Using pod removal worked, but container removal was missing the
most critical step - the actual removal. Must have been
accidentally removed during a refactor.
Fixes#3556
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This adds three tests for the --ignore-rootfs option to verify that it
works in all combination.
1. Not used at all
2. Only used during restore
3. Only used during checkpoint
Signed-off-by: Adrian Reber <areber@redhat.com>
The newly added functionality to include the container's root
file-system changes into the checkpoint archive can now be explicitly
disabled. Either during checkpoint or during restore.
If a container changes a lot of files during its runtime it might be
more effective to migrated the root file-system changes in some other
way and to not needlessly increase the size of the checkpoint archive.
If a checkpoint archive does not contain the root file-system changes
information it will automatically be skipped. If the root file-system
changes are part of the checkpoint archive it is also possible to tell
Podman to ignore these changes.
Signed-off-by: Adrian Reber <areber@redhat.com>
One of the last limitations when migrating a container using Podman's
'podman container checkpoint --export=/path/to/archive.tar.gz' was
that it was necessary to manually handle changes to the container's root
file-system. The recommendation was to mount everything as --tmpfs where
the root file-system was changed.
This extends the checkpoint export functionality to also include all
changes to the root file-system in the checkpoint archive. The
checkpoint archive now includes a tarstream of the result from 'podman
diff'. This tarstream will be applied to the restored container before
restoring the container.
With this any container can now be migrated, even it there are changes
to the root file-system.
There was some discussion before implementing this to base the root
file-system migration on 'podman commit', but it seemed wrong to do
a 'podman commit' before the migration as that would change the parent
layer the restored container is referencing. Probably not really a
problem, but it would have meant that a migrated container will always
reference another storage top layer than it used to reference during
initial creation.
Signed-off-by: Adrian Reber <areber@redhat.com>
The newly added function GetDiffTarStream() mirrors the GetDiff()
function. It tries to get the correct layer ID from getLayerID()
and it filters out containerMounts from the tarstream. Thus the
behavior is the same as GetDiff(), but it returns a tarstream.
This also adds the function ApplyDiffTarStream() to apply the tarstream
generated by GetDiffTarStream().
These functions are targeted to support container migration with
root file-system changes.
Signed-off-by: Adrian Reber <areber@redhat.com>
During 'podman container checkpoint' the finished time was not set. This
resulted in a strange container status after checkpointing:
Exited (0) 292 years ago
During checkpointing FinishedTime is now set to time.now().
Signed-off-by: Adrian Reber <areber@redhat.com>
Normally when testing PRs, the final task to run is 'success'. It's
purpose is three-fold:
- Notify on IRC that a PR passed all testing.
- Block merging of a PR unless all dependent tasks are successful.
- When successful, publish cached binary release archives.
Mistakenly, the 'release' task was not made dependent upon the 'success'
task. Since 'success' only runs for PRs, this was causing post-merge
failures due to the 'release' task not finding any release archives -
the tasks which generate them are still running.
Fix this by making the 'release' task depend upon the same items as
the 'success' task. This will ensure it only runs as the very last
step, for both PRs and on branches (post-merge).
Signed-off-by: Chris Evich <cevich@redhat.com>
the commit and pull varlink endpoints were not working correctly when
'more' was not being specified.
Fixes: #3317Fixes: #3318Fixes: #3526
Signed-off-by: baude <bbaude@redhat.com>
drop the limitation of not supporting creating new cgroups v2 paths.
Every controller enabled /sys/fs/cgroup will be propagated down to the
created path. This won't work for rootless cgroupsv2, but it is not
an issue for now, as this code is used only by CRI-O.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
CI is experiencing failures in the system_test step, caused by
podman commands issuing the following warning:
time="2019-07-09T13:30:19-04:00" level=error msg="User-selected graph driver \"overlay\" overwritten by graph driver \"vfs\" from database - delete libpod local files to resolve
Hypothesis: integration tests, which run just before us, are
leaving user config files in an unstable state.
Workaround: delete all user cache and config and db before
running system tests. This should be safe, and should be
a NOP when running as root.
Signed-off-by: Ed Santiago <santiago@redhat.com>
now that dbus authentication works fine from a user namespace (systemd
241 works fine), we can enable rootless healthchecks.
It uses "systemd-run --user" for creating the healthcheck timer and
communicates with the user instance of systemd listening at
$XDG_RUNTIME_DIR/systemd/private.
Closes: https://github.com/containers/libpod/issues/3523
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This tries to reduce CI errors which might happen due to parallel CI
runs which all are using the same IP addresses. Using random addresses
should reduce the possibility of parallel tests using the same IP address.
Signed-off-by: Adrian Reber <areber@redhat.com>
When the user uses remote client, the message prompts the user to use `podman-remote`. This does not apply for Mac usage.
Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
Per @rhatdan's request in #3478, this commit makes a note of supporting
General Parallel File System by IBM since it shares the same root issue
as NFS for rootless containers.
Signed-off-by: Justin W. Flory <git@jwf.io>
when running integrations tests as rootless, several tests still
unnecessarily pull images which is costly in terms of time.
Signed-off-by: baude <bbaude@redhat.com>
add a simple way to copy ulimit values from the host.
if --ulimit host is used then the current ulimits in place are copied
to the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
OpenShift Merge Robot
Matthew Heon
baude
Adrian Reber
Chris Evich
Qi Wang
Giuseppe Scrivano
Ed Santiago
Ashley Cui
Justin W. Flory
Stefan Becker