When the path does not exist, filepath.EvalSymlinks returns an
empty string - so we can't just ignore ENOENT, we have to discard
the result if an ENOENT is returned.
Should fix Jira issue RHEL-37948
Signed-off-by: Matt Heon <mheon@redhat.com>
Currently all podman machine rm errors in AfterEach were ignored.
This means some leaked and caused issues later on, see #22844.
To fix it first rework the logic to only remove machines when needed at
the place were they are created using DeferCleanup(), however
DeferCleanup() does not work well together with AfterEach() as it always
run AfterEach() before DeferCleanup(). As AfterEach() deletes the dir
the podman machine rm call can not be done afterwards.
As such migrate all cleanup to use DeferCleanup() and while I have to
touch this fix the code to remove the per file duplciation and define
the setup/cleanup once in the global scope.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
On linux and macos the connections are stored under the home dir by
default so it is not a problem there but on windows we first check
the APPDATA env and use this dir as config storage. This has the problem
that it is not cleaned up after each test as such connections might leak
into the following test causing failues there.
Fixes#22844
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This senetence does not add any value and instead confuses users as it
suggest that the name is somhow special and related to bridge networks
which is not the case. Using either the name or id is fine as described
in the sentence before.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When a users asks for specific devices we should still add them and not
ignore them just because privileged adds all of them.
Most notably if you set --device /dev/null:/dev/test you expect
/dev/test in the container, however as we ignored them this was not the
case. Another side effect is that the input was not validated at at all.
This leads to confusion as descriped in the issue.
Fixes#23132
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
I found that Quadlet didn't currently have support for log options.
This merge allows Quadlet to handle log options and correctly
pass those values through to `podman run` for Container and Kube
types.
Syntactically consistent with existing parameters:
```ini
[Container]
Image=localhost/imagename
LogOpt=path=/var/log/container/mycontainer.json
LogOpt=size=10mb
```
Signed-off-by: Brett Calliss <brett@obligatory.email>
Close loophole that would allow you to assign more memory than the
system has to a podman machine
Fixes: #18206
Signed-off-by: Brent Baude <bbaude@redhat.com>
The logs are not verbose if `--debug` is not set, and very useful to
have if gvproxy exits unexpectedly.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Podman machine reset now removes and resets machines from all providers availabe on the platform.
On windows, if the user is does not have admin privs, machine will only reset WSL, but will emit a warning that it is unable to remove hyperV machines without elevated privs.
Signed-off-by: Ashley Cui <acui@redhat.com>
Previously it was easy for a maintainer to change a Cirrus-CI task name
w/o realizing it would (later) cause a downstream task or the `artifacts`
task to fail. This is due to duplication of task names in URLencoded
format. Worse, `artifacts` task failures are inconsequential in PRs,
and not all tasks are executed for every PR context (i.e. due to `skip`
or `only_if` exclusions). So induced name change failures may not be
noticed until after a PR merges.
Improve the visibility of the situation by adding comments to all
consequential names. That is, task names where there is a URLencoded
duplicate reference elsewhere.
Signed-off-by: Chris Evich <cevich@redhat.com>
This allows centos stream builds to run for outside contributors without
write access to the repos.
This commit also include centos-stream-9 build jobs so we can compare
both centos-stream-9 and rhel-9 builds if required. This will also be
useful when we want to run tests on both centos stream and rhel envs
using their respective builds.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
One problem on FCOS is that the root directory is immutable, as such in
order to mount arbitrary paths from the host we must make it mutable
again and create these dir on boot in order to be able to mount there.
The current logic was racy as it used one unit for each path and they
all did chattr -i /; mkdir -p $path; chattr -i / and systemd can run
these units in parallel. That means it was possible for another unit to
make / immutable before the unit could do the mkdir. I pointed this out
on the original PR[1] but we never followed up on it...
Now this here changes several things. First have one unit that does the
chattr -i / (immutable-root-off.service), it is hooked into
remote-fs-pre.target which means it is executed before the network
mounts (virtiofs) are done.
Then we have another unit that does chattr +i /
(immutable-root-on.service) which turn the immutable root back on after
remote-fs.target which means all mount are done at this point.
Additionally the automount unit is removed because it does not add any
value for us and it was borken anyway as it used the virtiofs tag as
path so systemd just ignored it.
[1] https://github.com/containers/podman/pull/20612#discussion_r1384846241Fixes#22569
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The task got renamed but didn't fix the URL for the machine test task
only the artifacts task url was fixed.
Fixes 439fe90208 ("Minor: Rename the OSX Cross task")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For a long time, this task has not been cross-compiling, it's building
natively on a Mac. Avoid any possible confusion by renaming the task.
Signed-off-by: Chris Evich <cevich@redhat.com>
All our active envs except centos stream 9 support autochangelog and the
only place we're building rpms via packit on centos stream 9 is on COPR
where we don't really care about changelogs.
Commit also removes a couple of unnecessary slashes from install paths.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
When we execute ps(1) in the container and the container uses a userns
with a different id mapping the user id field will be wrong.
To fix this we must join the userns in such case.
Fixes#22293
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Linting code changes with golangci-lint is a very slow and resource
intensive process. However, it does not depend on compiling anything.
This means it may run in parallel with the build tasks for
a modest perceived runtime duration improvement.
Additionally, the former validation make targets that **do** require a
build execute faster than CI is able to provision a VM, simply tack them
onto the end of all build operations.
Signed-off-by: Chris Evich <cevich@redhat.com>
The docker API uses only a single arg for platform and multiple
platforms are given as comma separated list.
Fixes#22071
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This subpackage will fetch dependencies for podman machine and create a
symlink /usr/libexecdir/podman/virtiofsd -> ../virtiofsd .
Co-authored-by: Colin Walters <walters@verbum.org>
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Matt Heon
openshift-merge-bot[bot]
Paul Holzinger
Giuseppe Scrivano
Brett Calliss
Brent Baude
Christophe Fergeau
Ed Santiago
Ashley Cui
Chris Evich
Lokesh Mandvekar