I honestly do not understand all this extra option parsing here but
there is really no reason to exclude the option for remote, all the
other global options are also set there.
This fixes a problem with mixed cni/netavark use because the option was
unset.
Fixes#15017
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
...and enable the at-test-time confirmation, the one that
double-checks that if CI requests runc we actually use runc.
This exposed a nasty surprise in our setup: there are steps to
define $OCI_RUNTIME, but that's actually a total fakeout!
OCI_RUNTIME is used only in e2e tests, it has no effect
whatsoever on actual podman itself as invoked via command
line such as in system tests. Solution: use containers.conf
Given how fragile all this runtime stuff is, I've also added
new tests (e2e and system) that will check $CI_DESIRED_RUNTIME.
Image source: https://github.com/containers/automation_images/pull/146
Since we haven't actually been testing with runc, we need
to fix a few tests:
- handle an error-message change (make it work in both crun and runc)
- skip one system test, "survive service stop", that doesn't
work with runc and I don't think we care.
...and skip a bunch, filing issues for each:
- #15013 pod create --share-parent
- #15014 timeout in dd
- #15015 checkpoint tests time out under $CONTAINER
- #15017 networking timeout with registry
- #15018 restore --pod gripes about missing --pod
- #15025 run --uidmap broken
- #15027 pod inspect cgrouppath broken
- ...and a bunch more ("podman pause") that probably don't
even merit filing an issue.
Also, use /dev/urandom in one test (was: /dev/random) because
the test is timing out and /dev/urandom does not block. (But
the test is still timing out anyway, even with this change)
Also, as part of the VM switch we are now using go 1.18 (up
from 1.17) and this broke the gitlab tests. Thanks to @Luap99
for a quick fix.
Also, slight tweak to #15021: include the timeout value, and
reword message so command string is at end.
Also, fixed a misspelling in a test name.
Fixes: #14833
Signed-off-by: Ed Santiago <santiago@redhat.com>
added the following flags and handling for podman pod create
--memory-swap
--cpuset-mems
--device-read-bps
--device-write-bps
--blkio-weight
--blkio-weight-device
--cpu-shares
given the new backend for systemd in c/common, all of these can now be exposed to pod create.
most of the heavy lifting (nearly all) is done within c/common. However, some rewiring needed to be done here
as well!
Signed-off-by: Charlie Doern <cdoern@redhat.com>
`podman-remote push` has shown absolutely no progress at all. Fix that
by doing essentially the same as the remote-pull code does.
The get-free-out-of-jail-card for backwards compatibility is to let the
`quiet` parameter default to true. Since the --quioet flag wasn't
working before either, older Podman clients do not set it.
Also add regression tests to make sure we won't regress again.
Fixes: #11554Fixes: #14971
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The network backend always has default config in memory so there is no
need to copy it. Also netavark cannot use it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Docker uses "bridge" as default network name so some tools expect this
to work with network list or inspect. To fix this we change "bridge" to
the podman default ("podman") name.
Fixes#14983
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
By vendoring the fixes from containers/image. Also add a test (thanks
@edsantiago) to make sure we won't regress in the future again.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file.
Kubernetes secrets have a different structure than podman and therefore have to be handeled differently.
In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets
to come!
resolves#12396
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Update the init container type default to once instead
of always to match k8s behavior.
Add a new annotation that can be used to change the init
ctr type in the kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
--latest : pause/unpause the latest container.
--filter : pause/unpause the filtered container.
--cidfile : Read container ID from the specified file and pause/unpause the container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Followup to #14957, which added a new test that doesn't
actually belong in the 250-systemd.bats file. It was
copy-pasted from another test that doesn't belong there.
Move both tests to a new .bats file, because (1) they
need a custom cleanup, and (2) one of the tests should
very definitely run under podman-remote, and the 250
bats file has a global skip_if_remote().
Signed-off-by: Ed Santiago <santiago@redhat.com>
As you run --sync, please update this commit message with your
actual changes.
Changes since 2022-06-14:
- apply-podman-deltas: (minor) buildah 4057 changed the name
of a test; make corresponding change here
- apply-podman-deltas: buildah 4071 adds a new OCI-hook
test that's failing in remote. Skip it.
- apply-podman-deltas: buildah 4096 changed an error message
- apply-podman-deltas: buildah 4097 added a test that doesn't
work with podman-remote
- run-buildah-bud-tests: only run 'sudo --validate' if we
need to sudo later (for running tests). Otherwise, same
thing: I run the treadmill script, step away, and come
back to an unnecessary sudo prompt.
