This is a very expensive call as it deep duplicates the Config, and
we just need to read a single member, so use ConfigNoCopy() instead.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This is a very expensive function as it does a deep copy. Instead
use pre-existing accessors like ctr.CreatedTime() where they exist
and ctr.ConfigNoCopy() where not.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This call does a deep copy, which is only needed if you want
to modify the return value. Instead we use ctr.ConfigNoCopy().Spec
which is just a pointer dereference.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This gets c.config.Spec.Linux.Resources, with some nil checks.
Using this means less open coding of the nil-checks, but also the
existing user of this field in moveConmonToCgroupAndSignal() was
using ctr.Spec().Linux.Resources instead, and the Spec() call
is very expensive.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Starting listening for the READY messages on the sdnotify proxies before
starting the Pod. Otherwise, we may be missing messages.
[NO NEW TESTS NEEDED] as it's hard to test this very narrow race.
Related to but may not be fixing #16076.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This just gets ctr.config.Spec.Process.Terminal with some null checks,
allowing several places that open-coded this to use the helper.
In particular, this helps the code in
pkg/domain/infra/abi/terminal.StartAttachCtr(), that used to do:
`ctr.Spec().Process.Terminal`, which looks fine, but actually causes
a deep json copy in the `ctr.Spec()` call that takes over 3 msec.
[NO NEW TESTS NEEDED] Just minor performance effects
Signed-off-by: Alexander Larsson <alexl@redhat.com>
We have a test to verify that init containers in pods are
deleted when the `--init-ctr=once` option is specified. The test
creates two containers, one of them an init container, starts the
pod, stops the pod, and restarts the pod, checking for the
presence of a file created by the init container during the
second start. We're seeing a race where the file still exists,
which I'm fairly certain comes down to the SHM mount not being
cleaned up after the pod is stopped.
Fortunately, we already have code to do this - just flip the bool
that controls cleanup from false to true.
[NO NEW TESTS NEEDED] Fixes a difficult to reproduce race
condition.
Fixes#16046
Signed-off-by: Matthew Heon <mheon@redhat.com>
Trying to print the image id on a failed inspect will result in a nil
pointer panic because the image will be nil. Replace image.id with the
image name which is defined as a string without the use of inspect.
Fixes: bz#2131836
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
In order to allow pods to reach other pods (as in Kubernetes) they all
need to be added to the same network. A network is created (if it
doesn't exist) and pods created by play-kube are added to that network.
When network options are passed to kube command the pods are not
attached to the default kube network.
Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
I see no reason to block --network host with kube play and force users
to have to set it in the yaml file.
This is just confusing when compared to the other podman create/run
--network options, see discussion in #15945.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixed issue where executing the command `podman pod logs -l` would panic
because it was indexing into an empty arguments array.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
This reverts commit 32f54a81ed.
`pkg/bindings` is supported outside of podman and we have to keep it
stable.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Ensure kubernetes default parameters are respected.
Additional curl parameter enforces returning error for HTTP error codes.
Use build-in HealthCheckOnFailureAction instead of killing the container
while executing the probe.
Signed-off-by: Piotr <piotr.skoczylas@gmail.com>
add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves#15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Auto updates using the "registry" policy require container to be created
with a fully-qualified image reference. Short names are not supported
due the ambiguity of their source registry. Initially, container
creation errored out for non FQN images but it seems that Podman has
regressed.
Fixes: #15879
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We force the isolate option on new newtworks because that is the docker
behavior. However when we inspect them they should not be displayed to
the caller since they have no idea about it and docker-compose throws an
error because of that.
Fixes#15580
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Changes since 2022-09-09:
- man page: add --skip-unused-stages (buildah 4249)
- man page: bring in new Note for --cache-ttl (4248)
- system tests: de-stutter (4205)
- (internal): in skip() applier: escape asterisk, otherwise
the "bud with --dns* flags" sed expression never applies.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
restore endpoint was totally ignoring --pod, it was missing from the schema and from query handling
on the api handlers side. add support for it here.
resolves#15018
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
This allows tools like Cockpit to know that the pod in question
has also been updated, so they can refresh the list of containers
in the pod.
Fixes#15408
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
According to https://systemd.io/CONTAINER_INTERFACE/, systemd will try take
control over /dev/ttyN if exported, which can cause conflicts with the host's tty
in privileged containers. Thus we will not expose these to privileged containers
in systemd mode, as this is a bad idea according to systemd's maintainers.
Additionally, this commit adds a bats regression test to check that no /dev/ttyN
are present in a privileged container in systemd mode
This fixes https://github.com/containers/podman/issues/15878
Signed-off-by: Dan Čermák <dcermak@suse.com>
