| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
- remove 'NO TESTS NEEDED' as a valid bypass string. Henceforth
only 'NO NEW TESTS NEEDED' will work.
- add a debugging aid for #11871, in which bodhi tests time out
in nslookup.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
On Docker this is ignored, and it should be on Podman as
well. This is documented in the man page.
Fixes: https://github.com/containers/podman/issues/12002
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
...and fix one instance where there was no check
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When run as rootless the podman network reload command tries to reload
the rootlessport ports because the childIP could have changed.
However if the containers has no ports we should skip this instead of
printing a warning.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make Podman more tolerant when parsing image volumes during container
creation and further fix an infinite loop when checking them.
Consider `VOLUME ['/etc/foo', '/etc/bar']` in a Containerfile. While
it looks correct to the human eye, the single quotes are wrong and yield
the two volumes to be `[/etc/foo,` and `/etc/bar]` in Podman and Docker.
When running the container, it'll create a directory `bar]` in `/etc`
and a directory `[` in `/` with two subdirectories `etc/foo,`. This
behavior is surprising to me but how Docker behaves. We may improve on
that in the future. Note that the correct way to syntax for volumes in
a Containerfile is `VOLUME /A /B /C` or `VOLUME ["/A", "/B", "/C"]`;
single quotes are not supported.
This change restores this behavior without breaking container creation
or ending up in an infinite loop.
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2014149
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
| |
Timeouts for `podman rm` aren't in until 4.0, so we need to
remove them.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiarch folks are seeing flakes in this test. I can't reproduce
them, but I did notice that the test isn't doing the best possible
job of reporting failures nor of confirming what it purports to test.
Major fix here is to check the exit status of each curl: if we
see the flake again, that will help us track down the failure.
Other fixes are just refactoring, cleanup, and disambiguation
(using the random service name consistently)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a race where `conn.Close()` was called before `conn.CloseWrite()`.
In this case `CloseWrite` will fail and an useless error is printed. To
fix this we move the the `CloseWrite()` call to the same goroutine to
remove the race. This ensures that `CloseWrite()` is called before
`Close()` and never afterwards.
Also fixed podman-remote run where the STDIN was never was closed.
This is causing flakes in CI testing.
[NO TESTS NEEDED]
Fixes #11856
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
|
| |
systemd sometimes spits out lines in the wrong order. Deal with it.
This fixes an infrequent flake that I haven't filed because I
didn't understand it well enough. (Hence, this reduces BUGS
but does not reduce BUG COUNT. Sorry!)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
| |
...in volume test. Looks like Bodhi gating tests run from a
nonwritable directory. I feel really stupid for not realizing
this when I first tried to fix this bug two weeks ago.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- logs: remove unnecessary sleeps. This saves ~25s.
Unfortunately, journald seems to have some sort of lag,
so we need to keep retrying until we get the 'after' string.
- ps: add placeholder test for once buildah 3544 is fixed
- cp: bulk-kill containers when finished, instead of one by one.
This is a big change and only saves about 8s per run, but hey.
- mount,pause,healthcheck: 'podman stop -t 0' before rm'ing containers.
Easy 50s.
Have I mentioned, lately, that 'podman rm -f' needs a '-t 0' flag?
- play: same, and also 'podman pod stop'. Seems to shave ~20s.
- socket-activation: UGH! Buggy and useless tests! They were
running "sleep 90" containers for no reason whatsoever. I
assume the intention was to run them with "-d", so that's
what I've done here. Also fixed some language. 180 seconds!
(Unrelated: cleanup in 070-build, use $IMAGE, not alpine)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
| |
Use EvalSymlinks() to find the context directory, in case there's
shenanigans.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The shell completion should only suggest arguments that work. Using a
image without tag does not work in many cases. Having both the version
with and without tag also forces users to press one key more because
tab completion will always stop at the colon.
Fixes #11673
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Fix a bug when remotely untagging an image via tag@digest.
The digest has been lost in the remote client and hence led
to a wrong behaviour on the server.
Fixes: #11557
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* 070-build:
- remove workaround for #9567, which is closed.
- add many more cases to the ignorefile test,
to test complicated special cases of Buildah PR 3486.
