Print the diff at the end of the report to help better understand what's
going on.
```
tree is dirty, please run "make vendor" and commit all changes.
M go.mod
M go.sum
M hack/tree_status.sh
M vendor/github.com/containers/storage/store.go
M vendor/modules.txt
---------------------- Diff below ----------------------
diff --git a/go.mod b/go.mod
index e36d3fb95c57..167d769c378f 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
github.com/containers/image/v5 v5.23.0
github.com/containers/ocicrypt v1.1.6
github.com/containers/psgo v1.7.3
- github.com/containers/storage v1.43.1-0.20221013143630-714f4fc6e80e
+ github.com/containers/storage v1.43.1-0.20221014072257-a144fee6f51c
github.com/coreos/go-systemd/v22 v22.4.0
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
github.com/cyphar/filepath-securejoin v0.2.3
```
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Accumulated cleanup from the man-page deduplication effort.
Various minor things that slipped.
--publish-all : remove duplicate "default is false" (toth @dilyanpalauzov)
--shm-size : rephrase 'you' and 'y'all'
--tls-verify : make narrower, add asterisks to true/false,
and linkify containers-registries.conf
--volume : incorporate feedback from @mheon
rename pid.md to pid.container.md, because there's a pid.pod.md
for the --pid option used in pod-related man pages.
...and some whitespace, comma, other minor edits
Fixes: #15356
Signed-off-by: Ed Santiago <santiago@redhat.com>
Refactored among all files that mentioned it.
DANGER WILL ROBINSON! REVIEW CAREFULLY! Here are two major
decisions I made:
1) Look at the text for podman-run, in particular the "" text.
It currently says "will use the default". As best I can
tell this is not true, so I changed it to "will disable"
which matches all the other commands.
2) The "containers.conf" text, I decided, applies to all
commands, not just podman-run (it was only present in
podman-run). If this is not the case, please yell.
Other changes are cosmetic formatting stuff, asterisks end newlines.
Hard to review with hack/markdown-preprocess-review, because all
the text is one horrible long line instead of 80-char breaks.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Mainly to pull in fixes for #1382 which is impossible to reproduce
locally so let's optimistically mark it as fixed and reopen if needed
in the future.
Fixes: #1382
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Only between podman-create and -run; podman-start was too
different. (But please look into it, maybe there's a way
to reconcile the diffs).
Very minor formatting changes made to reconcile the two.
Easy to review using hack/markdown-preprocess-review
Signed-off-by: Ed Santiago <santiago@redhat.com>
To improve the error message reported in #16142 where the container is
reported to be in the wrong state but we do not know which. This is not
a fix for #16142 but will hopefully aid in better understanding what's
going on if it flakes again.
[NO NEW TESTS NEEDED] as hitting the condition is inherently racy.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The new cobra update fixed a bug which caused some options to not be
included in --help when there was already a option with the same name
on a parent command.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
[Note: I already refactored --annotation for container-related
commands; this one is for manifest-related commands]
This one needed reconciling: one man page said "newly added image",
the other said "specified image", I just reduced that to "image".
If that's not cool, any suggestions on how to make it better? Or,
just reject this PR, we can live with this duplication.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Basically, in the timeout loop where we checked for new CID
on the restarted container, we were running 'podman inspect'
(not 'inspect --format ID'), and comparing full hundred-line
output against single-line CID string.
While I'm in here, add 'c_' prefix to container to make it
easier for my old eyes to recognize "oh, that's a container name"
vs "is that a name? a SHA? a woozle?"
Signed-off-by: Ed Santiago <santiago@redhat.com>
This is a very expensive call as it deep duplicates the Config, and
we just need to read a single member, so use ConfigNoCopy() instead.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This is a very expensive function as it does a deep copy. Instead
use pre-existing accessors like ctr.CreatedTime() where they exist
and ctr.ConfigNoCopy() where not.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This call does a deep copy, which is only needed if you want
to modify the return value. Instead we use ctr.ConfigNoCopy().Spec
which is just a pointer dereference.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This gets c.config.Spec.Linux.Resources, with some nil checks.
Using this means less open coding of the nil-checks, but also the
existing user of this field in moveConmonToCgroupAndSignal() was
using ctr.Spec().Linux.Resources instead, and the Spec() call
is very expensive.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Starting listening for the READY messages on the sdnotify proxies before
starting the Pod. Otherwise, we may be missing messages.
[NO NEW TESTS NEEDED] as it's hard to test this very narrow race.
Related to but may not be fixing #16076.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This just gets ctr.config.Spec.Process.Terminal with some null checks,
allowing several places that open-coded this to use the helper.
In particular, this helps the code in
pkg/domain/infra/abi/terminal.StartAttachCtr(), that used to do:
`ctr.Spec().Process.Terminal`, which looks fine, but actually causes
a deep json copy in the `ctr.Spec()` call that takes over 3 msec.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Fix the "stop" on-failure action by not removing the transient systemd
timer and service during container stop. Removing the service will
in turn cause systemd to terminate the Podman process attempting to
stop the container and hence leave it in the "stopping" state.
Instead move the removal into the restart sequence.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When the `XDG_CONFIG_HOME` environment variable is changed, for example,
to switch development contexts, the behavior of the podman-machine can
be confusing. The documentation had not mentioned this, and this commit
adds these mentions.
Closes: https://github.com/containers/podman/issues/15577
Reviewed-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Naoaki Ueda <nao@uedder.com>
When you run "podman run foo" we attach to the container, which essentially
blocks until the container process exits. When that happens podman immediately
calls Container.WaitForExit(), but at this point the exit value has not
yet been written to the db by conmon. This means that we almost always
hit the "check for exit state; sleep 250msec" loop in WaitForExit(),
delaying the exit of podman run by 250 msec.
More recent kernels (>= 5.3) supports the pidfd_open() syscall, that
lets you open a fd representing a pid and then poll on it to wait
until the process exits. We can use this to have the first sleep
be exactly as long as is needed for conmon to exit (if we know its pid).
If for whatever reason there is still issues we use the old sleep loop
on later iterations.
This makes "time podman run fedora true" about 200msec faster.
[NO NEW TESTS NEEDED]
Signed-off-by: Alexander Larsson <alexl@redhat.com>
