When using 'podman run --rootfs ...', the image passed to SpecGenToOCI
may be nil - in this case, fall back to "freebsd" for the container OS.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
During the exponential backoff waiting for the machine to be fully up
and running, also make sure that SSH is ready. The systemd dependencies
of the ready.service include the sshd.service among others but that is
not enough.
Other CoreOS users reported the same issue on IRC, so I feel fairly
confident to use the pragmatic approach of making sure SSH works on the
client side. #17403 is quite old and there are other pressing machine
issues that need attention.
[NO NEW TESTS NEEDED]
Fixes: #17403
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When I reworked pod removal to provide more detailed errors
(including per-container errors, not just a single multierror
with all errors squashed), I made it part of the struct returned
by the REST API and assumed that would be enough to get errors
through to clients. Unfortunately, in case of an overarching
error removing the pod (as any error with any container would
cause), we don't send the response struct that would include the
container errors - we just send a standardized REST error. We
could work around this with custom, potentially backwards
incompatible error handling for the REST pod delete endpoint, or
we could just do what was done before, and package up all the
errors in a multierror to send to the other side. Of those
options, the multierror seems far simpler.
Fixes#19159
Signed-off-by: Matt Heon <mheon@redhat.com>
* Use vfkit command line assembly
* Inject ignition file into guest using http over vsock
* Ready notification through use of vsock
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Adds a `--no-trunc` flag to `podman kube generate` preventing the
annotations from being trimmed at 63 characters. However, due to
the fact the annotations will not be trimmed, any annotation that is
longer than 63 characters means this YAML will no longer be Kubernetes
compatible. However, these YAML files can still be used with `podman
kube play` due to the addition of the new flag below.
Adds a `--no-trunc` flag to `podman kube play` supporting YAML files with
annotations that were not truncated to the Kubernetes maximum length of
63 characters.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
This commit extends `Volume` and `Network` unit definitions with two
additional parameters, `VolumeName` and `NetworkName`, which will,
respectively, set a user-defined name for the corresponding volume and
network. This is similar to how the `ContainerName` directive currently
works, and should allow for smoother transitions to Quadlet-managed
resources.
Closes: #19003
Signed-off-by: Alex Palaistras <alex@deuill.org>
Previous tests have worked by pure chance since the client and server
ran on the same host; the server picked up the credentials created by
the client login.
Extend the gating tests and add a new integration test which is further
capable of exercising the remote code.
Note that fixing authentication support requires adding a new
`--authfile` CLi flag to `manifest inspect`. This will at least allow
for passing an authfile to be bindings. Username and password are not
yet supported.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This endpoint queried the same package versions twice causing it to be
slower than info. Because it already called info we can just reuse the
package versions from there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Users may want to replace the secret used within containers, without
destroying the secret and recreating it.
Partial fix for https://github.com/containers/podman/issues/18667
Make sure podman --remote secret inspect and podman secret inspect
return the same error message.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Previously podman was using "MB" and "GB" (binary) for input but
"MB" and "GB" (decimal) for output, which was causing confusion.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Make sure that starting a qemu machine uses proper exponential backoffs
and that a single variable isn't shared across multiple backoffs.
DO NOT BACKPORT: I want to avoid backporting this PR to the upcoming 4.6
release as it increases the flakiness of machine start (see #17403). On
my M2 machine, the flake rate seems to have increased with this change
and I strongly suspect that additional/redundant sleep after waiting for
the machine to be running and listening reduced the flakiness. My hope
is to have more predictable behavior and find the sources of the flakes
soon.
[NO NEW TESTS NEEDED] - still too flaky to add a test to CI.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The --authfile flag has been ignored. Fix that and add a test to make
sure we won't regress another time. