summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* fix goroutine leaks in events and logs backendPaul Holzinger2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running a single podman logs this is not really important since we will exit when we finish reading the logs. However for the system service this is very important. Leaking goroutines will cause an increased memory and CPU ussage over time. Both the the event and log backend have goroutine leaks with both the file and journald drivers. The journald backend has the problem that journal.Wait(IndefiniteWait) will block until we get a new journald event. So when a client closes the connection the goroutine would still wait until there is a new journal entry. To fix this we just wait for a maximum of 5 seconds, after that we can check if the client connection was closed and exit correctly in this case. For the file backend we can fix this by waiting for either the log line or context cancel at the same time. Currently it would block waiting for new log lines and only check afterwards if the client closed the connection and thus hang forever if there are no new log lines. [NO NEW TESTS NEEDED] I am open to ideas how we can test memory leaks in CI. To test manually run a container like this: `podman run --log-driver $driver --name test -d alpine sh -c 'i=1; while [ "$i" -ne 1000 ]; do echo "line $i"; i=$((i + 1)); done; sleep inf'` where `$driver` can be either `journald` or `k8s-file`. Then start the podman system service and use: `curl -m 1 --output - --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock -v 'http://d/containers/test/logs?follow=1&since=0&stderr=1&stdout=1' &>/dev/null` to get the logs from the API and then it closes the connection after 1 second. Now run the curl command several times and check the memory usage of the service. Fixes #14879 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* podman-remote pull: fix duplicate progress outputsValentin Rothberg2022-07-26
| | | | | | | By vendoring the fixes from containers/image. Also add a test (thanks @edsantiago) to make sure we won't regress in the future again. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Fix potential leak on mid-stream read errorJason T. Greene2022-07-26
| | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* vendor: remove unused depsAditya R2022-07-26
| | | | | | | | | Some deps cleaned by `make vendor` [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* Makefile: remove building pages for man5Aditya R2022-07-26
| | | | | | | [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* makefile: remove processing of pkg/docsAditya R2022-07-26
| | | | | | | | | Since no pkg now containers this path [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* rpkg: remove usage of pkg/hooksAditya R2022-07-26
| | | | | | | | | | Podman is using pkg/hooks from c/common and following man page is moved to c/common [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* pkg,libpod: remove pkg/hooks and use hooks from c/commonAditya R2022-07-26
| | | | | | | | | | | PR https://github.com/containers/common/pull/1071 moved `pkg/hooks` to `c/common` hence remove that from podman and use `pkg/hooks` from `c/common` [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* Fix machine testAshley Cui2022-07-26
| | | | | | DownloadVMImage takes an extra argument. Signed-off-by: Ashley Cui <acui@redhat.com>
* document isolate option for network createCharlie Doern2022-07-26
| | | | | | | | | | | [CI:DOCS] document the podman network create -o=isolate which allows networks to cut themselves off from external connections. resolves #5805 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Update init ctr default for play kubeUrvashi Mohnani2022-07-26
| | | | | | | | | Update the init container type default to once instead of always to match k8s behavior. Add a new annotation that can be used to change the init ctr type in the kube yaml. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Remove return error from "containers.pause"Toshiki Sonoda2022-07-26
| | | | | | | | | When we pause `rootless cgroups v1 container`, podman returns error from `libpod.(*Container).pause`. Podman does not need to return error from `containers.pause` because of duplicate. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* "pod pause/unpause/stop" append "report.Errs" to "reports"Toshiki Sonoda2022-07-26
| | | | | | | | | | There is a possibility that podman does not output expected error message. (e.g. When pause rootless cgroups v1 container on host) This problem is solved by appending `report.Errs` to `reports` before `continue`. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* system tests: new system-service bats fileEd Santiago2022-07-26
| | | | | | | | | | | | | Followup to #14957, which added a new test that doesn't actually belong in the 250-systemd.bats file. It was copy-pasted from another test that doesn't belong there. Move both tests to a new .bats file, because (1) they need a custom cleanup, and (2) one of the tests should very definitely run under podman-remote, and the 250 bats file has a global skip_if_remote(). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Print rootfs download as a specific version on WinJason T. Greene2022-07-26
| | | | | | | | | - Also save the file using this convention. - Change the general pull mechanism to print the local file as opposed to the remote to enable this - no change in observed behavior on mac Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* [CI:DOCS] Fix typo in manifest manpageToshiki Sonoda2022-07-26
