch:            true,
+				KeyExitPolicy:           true,
 				KeyGIDMap:               true,
 				KeyGlobalArgs:           true,
 				KeyHostName:             true,
@@ -1538,10 +1540,11 @@ func ConvertPod(podUnit *parser.UnitFile, name string, unitsInfoMap map[string]*
 	execStartPre.add("pod", "create")
 	execStartPre.add(
 		"--infra-conmon-pidfile=%t/%N.pid",
-		"--exit-policy=stop",
 		"--replace",
 	)
 
+	handleExitPolicy(podUnit, PodGroup, execStartPre)
+
 	if err := handleUserMappings(podUnit, PodGroup, execStartPre, true); err != nil {
 		return nil, warnings, err
 	}
@@ -1800,6 +1803,17 @@ func getAbsolutePath(quadletUnitFile *parser.UnitFile, filePath string) (string,
 	return filePath, nil
 }
 
+func handleExitPolicy(unitFile *parser.UnitFile, groupName string, podman *PodmanCmdline) {
+	exitPolicy, found := unitFile.Lookup(groupName, KeyExitPolicy)
+
+	podman.add("--exit-policy")
+	if found {
+		podman.add(exitPolicy)
+	} else {
+		podman.add("stop")
+	}
+}
+
 func handlePublishPorts(unitFile *parser.UnitFile, groupName string, podman *PodmanCmdline) {
 	publishPorts := unitFile.LookupAll(groupName, KeyPublishPort)
 	for _, publishPort := range publishPorts {

test/e2e/quadlet/basic.pod

@@ -1,7 +1,7 @@
 ## assert-key-is Unit RequiresMountsFor "%t/containers"
 ## assert-key-is Service Type forking
 ## assert-key-is Service SyslogIdentifier "%N"
-## assert-key-is-regex Service ExecStartPre ".*/podman pod create --infra-conmon-pidfile=%t/%N.pid --exit-policy=stop --replace --infra-name systemd-basic-infra --name systemd-basic"
+## assert-key-is-regex Service ExecStartPre ".*/podman pod create --infra-conmon-pidfile=%t/%N.pid --replace --exit-policy stop --infra-name systemd-basic-infra --name systemd-basic"
 ## assert-key-is-regex Service ExecStart ".*/podman pod start systemd-basic"
 ## assert-key-is-regex Service ExecStop ".*/podman pod stop --ignore --time=10 systemd-basic"
 ## assert-key-is-regex Service ExecStopPost ".*/podman pod rm --ignore --force systemd-basic"

test/system/252-quadlet.bats

@@ -1693,6 +1693,11 @@ EOF
     # Pod should exist
     run_podman pod exists ${test_pod_name}
 
+    # Pod exit policy should be stop by default
+    run_podman pod inspect --format "{{.ExitPolicy}}" ${test_pod_name}
+    assert "$output" = "stop" \
+            "quadlet - pod: default ExitPolicy should be stop"
+
     # Wait for systemd to activate the container service
     wait_for_command_output "systemctl show --property=ActiveState $container_service" "ActiveState=active"