always cleanup the exec session when the command specified to the
"exec" is not found.
Closes: https://github.com/containers/podman/issues/20392
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
There is a problem where our tail code does not handles correctly
partial log lines. This makes podman logs --tail output possibly
incorrect lines when k8s-file is used.
This manifests as flake in CI because partial lines are only sometimes
written, basically always when the output is flushed before writing a
newline.
For our code we must not count partial lines which was already done but
the important thing we must keep reading backwards until the next full
(F) line. This is because all partial (P) lines still must be added to
the full line. See the added tests for details on how the log file looks
like.
While fixing this, I rework the tail logic a bit, there is absolutely no
reason to read the lines in a separate goroutine just to pass the lines
back via channel. We can do this in the same routine.
The logic is very simple, read the lines backwards, append lines to
result and then at the end invert the result slice as tail must return
the lines in the correct order. This more efficient then having to
allocate two different slices or to prepend the line as this would
require a new allocation for each line.
Lastly the readFromLogFile() function wrote the lines back to the log
line channel in the same routine as the log lines we read, this was bad
and causes a deadlock when the returned lines are bigger than the
channel size. There is no reason to allocate a big channel size we can
just write the log lines in a different goroutine, in this case the main
routine were read the logs anyway.
A new system test and unit tests have been added to check corner cases.
Fixes#19545
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Massage the internal APIs to use a string slice instead of a state slice
for passing wait conditions. This paves the way for waiting on
non-state conditions such as "healthy".
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The infra container would try to remove the pod, despite the pod
already being in the process of being removed - oops. Add a check
to ensure we don't try and remove the pod when called by the
`podman pod rm` command.
Also, wire up noLockPod - it wasn't previously wired in, which is
concerning, and could be related?
Finally, make a few minor fixes to un-break lint.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This allows for accurate reporting of dependency removal, but the
work is still incomplete: pods can be removed, but do not report
the containers they removed as part of said removal. Will add
this in a subsequent commit.
Major note: I made ignoring no-such-container errors automatic
once it has been determined that a container did exist in the
first place. I can't think of any case where this would not be a
TOCTOU - IE, no reason not to ignore them. The `--ignore` option
to `podman rm` should still retain meaning as it will ignore
errors from containers that didn't exist in the first place.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This is the initial stage of implementation. The current API
functions but does not report the additional containers and pods
removed. This is necessary to properly display results to the
user after `podman rm --all`.
The existing remove-dependencies code has been removed in favor
of this more native solution.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Fix a number of bugs wrt. filtering remote containers and how to
process specified names or IDs. I _really_ do not like the duplication
between remote and local Podman but want to focus on fixing #18153
for now.
What I desire in the future is to consolidate all functionality of
looking up containers (all, latest, filters, specified names/IDs, etc.)
and for remote clients to just call containers/list etc.
Fixes: #18153
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The code was not using append() to add items to a slice.
Accessing non allocated elements of the slice failed with:
$ podman container restore -l
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
github.com/containers/podman/v4/pkg/domain/infra/abi.(*ContainerEngine).ContainerRestore(0xc00051a8b8, {0x1dbced0, 0xc0000440d0}, {0x2a31b30, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, ...})
/share/go/src/github.com/containers/podman/pkg/domain/infra/abi/containers.go:676 +0x39c
github.com/containers/podman/v4/cmd/podman/containers.restore(0x28fb6c0?, {0xc0002c9080, 0x0, 0x1?})
/share/go/src/github.com/containers/podman/cmd/podman/containers/restore.go:171 +0x4ef
github.com/spf13/cobra.(*Command).execute(0x28fb6c0, {0xc0000400b0, 0x1, 0x1})
/share/go/src/github.com/containers/podman/vendor/github.com/spf13/cobra/command.go:916 +0x862
github.com/spf13/cobra.(*Command).ExecuteC(0x291ab00)
/share/go/src/github.com/containers/podman/vendor/github.com/spf13/cobra/command.go:1044 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
/share/go/src/github.com/containers/podman/vendor/github.com/spf13/cobra/command.go:968
github.com/spf13/cobra.(*Command).ExecuteContext(...)
