initContainers in kubernetes deployments had no call to CompleteSpec in the
generation, which means that the default environment is not configured for
these. This causes issues with missing default environment variables like $HOME
or $PÄTH.
Also, switch to using logrus.Warn() instead of fmt.Fprintf(os.Stderr)
This fixes https://github.com/containers/podman/issues/18384
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Dan Čermák <dcermak@suse.com>
We have a spacial logic to create a better user error that hints at
podman machine, however because we string matched it missed the case of
the ssh connection.
Stop doing string comparison and return a proper error and match it with
errors.As()
[NO NEW TESTS NEEDED]
see https://github.com/containers/podman/discussions/18426
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The remote API will wait 300s by default before conmon will call the
cleanup. In the meantime when you inspect an exec session started with
ExecStart() (so not attached) and it did exit we do not know that. If
a caller inspects it they think it is still running. To prevent this we
should sync the session based on the exec pid and update the state
accordingly.
For a reproducer see the test in this commit or the issue.
Fixes#18424
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
this pr is the first pass at enabling podman machine to use the apple hypervisor. there are still several TODO
areas like host networking. once the decision is handled on what host networking should look like, these TODOs
should be fairly quick to resolve. they also will impact the remove methods.
you must also have vfkit (https://github.com/crc-org/vfkit)
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
In case of no `platform` , bindings should not add `platform` to
parameters at all instead it adds `/` as platform string which is
invalid.
[NO NEW TESTS NEEDED]
Exsiting test should pass with new buildah from upstream.
Closes: https://github.com/containers/buildah/issues/4768
Signed-off-by: Aditya R <arajan@redhat.com>
Podman kube generate now uses the pod's restart policy
when generating the kube yaml. If generating from containers
only, use the restart policy of the first non-init container.
Podman kube play applies the pod restart policy from the yaml
file to the pod. The containers within a pod inherit this restart
policy.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Add Restarts column to the podman pod ps output to show the total number
of times the containers in a pod were restarted. This is the same as the
restarts column displayed by kubernetes with kubectl get pods. This will
only be displayed when --format={{.Restarts}}.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Add Restarts column to the podman ps output to show how many times a
container was restarted based on its restart policy. This column will be
displayed when --format={{.Restarts}}.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Add --restart flag to pod create to allow users to set the
restart policy for the pod, which applies to all the containers
in the pod. This reuses the restart policy already there for
containers and has the same restart policy options.
Add "never" to the restart policy options to match k8s syntax.
It is a synonym for "no" and does the exact same thing where the
containers are not restarted once exited.
Only the containers that have exited will be restarted based on the
restart policy, running containers will not be restarted when an exited
container is restarted in the same pod (same as is done in k8s).
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Requires vendoring fixes from c/common and to update the transformation
code. Also add a test to avoid future regressions.
Fixes: #17763
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Directly writing to stdout/err is not safe when run in parallel.
Ginkgo v2 fixed this buffering the output and syncing the output so it
is not mangled between tests.
This is the same as for the podman integration tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman and Docker clients split the filter map slightly different, so
account for that when parsing the filters in the image-listing endpoint.
Fixes: #18092
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When initing a podman machine, we match core's UID to the UID of the user on the host. If the UID is in the subUID range, the machine throws an error. Check if the UID is within the default range for /etc/subuid (10000:1000000), and if it is, we adjust the range to not include it.
Signed-off-by: Ashley Cui <acui@redhat.com>
GetSystemDefaultProvider reworked to fetch provider value from
the config file.
Additional environment variable CONTAINERS_MACHINE_PROVIDER is
supported to override the config for testing purposes.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
By default podman save tries to write to /dev/stdout, this file doe snot
exists on windows and cannot be opened. Instead we should just use fd 1
in such case.
[NO NEW TESTS NEEDED]
Fixes#18147
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Systemd supports unit files with a prefix '-' which
tells the system to check if the content exists before
using it. This would allow the QM project to specify
AddDevice=-/dev/kvm, which would add the /dev/kvm device
to the container iff it exists on the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When we encounter an error while pushing a manifest list, don't claim
that we encountered an error while adding an item to the list.
[NO NEW TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
It really does not make sense to call RemoveConnection() twice and then
update the config file a third time in updateDefaultMachineinConfig().
This results in unnecessary reads/writes and more code.
Simplyfy this into one function that is only called once and do all
updates at once.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
the connection remove call must be done inside the function that is
returned so that we wait until the user confirmed it.
Fixes#18330
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In rare instances, if podman machine start does not exit correctly, the machine can be left in a "Starting" state, when in reality the machine is stopped. This prevents the user from actually starting the machine. This commit makes sure that on `podman machine stop`, we check if this is the case, and correctly set the starting state to false, allowing the user to start their machine again.
Signed-off-by: Ashley Cui <acui@redhat.com>
The problem right now is that --ns contianer: syntax causes use to add
the namespace path to the spec which means the runtime will try to call
setns on that. This works fine for private namespaces but when the host
namspace is used by the container a rootless user is not allowed to
join that namespace so the setns call will return with permission
denied.
The fix is to effectively switch the container to the `host` mode
instead of `container:` when the mention container used the host ns. I
tried to fix this deep into the libpod call when we assign these
namespaces but the problem is that this does not work correctly because
these namespace require much more setup. Mainly different kind of mount
points to work correctly.
We already have similar work-arounds in place for pods because they also
need this.
For some reason this does not work with the user namespace, I don't know
why and I don't think it is really needed so I left this out just to get
at least the rest working. The original issue only reported this for the
network namespace.
Fixes#18027
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When checking for new images on registries, do not suppress
and debug-log errors but return them. Other images and units
will still be processed.
That is important to a) stop hiding flaky registries (see #18321)
b) mark the updates as `failed` instead of `false`
[NO NEW TESTS NEEDED]
Closes: #18321
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This reverts commit 6b6458916e (Resolve
symlink path for qemu directory if possible).
Fully resolving the symlink to qemu solves some issues for
aarch64-darwin nix with regards to finding `edk2-aarch64-code.fd`, but
unfortunately the fully resolved path includes the version number,
making it so that even patch updates break the path to
homebrew-installed qemu files.
Fixes https://github.com/containers/podman/issues/18111
[NO NEW TESTS NEEDED]
Signed-off-by: Nathan Henrie <nate@n8henrie.com>
Resolves Win Installer CI issues where dep processing variance can
pull in gpgme, which doesn't compile on Windows without a
specialized msys2 setup.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Wire in support for writing the digest of the pushed image to a
user-specified file. Requires some massaging of _internal_ APIs
and the extension of the push endpoint to integrate the raw manifest
(i.e., in bytes) in the stream.
Closes: #18216
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
