When generating a kube yaml with kube generate, do not
set the hostPort in the pod spec if the service flag is
set and we are generating a service kind too.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* add tests
* add documentation for --shm-size-systemd
* add support for both pod and standalone run
Signed-off-by: danishprakash <danish.prakash@suse.com>
Add a podman ulimit annotation to kube generate and play.
If a container has a container with ulimits set, kube gen
will add those as an annotation to the generated yaml.
If kube play encounters the ulimit annotation, it will set
ulimits for the container being played.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Remove the container in ExecStop to make sure that Quadlet's adheres to
Podman's customizable stop signal/timeout. Certain programs ignore
SIGTERM which renders the services generated by Quadlet less user
friendly compared to the ones from podman-generate-systemd.
Previously, `systemctl stop` would just hang until systemd's stop
timeout is hit. Since `podman rm` also removes the CID file, the
additional `rm` can be removed. Note that `podman rm` will return
immediately if the specified CID file isn't present.
I am working on a short tutorial on Quadlet and hit the issue with a
simple container running `sleep`. `sleep` ignores SIGTERM and stopping
the service would take forever even with `PodmanArgs=--stop-timeout=0`.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Install the signal proxy before attaching to/starting the container to
make sure there's no race-condition as revealed in the failing start/run
tests in #16901. The tests had the valid expectation that signal
forwarding works once the container is running.
Further update the tests to account for the attach test where the
expectation is that signal forwarding works once Podman has attached to
container (or even before).
Fixes: #16901
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Ed Santiago <santiago@redhat.com>
Commit 4fa307f149 fixed a number of issues in the sdnotify proxies.
Whenever a container runs with a custom sdnotify policy, the proxies
need to keep running which in turn required Podman to run and wait for
the service container to stop. Improve on that behavior and set the
service container as the main PID (instead of Podman) when no container
needs sdnotify.
Fixes: #17345
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Primarily, add skip_if_journald_unavailable because RHEL.
Secondarily, reverse a flipped actual/expect assertion
that made it difficult to understand the RHEL failure.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We currently name the container being created during kube play
as ctrName-podName, but this is not how it is done in k8s.
Since we can't change this at the CLI level as it will be a breaking
change (it will be planned for podman 5.0), add only ctrName as an alias
to the network of the pod.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Also includes unreleased https://github.com/openshift/imagebuilder/pull/246 to work
with the updated docker/docker dependency.
And updates some references to newly deprecated docker/docker symbols.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- podman-remote unshare returns an error message
with the exit code '125'.
- Need to run RestartRemoteService() to apply
changes to the TMPDIR.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Commit 2f29639bd3 added a UX improvement to cleanup/teardown when
running the specified YAML has failed. However, the teardown happens
unconditionally such that rerunning the same YAML file will teardown the
previously created workload instead of just failing with a name-conflict
error (e.g., "pod already exists"). The regression popped up testing
the Ansible system role with Podman v4.4.0.
For now, do not teardown at all on error to quickly fix this regression
for the upcoming Podman v4.4.1 release. The UX improvement is still
desired but must be conditional and only happen on newly created
resources, which probably requires moving it down to the backend.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The new version contains the ginkgolinter, which makes sure the
assertions are more helpful.
Also replace the deprecated os.SEEK_END with io.SeekEnd.
There is also a new `musttag` linter which checks if struct that are
un/marshalled all have json tags. This results in many warnings so I
disabled the check for now. We can reenable it if we think it is worth
it but for now it way to much work to fix all report problems.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Quadlet should not exit with failure if no files to process have been
found. Otherwise, even simple operations such as reloading systemd
will fail as it retriggers generators.
Fixes: #17374
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Similarly to the ICMP test for IPv4, I broke the command line on a
rebase of the initial test import.
Note that, unless we pass an IPv6 resolver directly to pasta, Podman
won't add one to /etc/resolv.conf in the container. We could pass
that explicitly, but then end up hitting the same issue as the one
described in the "Local forwarder, IPv6" case. Skip this test for
the moment being.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Parameter substitution in the command line went lost on some rebase
of the initial test import. Add it back and actually test that we can
ping the resolver.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
For some reason I couldn't figure out yet, on CI systems running
Fedora 37, tests for TCP port forwarding with ranges fail on the
third connection, as connect() from the socat client gets
interrupted -- and socat doesn't handle this.
Mitigate this by connecting twice, to two different ports, instead of
using three ports.
Reported-by: Ed Santiago <santiago@redhat.com>
Link: https://github.com/containers/podman/issues/17287
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Add support for disabeling SELinux process separation in the container.
Add support for setting the process type of the container.
Add support for setting the process MCS level of the container.
Add support for setting the file type of the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