- system tests: the new containers-storage changes some
error messages; fix tests to reflect that. (And, unrelated,
fix a red cleanup warning)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Docker supports -H and --host for specify the listening socket. Podman
should support them also in order to match the CLI.
These will not be documented since Podman defaults to using the
--url option.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in
getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy.
Signed-off-by: Karthik Elango <kelango@redhat.com>
I added the shorthand option for `podman pull --all-tags`. Like Docker,
Podman can now do `podman pull -a`.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
This is a follow up to fix some of the apiv2
tests related to "podman kube play" while also
removing reduntant system tests.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
The "podman kube play" command is designed to be a replacement for the
"podman play kube" command.
It performs the same function as "play kube" while also still working with the same flags and options.
The "podman play kube" command is still functional as an alias of "kube play".
Closes#12475
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
As part of fix for https://github.com/openshift/imagebuilder/issues/231
`FROM` does not expands `ARGS` which are not declared so
`TARGETPLATFORM`
Note: I think a patch should be added at imagebuilder to allow using
inbuilt ARGS in FROM without declaring it as well but it is something
to be discussed so lets declare it manually in our tests
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
* Correct spelling and typos.
* Improve language.
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
If a pod is created without net sharing, allow adding
separate ports for each container to the kube yaml
and also set the pod level hostname correctly if the
uts namespace is not being shared.
Add a warning if the default namespace sharing options
have been modified by the user.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Followup to #14845: use defer(), not fragile global context,
to stop registry and clean up temporary envariable. Thanks
to mitr for the suggestion.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Podman wait should not be defaulting to just stopped. By default
wait API waits for stopped and exited. We should not override this on
the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Refactored the networkPrune function to improve readability.
This commit changes the `networkPrune` function to
use the `PrintNetworkPruneResults` function.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
manifest_test:authenticated_push() is the final test left to
fix before merging #14397. The reason it's failing _seems_ to be
that podman is running with a mix of netavark and CNI, and
that _seems_ to be because this test invokes hack/podman-registry
which invokes plain podman without whatever options used in e2e.
Starting a registry directly from the test is insane: there is
no reusable code for doing that (see login_logout_test.go and
push_test.go. Yeesh.)
Solution: set $PODMAN, by inspecting the podmanTest object
which includes both a path and a list of options. podman-registry
will invoke that. (It will also override --root and --runroot.
This is the desired behavior).
Also: add cleanup. If auth-push test fails, stop the registry.
Also: add a sanity check to podman-registry script, have it
wait for the registry port to activate. Die if it doesn't.
That could've saved us a nice bit of debugging time.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Wrong variable. And, wrong index range. And, wrong bash
syntax for extracting end_port. And, add explicit check
for valid range, because die() inside 'foo=$(...)' will not
actually die. And, refactor some confusing code. And,
reformat/clean up a confusing and too-wide comment.
Fixes: #14854
Signed-off-by: Ed Santiago <santiago@redhat.com>
somehow, #14501 got through CI even though the remote tests fail. The testa are failing
due to the PodSpecGenerator not containing the UTSNs entitiy and infra's spec is not yet allowed to be accessed remotely
[NO NEW TESTS NEEDED]
resolves#14847
Signed-off-by: Charlie Doern <cdoern@redhat.com>
A number of standard image names were lower-case, leading to
confusion in code such as:
registry := podman(... , "-n", "registry", registry, ...)
^--- variable ^---- constant
Fix a number of those to be capitalized and with _IMAGE suffix:
registry := podman(..., REGISTRY_IMAGE
Signed-off-by: Ed Santiago <santiago@redhat.com>
- containerInspect compat API expects field value PrefixLen
instead of PrefixLength for type Address for SecondaryIPAddresses
- Add tests for network part of containerInspect compat api
Closes: containers#14674
Signed-off-by: 🤓 Mostafa Emami <mustafaemami@gmail.com>
Update the podman pod unpause to only show the paused
containers with autocomplete.
Fix a typo in the help command.
Update the unpause function to only attempt an unpause
on pasued pods instead of all the pods.
