aboutsummaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #14369 from mheon/fixmes_2OpenShift Merge Robot2022-05-26
|\ | | | | Remove more FIXMEs
| * Remove more FIXMEsMatthew Heon2022-05-25
| | | | | | | | | | | | | | | | | | Mostly, just removing the comments. These either have been done, or are no longer a good idea. No code changes. [NO NEW TESTS NEEDED] as such. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | First batch of resolutions to FIXMEsMatthew Heon2022-05-25
|/ | | | | | | | | Most of these are no longer relevant, just drop the comments. Most notable change: allow `podman kill` on paused containers. Works just fine when I test it. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #14358 from vrothberg/todo-part-2OpenShift Merge Robot2022-05-25
|\ | | | | Todo part 2
| * libpod/pod_top_linux.go: s/TODO/NOTE/Valentin Rothberg2022-05-25
| | | | | | | | | | | | As it really is a note and not a TODO item. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * events: drop TODO commentValentin Rothberg2022-05-25
| | | | | | | | | | | | | | We can evaluate a solution in case adding more events really turns into a problem. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14308 from n1hility/root-cgroupOpenShift Merge Robot2022-05-25
|\ \ | | | | | | Support running podman under a root v2 cgroup
| * | Support running podman under a root v2 cgroupJason T. Greene2022-05-21
| | | | | | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | work queue: simplify and use a wait groupValentin Rothberg2022-05-25
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Simplify the work-queue implementation by using a wait group. Once all queued work items are done, the channel can be closed. The system tests revealed a flake (i.e., #14351) which indicated that the service container does not always get stopped which suggests a race condition when queuing items. Those items are queued in a goroutine to prevent potential dead locks if the queue ever filled up too quickly. The race condition in question is that if a work item queues another, the goroutine for queuing may not be scheduled fast enough and the runtime shuts down; it seems to happen fairly easily on the slow CI machines. The wait group fixes this race and allows for simplifying the code. Also increase the queue's buffer size to 10 to make things slightly faster. [NO NEW TESTS NEEDED] as we are fixing a flake. Fixes: #14351 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14327 from rhatdan/commonOpenShift Merge Robot2022-05-24
|\ \ | | | | | | Use containers/common/pkg/util.StringToSlice
| * | Use containers/common/pkg/util.StringToSliceDaniel J Walsh2022-05-23
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Just code cleanup for better reuse Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | contain_top_linux.go: s/TODO/NOTE/Valentin Rothberg2022-05-24
| | | | | | | | | | | | | | | | | | | | | Change the TODO note to NOTE to actually reflect what it is: breadcrumbs in case we want to add filtering the future. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #14321 from mheon/no_error_on_danglingOpenShift Merge Robot2022-05-23
|\ \ \ | |/ / |/| | Instead of erroring, clean up after dangling IDs in DB
| * | Instead of erroring, clean up after dangling IDs in DBMatthew Heon2022-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For various (mostly legacy) reasons, Podman presently maintains a unified namespace for pods and containers - IE, we cannot have both a pod and a container named "test" at the same time. To implement this, we use a global database table of every pod and container ID (and another of every pod and container name). These entries should be added when containers/pods are added, and removed when containers/pods are removed, with the database's transactional integrity providing a guarantee that this is batched with the overall removal and that the DB should remain sane and consistent no matter what. As such, we treat a dangling ID as a hard error that stops the use of Podman. Unfortunately, we have someone run into this last Friday. I'm still not certain how exactly their DB got into this state, but without further clarification there, we can consider removing the error and making Podman instead clean up and remove any dangling IDs, which should restore Podman to a serviceable state. Drop an error message if we do this, though, because people should know that the DB is in a bad state. [NO NEW TESTS NEEDED] it is deliberately impossible to produce a configuration that would test this without hex-editing the DB file. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #14281 from vrothberg/fix-14251OpenShift Merge Robot2022-05-23
|\ \ \ | | | | | | | | fix --init with /dev bind mount
| * | | fix --init with /dev bind mountValentin Rothberg2022-05-23
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | The init binary until now has been bind-mounted to /dev/init which breaks when bind-mounting to /dev. Instead mount the init to /run/podman-init. The reasoning for using /run is that it is already used for other runtime data such as secrets. Fixes: #14251 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* / | auto update: create an eventValentin Rothberg2022-05-23
|/ / | | | | | | | | | | | | | | | | Create an auto-update event for each invocation, independent if images and containers are updated or not. Those events will be indicated in the events already but users will now know why. Fixes: #14283 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14272 from Luap99/completion2OpenShift Merge Robot2022-05-19
