Otherwise, we'll always get the same sequence of random numbers which
may lead to conflicts. Also bump the number of maximum attempts to 10
instead of 3.
[NO NEW TESTS NEEDED] as I cannot enforce random number collisions.
Existing tests should continue be green and flake slightly less.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Because we cannot reqad the networking mode in the frontent because we
should always use the server default we have to parse the mac and ip
address to the server via a default network. Now when the server reads
the default nsmode it has to reject the provided networks when the mode
is not set to bridge.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is important that we store the current networks from the db in the
config. Also make sure to properly handle aliases and ignore static ip/mac
addresses.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Rework the --network parse logic to support multiple networks with
specific network configuration settings.
--network can now be set multiple times. For bridge network mode the
following options have been added:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
- **mac=MAC**: Specify a static mac address address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99
for the default bridge network as well as for network names.
This is better than using --ip because we can set the ip per network
without any confusion which network the ip address should be assigned
to.
The --ip, --mac-address and --network-alias options are still supported
but --ip or --mac-address can only be set when only one network is set.
This limitation already existed previously.
The ability to specify a custom network interface name is new
Fixes#11534
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add the new networks format to specgen. For api users cni_networks is
still supported to make migration easier however the static ip and mac
fields are removed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The swagger api docs used the extra Body struct as part of the request
which is wrong. We just want the plain type.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Network connect now supports setting a static ipv4, ipv6 and mac address
for the container network. The options are added to the cli and api.
Fixes#9883
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Make sure we create new containers in the db with the correct structure.
Also remove some unneeded code for alias handling. We no longer need this
functions.
The specgen format has not been changed for now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The new network db structure stores everything in the networks bucket.
Previously some network settings were not written the the network bucket
and only stored in the container config.
Instead of the old format which used the container ID as value in the
networks buckets we now use the PerNetworkoptions struct there.
To migrate existing users we use the state.GetNetworks() function. If it
fails to read the new format it will automatically migrate the old
config format to the new one. This is allows a flawless migration path.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The new network backend stores the networks in a map so the returned
order is not deterministic. Lets sort the network names alphabetically
to ensure a deterministic order.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is the third and hopefully the last attempt to address the flakes
in the pprof tests. We first bumped the timeouts to 2 seconds, then to
5, and since I am running out of ideas let's bump it now to 20 seconds.
Since the timeouts poll, the tests will terminate much earlier but 20
seconds should now really be enough even under highly loaded CI VMs.
Fixes: #12167
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
I noticed that this test will fail its flake rerun because the network
was not removed and it tried to create a network with the same name.
Also network disconnect works rootless now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This gives the service 5 seconds to digest the signal and 5 more seconds
to shutdown. Create a new variable to make bumping the timeout easier
in case we see re-flake in the future.
Fixes: #12167
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2030599
When you create pod, it shares the UTS namespace with Containers.
Currently the --hostname is not passed to the pod created when
you create a container and pod in the same command.
Also fix error message on supported --share flags
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
An error was observed in another PR while downloading the swagger
binary. The error was relating to the upstream egress quota. Obviously
our downloading it every time for each CI run isn't helping. Fix this
by moving the download into the image-build process, and simply re-use
the already present binary here.
Ref: https://github.com/containers/automation_images/pull/103
Signed-off-by: Chris Evich <cevich@redhat.com>
Issue #11825 suggests that *rootless* Podman can run into situations
where too many inotify fds are open. Indeed, rootless Podman has a
slightly higher usage of inotify watchers than the root counterpart
when using slirp4netns
Make sure to not only close all watchers but to also remove the files
from being watched. Otherwise, the fds only get closed
when the files are removed.
[NO NEW TESTS NEEDED] since we don't have a way to test it.
Fixes: #11825
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
...it's not needed: teardown() already does it. Or, it would,
if it had been updated to deal with the new pause image naming
convention, which I've just done.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Users should be able to override containers entrypoint using
`--entrypoint ""` following works fine for podman but not for podman
remote.
Specgen ignores empty argument for entrypoint so make specgen honor
empty arguments.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
GLOBAL_OPTS haven't been supported for at least two major versions of
Podman. The runlabel code is extremely fragile and I think it should
be rewritten before adding new features.
Fixes: #12436
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
commit ee62711136339c5daf38e38859227d85b06fc32a introduced the
regression.
It was mistakenly removed as part of a cleanup, but this code is
needed by another code path, where we move conmon for the exec session
to the same cgroup used by conmon for the process.
Closes: https://github.com/containers/podman/issues/12535
[NO NEW TESTS NEEDED] it fixes a regression in the CI
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
