summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* libpod: fix wait and exit-code logicValentin Rothberg2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit addresses three intertwined bugs to fix an issue when using Gitlab runner on Podman. The three bug fixes are not split into separate commits as tests won't pass otherwise; avoidable noise when bisecting future issues. 1) Podman conflated states: even when asking to wait for the `exited` state, Podman returned as soon as a container transitioned to `stopped`. The issues surfaced in Gitlab tests to fail [1] as `conmon`'s buffers have not (yet) been emptied when attaching to a container right after a wait. The race window was extremely narrow, and I only managed to reproduce with the Gitlab runner [1] unit tests. 2) The clearer separation between `exited` and `stopped` revealed a race condition predating the changes. If a container is configured for autoremoval (e.g., via `run --rm`), the "run" process competes with the "cleanup" process running in the background. The window of the race condition was sufficiently large that the "cleanup" process has already removed the container and storage before the "run" process could read the exit code and hence waited indefinitely. Address the exit-code race condition by recording exit codes in the main libpod database. Exit codes can now be read from a database. When waiting for a container to exit, Podman first waits for the container to transition to `exited` and will then query the database for its exit code. Outdated exit codes are pruned during cleanup (i.e., non-performance critical) and when refreshing the database after a reboot. An exit code is considered outdated when it is older than 5 minutes. While the race condition predates this change, the waiting process has apparently always been fast enough in catching the exit code due to issue 1): `exited` and `stopped` were conflated. The waiting process hence caught the exit code after the container transitioned to `stopped` but before it `exited` and got removed. 3) With 1) and 2), Podman is now waiting for a container to properly transition to the `exited` state. Some tests did not pass after 1) and 2) which revealed the third bug: `conmon` was executed with its working directory pointing to the OCI runtime bundle of the container. The changed working directory broke resolving relative paths in the "cleanup" process. The "cleanup" process error'ed before actually cleaning up the container and waiting "main" process ran indefinitely - or until hitting a timeout. Fix the issue by executing `conmon` with the same working directory as Podman. Note that fixing 3) *may* address a number of issues we have seen in the past where for *some* reason cleanup processes did not fire. [1] https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27119#note_970712864 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com> [MH: Minor reword of commit message] Signed-off-by: Matthew Heon <mheon@redhat.com>
* Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
| | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Remove lorgus.Infof on bindings start and attachDaniel J Walsh2022-06-21
| | | | | | | | | | | | We are only doing logrus.Info on a couple of bindings. I see no reason to only do this on a couple, seems like debugging information more then useful to the caller. We had a complaint about this so removing. Fixes: https://github.com/containers/podman/issues/13504 [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13384 from flouthoc/podman-remote-add-with-annotateopenshift-ci[bot]2022-06-21
|\ | | | | bindings: manifest should follow `es_model` naming convention while marshalling `OSVersion` and `OSFeatures`
| * bindings: add manifest should follow es_model while marshalling OSVersion ↵Aditya R2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | and OSFeatures It seems API needs json names for OSVersion and OSFeatures in es_model ref: https://github.com/containers/podman/blob/main/pkg/domain/entities/manifest.go#L42 So at bindings end ensure that we honor es_model naming convention when we perform marshalling otherwise API will ignore these fields Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #14642 from rhatdan/VENDORopenshift-ci[bot]2022-06-21
|\ \ | | | | | | Update to use gopkg.in/yaml.v3
| * | Update to use gopkg.in/yaml.v3Daniel J Walsh2022-06-17
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14643 from clobrano/feature/network/list/dangling/devopenshift-ci[bot]2022-06-21
|\ \ \ | | | | | | | | allow filter networks by dangling status
| * | | allow filter networks by dangling statusCarlo Lobrano2022-06-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to filter networks by their dangling status via: `network ls --filter dangling=true/false` Fixes: #14595 Signed-off-by: Carlo Lobrano <c.lobrano@gmail.com>
* | | | Merge pull request #14638 from giuseppe/improve-error-messages-rootless-unshareopenshift-ci[bot]2022-06-21
|\ \ \ \ | | | | | | | | | | pkg/rootless: error messages improvements
| * | | | rootless: attempt to join all specified pathsGiuseppe Scrivano2022-06-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when there are multiple paths specified, attempt to join them all before returning an error. Previously we were failing on the first pid found. [NO NEW TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: improve error messagesGiuseppe Scrivano2022-06-21
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: do not ignore reexec_in_user_namespace_wait errorsGiuseppe Scrivano2022-06-21
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #14625 from cdoern/podShmopenshift-ci[bot]2022-06-21
|\ \ \ \ \ | | | | | | | | | | | | podman pod create --shm-size
