using the new resource backend, implement podman pod create --memory which enables
users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all
children unless overriden
Signed-off-by: Charlie Doern <cdoern@redhat.com>
The podman-machine integration tests are designed to execute on
bare-metal, since they perform significant work with virtual-machines.
This test is costly to run at scale, so it is limited to being manually
triggered by developers (for now). A 'trigger' button will appear in the
task status page of the Github WebUI once all test dependencies are met.
In the Cirrus-CI WebUI, there is also a 'pre-trigger' button that may be
pressed if a developer doesn't wish to wait. Also:
* Add a `localmachine` target in the `Makefile` on the off-chance
developers wish to execute locally. Update the `ginkgo-run` target
to accommodate re-use by the new `localmachine` target.
* Exclude `podman_machine` task from `success` dependency verification.
This also involves adding an exception to `cirrus_yaml_test.py`
otherwise it will complain loudly.
* ***NOTE*** Inclusion of `ec2_instance` in *any* task will cause
`hack/get_ci_vm.sh` to barf and be non-functional. Future updates will
be made to restore functionality. Before then, simply comment out
the `ec2_instance` section as a temporarily workaround.
Signed-off-by: Chris Evich <cevich@redhat.com>
In order to support execution on various non-GCP cloud environments, the
BFQ scheduler workaround needs updating. Previously it assumed the root
disk was always `/dev/sda`. With the addition of new clouds (AWS) and
different environment types, the assumption is not always valid. Update
the workaround to take care in looking up the block device where '/'
comes from.
Also update the scheduler to 'none', as all modern clouds already have
highly optimized underlying storage configurations. There's no reason
to complicate I/O paths further by hard-coding specific scheduler(s) for
all environment types.
Signed-off-by: Chris Evich <cevich@redhat.com>
PR containers/podman/pull/14449 had an outdated base. Merging it broke
builds.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When mounting paths as overlay mounts we end up passing source as is to
lowerdir options, resolve all relative paths in such cases for overlay
mounts.
Closes: https://github.com/containers/podman/issues/14797
Signed-off-by: Aditya R <arajan@redhat.com>
Fix the parse for the cgroup devices rule to correctly handle the
wildcard syntax for the device major.
Also make sure the device major and minor are not negative numbers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
With the upcoming plans of introducing a podman-kube command with
various subcommands, rename the podman-play-kube systemd template
to podman-kube before releasing it.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
at startup, when running on a cgroup v2 system, check if the current
process is running in the root cgroup and move it to a sub-cgroup,
otherwise Podman is not able to create cgroups and move processes
there.
Closes: https://github.com/containers/podman/issues/14573
[NO NEW TESTS NEEDED] it needs nested podman
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
if we are running on cgroupv2, force the creation of a sub-cgroup even
when we are at the root for the cgroup v2 unified mount.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
ImagesBatchRemoval and ImageRemoval now honors and accepts
`LookupManifest` parameter which further tells libimage to resolve to
manifest list if it exists instead of actual image.
Following PR also makes `podman-remote manifest rm` functional which was
broken till now.
Closes: https://github.com/containers/podman/issues/14763
Signed-off-by: Aditya R <arajan@redhat.com>
Drop a reference as to why the `rpm --setcaps...` line is needed, along
with a `TODO` reminder to check if it's still needed.
Signed-off-by: Chris Evich <cevich@redhat.com>
Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
Bindings already support `Remove` which removes a manifest from the list
following function adds support for removing entire manifest for local
storage.
Similar functionality can be also used indirectly by using `Remove` defined in
image bindings
Signed-off-by: Aditya R <arajan@redhat.com>
the new version of runc has the same check in place and it
automatically resume the container if it is paused. So when Podman
tries to resume it again, it fails since the container is not in the
paused state.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2100740
[NO NEW TESTS NEEDED] the CI doesn't use a new runc on cgroup v1 systems.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
[NO NEW TESTS NEEDED] now that podman's cgroup config tries to initialize controllers, cgroupfs errors out on pod creation
we need to mimic the behavior that used to exist and only create the cgroup when running as rootful
Signed-off-by: Charlie Doern <cdoern@redhat.com>
- New `VMPidFilePath` field in MachineVM config holds the path for the
qemu PID file
- qemu is now started with the `-pidfile` argument set to `VMPidFilePath`
- Machines created before this won't have the VM PID file configured,
stopping these VMs will revert back to waiting on the state to change
away from `Running`, plus an added 2s sleep to give time for the VM to
exit and to avoid potential issues
- Machines created after this will have a VM PID file configured and
stopping the machine will wait indefinitely for the VM to exit
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
Pull in fixes for platform checks to silence annoying warnings when
pulling images by platforms using uname values.
Fixes: #14669
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Runtime verification test for container checkpoint with export
used the default runtime for test which causes test to always
pass. Problem rises when using non-default runtime, then doing
a restore. This test forcse using a non-default runtime during
container creation.
Edge case:
1. Default runtime is crun
2. Container is created with runc
3. Checkpoint without setting --runtime into archive
4. Restore without setting --runtime from archive
It should be expected that podman identifies runtime from the
checkpoint archive.
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
cfg.RuntimePath was set to default runtime, so the empty string
check fails. Instead we could check if the flag was changed.
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
currently, podman system df incorrectly calculates the reclaimable storage for
volumes, using a cumulative reclaimable variable that is incremented and placed into each
report entry causing values to rise above 100%.
Switch this variables to be in the context of the loop, so it resets per volume just like the size variable does.
resolves#13516
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Some background for this PR is in discussion #14641. In short, ever so often a container inspect will return a `status.status` of `initialized` from the Docker compat socket.
From the discussion I found these lines which tries to fix a "configured" status to "created".
c936d1e611/pkg/api/handlers/compat/containers.go (L291-L294)
However, commit 141de8686289 (Revamp Libpod state strings for Docker compat) removed the "configured" return value from the `String()` method called on line 291 above. Thus, making the `if` check redundant as it will never hit. But the same commit also introduces a return for "initialized" which this `if` should probably have been adapted for.
Signed-off-by: Pieter Engelbrecht <pieter@shuttle.rs>