* 160-volumes:
- remove a skip_if_remote, volumes now work on remote
- use a random name for tarball, and clean up when
done using it. This fixes a gating-test failure
(test runs as root, then rootless, and rootless
can't clobber root's file).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fix copy tests after https://github.com/containers/buildah/pull/3486
[NO TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@gmail.com>
|
| |
|
|
|
|
|
|
| |
When a container is automatically restarted due its restart policy and
the container uses rootless cni networking with ports forwarded we have
to start a new rootlessport process since it exits with conmon.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We should only print unhealthy if the check fails. Currently this is
filling logs when users are running lots of healthchecks.
Improves: https://github.com/containers/podman/issues/11157
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Add a system test to modify and import an exported container
|
| | |
| |
| |
| |
| |
| |
| | |
This test has completed one of TODO items in test/system/TODO.md.
The item is "Implied pull, build, export, modify, import, tag, run, kill"
Signed-off-by: Tsubasa Watanabe <w.tsubasa@fujitsu.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The conmon buffer size is 8192, however the attach socket needs two extra
bytes. The first byte of each message will be the STREAM type. The last
byte is a null byte. So when we want to read 8192 message bytes we need
to read 8193 bytes since the first one is special.
check https://github.com/containers/conmon/blob/1ef246896b4f6566964ed861b98cd32d0e7bf7a2/src/ctr_stdio.c#L101-L107
This problem can be seen in podman-remote run/exec when it prints output
with 8192 or more bytes. The output will miss the 8192 byte.
Fixes #11496
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Picks a pseudorandom open port within a range. Refactor existing
instances of such code.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
fix play kube --network options
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 092902b45555 introduced advanced network options for podman play
kube. However this never worked because it unconditionally set the
network mode to bridge after it parsed the network option.
Added a test to ensure the correct mode is set.
Truly fixes #10807
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When attempting to run remote builds, users with UID/GID values that
were high enough that they wouldn't be mapped into their default user
namespace configurations would see their builds fail when the server
attempted to extract the build contexts that they supplied, and failed
to set ownership of the build context content to the UID/GID that were
originally assigned to them.
When archiving the build context at the client, set ownership of
everything to 0:0, which we know is always mapped. Both ADD and COPY
require that we set the ownership of newly-added content to 0:0 (unless
the --chown flag is used), so throwing away the original ownership
information doesn't hurt, anyway. As usual, tarballs that we extract
as part of ADD aren't going to be affected.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |\ \
| | |
| | | |
generate systemd: handle --restart
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Handle custom restart policies of containers when generating the unit
files; those should be set on the unit level and removed from ExecStart
flags.
Fixes: #11438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Fix a dead lock in the file log driver where one goroutine would wait on
the tail to hit EOF but reading is blocked for the function to return.
Fixes: 11461
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
The "auto-update using systemd" test is failing on RHEL rootless.
Reason: it uses journalctl, which does not work on RHEL rootless.
Solution: add skip_if_journald_unavailable.
ALSO: add debugging info to test failure.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Cleanup: the final 'play' test wasn't cleaning up after itself,
leading to angry warning messages when rerunning tests (in
my environment; never in CI)
Debug: I'm seeing a lot of "Could not parse READY=1 as MAINPID=nnn"
flakes in the sdnotify:container test (nine in the past month). Add
debug traces to help diagnose in future flakes.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure that Podman passes the LISTEN_* environment into containers.
Similar to runc, LISTEN_PID is set to 1.
Also remove conditionally passing the LISTEN_FDS as extra files.
The condition was wrong (inverted) and introduced to fix #3572 which
related to running under varlink which has been dropped entirely
with Podman 3.0. Note that the NOTIFY_SOCKET and LISTEN_* variables
are cleared when running `system service`.
Fixes: #10443
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Make sure that the container's authfile label is used when pulling down
a new image.
[NO TESTS NEEDED] since it would require some larger rewrite of the
auto-update system tests that I currently have no time for. I added a
reminder to have some breadcrumbs when there is more time.
Fixes: #11171
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
| |
Following feature makes sure that users can load contents of external
tarball into the podman volumes.
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| |\
| |
| | |
libpod/Container.readFromJournal(): don't skip the first entry
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Increase the amount of time we're willing to wait for a log message that
a container should be printing to show up in the output of `logs -f`,
since on at least one CI configuration we're seeing a turnaround as high
as 46s, but it's not something we can directly control, so that's not a
hard maximum.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
In these tests, don't try to tag an image using a canonical ("with
digest") image name.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 9ac5267 changed the type of the generated systemd units from
`forking` to `notify`. It further stopped using `--cidfile` and instead
intended systemd to take care of stopping the container, which turned
out to be a bad idea.