|\ \ | | | | | | shell completion: use more constants in the code
| * | shell completion: fix podman event --filter valuesPaul Holzinger2022-05-19
| | | | | | | | | | | | | | | | | | | | | | | | The completion suggested incorrect values for `podman events --filter type=` . It should only list types not the event status. Also make sure to use the constants instead of duplicating the strings. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | linter: enable unconvert linterValentin Rothberg2022-05-19
| | | | | | | | | | | | | | | | | | | | | Detects unneccessary type conversions and helps in keeping the code base cleaner. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #14256 from vrothberg/run-1287OpenShift Merge Robot2022-05-18
|\ \ \ | |/ / |/| | k8systemd: run k8s workloads in systemd
| * | k8systemd: run k8s workloads in systemdValentin Rothberg2022-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support running `podman play kube` in systemd by exploiting the previously added "service containers". During `play kube`, a service container is started before all the pods and containers, and is stopped last. The service container communicates its conmon PID via sdnotify. Add a new systemd template to dispatch such k8s workloads. The argument of the template is the path to the k8s file. Note that the path must be escaped for systemd not to bark: Let's assume we have a `top.yaml` file in the home directory: ``` $ escaped=$(systemd-escape ~/top.yaml) $ systemctl --user start podman-play-kube@$escaped.service ``` Closes: https://issues.redhat.com/browse/RUN-1287 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #14258 from mheon/no_hard_error_on_exec_cleanupOpenShift Merge Robot2022-05-17
|\ \ \ | | | | | | | | Make errors on removing exec sessions nonfatal
| * | | Make errors on removing exec sessions nonfatalMatthew Heon2022-05-16
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removing exec sessions is guaranteed to evict them from the DB, but in the case of a zombie process (or similar) it may error and block removal of the container. A subsequent run of `podman rm` would succeed (because the exec sessions have been purged from the DB), which is potentially confusing to users. So let's just continue, instead of erroring out, if removing exec sessions fails. [NO NEW TESTS NEEDED] I wouldn't want to spawn a zombie in our test VMs even if I could. Fixes #14252 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #14255 from hiredman/pr-for-14249OpenShift Merge Robot2022-05-17
|\ \ \ | |/ / |/| | Don't complain about XDG_RUNTIME_DIR, Closes #1424
| * | Don't complain about XDG_RUNTIME_DIR, Closes #1424Kevin Downey2022-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Code is not directly reading XDG_RUNTIME_DIR, it is reading a value in the state that may initially be from XDG_RUNTIME_DIR, but then is overriden by a value from the boltdb that podman stores some state in. XDG_RUNTIME_DIR and the RunRoot path may not have the same value, so complaining about XDG_RUNTIME_DIR here may cause confusion when trying to debug things. [NO TESTS NEEDED] Signed-off-by: Kevin Downey <hiredman@thelastcitadel.com>
* | | Robust whitespace split of cpu utilization line from /proc/statSandroCasagrande2022-05-14
|/ / | | | | | | Signed-off-by: Sandro Casagrande <sc.casagrande@gmail.com>
* | Merge pull request #14159 from vrothberg/service-containerDaniel J Walsh2022-05-12
|\ \ | |/ |/| play kube: service container
| * play kube: service containerValentin Rothberg2022-05-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the notion of a "service container" to play kube. A service container is started before the pods in play kube and is (reverse) linked to them. The service container is stopped/removed *after* all pods it is associated with are stopped/removed. In other words, a service container tracks the entire life cycle of a service started via `podman play kube`. This is required to enable `play kube` in a systemd unit file. The service container is only used when the `--service-container` flag is set on the CLI. This flag has been marked as hidden as it is not meant to be used outside the context of `play kube`. It is further not supported on the remote client. The wiring with systemd will be done in a later commit. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | sdnotify: send MAINPID only onceValentin Rothberg2022-05-12
|/ | | | | | | | | Send the main PID only once. Previously, `(*Container).start()` and the conmon handler sent them ~simultaneously and went into a race. I noticed the issue while debugging a WIP PR. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* fix: Container.cGroupPath() skip empty line to avoid false error loggingttyS32022-05-10
| | | | | | Signed-off-by: ttyS3 <ttys3.rust@gmail.com> [NO NEW TESTS NEEDED]
* Merge pull request #14121 from cdoern/kubeOpenShift Merge Robot2022-05-09
|\ | | | | play kube log tag handling
| * play kube log tag handlingcdoern2022-05-06
| | | | | | | | | | | | | | | | | | currently tags cause a panic due to an uninitialized map. Initialize the map and add parsing to make sure we are only tagging with journald resolves #13356 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | libpod: add c.ConfigWithNetworks()Paul Holzinger2022-05-06