| | | | | | rme -> rm Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* Vendor in latests containers/storage and opencontainers/runtime-toolsDaniel J Walsh2022-07-26
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* buildah vendor treadmillEd Santiago2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | As you run --sync, please update this commit message with your actual changes. Changes since 2022-06-14: - apply-podman-deltas: (minor) buildah 4057 changed the name of a test; make corresponding change here - apply-podman-deltas: buildah 4071 adds a new OCI-hook test that's failing in remote. Skip it. - apply-podman-deltas: buildah 4096 changed an error message - apply-podman-deltas: buildah 4097 added a test that doesn't work with podman-remote - run-buildah-bud-tests: only run 'sudo --validate' if we need to sudo later (for running tests). Otherwise, same thing: I run the treadmill script, step away, and come back to an unnecessary sudo prompt. - system tests: the new containers-storage changes some error messages; fix tests to reflect that. (And, unrelated, fix a red cleanup warning) Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Vendor in containers/(storage,image, common, buildah)Daniel J Walsh2022-07-26
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Run codespellDaniel J Walsh2022-07-26
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add --host and -H as equivalent options to --urlDaniel J Walsh2022-07-26
| | | | | | | | | | Docker supports -H and --host for specify the listening socket. Podman should support them also in order to match the CLI. These will not be documented since Podman defaults to using the --url option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Use SafeChown rather then chown for volumes on NFSDaniel J Walsh2022-07-26
| | | | | | | | | | | | | | | | NFS Servers will thrown ENOTSUPP error if you attempt to chown a directory to the same UID and GID as the directory already has. If volumes are stored on NFS directories this throws an ugly error and then works on the next try. Bottom line don't chown directories that already have the correct UID and GID. Fixes: https://github.com/containers/podman/issues/14766 [NO NEW TESTS NEEDED] Difficult to setup an NFS Server in testing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Clean up cached machine imagesAshley Cui2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | When initing machines, we download a machine image, and uncompress and copy the image for the actual vm image. When a user constantly pulls new machines, there may be a buildup of old, unused machine images. This commit cleans ups the unused cached images. Changes: - If the machine is pulled from a URL or from the FCOS releases, we pull them into XDG_DATA_HOME/containers/podman/machine/vmType/cache - Cache cleanups only happen if there is a cache miss, and we need to pull a new image - For Fedora and FCOS, we actually use the cache, so we go through the cache dir and remove any images older than 2 weeks (FCOS's release cycle), on a cache miss. - For generic files pulled from a URL, we don't actually cache, so we delete the pulled file immediately after creating a machine image - For generic files from a local path, the original file will never be cleaned up Note that because we cache in a different dir, this will not clean up old images pulled before this commit. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* Machine init: create .ssh dir if not existAshley Cui2022-07-26
| | | | | | | When initing a machine, we generate ssh keys in `$HOME/.ssh`. If there is not .ssh dir, we should create it, so the init does not fail. Signed-off-by: Ashley Cui <acui@redhat.com>
* Podman pull --all-tags shorthand optionJake Correnti2022-07-26
| | | | | | | I added the shorthand option for `podman pull --all-tags`. Like Docker, Podman can now do `podman pull -a`. Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* Cirrus: Trigger podman-machine task by labelChris Evich2022-07-26
| | | | | | | | Instead of requiring developers to search for a magic button, make the task trigger at the time a special PR label is added. Update comments accordingly. Signed-off-by: Chris Evich <cevich@redhat.com>
* GHA: Fix dumb error checkChris Evich2022-07-26
| | | | | | | | | | | | Previously the reply JSON was examined for the literal presence of the string 'error'. This was intended to catch server or query errors and the like. However it's not a sound design as valid/legitimate contents could potentially contain the string. Fix this by using the `-e` option to `jq`, with a filter that should always result in a non-empty/null match. If this fails or returns null for some reason, then it's safe to throw a real error code & message. Signed-off-by: Chris Evich <cevich@redhat.com>
* Podman stop --filter flagKarthik Elango2022-07-26
| | | | | | | Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy. Signed-off-by: Karthik Elango <kelango@redhat.com>
* Switch to `github.com/blang/semver/v4`Sascha Grunert2022-07-26
| | | | | | | | Switch to the latest version of the now go module compatible release. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* man page checker: enforce stricter options formatEd Santiago2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #14906, in which a nonexistent option was found in a man page. The xref script was designed to catch that, but I was too lax in my parsing: the option was documented using wrong syntax, and the script didn't catch it. Solution: do not allow *any* unrecognized cruft in the option description lines. And fix all improperly-written entries to conform to the rule: **--option**=*value(s)* Two asterisks around option, which must have two dashes. One asterisk around value(s). This is going to cause headaches for some people adding new options, but I don't think I can fix that: there are many factors that make an unparseable line. Adding 'hint' code would make the script even more complex than it is. I have to assume that our contributors are smart enough to look at surrounding context and figure out the right way to specify options. Signed-off-by: Ed Santiago <santiago@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fixes #14698 Use prepared image for WSL2 machine initGerard Braad2022-07-26
