| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
| |
With StringSlice, we're seeing individual options added and
parsed separately, so `tmpfs:nosuid,nodev` turns into three tmpfs
mounts passed into pkg/sec (tmpfs:, nosuid, nodev). Swap to
StringArray to tell cobra this can't be split on commas.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
| |
Picks up overlay caching fixes we need to resolve a BZ
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
| |
Instead, use a less expensive read-only transaction to see if the
DB is ready for use (it probably is), and only fire the expensive
RW transaction if absolutely necessary.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
| |
If there are missing fields, we still require a commit, but that
should not happen often.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have another patch running to do the same for exit files, with
a much more in-depth explanation of why it's necessary. Suffice
to say that persistent files in tmpfs tied to container CGroups
lead to significant memory allocations that last for the lifetime
of the file.
Based on a patch by Andrea Arcangeli (aarcange@redhat.com).
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
| |
This adds several top-level Podman flags for specifying different
events backend types, which are then used in CI. It resolves a
number of serious issues with events-based testing.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
|
| |
As we previously removed our exit code retrieval code to stop a
memory leak, we need a new way of doing this. Fortunately, events
is able to do the job for us.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
<Cherry-pick into 1.4.2>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
| |
an internal change in libpod will soon required the ability to lookup
the last container event using the continer name or id and the type of
event. this pr is in preperation for that need.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the exit file
If the container exit code needs to be retained, it cannot be retained
in tmpfs, because libpod runs in a memcg itself so it can't leave
traces with a daemon-less design.
This wasn't a memleak detectable by kmemleak for example. The kernel
never lost track of the memory and there was no erroneous refcounting
either. The reference count dependencies however are not easy to track
because when a refcount is increased, there's no way to tell who's
still holding the reference. In this case it was a single page of
tmpfs pagecache holding a refcount that kept pinned a whole hierarchy
of dying memcg, slab kmem, cgropups, unrechable kernfs nodes and the
respective dentries and inodes. Such a problem wouldn't happen if the
exit file was stored in a regular filesystem because the pagecache
could be reclaimed in such case under memory pressure. The tmpfs page
can be swapped out, but that's not enough to release the memcg with
CONFIG_MEMCG_SWAP_ENABLED=y.
No amount of more aggressive kernel slab shrinking could have solved
this. Not even assigning slab kmem of dying cgroups to alive cgroup
would fully solve this. The only way to free the memory of a dying
cgroup when a struct page still references it, would be to loop over
all "struct page" in the kernel to find which one is associated with
the dying cgroup which is a O(N) operation (where N is the number of
pages and can reach billions). Linking all the tmpfs pages to the
memcg would cost less during memcg offlining, but it would waste lots
of memory and CPU globally. So this can't be optimized in the kernel.
A cronjob running this command can act as workaround and will allow
all slab cache to be released, not just the single tmpfs pages.
rm -f /run/libpod/exits/*
This patch solved the memleak with a reproducer, booting with
cgroup.memory=nokmem and with selinux disabled. The reason memcg kmem
and selinux were disabled for testing of this fix, is because kmem
greatly decreases the kernel effectiveness in reusing partial slab
objects. cgroup.memory=nokmem is strongly recommended at least for
workstation usage. selinux needs to be further analyzed because it
causes further slab allocations.
The upstream podman commit used for testing is
1fe2965e4f672674f7b66648e9973a0ed5434bb4 (v1.4.4).
The upstream kernel commit used for testing is
f16fea666898dbdd7812ce94068c76da3e3fcf1e (v5.2-rc6).
Reported-by: Michele Baldessari <michele@redhat.com>
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
<Applied with small tweaks to comments>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
<Further tweaks to cherry pick into 1.4.2>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
Cirrus: Adjust destination branch name
|
|/
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
Update release notes for Podman 1.4.2
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
replacing podman logo SVG and PNG files
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
converts text to paths so correct logo display doesn't require
Montserrat font to be installed; also updates PNG to accurately
reflect logo type design to match other container project logos.
addresses #3350
Signed-off-by: Máirín Duffy <duffy@redhat.com>
|
|\ \ \
| | | |
| | | | |
Bump Buildah to v1.9.0
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix port -l timing with healthchecks
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
many of the port tests use our nginx container image. in some cases, we have timing
issues between when the nginx and the container are running and when the port -l
command is run causing test flakes. we now use the container image's built in
healthcheck to ensure that nginx is running (and subsequently the container
itself) before running the port command.
Fixes: #3309
Signed-off-by: Brent Baude <bbaude@redhat.com>
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Swap to using the on-disk spec for inspect mounts
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When available, using the on-disk spec will show full mount
options in use when the container is running, which can differ
from mount options provided in the original spec - on generating
the final spec, for example, we ensure that some form of root
propagation is set.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
Move the Config portion of Inspect into libpod
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While we're at it, rewrite how we populate it. There were several
potential segfaults in the optional spec.Process block, and a few
fields not being populated correctly versus 'docker inspect'.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Replace podman.svg
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
On a computer that doesn't have the font Montserrat installed, the old SVG won't render correctly.
We converted the font text to be objects so that it renders correctly on all computers. See https://github.com/cncf/landscape#proper-svgs.
Delete returns
Signed-off-by: Dan Kohn <dan@dankohn.com>
|
|\ \ \
| |/ /
|/| | |
cmd, docs, test: fix some typos
|
|/ /
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Add remote client log to file
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Logging messages from the dependency libraries should not log onto the
screen when using the remote client. This patch writes logging to
~/.config/containers/podman-remote.log
Fixes #3299
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
run BATS tests in Cirrus
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I'm running the BATS tests manually once in a while, and
catching several problems each week that make it past
the rest of CI. Since the BATS tests run at RPM gating
time, we need to catch problems earlier. Try running
the tests from Cirrus.
Tests will be skipped on Ubuntu due to a too-ancient
version of coreutils (8.28; the 'timeout -v' we use
requires 8.29).
Tests are run *after* integration tests, even though
these take three minutes and would be nice to have
fail quickly, because running before causes bizarre
CI failures. Shrug.
UPDATE: also fix run test, broken by #3311.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Add warning while untagging an image podman-load
|
| | |
| | |
| | |
| | | |
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
|
|\ \ \
| | | |
| | | | |
Cirrus: Simplify log collection commands
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Accidently removed /run/lock from systemd mounts
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is blowing up systemd containers on Ubuntu.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
Fix some typos in few *.md files
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Appropriate changes were applied to the file
cmd/podman/varlink/io.podman.varlink, in order to make changes in API.md
persistent.
Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix subgidname option in docs for podman run
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
test: add test for logs -f
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
discussion here:
https://github.com/containers/libpod/issues/3325#issuecomment-502214492
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
kill: print ID and state for non-running containers
|