I think it is confusion to have this Containerfile in the repo root. It
is used for the tests only so we should move it into the same dir.
Also adapt the Makefile target to use the new path and add the current
date as tag instead of using latest which can break CI easily when we
have to update the image.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There is no need for an extra parameter if the body is set. We can just
check to interface for not nil.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman image scp and podman system connection tests were querying an existing website during testing.
Change to a URL that will never exist given an improper domain extension
also just generally clean up a few things in both scp and connection testing
resolves#14699
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Firstly: don't prune exit codes after a refresh - instead, clear
the table entirely. We are guaranteed that all containers are
gone after a refresh, we should not worry about exit codes given
this.
Secondly: alter the way pruning was done. We were updating the DB
by calling Update from within an existing View, and stacking an
RW transaction on top of an existing RO one seems dodgy; further,
modifying a bucket while iterating over it with ForEach is
undefined behavior.
Hopefully this will resolve our CI issues.
Signed-off-by: Matthew Heon <mheon@redhat.com>
This commit addresses three intertwined bugs to fix an issue when using
Gitlab runner on Podman. The three bug fixes are not split into
separate commits as tests won't pass otherwise; avoidable noise when
bisecting future issues.
1) Podman conflated states: even when asking to wait for the `exited`
state, Podman returned as soon as a container transitioned to
`stopped`. The issues surfaced in Gitlab tests to fail [1] as
`conmon`'s buffers have not (yet) been emptied when attaching to a
container right after a wait. The race window was extremely narrow,
and I only managed to reproduce with the Gitlab runner [1] unit
tests.
2) The clearer separation between `exited` and `stopped` revealed a race
condition predating the changes. If a container is configured for
autoremoval (e.g., via `run --rm`), the "run" process competes with
the "cleanup" process running in the background. The window of the
race condition was sufficiently large that the "cleanup" process has
already removed the container and storage before the "run" process
could read the exit code and hence waited indefinitely.
Address the exit-code race condition by recording exit codes in the
main libpod database. Exit codes can now be read from a database.
When waiting for a container to exit, Podman first waits for the
container to transition to `exited` and will then query the database
for its exit code. Outdated exit codes are pruned during cleanup
(i.e., non-performance critical) and when refreshing the database
after a reboot. An exit code is considered outdated when it is older
than 5 minutes.
While the race condition predates this change, the waiting process
has apparently always been fast enough in catching the exit code due
to issue 1): `exited` and `stopped` were conflated. The waiting
process hence caught the exit code after the container transitioned
to `stopped` but before it `exited` and got removed.
3) With 1) and 2), Podman is now waiting for a container to properly
transition to the `exited` state. Some tests did not pass after 1)
and 2) which revealed the third bug: `conmon` was executed with its
working directory pointing to the OCI runtime bundle of the
container. The changed working directory broke resolving relative
paths in the "cleanup" process. The "cleanup" process error'ed
before actually cleaning up the container and waiting "main" process
ran indefinitely - or until hitting a timeout. Fix the issue by
executing `conmon` with the same working directory as Podman.
Note that fixing 3) *may* address a number of issues we have seen in the
past where for *some* reason cleanup processes did not fire.
[1] https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27119#note_970712864
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
[MH: Minor reword of commit message]
Signed-off-by: Matthew Heon <mheon@redhat.com>
We should just silently fall through. The log was flooding the
system-service logs when running Gitlab runner.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
podman currently does not support relative volume paths. Add parsing for relative paths in specgen, converting
whatever volume was given to an absolute path.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
One day we may use AWS for part of CI. Do you want to maintain
two separate code paths in this script for linking to artifacts
in multiple cloud providers? Can you say no? I knew you could.
Cirrus already knows the location of the artifacts and provides
a transparent mechanism for accessing them. Use it.
This PR exposed a nasty bug in our environment-variable handling:
envariables passed through to the containerized environment were
being double-space-escaped, so "FOO=a b" ended up as "FOO=a\ b"
(with a backslash), with one consequence being invalid URLs.
The solution is simple: run 'podman -e FOO', not '-e FOO=value'.
Finally, reinstate the environment-variable dump (in comments).
I had removed this in a moment of panic over leaking secrets,
but no, that doesn't happen. Exclude scary-sounding vars anyway.
Signed-off-by: Ed Santiago <santiago@redhat.com>
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
'podman system prune' command always outputs "Deleted Images" message,
even though there is no dangling or unused image to remove.
This message should be output only if dangling or unused image exists.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
We are only doing logrus.Info on a couple of bindings. I see no reason
to only do this on a couple, seems like debugging information more then
useful to the caller. We had a complaint about this so removing.
Fixes: https://github.com/containers/podman/issues/13504
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
add the ability to filter networks by their dangling status via:
`network ls --filter dangling=true/false`
Fixes: #14595
Signed-off-by: Carlo Lobrano <c.lobrano@gmail.com>
Update cobra to latest version. Remove workaround for podman -h.
Also regenerate the completion scripts.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
when there are multiple paths specified, attempt to join them all
before returning an error. Previously we were failing on the first
pid found.
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
use the memory limit specified for the container instead of reading it
from the cgroup. It is not reliable to read it from the cgroup since
the container could have been moved to a different cgroup and in
general the OCI runtime might create a sub-cgroup (like crun does).
Closes: https://github.com/containers/podman/issues/14676
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
expose the --shm-size flag to podman pod create and add proper handling and inheritance
for the option.
resolves#14609
Signed-off-by: Charlie Doern <cdoern@redhat.com>
podman machine start contains more logic than just the simple vm.Start()
call. Instead of duplicating this into inti we just call start().
[NO NEW TESTS NEEDED] I have no way to test this right now.
Fixes#14640
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we return no containers we just return `[]` but we still have to keep
the content type header `application/json` so external tools can correctly
parse the output.
Fixes#14647
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add docs about trailing * functionality in podman-exec.1.md
* Rewrite --env description in podman-create.1.md and podman-run.1.md
* Rewrite the --env examples in podman-create.1.md and podman-run.1.md
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Paul Holzinger
Charlie Doern
Matthew Heon
Valentin Rothberg
openshift-ci[bot]
Ed Santiago
Erik Sjölund
Toshiki Sonoda
Daniel J Walsh
gunnar
Carlo Lobrano
Giuseppe Scrivano
dependabot[bot]
Shubham Thakur
Nikolay Edigaryev