With the 4.0 network rewrite I introduced a regression in 094e1d70dee1.
It only covered the case where a checkpoint is restored via --import.
The normal restore path was not covered since the static ip/mac are now
part in an extra db bucket. This commit fixes that by changing the config
in the db.
Note that there were no test for --ignore-static-ip/mac so I added a big
system test which should cover all cases (even the ones that already
work). This is not exactly pretty but I don't have to enough time to
come up with something better at the moment.
Fixes#16666
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Just like podman-remote run users should still be able to set volumes,
of course the source must be on the server machine but this is already
the case for podman machine for example.
Fixes#16694
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixes e2e tests, remove '\n' from base64 encoded data.
Correct test to check that data in secret mounted file is decoded.
Closes#16269Closes#16625
Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
As outlined in #16076, a subsequent BARRIER *may* follow the READY
message sent by a container. To correctly imitate the behavior of
systemd's NOTIFY_SOCKET, the notify proxies span up by `kube play` must
hence process messages for the entirety of the workload.
We know that the workload is done and that all containers and pods have
exited when the service container exits. Hence, all proxies are closed
at that time.
The above changes imply that Podman runs for the entirety of the
workload and will henceforth act as the MAINPID when running inside of
systemd. Prior to this change, the service container acted as the
MAINPID which is now not possible anymore; Podman would be killed
immediately on exit of the service container and could not clean up.
The kube template now correctly transitions to in-active instead of
failed in systemd.
Fixes: #16076Fixes: #16515
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Move the handling of userns keys from ConvertContainer to a separate method
Adjust the method according to the different supported values
Use the new method in both ConvertContainer and ConvertKube
Pass isUser to ConvertKube as well
Add tests
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
This just calls GC on the local storage, which will remove any leftover
directories from previous containers that are not in the podman db anymore.
This is useful primarily for transient store mode, but can also help in
the case of an unclean shutdown.
Also adds some e2e test to ensure prune --external works.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This handles the transient store options from the container/storage
configuration in the runtime/engine.
Changes are:
* Print transient store status in `podman info`
* Print transient store status in runtime debug output
* Add --transient-store argument to override config option
* Propagate config state to conmon cleanup args so the callback podman
gets the same config.
Note: This doesn't really change any behaviour yet (other than the changes
in containers/storage).
Signed-off-by: Alexander Larsson <alexl@redhat.com>
docker-compose sets the mac address in the container config and not the
network endpoint config. This is ugly when you have more than one
network, in this case docker just chooses the first network.
Fixes#16411
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Since https://github.com/containers/podman/pull/16394 was merged
we now always delete the cid file if --replace=true was specified,
so we can avoid this extra command being launched.
[NO NEW TESTS NEEDED] Already tested in above PR.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
The containers should be able to write to tmpfs mounted directories.
Also cleanup output of podman kube generate to not show default values.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This patch extends the podman run command with support for checkpoint
images. When `podman run` is invoked with an image that contains
a checkpoint, it would restore the container from that checkpoint.
Example:
podman run -d --name looper busybox /bin/sh -c \
'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
podman container checkpoint --create-image checkpoint-image-1 looper
podman run checkpoint-image-1
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
This is causing podman to wait about 25 seconds before starting
the primary container.
Fixes: https://github.com/containers/podman/issues/16343
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fix an overriding logic in Inhearit function.
Alos, ToSpecGen function doesn't load the cgroup/image volume config from containers.conf.
Signed-off-by: karta0807913 <karta0807913@gmail.com>
Document the remaining missing options for container checkpoint and
restore.
[NO NEW TESTS NEEDED]
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
Startup healthchecks are similar to K8S startup probes, in that
they are a separate check from the regular healthcheck that runs
before it. If the startup healthcheck fails repeatedly, the
associated container is restarted.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