| | | | | | | | | | | | | | | | | | | | Reading the networks requires an extra db operation. Most c.Config() callers do not need them so create a new function which returns the config with networks. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14129 from Juneezee/test/t.TempDirOpenShift Merge Robot2022-05-06
|\ \ | | | | | | test: use `T.TempDir` to create temporary test directory
| * | test: fix failing TestPostDeleteHooksEng Zer Jun2022-05-05
| | | | | | | | | | | | | | | | | | | | | We no longer create the temporary directory as `libpod_test_*`. The directory returned by `t.TempDir()` is TestPostDeleteHooks/001 Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
| * | test: use `T.TempDir` to create temporary test directoryEng Zer Jun2022-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit replaces `ioutil.TempDir` with `t.TempDir` in tests. The directory created by `t.TempDir` is automatically removed when the test and all its subtests complete. Prior to this commit, temporary directory created using `ioutil.TempDir` needs to be removed manually by calling `os.RemoveAll`, which is omitted in some tests. The error handling boilerplate e.g. defer func() { if err := os.RemoveAll(dir); err != nil { t.Fatal(err) } } is also tedious, but `t.TempDir` handles this for us nicely. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* | | Merge pull request #14059 from cdoern/cloneOpenShift Merge Robot2022-05-05
|\ \ \ | | | | | | | | pass networks to container clone
| * | | pass networks to container clonecdoern2022-05-03
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | since the network config is a string map, json.unmarshal does not recognize the config and spec as the same entity, need to map this option manually resolves #13713 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | Merge pull request #14037 from rhatdan/remoteuriOpenShift Merge Robot2022-05-04
|\ \ \ | | | | | | | | Report correct RemoteURI
| * | | Report correct RemoteURIDaniel J Walsh2022-05-04
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rather than assuming a filesystem path, the API service URI is recorded in the libpod runtime configuration and then reported as requested. Note: All schemes other than "unix" are hard-coded to report URI exists. Fixes #12023 Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / | libpod: treat ECONNRESET as EOFGiuseppe Scrivano2022-05-04
|/ / | | | | | | | | | | | | | | | | | | | | when reading from the attach socket, treat ECONNRESET in the same way as EOF. [NO NEW TESTS NEEDED] Closes: https://github.com/containers/podman/issues/11446 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Add podman machine eventsJhon Honce2022-05-03
| | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Additional stats for podman infoBrent Baude2022-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In support of podman machine and its counterpart desktop, we have added new stats to podman info. For storage, we have added GraphRootAllocated and GraphRootUsed in bytes. For CPUs, we have added user, system, and idle percents based on /proc/stat. Fixes: #13876 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #13859 from vrothberg/fix-13464OpenShift Merge Robot2022-05-02
|\ \ | | | | | | pod: add exit policies
| * | pod: add exit policiesValentin Rothberg2022-05-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the notion of an "exit policy" to a pod. This policy controls the behaviour when the last container of pod exits. Initially, there are two policies: - "continue" : the pod continues running. This is the default policy when creating a pod. - "stop" : stop the pod when the last container exits. This is the default behaviour for `play kube`. In order to implement the deferred stop of a pod, add a worker queue to the libpod runtime. The queue will pick up work items and in this case helps resolve dead locks that would otherwise occur if we attempted to stop a pod during container cleanup. Note that the default restart policy of `play kube` is "Always". Hence, in order to really solve #13464, the YAML files must set a custom restart policy; the tests use "OnFailure". Fixes: #13464 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | libpod: unset networks before storing container confPaul Holzinger2022-05-02
|/ / | | | | | | | | | | | | | | | | | | | | | | Since networks must always be read from the db bucket directly we should unset them in config to avoid caller from accidentally using them. I already tried this but it didn't work because the networks were unset after the config was marshalled. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14062 from Luap99/resolv.confOpenShift Merge Robot2022-04-29
|\ \ | | | | | | libpod: host netns keep same /etc/resolv.conf
| * | libpod: host netns keep same /etc/resolv.confPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container is run in the host network namespace we have to keep the same resolv.conf content and not use the systemd-resolve detection logic. But also make sure we still allow --dns options. Fixes #14055 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix incorrect permissions for /etc/resolv.conf in usernsPaul Holzinger2022-04-29
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always be owned by the root user in the container. This worked correct for /etc/hostname and /etc/hosts but not for /etc/resolv.conf. A container run with --userns keep-id would have the reolv.conf file owned by the current container user which is wrong. Consolidate some common code in a new helper function to make the code more cleaner. Signed-off-by: Paul Holzinger <pholzing@redhat.com>