Skip to content

Write cidfiles of Docker containers and mount them individually to /run/cid #6154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 9, 2025
Merged

Write cidfiles of Docker containers and mount them individually to /run/cid #6154

merged 3 commits into from
Sep 9, 2025

Conversation

sairon
Copy link
Member

@sairon sairon commented Sep 3, 2025

There is no standard way to get the container ID in the container itself, which can be needed for instance for #6006. The usual pattern is to use the --cidfile argument of Docker CLI and mount the generated file to the container. However, this is feature of Docker CLI and we can't use it when creating the containers via API. To get container ID to implement native logging in e.g. Core as well, we need the help of the Supervisor.

This change implements similar feature fully in Supervisor's DockerAPI class that orchestrates lifetime of all containers managed by Supervisor. The files are created in the SUPERVISOR_DATA directory, as it needs to be persisted between reboots, just as the instances of Docker containers are.

Supervisor's cidfile must be created when starting the Supervisor itself, for that see home-assistant/operating-system#4276.

Proposed change

Type of change

  • Dependency upgrade
  • Bugfix (non-breaking change which fixes an issue)
  • New feature (which adds functionality to the supervisor)
  • Breaking change (fix/feature causing existing functionality to break)
  • Code quality improvements to existing code or addition of tests

Additional information

  • This PR fixes or closes issue: fixes #
  • This PR is related to issue:
  • Link to documentation pull request:
  • Link to cli pull request:
  • Link to client library pull request:

Checklist

  • The code change is tested and works locally.
  • Local tests pass. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.
  • I have followed the development checklist
  • The code has been formatted using Ruff (ruff format supervisor tests)
  • Tests have been added to verify that the new code works.

If API endpoints or add-on configuration are added/changed:

@sairon sairon added the new-feature A new feature label Sep 3, 2025
mdegat01
mdegat01 approved these changes Sep 3, 2025
View reviewed changes
Copy link
Contributor

@mdegat01 mdegat01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Neat, I like it. LGTM 👍

agners
agners requested changes Sep 4, 2025
View reviewed changes
supervisor/docker/manager.py Outdated
# Bind mount to /run/cid in container
if "volumes" not in kwargs:
kwargs["volumes"] = {}
kwargs["volumes"]["/run/cid"] = {"bind": str(cidfile_path), "mode": "ro"}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems not intuitive, but key/bind target is the other way around, from docker-py docs:

The key is either the host path or a volume name, [...]

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh, I had it the opposite way before and then changed it because I was somehow convinced should be like this but you're right 🤦 It'll need a few more changes.

@home-assistant
Copy link

home-assistant bot commented Sep 4, 2025

Please take a look at the requested changes, and use the Ready for review button when you are done, thanks 👍

Learn more about our pull request process.

@home-assistant home-assistant bot marked this pull request as draft September 4, 2025 11:43
@sairon
Write cidfiles of Docker containers and mount them individually to /r…
f09b279 
…un/cid

There is no standard way to get the container ID in the container
itself, which can be needed for instance for #6006. The usual pattern is
to use the --cidfile argument of Docker CLI and mount the generated file
to the container. However, this is feature of Docker CLI and we can't
use it when creating the containers via API. To get container ID to
implement native logging in e.g. Core as well, we need the help of the
Supervisor.

This change implements similar feature fully in Supervisor's DockerAPI
class that orchestrates lifetime of all containers managed by
Supervisor. The files are created in the SUPERVISOR_DATA directory, as
it needs to be persisted between reboots, just as the instances of
Docker containers are.