Update the tests accordingly.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
add support for the --uts flag in pod create, allowing users to avoid
issues with default values in containers.conf.
uts follows the same format as other namespace flags:
--uts=private (default), --uts=host, --uts=ns:PATH
resolves#13714
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Previously, if a container had healthchecks disabled in the
docker-compose.yml file and the user did a `podman inspect <container>`,
they would have an incorrect output:
```
"Healthcheck":{
"Test":[
"CMD-SHELL",
"NONE"
],
"Interval":30000000000,
"Timeout":30000000000,
"Retries":3
}
```
After a quick change, the correct output is now the result:
```
"Healthcheck":{
"Test":[
"NONE"
]
}
```
Additionally, I extracted the hard-coded strings that were used for
comparisons into constants in `libpod/define` to prevent a similar issue
from recurring.
Closes: #14493
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Previously, the following network block did not update using
docker-compose:
```
networks:
default:
driver: bridge
driver_opts:
mtu: 9000
```
In the API, the network options were previously not being handled when the
network was being created. I translated the docker options into podman
options, and added the options to the network.
When doing `podman network inspect <network>`, the results now contain
`"mtu": "9000"`
Fixes: #14482
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Previously, `podman system df --format "{{json .}}"` would not output
`Size` and `Reclaimable` like `podman system df` would.
```
{"Type":"Images","Total":5,"Active":0,"Size":39972240,"Reclaimable":39972240}
{"Type":"Containers","Total":0,"Active":0,"Size":0,"Reclaimable":0}
{"Type":"Local Volumes","Total":0,"Active":0,"Size":0,"Reclaimable":0}
```
Closes: #14769
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Make sure `Sync()` handles state transitions and exit codes correctly.
The function was only being called when batching which could render
containers in an unusable state when running concurrently with other
state-altering functions/commands since the state must be re-read from
the database before acting upon it.
Fixes: #14761
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
there is no need to use such long sleep intervals for such cheap
operations like opening a connection or stat'ing a file.
Also make WaitForService() honor defaultWaitTimeout.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
if the connection is successfull then return immediately instead of doing
all the iterations. It also solves a problem where connections are
leaked since there are multiple Dial but only one Close.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Following PR adds support for running containers from a manifest list
present on localstorage. Before this PR podman only supports running
containers from valid images but not from manifest list.
So `podman run -it --platform <some> <manifest-list> command` should
become functional now and users should be able to resolve images on the
bases of provided `--platform` string.
Example
```
podman manifest create test
podman build --platform linux/amd64,linux/arm64 --manifest test .
podman run --rm --platform linux/arm64/v8 test uname -a
```
Closes: https://github.com/containers/podman/issues/14773
Signed-off-by: Aditya R <arajan@redhat.com>
The retry logic in digshort() did not work because dig always exits with
0 even when the domain name is not found. To make it work we have to
check the standard output.
We work on fixing the underlying issue in aardvark/netavark but
this will take more time.
Fixes#14173Fixes#14171
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
the test is not doing what it believes to do. The containers are not
supposed to be joining the infra container cgroup.
In addition, the result is validated only on cgroup v1 systems (that
are not used in the CI).
We may want to add it back, or a variant of it, once the
--device-read-bps option applies to the pod parent cgroup.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
using the new resource backend, implement podman pod create --memory which enables
users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all
children unless overriden
Signed-off-by: Charlie Doern <cdoern@redhat.com>
PR containers/podman/pull/14449 had an outdated base. Merging it broke
builds.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When mounting paths as overlay mounts we end up passing source as is to
lowerdir options, resolve all relative paths in such cases for overlay
mounts.
Closes: https://github.com/containers/podman/issues/14797
Signed-off-by: Aditya R <arajan@redhat.com>
Fix the parse for the cgroup devices rule to correctly handle the
wildcard syntax for the device major.
Also make sure the device major and minor are not negative numbers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
With the upcoming plans of introducing a podman-kube command with
various subcommands, rename the podman-play-kube systemd template
to podman-kube before releasing it.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
ImagesBatchRemoval and ImageRemoval now honors and accepts
`LookupManifest` parameter which further tells libimage to resolve to
manifest list if it exists instead of actual image.
Following PR also makes `podman-remote manifest rm` functional which was
broken till now.
Closes: https://github.com/containers/podman/issues/14763
Signed-off-by: Aditya R <arajan@redhat.com>
Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
Paul Holzinger
OpenShift Merge Robot
Ed Santiago
Charlie Doern
Giuseppe Scrivano
Valentin Rothberg
Urvashi Mohnani
Toshiki Sonoda
openshift-ci[bot]
Daniel J Walsh
Karthik Elango
Jake Correnti
Niall Crowe
Aditya R
Erik Sjölund
Sascha Grunert
Jakub Guzik
🤓 Mostafa Emami
Ashley Cui