Commit 9ac5267 changed the type of the generated systemd units from
`forking` to `notify`. It further stopped using `--cidfile` and instead
intended systemd to take care of stopping the container, which turned
out to be a bad idea.
Systemd will send the stop/kill signals to conmon which in turn may exit
non-zero, depending on the signal, and ultimately breaking container
cleanup.
Hence, we need to use --cidfile again and let podman stop and remove the
container to make sure that everything's in order.
Fixes: #11304
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Podman inspect has to show exposed ports to match docker. This requires
storing the exposed ports in the container config.
A exposed port is shown as `"80/tcp": null` while a forwarded port is
shown as `"80/tcp": [{"HostIp": "", "HostPort": "8080" }]`.
Also make sure to add the exposed ports to the new image when the
container is commited.
Fixes#10777
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This reverts commit 70801b3d714b067d64744697433c5841926dad4d.
It turns out that letting systemd handle stopping the container is not
working as I thought it will. Conmon is receiving the stop/kill signals
and may exit non-zero, which in turn lets the systemd service transition
into the `failed` state.
We need to get back to letting Podman stop the containers and do a
partial revert of commit 9ac5267 which removed using --cidfile.
Happening in a following commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Implement a new network interface to abstract CNI from libpod. The
interface is implemented for the CNI backend but in the future we can
add more backends.
The code is structured in three new packages:
- `libpod/network/types`: contains the interface definition
and the necessary types for it.
- `libpod/network/cni` contains the interface implementation for the CNI
backend.
- `libpod/network/util` a set of utility functions related to
networking.
The CNI package uses ginkgo style unit tests. To test Setup/Teardown the
test must be run as root. Each test will run in their own namespace to
make the test independent from the host environment.
New features with the CNI backend:
- The default network will be created in memory if it does not exists on
disk.
- It can set more than one static IP per container network.
- Networks are loaded once from disk and only if this interface is
used, e.g. for commands such as `podman info` networks are not loaded.
This reduces unnecessary disk IO.
This commit only adds the interface it is not wired into libpod. This
requires a lot of breaking changes which will be done in a followup
commit.
Once this is integrated into libpod the current network code under
`libpod/network` should be removed. Also the dependency on OCICNI
should be dropped.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Commit 9ac5267598c3 changed the type of the generated systemd units from
forking to notify. Parts of these changes was also removing the need to
pass any information via the file system (e.g., PIDFILE, container ID).
That in turn implies that systemd takes care of stopping the container.
By default, systemd first sends a SIGTERM and after a certain timeout,
it'll send a SIGKILL. That's pretty much what Podman is doing, unless
the container was created with a custom stop signal which is the case
when the --stop-signal flag was used or systemd is mounted.
Account for that by using systemd's KillSignal option which allows for
changing SIGTERM to another signal. Also make sure that we're using the
correct timeout for units generated with --new.
Fixes: #11304
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Increase the amount of time we're willing to wait for a log message that
a container should be printing to show up in the output of `logs -f`,
since on at least one CI configuration we're seeing a turnaround as high
as 46s, but it's not something we can directly control, so that's not a
hard maximum.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
In libpod/logs.LogLine.Write(), don't write a newline to stdout/stderr
when the log message is only part of a line.
In libpod.ConmonOCIRuntime.HTTPAttach(), don't send a newline over the
HTTP connection when the log message is only part of a line.
In pkg/api/handlers/compat.LogsFromContainer(), don't send a newline
over the HTTP connection when the log message is only part of a line,
and don't make doing so conditional on whether or not the client used
the docker or podman endpoint.
In pkg/domain/infra/tunnel.ContainerEngine.ContainerLogs(), don't add
our own newline to log messages, since they already come through from
the server when they need to.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When reading log entries from the journal, don't skip past the first
matching entry after we've positioned the cursor at it.
Make the first blank-line entry that we logged so that the container
would always have at least one log entry for us to find (until it gets
vacuumed out, at least) a fake history entry, so that `logs` doesn't
pass it on for display.
CI already has tests that exercise journal-based logging, so
[NO TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make sure we close our private connection to the bus, even if we're not
successful in in using it to ask systemd to move a unit's processes to a
specific control group.
[NO TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Adds support for transferring data between systems and backing up systems.
Use cases: recover from disasters or move data between machines.
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Increase the memory-sampling rate to the same default as
github.com/pkg/profile. Allow for custom rates by reading
the `MemProfileRate` env variable.
[NO TESTS NEEDED] since it's a dev only flag and not part of CI.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When `--pod-id-file` is used do not parse the default network namespace
and let specgen handle it instead.
This regression was introduced in commit 7ef3981abe24.
Fixes#11303
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new flag `--memory-profile=$path` which creates a memory profile.
The generated profile can later be analyzed via `go tool pprof`.
[NO TESTS NEEDED] since it's a hidden flag, devs-only.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This leverages conmon's ability to proxy the SD-NOTIFY socket.
This prevents locking caused by OCI runtime blocking, waiting for
SD-NOTIFY messages, and instead passes the messages directly up
to the host.
NOTE: Also re-enable the auto-update tests which has been disabled due
to flakiness. With this change, Podman properly integrates into
systemd.
Fixes: #7316
Signed-off-by: Joseph Gooch <mrwizard@dok.org>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When a network id is used to create a container we translate it to use the
name internally for the db. The network aliases are also stored with the
network name as key so we have to also translate them for the db.
Also removed some outdated skips from the e2e tests.
Fixes#11285
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