Systemd will send the stop/kill signals to conmon which in turn may exit
non-zero, depending on the signal, and ultimately breaking container
cleanup.
Hence, we need to use --cidfile again and let podman stop and remove the
container to make sure that everything's in order.
Fixes: #11304
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 70801b3d714b067d64744697433c5841926dad4d.
It turns out that letting systemd handle stopping the container is not
working as I thought it will. Conmon is receiving the stop/kill signals
and may exit non-zero, which in turn lets the systemd service transition
into the `failed` state.
We need to get back to letting Podman stop the containers and do a
partial revert of commit 9ac5267 which removed using --cidfile.
Happening in a following commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 9ac5267598c3 changed the type of the generated systemd units from
forking to notify. Parts of these changes was also removing the need to
pass any information via the file system (e.g., PIDFILE, container ID).
That in turn implies that systemd takes care of stopping the container.
By default, systemd first sends a SIGTERM and after a certain timeout,
it'll send a SIGKILL. That's pretty much what Podman is doing, unless
the container was created with a custom stop signal which is the case
when the --stop-signal flag was used or systemd is mounted.
Account for that by using systemd's KillSignal option which allows for
changing SIGTERM to another signal. Also make sure that we're using the
correct timeout for units generated with --new.
Fixes: #11304
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This leverages conmon's ability to proxy the SD-NOTIFY socket.
This prevents locking caused by OCI runtime blocking, waiting for
SD-NOTIFY messages, and instead passes the messages directly up
to the host.
NOTE: Also re-enable the auto-update tests which has been disabled due
to flakiness. With this change, Podman properly integrates into
systemd.
Fixes: #7316
Signed-off-by: Joseph Gooch <mrwizard@dok.org>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a host uses systemd-resolved but not the resolved stub resolver the
following symlinks are created: `/etc/resolv.conf` ->
`/run/systemd/resolve/stub-resolv.conf` -> `/run/systemd/resolve/resolv.conf`.
Because the code uses filepath.EvalSymlinks we put the new resolv.conf
to `/run/systemd/resolve/resolv.conf` but the `/run/systemd/resolve/stub-resolv.conf`
link does not exists in the mount ns.
To fix this we will walk the symlinks manually until we reach the first
one under `/run` and use this for the resolv.conf file destination.
This fixes a regression which was introduced in e73d4829900c.
Fixes #11222
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED] Just fixing spelling.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
This test flakes on almost every PR, so skip it for now until
someone can fix it, see #11175.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\
| |
| | |
Alias build to buildx, so it won't fail
|
| | |
| |
| |
| |
| |
| | |
Add hidden --load and --progress flag as well.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
The slirp4netns path can be set in the config file or with
--network-cmd-path. Podman info should read the version information
correctly and not use PATH in this case. Also show the slirp4netns
version information to root users.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for simple rollbacks during `podman auto-update`. Rollbacks
are enabled by default. If a systemd unit cannot be restarted after an
update, the previous image will be retagged and the unit will be
restarted a second time.
Add system tests for rollbacks. Also fix a bug in the restart sequence;
we have to use the channel to actually know whether the restart was
successful or not.
NOTE: To make rollbacks really useful, users must run their containers
with `--sdnotify=container` such that the containers send the ready
message over the (mounted) socket. This way, restarting the systemd
units during auto update will block until the message has been received
(or a timeout kicked in).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently if you execute podman unpause --all, podman pause --all
Podman shows attempts to unpause containers that are not paused
and prints an error. This PR catches this error and only prints errors if
a paused container was not able to be unpaused.
Currently if you execute podman pause --all or podman kill --all, Podman
Podman shows attempts to pause or kill containers that are not running
and prints an error. This PR catches this error and only prints errors if
a running container was not able to be paused or killed.
Also change printing of multiple errors to go to stderr and to prefix
"Error: " in front to match the output of the last error.
Fixes: https://github.com/containers/podman/issues/11098
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
podman info takes >20s on Gentoo, because equery is s..l..o..w.
qfile is much faster and, I suspect, present in most Gentoo
installations, so let's try it first.
And, because packageVersion() was scarily unmaintainable,
refactor it. Define a simple (string) list of packaging tools
to query (rpm, dpkg, ...) and iterate until we find one that
works.
IMPORTANT NOTE: the Debian (and, presumably, Ubuntu) query does not
include version number! There is no standard way on Debian to get
a package version from a file path, you can only do it via pipes
of chained commands, and I have no desire to implement that.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
