It looks like the containerd.io package is not present anymore in the
package cache which ultimately breaks CI since it's a requirement for
docker.
Hence, download the few packages instead of relying on the cache.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fix day-one sloppiness: when I first wrote this framework
it compared strings using 'expr', not '=', to be more
forgiving of extra cruft in output. This was a bad decision.
It means that warnings or additional text are ignored:
is "all is ok, NOT!" "all is ok" <-- this would pass
Solution: tighten up the 'is' check. Use '=' (direct
compare) first. If it fails, look for wild cards ('*')
or character classes ('[') in the expect string. If
so, and only then, use 'expr'. And, thanks to a clever
suggestion from Luap99, include '(using expr)' in the
error message when we do so; this could make it easier
for a developer to understand a string mismatch.
This change exposes a lot of instances in which we weren't
doing proper comparisons. Fix those. Thankfully, there
weren't as many as I'd feared.
Also, and completely unrelated, add '-T' flag to bats
helper, for showing timing results. (I will open this
as a separate PR if requested. I too find it offensive
to jumble together unrelated commits.)
Signed-off-by: Ed Santiago <santiago@redhat.com>
systemd sometimes spits out lines in the wrong order. Deal with it.
This fixes an infrequent flake that I haven't filed because I
didn't understand it well enough. (Hence, this reduces BUGS
but does not reduce BUG COUNT. Sorry!)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Swagger-go doesn't generate the types correctly for some
complicated structs. We are seeing this with the expose option
for container create, it is showing up as any. Add a line
to the description to highlight that the type is map[uint16]string.
[NO TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
When using play kube and generate kube, we need to support if bind
mounts have selinux options. As kubernetes does not support selinux in
this way, we tuck the selinux values into a pod annotation for
generation of the kube yaml. Then on play, we check annotations to see
if a value for the mount exists and apply it.
Fixes BZ #1984081
Signed-off-by: Brent Baude <bbaude@redhat.com>
skip the test "podman selinux: shared context in (some) namespaces" on
cgroupsv1 when running as rootless since the tests requires
--pid=container:.
If the container runtime cannot use cgroupsv1 and the container has no
pid namespace. then it is not possible to correctly terminate the
container. Without a cgroup or a pid namespace, the runtime has no
control on what processes are in the container.
Closes: https://github.com/containers/podman/issues/11785
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Users can set --pids-limit to -1 now to set unlimited
pids limit for a container - this matches the convention.
[NO TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Do not create an expensive deep copy for the provided spec.Spec
when creating a container. No API should be expected to create
deep copies of arguments unless explicitly documented.
This removes the last call to JSONDeepCopy in a simple
`podman run --rm -d busybox true`.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add a new function to libpod to directly access the runtime
configuration without creating an expensive deep copy. Further migrate
a number of callers to this new function.
This drops the number of calls to JSONDeepCopy from 4 to 1 in a simple
`podman run --rm -d busybox top`.
Future work: Please note that there are more callers of GetConfig() that
can me migrated to GetConfigNoCopy().
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
To avoid creating an expensive deep copy, create an internal function to
access the exec session.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Access the container's spec field directly inside of libpod instead of
calling Spec() which in turn creates expensive JSON deep copies.
Accessing the field directly drops memory consumption of a simple
podman run --rm busybox true from ~700kB to ~600kB.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
added the option for the user to specify a rate, in bytes, at which they would like to be able
to read from the device being added to the pod. This is the first in a line of pod device options.
WARNING: changed pod name json tag to pod_name to avoid confusion when marshaling with the containerspec's name
Signed-off-by: cdoern <cdoern@redhat.com>
Remind user to check their remote linux connection or use podman
machine. Move the warning from bindings to cmd/podman.
Signed-off-by: Ashley Cui <acui@redhat.com>
As we were not updating the pod ID bucket, removing a pod with
containers still in it (including the infra container, which will
always suffer from this) will not properly update the name
registry to remove the name of any renamed containers. This
patch ensures that does not happen - all containers will be fully
removed, even if renamed.
Fixes#11750
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This duplicates the template used for buildah. The intention
is to make it immediately clear to reviewers:
* The intended/basic purpose of the PR (also machine readable)
* Why are changes being proposed
* If there are any specific items need additional checking or scrutiny
* What should go into the release-notes (if anything).
Signed-off-by: Chris Evich <cevich@redhat.com>
Access the container's config field directly inside of libpod instead of
calling `Config()` which in turn creates expensive JSON deep copies.
Accessing the field directly drops memory consumption of a simple
`podman run --rm busybox true` from 1245kB to 410kB.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
OpenShift Merge Robot
Valentin Rothberg
Jhon Honce
Ed Santiago
Matthew Heon
Daniel J Walsh
Aditya Rajan
Urvashi Mohnani
Ethan Soucy
Brent Baude
Giuseppe Scrivano
dependabot[bot]
cdoern
Ashley Cui
Matthew Heon
Anders F Björklund
Chris Evich