This commit fixes `container checkpoint --export`
to print a rawInput or an error.
Fixes: #15743
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Followup to #15616, which is not usable as it is (way, way, way
too much noise) but actually found a few real nits that should
be fixed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #15621, which (correctly) removed parentheses from
md files. Turns out, a hidden part of our readthedocs process
depended on those parentheses. Update that step so it handles
the new, correct, <space><section-number> format.
Also update local-testing documentation in README, and clean it
up a little.
Fixes: #15822
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only between podman-build, create, and run. podman-pod-create
is too different.
As usual I went with the podman-run version. This means
keeping the word "flag" (which should be "option"), for
ease of review. I will fix in my in-progress cleanup PR.
For podman-build, I removed "during the build" and changed
it to a note for that man page only.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This reverts commit c20abf12c7. In the
absence of `ExecStop` step, systemd will send the stop/kill signals to
the main PID while I asummed that systemd would jump directly to an
ExecStopPost step instead.
Hence revert the commit to let Podman take care of stopping rather than
systemd.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
--no-reset and --no-stream, in podman-stats and pod-stats.
Very minor tweak to --no-stream to account for pods.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Drop the ExecStop step to simplify the generated units a bit.
The extra ExecStopPost step was added by commit e5c3432944. If the
main PID (i.e., conmon) is killed, systemd will not execute ExecStop
(since the main PID is already down) but only execute the *Post steps.
Credits to the late Ulrich Obergfell for tracking this issue down; he is
missed.
The ExecStop step can safely be dropped since the Post step will take of
stopping (and removing) in any case.
Context: #15686
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This makes setting EffectiveCaps and BoundingCaps conditional on whether
the capabilites field in the spec is non-nil. This allows 'podman inspect'
to work on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Docker compatibility: cap the memory limit reported by the cgroup to
the maximum available memory.
Closes: https://github.com/containers/podman/issues/15765
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Mostly went with the podman-run version. For ease of review, I
kept the "you" word -- I will fix that in my in-progress
cleanup PR.
This affects lots of files, each of which had slightly different
wording, but this actually isn't as bad as it looks. The diffs
were minor, and I'm pretty sure the new refactored text applies
equally well to all the man pages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Originally, during pod removal, we locked every container in the
pod at once, did a number of validity checks to ensure everything
was safe, and then removed all the containers in the pod.
A deadlock was recently discovered with this approach. In brief,
we cannot lock the entire pod (or much more than a single
container at a time) without causing a deadlock. As such, we
converted to an approach where we just looped over each container
in the pod, removing them individually. Unfortunately, this
removed a lot of the validity checking of the earlier approach,
allowing for a lot of unintended bad things. Infra containers
could be removed while containers in the pod still depended on
them, for example.
There's no easy way to do validity checks while in a simple loop,
so I implemented a version of our graph-traversal logic that
currently handles pod start. This version acts in the reverse
order of startup: startup starts from containers which depend on
nothing and moves outwards, while removal acts on containers which
have nothing depend on them and moves inwards. By doing graph
traversal, we can guarantee that nothing is removed while
something that depends on it still exists - so the infra
container should be the last thing in a pod that is removed, for
example.
In the (unlikely) case that a graph of the pod's containers
cannot be built (most likely impossible without database editing)
the old method of pod removal has been retained to ensure that
even misbehaving pods can be forcibly evicted from the state.
I'm fairly confident that this resolves the problem, but there
are a lot of assumptions around dependency structure built into
the original pod removal code and I am not 100% sure I have
captured all of them.
Fixes#15526
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
There's little practical reason to execute unit-level testing on
multiple platforms, since there's so little platform interaction.
Remove the unit-test runs on Ubuntu, only execute on root-full and
root-less Fedora.
Signed-off-by: Chris Evich <cevich@redhat.com>
Followup to #15673 (--format with newlines). I cobbled up a test
for it, but I was sloppy, so the test had issues that I kept
having to band-aid. This is a cleaner way to handle podman-machine.
...and, another unexpected surprise with podman stats. It
fails under rootless cgroupsv1. We can't sweep it under the
rug via skip_if_ubuntu because tests will then fail on RHEL8.
So, add a similar mechanism for testing podman stats.
...plus a non-surprise, the 'search' test flakes. Try minimizing
that by searching only $IMAGE. If quay.io is down, other tests
will certainly fail.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Three tests were running 'container rm' on 'start'ed containers
that might not yet have exited. Fix. Also, tighten up the
tests themselves, to make even more sure that they test
what they're supposed to test.
Discovered, in CI, that 'podman-remote logs --timestamps'
was unimplemented. Thanks to @Luap99 for the fix to that.
Fixes: #15783Fixes: #15795
Signed-off-by: Ed Santiago <santiago@redhat.com>
The process of saving the OCI spec is not particularly
reboot-safe. Normally, this doesn't matter, because we recreate
the spec every time a container starts, but if one was to reboot
(or SIGKILL, or otherwise fatally interrupt) Podman in the middle
of writing the spec to disk, we can end up with a malformed spec
that sticks around until the container is next started. Some
Podman commands want to read the latest version of the spec off
disk (to get information only populated after a container is
started), and will break in the case that a partially populated
spec is present. Swap to just ignoring these errors (with a
logged warning, to let folks know something went wrong) so we
don't break important commands like `podman inspect` in these
cases.
[NO NEW TESTS NEEDED] Provided reproducer involves repeatedly
rebooting the system
Signed-off-by: Matthew Heon <mheon@redhat.com>
Three simple options shared among podman-create, exec, run.
I mostly went with the podman-run versions. For --tty, this
means that create and exec get the long stdout/stderr note.
(The example, though, remains only in podman-run). For -i,
mostly boldspace changes.
For --preserve-fds, podman-exec now has the "not with remote"
note (which it didn't until now)
Signed-off-by: Ed Santiago <santiago@redhat.com>
OpenShift Merge Robot
Toshiki Sonoda
Ed Santiago
Valentin Rothberg
Doug Rabson
Giuseppe Scrivano
Matthew Heon
Chris Evich
Matthew Heon