Just like podman-remote run users should still be able to set volumes,
of course the source must be on the server machine but this is already
the case for podman machine for example.
Fixes#16694
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If an error happening while playing a kube yaml,
clean up any pods, containers, and volumes that might
have been created before the error was hit.
This improves the user experience for when they go to
re-run the same yaml with their fixes and podman doesn't
complain about any existing workloads from the previously
failed run.
Suppress the clean up output when clean up happens after an
error as the user doesn't need to see or know about that.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Fixes e2e tests, remove '\n' from base64 encoded data.
Correct test to check that data in secret mounted file is decoded.
Closes#16269Closes#16625
Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
Fairly universally, the last Cirrus-Cron job is set to fire off at
22:22 UTC. However, the re-run of failed jobs GHA workflow was
scheduled for 22:05, meaning it will never re-run the last cirrus-cron
job should it fail.
Re-arrange the execution order so as to give plenty of time between the
last cirrus-cron job starting, the auto-re-run attempt, and the final
failure-check e-mail.
Signed-off-by: Chris Evich <cevich@redhat.com>
As outlined in #16076, a subsequent BARRIER *may* follow the READY
message sent by a container. To correctly imitate the behavior of
systemd's NOTIFY_SOCKET, the notify proxies span up by `kube play` must
hence process messages for the entirety of the workload.
We know that the workload is done and that all containers and pods have
exited when the service container exits. Hence, all proxies are closed
at that time.
The above changes imply that Podman runs for the entirety of the
workload and will henceforth act as the MAINPID when running inside of
systemd. Prior to this change, the service container acted as the
MAINPID which is now not possible anymore; Podman would be killed
immediately on exit of the service container and could not clean up.
The kube template now correctly transitions to in-active instead of
failed in systemd.
Fixes: #16076Fixes: #16515
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This changes references to `/etc/containers/storage.conf` (and similar) to
links to `containers-storage.conf(5)`, as there are alternative locations
for this file.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
- podman generate kube inheritents the proxy environment valiable by default.
Therefore, Env field is not empty if it is set.
- systemd-socket-acrivate needs to pass an proxy environment variable.
- busybox wget with an proxy doesn't work.
Network tests should use not wget but curl.
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10446
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
The podman healthchecks are implemented using systemd timers, this works
great but it will never work on non systemd distros. Currently the logic
always assumes systemd is available and will fail with an error, so users
are forced to always run with `--no-healthcheck` to disable healthchecks
that are defined in an image for example. This is annoying and IMO
unnecessary, we should just default to no healthcheck on these systems.
First, use the systemd build tag to disable it at build time if this tag
is not used.
Second, use make sure systemd is used as init before trying
to use healthchecks. This could be the case when we are run in a container.
[NO NEW TESTS NEEDED] We do not have any non systemd VMs in CI AFAIK.
Fixes#16644
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Move the handling of userns keys from ConvertContainer to a separate method
Adjust the method according to the different supported values
Use the new method in both ConvertContainer and ConvertKube
Pass isUser to ConvertKube as well
Add tests
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
This just calls GC on the local storage, which will remove any leftover
directories from previous containers that are not in the podman db anymore.
This is useful primarily for transient store mode, but can also help in
the case of an unclean shutdown.
Also adds some e2e test to ensure prune --external works.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This brings a performance improvement to `podman run` on top of the
other transient_store improvements in containers/storage:
Transient mode without transient bolt_db:
Benchmark 1: bin/podman run --transient-store=true --rm --pull=never --network=host --security-opt seccomp=unconfined fedora true
Time (mean ± σ): 130.6 ms ± 5.8 ms [User: 44.4 ms, System: 25.9 ms]
Range (min … max): 122.6 ms … 143.7 ms 21 runs
Transient mode with transient bolt_db:
Benchmark 1: bin/podman run --transient-store=true --rm --pull=never --network=host --security-opt seccomp=unconfined fedora true
Time (mean ± σ): 100.3 ms ± 5.3 ms [User: 40.5 ms, System: 24.9 ms]
Range (min … max): 93.0 ms … 111.6 ms 29 runs
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This handles the transient store options from the container/storage
configuration in the runtime/engine.
Changes are:
* Print transient store status in `podman info`
* Print transient store status in runtime debug output
* Add --transient-store argument to override config option
* Propagate config state to conmon cleanup args so the callback podman
gets the same config.
Note: This doesn't really change any behaviour yet (other than the changes
in containers/storage).
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Later changes will need to access it earlier, so move its creation to
just after the creation of StaticDir.
Note: For whatever reason this we created twice before, but we now
only do it once.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
docker-compose sets the mac address in the container config and not the
network endpoint config. This is ugly when you have more than one
network, in this case docker just chooses the first network.
Fixes#16411
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