/share/go/src/github.com/containers/podman/vendor/github.com/spf13/cobra/command.go:961
main.Execute()
/share/go/src/github.com/containers/podman/cmd/podman/root.go:107 +0xcc
main.main()
/share/go/src/github.com/containers/podman/cmd/podman/main.go:41 +0x7c
[NO NEW TESTS NEEDED]
Signed-off-by: Adrian Reber <areber@redhat.com>
Loading container states speed things up when listing all containers but
it comes with a price tag for many other call paths. Hence, make
loading the state conditional to allow for keeping `podman ps` fast
without other commands regressing in performance.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The function grew into a big hairy ball over time and I personally
refrained from touching it as it seemed fragile. Hence, refactor
the function into something more comprehensible and maintainable.
There is still potential for improvement but I want to tackle one
thing at a time.
[NO NEW TESTS NEEDED] as it shouldn't change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a wrapper to reduce boilerplate code. This also paves the way for
adding an ignore option to `getContainersOptions`.
[NO NEW TESTS NEEDED] as it shouldn't change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a new `getContainers` function to consolidate listing and looking
up containers. An options struct keeps thing flexible and makes callers
more readable.
[NO NEW TESTS NEEDED] as it shouldn't change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
In the recent past, I met the frequent need to wait for a container to
exist that, at the same time, may get removed (e.g., system tests in [1]).
Add an `--ignore` option to podman-wait which will ignore errors when a
specified container is missing and mark its exit code as -1. Also
remove ID fields from the WaitReport. It is actually not used by
callers and removing it makes the code simpler and faster.
Once merged, we can go over the tests and simplify them.
[1] github.com/containers/podman/pull/16852
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This patch extends the podman run command with support for checkpoint
images. When `podman run` is invoked with an image that contains
a checkpoint, it would restore the container from that checkpoint.
Example:
podman run -d --name looper busybox /bin/sh -c \
'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
podman container checkpoint --create-image checkpoint-image-1 looper
podman run checkpoint-image-1
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
Truncate the container and pod ID files instead of throwing an error.
The main motivation is to prevent redundant work when starting systemd
units. Throwing an error when the file already exists is not preventing
races or file corruptions, so let's leave that to the user which in
almost all cases are generated (and tested) systemd units.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This just gets ctr.config.Spec.Process.Terminal with some null checks,
allowing several places that open-coded this to use the helper.
In particular, this helps the code in
pkg/domain/infra/abi/terminal.StartAttachCtr(), that used to do:
`ctr.Spec().Process.Terminal`, which looks fine, but actually causes
a deep json copy in the `ctr.Spec()` call that takes over 3 msec.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Fixed issue where executing the command `podman pod logs -l` would panic
because it was indexing into an empty arguments array.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
`os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil`
package. It is a more efficient implementation than `ioutil.ReadDir`.
Reference: https://pkg.go.dev/io/ioutil#ReadDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:
this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format
–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device
resolves#15067
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Refactor the RawInput process of the `rm` and
`start` subcommands, like the other subcommands
such as `restart, stop, etc`.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
--cidfile : Read container ID from the specified file and restart the container.
--filter : restart the filtered container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
implement a new command `podman generate spec` which can formulate a json specgen to be consumed by both the pod
and container creation API.
supported flags are
--verbose (default true) print output to the terminal
--compact print the json output in a single line format to be piped to the API
--filename put the output in a file
--clone rename the pod/ctr in the spec so it won't conflict w/ an existing entity
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Tying filtering logic for podman stop and start to same place in getContainersAndInputByContext() to reduce code redundancy
Signed-off-by: Karthik Elango <kelango@redhat.com>
network and container prune could not handle the label!=... filter. vendor in c/common to fix this and
add some podman level handling to make everything run smoothly
resolves#14182
Signed-off-by: Charlie Doern <cdoern@redhat.com>
--latest : pause/unpause the latest container.
--filter : pause/unpause the filtered container.
--cidfile : Read container ID from the specified file and pause/unpause the container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in
getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy.