Supervisor's cidfile must be created when starting the Supervisor
itself, for that see home-assistant/operating-system#4276.
@sairon
Address review comments, fix mounting of the cidfile
04c5628
@sairon sairon force-pushed the container-cidfiles branch from 0db04ca to 04c5628 Compare September 5, 2025 09:16
@sairon sairon requested a review from agners September 5, 2025 09:16
@sairon sairon marked this pull request as ready for review September 5, 2025 09:16
@sairon
Copy link
Member Author

sairon commented Sep 5, 2025

Fixed, there were a few more changes necessary because we need to distinguish between path in the Supervisor container when creating the files and path on the host for mounting. Tested to work correctly now:

# cat /mnt/data/supervisor/cid_files/hassio_dns.cid
488ff8754dbb4bb57bd3c5a22dd759cfbbbf631f1dcf6904701066477fc715a4
# docker exec -ti hassio_dns cat /run/cid
488ff8754dbb4bb57bd3c5a22dd759cfbbbf631f1dcf6904701066477fc715a4

@t3hk0d3
Copy link
Contributor

t3hk0d3 commented Sep 6, 2025
edited
Loading

IMO just a cidfile sounds too restrictive for me. Maybe more flexible mechanism similiar to k8s podinfo would be better idea?

Addons can get some use for other information, like HA Core version, addon version itself, installation date, etc. Overall having a single extendable file would be easier to maintain in the future than a number of different injected datasources.

@agners
Copy link
Member

agners commented Sep 8, 2025

IMO just a cidfile sounds too restrictive for me. Maybe more flexible mechanism similiar to k8s podinfo would be better idea?

It resembles what is often done in vanilla Docker with --cidfile and a bind mount.

Addons can get some use for other information, like HA Core version, addon version itself, installation date, etc. Overall having a single extendable file would be easier to maintain in the future than a number of different injected datasources.

For add-ons we wire in /data/options.json today, which contains all the options.

Other information we usually fetch via the Supervisor API. The Supervisor API is not an option for this information for the Supervisor container itself (making something initial creation of the Supervisor script via the OS script in home-assistant/operating-system#4276). I guess we could use the Supervisor API approach for all the other containers which get started by the Supervisor, but fetching via Superviser API is more complex, and we usually want to do learn the container ID early in container starts to have logging setup. So this defends the current file approach.

Looking at the k8s podinfo implementation it seems that a complete directory gets bind mounted, with a couple of key/value files. I guess nothing would prevent us from wiring in more files. As for the cidfile, we could make it a key value thing too, but the simplicity of it and the fact that it aligns with what Docker offers via --cidfile has its advantage too 🤷 . Maybe as a compromise we could just prepare for additional files by bind mounting a folder instead of a single file 🤔 . E.g. /run/supervisor/, where today just the cidfile would reside.

@sairon
Copy link
Member Author

sairon commented Sep 9, 2025

As for the cidfile, we could make it a key value thing too, but the simplicity of it and the fact that it aligns with what Docker offers via --cidfile has its advantage too 🤷 .

Exactly, this provides simple way of exposing the container ID, which can be easily achieved using Docker CLI too. No special tooling is needed to get it in the container either and the simplicity makes testing or running in different environments easier as well.

Maybe as a compromise we could just prepare for additional files by bind mounting a folder instead of a single file 🤔 . E.g. /run/supervisor/, where today just the cidfile would reside.

The goal of this PR is to expose the container ID - which is a Docker runtime thing. Having other data in /run/supervisor would be coming from a different context, and we probably won't be able to provide the same data to Supervisor itself, so we'll be creating potential inconsistency in this concept. In the end, cost of bind-mounting the other data (which we don't know yet) to another place is negligible, and without a crystal ball this seems like unnecessary feature creep at this point.

@agners agners merged commit bbb9469 into main Sep 9, 2025
23 checks passed
@agners agners deleted the container-cidfiles branch September 9, 2025 11:38
@github-actions github-actions bot locked and limited conversation to collaborators Sep 11, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@agners agners agners approved these changes

@mdegat01 mdegat01 mdegat01 approved these changes

Assignees
No one assigned
Labels
cla-signed new-feature A new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sairon @t3hk0d3 @agners @mdegat01