Some search tests were looking for an explicit amount of images to
match. Since images are moving targets on these registries, make
sure to use lower bounds instead of exact matches.
Fixes CI which started to break when Red Hat images changed.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Flush should be called after the last call to Write to ensure that any data buffered in the Writer is written to output.
Any incomplete escape sequence at the end is considered complete for formatting purposes.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
go test -v -p 1 -tags apparmor,ostree,seccomp,selinux,systemd github.com/containers/podman/v2/test/testvol
results in the following error:
> test/testvol/main.go:227:10: Errorf format %s reads arg #1, but call has 0 args
> test/testvol/main.go:233:10: Errorf format %s reads arg #1, but call has 0 args
This patch passes req.Name as an argument to the Errorf() call
Signed-off-by: Raoul Bhatia <raoul.bhatia@radarcs.com>
Commit 092902b45555 introduced advanced network options for podman play
kube. However this never worked because it unconditionally set the
network mode to bridge after it parsed the network option.
Added a test to ensure the correct mode is set.
Truly fixes#10807
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When attempting to run remote builds, users with UID/GID values that
were high enough that they wouldn't be mapped into their default user
namespace configurations would see their builds fail when the server
attempted to extract the build contexts that they supplied, and failed
to set ownership of the build context content to the UID/GID that were
originally assigned to them.
When archiving the build context at the client, set ownership of
everything to 0:0, which we know is always mapped. Both ADD and COPY
require that we set the ownership of newly-added content to 0:0 (unless
the --chown flag is used), so throwing away the original ownership
information doesn't hurt, anyway. As usual, tarballs that we extract
as part of ADD aren't going to be affected.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When inspecting a container, we now report whether the container
was stopped by a `podman checkpoint` operation via a new bool in
the State portion of inspected, `Checkpointed`.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Handle custom restart policies of containers when generating the unit
files; those should be set on the unit level and removed from ExecStart
flags.
Fixes: #11438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fix a dead lock in the file log driver where one goroutine would wait on
the tail to hit EOF but reading is blocked for the function to return.
Fixes: 11461
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Following PR adds support for `kubectl` like `pod logs` to podman.
Usage `podman pod logs <podIDorName` gives a stream of logs for all
the containers within the pod with **containername** as a field.
Just like **`kubectl`** also supports `podman pod logs -c ctrIDorName podIDorName`
to limit the log stream to any of the specificied container which belongs to pod.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Filtering is missing in both compat API and libpod API, while docker
has filtering functinality. This commit enables filtering option using
name and id in both libpod and http API.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
The "auto-update using systemd" test is failing on RHEL rootless.
Reason: it uses journalctl, which does not work on RHEL rootless.
Solution: add skip_if_journald_unavailable.
ALSO: add debugging info to test failure.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Following PR makes sure that `podman manifest rm <list>` only removes
the named manifest list and not referenced images.
Bumping and squashing c/common to v0.43.3-0.20210902095222-a7acc160fb25
in same commit in order to make sure build commit test passes.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Cleanup: the final 'play' test wasn't cleaning up after itself,
leading to angry warning messages when rerunning tests (in
my environment; never in CI)
Debug: I'm seeing a lot of "Could not parse READY=1 as MAINPID=nnn"
flakes in the sdnotify:container test (nine in the past month). Add
debug traces to help diagnose in future flakes.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Secret environment variables were only available to a podman run/start.
This commit makes sure that exec sessions can see them as well.
Signed-off-by: Ashley Cui <acui@redhat.com>
Make sure that Podman passes the LISTEN_* environment into containers.
Similar to runc, LISTEN_PID is set to 1.
Also remove conditionally passing the LISTEN_FDS as extra files.
The condition was wrong (inverted) and introduced to fix#3572 which
related to running under varlink which has been dropped entirely
with Podman 3.0. Note that the NOTIFY_SOCKET and LISTEN_* variables
are cleared when running `system service`.
Fixes: #10443
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
There are use-cases where users would want to use overlay-mounts as
workdir. For such cases workdir should be resolved after all the mounts
are completed during the container init process.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Make sure that the container's authfile label is used when pulling down
a new image.
[NO TESTS NEEDED] since it would require some larger rewrite of the
auto-update system tests that I currently have no time for. I added a
reminder to have some breadcrumbs when there is more time.
Fixes: #11171
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
InfraContainer should go through the same creation process as regular containers. This change was from the cmd level
down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod
cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows
FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state)
Signed-off-by: cdoern <cdoern@redhat.com>
Following feature makes sure that users can load contents of external
tarball into the podman volumes.
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* Add response.Body.Close() where needed to release HTTP
connections to API server.
* Add tests to ensure no general leaks occur. 100% coverage would be
required to ensure no leaks on any call.
* Update code comments to be godoc correct
Signed-off-by: Jhon Honce <jhonce@redhat.com>
add the ability for play kube to tear down based on the yaml used to
play it. it is indicated by --down in the play kube command. volumes
are NOT deleted during the teardown. pods and their containers are
stopped and removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Commit 9ac5267 changed the type of the generated systemd units from
`forking` to `notify`. It further stopped using `--cidfile` and instead
intended systemd to take care of stopping the container, which turned
out to be a bad idea.
Systemd will send the stop/kill signals to conmon which in turn may exit
non-zero, depending on the signal, and ultimately breaking container
cleanup.
Hence, we need to use --cidfile again and let podman stop and remove the
container to make sure that everything's in order.
Fixes: #11304
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Podman inspect has to show exposed ports to match docker. This requires
storing the exposed ports in the container config.
A exposed port is shown as `"80/tcp": null` while a forwarded port is
shown as `"80/tcp": [{"HostIp": "", "HostPort": "8080" }]`.
Also make sure to add the exposed ports to the new image when the
container is commited.
Fixes#10777
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This reverts commit 70801b3d714b067d64744697433c5841926dad4d.
It turns out that letting systemd handle stopping the container is not
working as I thought it will. Conmon is receiving the stop/kill signals
and may exit non-zero, which in turn lets the systemd service transition
into the `failed` state.
We need to get back to letting Podman stop the containers and do a
partial revert of commit 9ac5267 which removed using --cidfile.
Happening in a following commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Commit 9ac5267598c3 changed the type of the generated systemd units from
forking to notify. Parts of these changes was also removing the need to
pass any information via the file system (e.g., PIDFILE, container ID).
That in turn implies that systemd takes care of stopping the container.
By default, systemd first sends a SIGTERM and after a certain timeout,
it'll send a SIGKILL. That's pretty much what Podman is doing, unless
the container was created with a custom stop signal which is the case
when the --stop-signal flag was used or systemd is mounted.
Account for that by using systemd's KillSignal option which allows for
changing SIGTERM to another signal. Also make sure that we're using the
correct timeout for units generated with --new.
Fixes: #11304
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Increase the amount of time we're willing to wait for a log message that
a container should be printing to show up in the output of `logs -f`,
since on at least one CI configuration we're seeing a turnaround as high
as 46s, but it's not something we can directly control, so that's not a
hard maximum.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
