We have a test to verify that init containers in pods are
deleted when the `--init-ctr=once` option is specified. The test
creates two containers, one of them an init container, starts the
pod, stops the pod, and restarts the pod, checking for the
presence of a file created by the init container during the
second start. We're seeing a race where the file still exists,
which I'm fairly certain comes down to the SHM mount not being
cleaned up after the pod is stopped.
Fortunately, we already have code to do this - just flip the bool
that controls cleanup from false to true.
[NO NEW TESTS NEEDED] Fixes a difficult to reproduce race
condition.
Fixes#16046
Signed-off-by: Matthew Heon <mheon@redhat.com>
Only between podman-create and -run; the other meanings
of --pod are too different. This almost didn't feel worth
refactoring, except the podman-run version fixed a word
and added a possibly important note about infra containers.
I went with the podman-run version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Trying to print the image id on a failed inspect will result in a nil
pointer panic because the image will be nil. Replace image.id with the
image name which is defined as a string without the use of inspect.
Fixes: bz#2131836
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
In order to allow pods to reach other pods (as in Kubernetes) they all
need to be added to the same network. A network is created (if it
doesn't exist) and pods created by play-kube are added to that network.
When network options are passed to kube command the pods are not
attached to the default kube network.
Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
When running on a branch or tag, `req_env_vars()` will call `exit(1)`
because `$CIRRUS_PR` is empty (as expected). The original intention was
to simply skip language checks on non-PRs. Fix the condition to match.
Signed-off-by: Chris Evich <cevich@redhat.com>
Two different texts, split into two .md files. Nontrivial, but
still easy to review because the text is unchanged.
I was unable to reconcile either version with podman-build,
so that file remains with a separate version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We should not keep the netns if there was a cleanup problem. Deleting
the netns will also delete the virtual links inside and thus make the IPs
available again for the next use.
context: https://github.com/containers/netavark/issues/302
[NO NEW TESTS NEEDED] This is very hard to trigger reliable and it would
need to work with cni and netavark. This mostly happens because of
specic bugs but those will be fixed and then this test would fail.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Just a quick little addition to provide the command to get the package
info from brew for those who might not know.
Signed-off-by: Kirk Bater <kirk.bater@gmail.com>
... to fix reads of compressed data by docker-archive:
> go get github.com/klauspost/pgzip@master
> make vendor
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Include the digest of the image in `podman container inspect`. The image
digest is a key information for auditing as it defines the identify of
an image. This way, it can be determined whether a container used an
image with a given CVE etc.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
As discussed in f2f: this is the cleanest, simplest mechanism
I can think of to auto-test the Big Three dependencies: simply
run go mod edit immediately after git checkout, then run the
entire CI test suite.
This differs significantly from the buildah treadmill, in that
buildah is almost impossible to re-vendor without manual intervention.
(In practice, so are these, but let's dream of a world in which
this will run and pass every night). (I want a pony too).
Signed-off-by: Ed Santiago <santiago@redhat.com>
It's conceivable for CI to spend a lot of time testing code which
otherwise should be rejected due to quality problems. Previously this
was validated in a dedicated task, however a failure would still fail
the CI run. Simplify the number of CI tasks by combining the consistency
check at the tail-end of the build task.
Signed-off-by: Chris Evich <cevich@redhat.com>
Previously, two tasks always ran first, prior to anything else. One to
verify network and external-service connectivity. Another to verify
certain important `.cirrus.yml` standards are met. However, as the
total number of tasks continues to grow, the need to keep these basic
checks as dedicated prerequisites is of decreasing value/importance.
Fold these two checks into a new `pretesting_script` component of the
Fedora `build` task, on both `x86_64` and `aarch64`.
Signed-off-by: Chris Evich <cevich@redhat.com>
Tricky one. In particular: podman-kube-play did not enumerate
the "host" option; here I take the liberty of using it in the
common network.md, so it will appear in podman-kube-play.1.
If that is wrong, please tell me ASAP: I will need to un-refactor
podman-kube-play.
Other decisions:
* move the "invalid if" text to the bottom, because it can't
be shared between pod and container man pages.
* ditto for "together with --pod"
* kube-play said "Change the network mode of"; all the others
said ">SET< the network mode >FOR< ...". I chose the latter,
so that's what kube-play will have also. Again, if that's
wrong, please lmk.
Signed-off-by: Ed Santiago <santiago@redhat.com>
I see no reason to block --network host with kube play and force users
to have to set it in the yaml file.
This is just confusing when compared to the other podman create/run
--network options, see discussion in #15945.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Trivial one: no human intervention needed, the man page text
was already identical between both files.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Simple in reality, but hard to review due to lots of little diffs:
- "Logging driver specific options" was only in podman-run; I added it
to create and kube-play.
- whitespace changes, the 'e.g.'s got consistent 4-space indentation
- the "same keys" and "supported only" sentences, I moved up to be
closer to **tag** and without intervening whitespace, because they
were unclear as they were: I believe the intent is to apply those
sentences only to **tag**, not to the **--log-opt** option itself.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fixed issue where executing the command `podman pod logs -l` would panic
because it was indexing into an empty arguments array.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
