We need to take another lock to prevent concurrent starts from different
machines.
I manually tested it by starting three VM in parallel with:
podman machine start & podman machine start test1 & podman machine start test2
I also added a CI test that seems to work as expected (failed with the
old binary, worked with the new)
Before this patch I was able to start more than VM, with this patch it
now only starts one of them and the other ones will fail to start with
a proper error.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This function is not used, it has been refactored in the general
starting good higher up the stack.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently we first read the conf and then lock, this is racy because
while we wait for the lock another process might change the state so
the only way to have the actual current state is to read the file
while holding the lock.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Fixes conflicts such as removal of second machine deleting a socket of a
the first machine while it's running
- Move API socket into runtime directory for consistency
- Add API and gvproxy sockets to removal list
- Cleanup related logic
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
make validate should work locally, this check makes no sense in a local
context as it checks for a github label.
To fix this remove this check from the validate target and only use it
as part of the CI validate run.
While at it remove old dnf install step, the issue has been closed for a
long time and it should already be part of our base images.
Fixes#22031
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
we are having second thoughts about *requiring* a policy.json on podman
machine hosts. we are concerned that we need to work out some more use
cases to be sure we do not make choices now that limit us in the near
term future. for example, should the policy files be the same for
container images and machine images? And should one live on the host
machine and the other live in the machine?
therefore, if a policy.json *is* present in the correct location, we will use and honor it; however, if it does not, we will allow the machine image to be pulled without a policy.
Signed-off-by: Brent Baude <baude@redhat.com>
Co-authored-by: Paul Holzinger <45212748+Luap99@users.noreply.github.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit bumps containers-common dep such that passt and netavark become hard
deps for podman on fedora 40+.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2269148
With this commit, f40+ envs will use the min name-version-release for
containers-common-extra while other deps will use whatever's available.
This change can be reverted after a few releases to keep conditionals to
a minimum.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
1. Added the xz decompression unit tests
2. Removed the xz implementation to use the one from c/images
3. Removed the specific macos gzip, zstd compressor and use
the generic compressor but with SparseWriter if GOOS == darwin
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
For consistency with linux/osx makefile
I have added the win-gvproxy target as
an alias of win-sshproxy
[NO NEW TESTS NEEDED]
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Adding the final machine endpoint as quay.io/podman/machine-os in the
Podman code. As a reminder, we decided we would set this in containers
conf once things settle down and this code would then be removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Also update the website to display the correct swagger doc for the right
version, the 5.0 swagger file will not exist until we branch but I added
it anyway so we do not forget it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Healthchecks, defined in a .yaml file as livenessProbe did not had any
effect. They were executing as intended, containers were marked as
unhealthy, yet no action was taken. This was never the intended
behaviour, as observed by the comment:
> if restart policy is in place, ensure the health check enforces it
A minimal example is tracked in containers/podman#20903 [1] with the
following YAML:
```yaml
apiVersion: v1
kind: Pod
metadata:
name: ubi-httpd-24
spec:
restartPolicy: Always
containers:
- name: ubi8-httpd
image: registry.access.redhat.com/rhscl/httpd-24-rhel7:2.4-217
livenessProbe:
httpGet:
path: "/"
port: 8081
```
By passing down the restart policy (and using constants instead of
actually wrong hard-coded ones), Podman actually restarts the container
now.
[1]: https://github.com/containers/podman/issues/20903Closes#20903.
Signed-off-by: Jasmin Oster <nachtjasmin@posteo.de>
Based on user feedback, I think it's time to clarify that there are no
plans to remove generate-systemd. Deprecation here means that the
command will not receive new features but only urgent bug fixes.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The container image build automation no longer lives here, it was moved
to containers/image_build.
Also strip out a few lingering comments referencing gitleaks, which was
removed from automation use.
Signed-off-by: Chris Evich <cevich@redhat.com>
openshift-merge-bot[bot]
Garth Bushell
Paul Holzinger
renovate[bot]
Jason T. Greene
Matt Heon
Brent Baude
Lokesh Mandvekar
Mario Loriedo
Denys Knertser
Brent Baude
Jasmin Oster
Ashley Cui
Valentin Rothberg
Erik Sjölund
Chris Evich
Jesse Borden