Signed-off-by: Karthik Elango <kelango@redhat.com>
Podman wait should not be defaulting to just stopped. By default
wait API waits for stopped and exited. We should not override this on
the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
This commit addresses three intertwined bugs to fix an issue when using
Gitlab runner on Podman. The three bug fixes are not split into
separate commits as tests won't pass otherwise; avoidable noise when
bisecting future issues.
1) Podman conflated states: even when asking to wait for the `exited`
state, Podman returned as soon as a container transitioned to
`stopped`. The issues surfaced in Gitlab tests to fail [1] as
`conmon`'s buffers have not (yet) been emptied when attaching to a
container right after a wait. The race window was extremely narrow,
and I only managed to reproduce with the Gitlab runner [1] unit
tests.
2) The clearer separation between `exited` and `stopped` revealed a race
condition predating the changes. If a container is configured for
autoremoval (e.g., via `run --rm`), the "run" process competes with
the "cleanup" process running in the background. The window of the
race condition was sufficiently large that the "cleanup" process has
already removed the container and storage before the "run" process
could read the exit code and hence waited indefinitely.
Address the exit-code race condition by recording exit codes in the
main libpod database. Exit codes can now be read from a database.
When waiting for a container to exit, Podman first waits for the
container to transition to `exited` and will then query the database
for its exit code. Outdated exit codes are pruned during cleanup
(i.e., non-performance critical) and when refreshing the database
after a reboot. An exit code is considered outdated when it is older
than 5 minutes.
While the race condition predates this change, the waiting process
has apparently always been fast enough in catching the exit code due
to issue 1): `exited` and `stopped` were conflated. The waiting
process hence caught the exit code after the container transitioned
to `stopped` but before it `exited` and got removed.
3) With 1) and 2), Podman is now waiting for a container to properly
transition to the `exited` state. Some tests did not pass after 1)
and 2) which revealed the third bug: `conmon` was executed with its
working directory pointing to the OCI runtime bundle of the
container. The changed working directory broke resolving relative
paths in the "cleanup" process. The "cleanup" process error'ed
before actually cleaning up the container and waiting "main" process
ran indefinitely - or until hitting a timeout. Fix the issue by
executing `conmon` with the same working directory as Podman.
Note that fixing 3) *may* address a number of issues we have seen in the
past where for *some* reason cleanup processes did not fire.
[1] https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27119#note_970712864
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
[MH: Minor reword of commit message]
Signed-off-by: Matthew Heon <mheon@redhat.com>
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
implement podman pod clone, a command to create an exact copy of a pod while changing
certain config elements
current supported flags are:
--name change the pod name
--destroy remove the original pod
--start run the new pod on creation
and all infra-container related flags from podman pod create (namespaces etc)
resolves#12843
Signed-off-by: cdoern <cdoern@redhat.com>
`podman container restore --file-locks` does not restore file locks
because this option is not passed to OCI runtime. This patch fixes this
issue.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
Support running `podman play kube` in systemd by exploiting the
previously added "service containers". During `play kube`, a service
container is started before all the pods and containers, and is stopped
last. The service container communicates its conmon PID via sdnotify.
Add a new systemd template to dispatch such k8s workloads. The argument
of the template is the path to the k8s file. Note that the path must be
escaped for systemd not to bark:
Let's assume we have a `top.yaml` file in the home directory:
```
$ escaped=$(systemd-escape ~/top.yaml)
$ systemctl --user start podman-play-kube@$escaped.service
```
Closes: https://issues.redhat.com/browse/RUN-1287
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
since the network config is a string map, json.unmarshal does not recognize
the config and spec as the same entity, need to map this option manually
resolves#13713
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
The errcheck linter makes sure that errors are always check and not
ignored by accident. It spotted a lot of unchecked errors, mostly in the
tests but also some real problem in the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Giuseppe Scrivano
Paul Holzinger
Boaz Shuster
Valentin Rothberg
Matthew Heon
Adrian Reber
Daniel J Walsh
Radostin Stoyanov
Erik Sjölund
Doug Rabson
Alexander Larsson
Jake Correnti
OpenShift Merge Robot
Eng Zer Jun
Charlie Doern
Toshiki Sonoda
openshift-ci[bot]
Karthik Elango
Sascha Grunert
cdoern
Hironori Shiina