| * | | | | podman pod create --shm-sizecdoern2022-06-20
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | expose the --shm-size flag to podman pod create and add proper handling and inheritance for the option. resolves #14609 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | Merge pull request #14662 from Luap99/api-jsonopenshift-ci[bot]2022-06-21
|\ \ \ \ \ | | | | | | | | | | | | API: containers/json always set application/json content type
| * | | | | API: containers/json always set application/json content typePaul Holzinger2022-06-20
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we return no containers we just return `[]` but we still have to keep the content type header `application/json` so external tools can correctly parse the output. Fixes #14647 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | / / / api: show the memory limit specified for the containerGiuseppe Scrivano2022-06-21
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use the memory limit specified for the container instead of reading it from the cgroup. It is not reliable to read it from the cgroup since the container could have been moved to a different cgroup and in general the OCI runtime might create a sub-cgroup (like crun does). Closes: https://github.com/containers/podman/issues/14676 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #14556 from sstosh/system-prune-networkopenshift-ci[bot]2022-06-20
|\ \ \ \ | |/ / / |/| | | podman system prune support prune unused networks
| * | | podman system prune support prune unused networksToshiki Sonoda2022-06-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an enhancement for the podman system prune feature. In this issue, it is mentioned that 'network prune' should be wired into 'podman system prune' https://github.com/containers/podman/issues/8673 Therefore, I add the function to remove unused networks. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | linter fix from #14299cdoern2022-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] podman pod clone somehow snuck by the new linter code that went in while it was in flight fix that here Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #14299 from cdoern/podCloneopenshift-ci[bot]2022-06-16
|\ \ \ \ | | | | | | | | | | implement podman pod clone
| * | | | podman pod clonecdoern2022-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implement podman pod clone, a command to create an exact copy of a pod while changing certain config elements current supported flags are: --name change the pod name --destroy remove the original pod --start run the new pod on creation and all infra-container related flags from podman pod create (namespaces etc) resolves #12843 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | Merge pull request #14610 from shanesmith/fix-machine-start-interruptopenshift-ci[bot]2022-06-16
|\ \ \ \ \ | | | | | | | | | | | | Fix interrupting machine start leaves the machine unstartable
| * | | | | Fix interrupting machine start leaves the machine unstartableShane Smith2022-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Interrupting a `podman machine start` (ex: with CTRL-C) would leave `Starting: true` in the machine's config file. Due to #14469 any subsequent starts would fail since Podman would think the machine is still in the process of starting. Fixed here by listening for the interrupt signal and setting `Starting: false` in the event. [NO NEW TESTS NEEDED] Signed-off-by: Shane Smith <shane.smith@shopify.com>
* | | | | | Merge pull request #14570 from Clivar/fix-windows-ssh-key-creationopenshift-ci[bot]2022-06-16
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Fix: Use absolute path to WSL binary to create ssh keys for `machine init` on Windows (Issue #14416)
| * | | | | Fix #14416: Use absolute path to WSL binary to create ssh keys for `machine ↵Clivar2022-06-15
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | init` Signed-off-by: Clivar <16317699+Clivar@users.noreply.github.com>
* | | | | Merge pull request #14585 from Luap99/nolintopenshift-ci[bot]2022-06-14
|\ \ \ \ \ | | | | | | | | | | | | golangci-lint: enable nolintlint
| * | | | | golangci-lint: enable nolintlintPaul Holzinger2022-06-14
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The nolintlint linter does not deny the use of `//nolint` Instead it allows us to enforce a common nolint style: - force that a linter name must be specified - do not add a space between `//` and `nolint` - make sure nolint is only used when there is actually a problem Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #14324 from anjannath/qemu-testopenshift-ci[bot]2022-06-14
|\ \ \ \ \ | | | | | | | | | | | | [macos: podman-machine] look for firmware (edk2-code-fd) based on the path of qemu binary
| * | | | | look for firmware based on the path of qemu binaryAnjan Nath2022-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this allows users to use a qemu installation that is not in the default /usr/local/bin location a user can configure engine.helper_binaries_dir key or update PATH to include the installation location to find the qemu binary [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
* | | | | | Merge pull request #14561 from rhatdan/VENDORopenshift-ci[bot]2022-06-14
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Update vendor of containers/buildah
| * | | | | Update vendor of containers/buildahDaniel J Walsh2022-06-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes since 2022-05-31: - add --omit-history option (buildah PR 4028) Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #14580 from jakecorrenti/stats-on-non-running-containeropenshift-ci[bot]2022-06-14
