There is no reason to create a new eventer every time. The libpod runtime
already has one attached which should be used instead.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently podman events will just fail with `Error: failed to get journal
cursor: failed to get cursor: cannot assign requested address` when the
journal contains zero podman events.
The problem is that we are using the journal accessors wrong. There is no
need to call GetCursor() and compare them manually. The Next() return an
integer which tells if it moved to the next or not. This means the we can
remove GetCursor() which would fail when there is no entry.
This also includes another bug fix. Previously the logic called Next()
twice for the first entry which caused us to miss the first entry.
To reproduce this issue you can run the following commands:
```
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
```
Note that this will delete the full journal.
Now run podman events and it fails but with this patch it works.
Now generate a single event, i.e. podman pull alpine, and run
podman events --until 1s.
I am not sure how to get a reliable test into CI, I really do not want
to delete the journal and developer or CI systems.
Fixes second part of #15688
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman --events-backend none events should return with an error since it
will never be able to actually list events.
Fixes part three of #15688
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman --events-backend file events --stream=false should never hang. The
problem is that our tail library will wait for the file to be created
which makes sense when we do not run with --stream=false. To fix this we
can just always create the file when the logger is initialized. This
would also help to report errors early on in case the file is not
accessible.
Fixes part one from #15688
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This also moves Runtime methods ConnectContainerToNetwork and
DisconnectContainerFromNetwork as well as support functions
getFreeInterfaceName and normalizeNetworkName.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
libpod: Move (Connect|Disconnect)Container(To|From)Network and normalizeNetworkName to networking_common.go
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This uses a jail to manage the container's network. Container jails for
all containers in a pod are nested within this and share the network
resources.
There is some code in networking_freebsd.go which is common with
networking_linux.go. Subsequent commits will move the shared code to
networking_common.go to reduce this duplication.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This replaces the NetworkJail string field with a struct pointer named
NetNS. This does not try to emulate the complete NetNS interface but does
help to re-use code that just refers to c.state.NetNS.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This adds a new per-platform method makePlatformBindMounts and moves the
/etc/hostname mount. This file is only needed on Linux.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
The code which generates resolv.conf dereferenced c.config.Spec.Linux
and this field is not set for FreeBSD containers.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
...gathered up from the last few months of almost-daily runs.
The principal difference is, ditching the git-am approach in
favor of git-cherry-pick. It's so much nicer! I keep forgetting
how clumsy git-am is. With the new approach, saved checkpoints
are kept as git branches, not in an easy-to-lose text file.
And, conflict resolution is MUCH EASIER. (Conflict resolution
is necessary when, e.g., the treadmill PR includes fixes for
some new vendoring that buildah has done but not podman, then
podman vendors in that same module but fixes broken tests in
a different way than I did).
Also a lot of smaller fixes for bugs reported by @Luap99.
Thank you for testing and for letting me know of problems!
Cursory review is OK: this will not break anything in the repo,
and I've been testing/finetuning these changes heavily over
the past month or two.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Removed a spurious right-bracket; went with upper-case for options;
removed 'you's; added some <<container|pod>>s.
Hard to review because none of the existing man pages had it
quite right.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure that the wording of mounting something _from_ the source
_into_ the destination is consistent.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Include the path and helper binary dir so that the podman
environment more closely matches when conmon calls it as an
exit command.
Also match the CONTAINERS_CONF lookup to the codestyle of other
environment lookups.
[NO NEW TESTS NEEDED]
Resolves#15707
Signed-off-by: Kenny MacDermid <kenny@macdermid.ca>
`os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil`
package. It is a more efficient implementation than `ioutil.ReadDir`.
Reference: https://pkg.go.dev/io/ioutil#ReadDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This logic has been broken by commit 9c6c981928c3e020ff6eef9454c7ee86aa8c83d1
(kube: fix conversion from milliCPU to period/quota).
[NO NEW TESTS NEEDED]
Fixes: #15726
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
The win_installer task fails on the `multiarch` cirrus-cron build.
This is because it depends on the `Windows Cross` (alt_build) task
which is bypassed in this context. This will cause the `repo.tbz`
download to constantly throw 404s. Fix this by skipping the
win_installer task for the `multiarch` (container images) build.
Signed-off-by: Chris Evich <cevich@redhat.com>
Trying to catch the wiley metacopy flake: add a debug
condition to run_podman, in system tests, to log all
instances in which output includes the metacopy warning.
The idea is to detect the very first time it happens,
and see what is triggering it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This one is a nightmare, because --volume has been edited
in four different files throughout the years (five if you
count podman-build, which I am not including in this PR).
Those edits have not always been done in sync.
The list of options was reordered 2022-06-28 by Giuseppe in #14734,
but only in podman-create and -run (not in podman-pod-*). No
explanation of why, but I'll assume he knew what he was doing,
and have accepted that for the reference copy.
There was also a big edit in #8519.
The "Propagation property...bind mounted" sentence first appeared
in pod-clone, in #14299 by cdoern, with no obvious source of where
it came from. I choose to include it in the reference copy.
The "**copy**" option seems to work in pod-create, so I'm including
it in the reference copy. Someone please yell loudly if this is
not the case.
The "disables SELinux separation for containers used in the build",
no idea, changed that to just "for the container/pod"
The "advanced users / overlay / upperdir / workdir" paragraph
makes zero sense to me, but hey, I assume it applies to all
the commands, so I put it in the reference copy.
Finally, there's still a mishmash of backticks, asterisks, underscores,
and even quotation marks. Someone is gonna have to perform major
cleanup on this one day, but at least it'll be in only one place.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fix the error handling in the fallback logic of `stop` when Podman
resorts to killing a container; the error message wrapped the wrong
error.
[NO NEW TESTS NEEDED] as it is a rare flake in the tests and I do not
know how to reliably reproduce it.
Fixes: #15661
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
For systems that have extreme robustness requirements (edge devices,
particularly those in difficult to access environments), it is important
that applications continue running in all circumstances. When the
application fails, Podman must restart it automatically to provide this
robustness. Otherwise, these devices may require customer IT to
physically gain access to restart, which can be prohibitively difficult.
Add a new `--on-failure` flag that supports four actions:
- **none**: Take no action.
- **kill**: Kill the container.
- **restart**: Restart the container. Do not combine the `restart`
action with the `--restart` flag. When running inside of
a systemd unit, consider using the `kill` or `stop`
action instead to make use of systemd's restart policy.
- **stop**: Stop the container.
To remain backwards compatible, **none** is the default action.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
