commit 8b4a79a744ac3fd176ca4dc0e3ae40f75159e090 introduced
oom_score_adj clamping when the container oom_score_adj value is lower
than the current one in a rootless environment. Move the check to
init() time so it is performed every time the container starts and not
only when it is created. It is more robust if the oom_score_adj value
is changed for the current user session.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Ongoing steps toward RUN-1907: replace Exit(0) with ExitCleanly()
Clean command-line replace, but required adding "-q" (quiet)
to all commit commands. Except one, on which I added tests
for the expected progress messages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Ongoing steps toward RUN-1907: replace Exit(0) with ExitCleanly()
Clean command-line replace, with manual tweaks to two tests:
* clone to a pod: revert to just Exit(0), because podman issues
a namespace warning
* --destroy --force : run "top" in container, not default (shell),
to avoid the 10-second SIGKILL fallback warning
Signed-off-by: Ed Santiago <santiago@redhat.com>
Ongoing steps toward RUN-1907: replace Exit(0) with ExitCleanly()
Clean command-line replace.
Also, fix up the Containerized and Debian exceptions in matcher.
I was in a huge rush Thursday night when I added the Debian
exception. This, I hope, makes it slightly easier to understand
the cases where we don't check stderr.
Signed-off-by: Ed Santiago <santiago@redhat.com>
HC events were firing as part of the `exec` call, before it had
even been decided whether the HC succeeded or failed. As such,
the status was not going to be correct any time there was a
change (e.g. the first event after a container went healthy to
unhealthy would still read healthy). Move the event into the
actual Healthcheck function and throw it in a defer to make sure
it happens at the very end, after logs are written.
Ignores several conditions that did not log previously (container
in question does not have a healthcheck, or an internal failure
that should not really happen).
Still not a perfect solution. This relies on the HC log being
written, when instead we could just get the status straight from
the function writing the event - so if we fail to write the log,
we can still report a bad status. But if the log wasn't written,
we're in bad shape regardless - `podman ps` would disagree with
the event written, for example.
Fixes#19237
Signed-off-by: Matt Heon <mheon@redhat.com>
Add support to kube play to support the TerminationGracePeriodSeconds
fiels by sending the value of that to podman's stopTimeout.
Add support to kube generate to generate TerminationGracePeriodSeconds
if stopTimeout is set for a container (will ignore podman's default).
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
To avoid the error:
`Error: unable to read YAML as Kube Pod: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal object into Go struct field Container.spec.containers.command of type string`
Also makes it easier to understand as you only need the image parameter.
Signed-off-by: Daskan <kevin81991@web.de>
If some volumes are specified in containers.conf, they are currently
added twice to the containers spec causing the container to fail:
$ head -n2 ~/.config/containers/containers.conf
[containers]
volumes = ["/tmp:/tmp"]
$ podman pod create --name foo
7ac7f97f9b74a596332483e4a13e58cb9c8d997e9c5baae46804ae0acc26cbc6
$ podman run --pod=foo alpine true
Error: "/tmp": duplicate mount destination
The fix is to ignore the setting from containers.conf when setting the
pod default configuration.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This test checks that the pod cgroups are created and that the limits
set for a pod cgroup are enforced also after a reboot.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When a container is created and it is part of a pod, we ensure the pod
cgroup exists so limits can be applied on the pod cgroup.
Closes: https://github.com/containers/podman/issues/19175
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This allows to use --share-parent with --infra=false, so that the
containers in the pod can share the parent cgroup.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
accept only the resources to be used by the pod, so that the function
can more easily be used by a successive patch.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
move the code to remove the pod cgroup to a separate function. It is
a preparation for the next patch.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Ongoing steps toward RUN-1907: replace Exit(0) with ExitCleanly()
Clean command-line replace, with one manual reversion (commented)
And -- duh! -- skip the stderr check on Debian!
Signed-off-by: Ed Santiago <santiago@redhat.com>
Remove the use of the "latest" flags because it cannot be used on
windows or mac.
Fixes#17019
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Prevent future occurrences of #19894, by making upgrade tests
run any time there's a change to system tests. That's overly
broad: upgrade tests only rely on test/system/helpers.bash,
not test/system/anything-else. IMHO the cost of CI breaking
is higher than the cost of running unnecessary jobs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