| | | | | | | | | | | | This commit introduces a prepared image for setting up the WSL2 environment. This means that the deployment will take considerable less time to finish (as it does not need to run an update and package install), but also allows to rely on a cached image to re-init the environment without the need for an internet connection. [NO NEW TESTS NEEDED] Signed-off-by: Gerard Braad <me@gbraad.nl>
* Add podman events -f to be alias for --filterDaniel J Walsh2022-07-26
| | | | | | Needed for Docker compatibility. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [CI:DOCS] man pages: replace -c with --cpu-sharesErik Sjölund2022-07-26
| | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* [CI:DOCS] podman-create.md: replace -c with --cpu-sharesErik Sjölund2022-07-26
| | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Fix last machine testBrent Baude2022-07-26
| | | | | | | | The list --format json test case had a typo like error. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* abi: create new cgroup when running in a containerGiuseppe Scrivano2022-07-26
| | | | | | | | | | | if podman is running in the root cgroup, it will create a new subcgroup and move itself there. [NO NEW TESTS NEEDED] it needs nested podman Closes: https://github.com/containers/podman/issues/14884 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: always call into SetupRootlessGiuseppe Scrivano2022-07-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils: call MaybeMoveToSubCgroup onceGiuseppe Scrivano2022-07-26
| | | | | | memoize its result and use it for subsequent calls. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: move MaybeMoveToSubCgroup to utils/Giuseppe Scrivano2022-07-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Docker uses "-c" to mean "--cpu-shares" in create and runDaniel J Walsh2022-07-26
| | | | | | | Add support for -c as an alias for --cpu-shares to be compatible with Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* test,manifest-run: declare TARGETPLATFORM before using itAditya R2022-07-26
| | | | | | | | | | | | | | | As part of fix for https://github.com/openshift/imagebuilder/issues/231 `FROM` does not expands `ARGS` which are not declared so `TARGETPLATFORM` Note: I think a patch should be added at imagebuilder to allow using inbuilt ARGS in FROM without declaring it as well but it is something to be discussed so lets declare it manually in our tests [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* CI: sanity check for desired runtimeEd Santiago2022-07-26
| | | | | | | | | | | | | | | We're still not testing runc in CI (#14833), and it may be weeks or months before we can, due to criu/glibc nightmare, but one day we'll be back on track, then later on we'll update VMs again, and screw it up, and lose runc, and not notice, and RHEL will break, and oh noes headless chicken again, repeat repeat. We can do better. Use .cirrus.yml to explicitly define which VMs should use which runtimes, and enforce it early in the CI build step. This should never fail (uh huh) in a PR, only in one of the update-VM PRs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* podman machine: do not commit proxies into config filePaul Holzinger2022-07-26
| | | | | | | | | | | | | | | | | | qemu fails when the same `fw_cfg` options is used more than once. Since the current logic always adds a new option on each machine load this will fail on the second start. We can fix this by checking if the option is already set and replace but I think it is easier to just not commit the option in the config and add it dynamically on start. User that hit this bug have to recreate the machine. [NO NEW TESTS NEEDED] Fixes #14636 Fixes #14837 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* logformatter: link by *task ID*, not build IDEd Santiago2022-07-26
| | | | | | | | | Reason: task IDs are unique and permanent; linking by build ID and task name is non-unique, because Re-run. Fixes: #14863 Signed-off-by: Ed Santiago <santiago@redhat.com>
* fix wrong log message on Trace levelMikhail Khachayants2022-07-26
| | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Empty path to runtime binary was printed instead of a real path. Before fix: TRAC[0000] found runtime "" TRAC[0000] found runtime "" After: TRAC[0000] found runtime "/usr/bin/crun" TRAC[0000] found runtime "/usr/bin/runc" Signed-off-by: Mikhail Khachayants <khachayants@arrival.com>
* [CI:DOCS] Improve language. Fix spelling and typos.Erik Sjölund2022-07-26
| | | | | | | | | * Correct spelling and typos. * Improve language. Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Initial release notes for v4.2.0-RC1Matthew Heon2022-07-26
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #14894 from mheon/bump_420_rc1openshift-ci[bot]2022-07-11
|\ | | | | [CI:DOCS] Bump to v4.2.0-RC1
| * Bump to v4.2.0-devMatthew Heon2022-07-11
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v4.2.0-rc1v4.2.0-rc1Matthew Heon2022-07-11
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>