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Non-running containers now report statistics via the `podman stats`
| * | | | | Non-running containers now report statistics via the `podman stats`Jake Correnti2022-06-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | command Previously, if a container was not running, and the user ran the `podman stats` command, an error would be reported: `Error: container state improper`. Podman now reports stats as the fields' default values for their respective type if the container is not running: ``` $ podman stats --no-stream demo ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU % 4b4bf8ce84ed demo 0.00% 0B / 0B 0.00% 0B / 0B 0B / 0B 0 0s 0.00% ``` Closes: #14498 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | | | | Merge pull request #14563 from ashley-cui/qemuopenshift-ci[bot]2022-06-13
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix M1 QEMU flags
| * | | | | | Fix M1 QEMU flagsAshley Cui2022-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When calling QEMU, the CPU arch should be host, and highmem should be on, or else the VM start fails. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | | | Merge pull request #14560 from rhatdan/remoteOpenShift Merge Robot2022-06-13
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | podman-remote push --remove-signatures support
| * | | | | | podman-remote push --remove-signatures supportDaniel J Walsh2022-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I don't see a reason why we don't support --remove-signatures from remote push, so adding support. Fixes: https://github.com/containers/podman/issues/14558 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | podman cp: do not overwrite non-dirs with dirs and vice versaValentin Rothberg2022-06-10
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new `--overwrite` flag to `podman cp` to allow for overwriting in case existing users depend on the behavior; they will have a workaround. By default, the flag is turned off to be compatible with Docker and to have a more sane behavior. Fixes: #14420 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | Merge pull request #14469 from shanesmith/prevent-simultaneous-machine-startsOpenShift Merge Robot2022-06-09
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Prevent simultaneous machine starts
| * | | | | Introduce 'Starting' status for machinesShane Smith2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The State() function now returns machine.Starting status instead of an empty string if the VM is in the process of starting. - The `CheckExclusiveActiveVM()` function returns `true` to prevent starting a VM while another is in the process of starting. - `podman machine ls` displays "Currently starting" under "Last Up" for the starting VM - `podman machine ls` supports `{{.Starting}}` boolean field in the format - `podman machine inspect` displays "starting" in the "State" field for the starting VM Signed-off-by: Shane Smith <shane.smith@shopify.com>
| * | | | | Prevent simultaneous machine startsShane Smith2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Running `podman machine start` twice at the same time in different terminals, for example, will make the second invocation fail and the first one hang. [NO NEW TESTS NEEDED] Signed-off-by: Shane Smith <shane.smith@shopify.com>
* | | | | | Merge pull request #14480 from cdoern/infraOpenShift Merge Robot2022-06-09
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | patch for pod host networking & other host namespace handling
| * | | | | patch for pod host networking & other host namespace handlingcdoern2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this patch included additonal host namespace checks when creating a ctr as well as fixing of the tests to check /proc/self/ns/net see #14461 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | | Merge pull request #14549 from Luap99/compat-createOpenShift Merge Robot2022-06-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | compat api: fix regressions from "Swagger refactor/cleanup"
| * | | | | | compat api: fix regressions from "Swagger refactor/cleanup"Paul Holzinger2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For some reason commit 5b79cf15a022 moved the container create options parsing from cmd/podman/common to pkg/api/handlers. However it did not remove the old code. Unfortunately it moved the code from an outdated version and did not update it before this commit was merged. Therefore a couple of regressions were introduced. I manually compared both versions and found three missing bugfixes. I fixed the network test again that was changed in bce97a3b5dd1. We want bridge as default even as rootless. Sine the test is not run as rootless in CI the regression was not caught. Also the no hosts test never worked since it was missing the import check if the hosts file exists. I don't think we can check for the volume parsing change since this only works on windows/wsl. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | Merge pull request #14542 from hshiina/restore-filelockOpenShift Merge Robot2022-06-09
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | Pass '--file-locks' to OCI runtime at restoring
| * | | | | | Pass '--file-locks' to OCI runtime at restoringHironori Shiina2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman container restore --file-locks` does not restore file locks because this option is not passed to OCI runtime. This patch fixes this issue. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | | | | | Merge pull request #14484 from marshall-lee/test/manifest-pushOpenShift Merge Robot2022-06-08
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | Add missing tests for manifests API