As long as podman uses a fork/exec model this eBPF program is able to trace the performance of each podman command and the resulting child processes from start to finish. This is an improvement to the already existing podmansnoop eBPF program which only looks at sched_process_exit and enter/exit sys_execve tracepoints.
Signed-off-by: Paul Wallrabe <54737071+raballew@users.noreply.github.com>
Commit 1ab833fb73 improved the situation but it is still not enough.
If you run short lived containers with --restart=always podman is
basically permanently restarting them. To only way to stop this is
podman stop. However podman stop does not do anything when the
container is already in a not running state. While this makes sense we
should still mark the container as explicitly stopped by the user.
Together with the change in shouldRestart() which now checks for
StoppedByUser this makes sure the cleanup process is not going to start
it back up again.
A simple reproducer is:
```
podman run --restart=always --name test -d alpine true
podman stop test
```
then check if the container is still running, the behavior is very
flaky, it took me like 20 podman stop tries before I finally hit the
correct window were it was stopped permanently.
With this patch it worked on the first try.
Fixes#18259
[NO NEW TESTS NEEDED] This is super flaky and hard to correctly test
in CI. MY ginkgo v2 work seems to trigger this in play kube tests so
that should catch at least some regressions. Also this may be something
that should be tested at podman test days by users (#17912).
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
A cgroup could have been deleted by the time WalkDir is trying to
access it. Ignore the error and continue.
Closes: https://github.com/containers/podman/issues/17989
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
PR #15093 implemented support for NoPrune in the ImageRemoveOptions,
this PR simply brings that also to the compat API along with
regression tests.
Signed-off-by: Andreas Kohn <andreas.kohn@gmail.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Update the process. Added announcement section, removed obsolete steps,
changed order of some steps for fewer PR's and simplification of process.
Signed-off-by: Ashley Cui <acui@redhat.com>
on machine start, create a socket representing the machine's podman
service socket so local (to the host) applications can take advanatge of
it.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
uber/jaeger-client-go library is deprecated. Remove it.
Only place it's used is in one e2e test, a test that is flaking
in a way that suggests that the HostIP() weighting heuristic from
that module was not actually getting the best outgoing IP address.
So, switch to using what seems to be the current best practice.
No need to make it reusable, since it's only used in one place.
Oh, also remove undesired "-dt" from two "podman run"s. In one
it's harmless, in the other it would cause a test failure under
some circumstances.
Closes: #18269 (optimistic, aren't I?)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Following @edsantiago guidance,
* Additional explanations for each step of the test
* Timezone for tests normalized to UTC
* Smarter choice of separator and use of shell substring extraction
Signed-off-by: rbagd <mail@rbagd.eu>
If Pull() fails, which it does on registry or network flakes,
bail out early: there's no point in continuing. Same with
Save() and restoreImageFromCache(), although those are
unlikely to fail.
Possibly better solution: retry with backoff. Left as exercise
for future maintainer.
Use Expect() for failure checks, and correct two existing
instances of Printf()/Exit() to also use Expect().
Signed-off-by: Ed Santiago <santiago@redhat.com>
It really doesn't make sense to match the version one to one,
this just requires us to update it every time manually.
Use a regex instead.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Adapts to pass the test even if
podman binary path is not `/usr/local/bin/podman`.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Closes#17767Closes#17768
System test for image list and history dates
* Changed field separator in the test to `;` for easier parsing
* Converted date output from image history and image list to be comparable
Signed-off-by: rbagd <mail@rbagd.eu>
Revert commit 3d0e08f04e9c67dd8136acd54adabd077dbbd633.
`/etc/` does not need a prefix and can be customized
with the `ETCDIR` env variable.
Fixes: #18250
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Make sure to tear down the netns again on errors. This is needed when a
later call fails and we do not have already stored the netns in the
container state.
[NO NEW TESTS NEEDED] My ginkgo-v2 PR will catch problem like this once
merged.
Fixes#18205
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When using podman machine with hyperv, stop was releasing the terminal
back top the user prematurely. This resulted in users being able to run
subsequent commands while the vm was still stopped. Commands like
machine stop were prone to failing.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
The current release artifacts generation process is still fairly manual
with a bunch of steps. This commit bundles them all into a single
convenient Makefile target.
The `clean-binaries` target ends up removing `bin/`. So, the artifact
dir has been changed to `release/` instead of the current `bin/` to
avoid breaking other Makefile targets.
Related: https://github.com/containers/podman/issues/18215
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
podman machine with Microsoft HyperV will use hvsock on the guest and
vsock on the guest for its networking. this pr enables the basics for
this to happen as well as changes to ignition to automatically set this
up with network manager.
the vm binary referenced in this pr is in containers/gvisor-tap-vsock
and will need to be added to distributions.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fix a number of bugs wrt. filtering remote containers and how to
process specified names or IDs. I _really_ do not like the duplication
between remote and local Podman but want to focus on fixing #18153
for now.
What I desire in the future is to consolidate all functionality of
looking up containers (all, latest, filters, specified names/IDs, etc.)
and for remote clients to just call containers/list etc.
Fixes: #18153
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The documentation says
> The new Buffer takes ownership of buf, and the
> caller should not use buf after this call.
so use the more directly applicable, and simpler, bytes.Reader instead, to avoid this potentially risky use.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Windows HyperV uses HVSocks (Windows adaptation of vsock) for
communicating between vms and the host. Podman machine in Qemu uses a
virtual UDS to signal the host that the machine is booted. In HyperV,
we can use a HVSOCK for the same purpose.
One of the big aspects of using HVSOCK on Windows is that the HVSOCK
must be entered into the Windows registry. So now part of init and rm
of a podman machine, entries must be added and removed respectively.
Also duplicates are a no-no.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add instructions on how to start the netavark dhcp proxy. Also list
version requirements.
Fixes#17635
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
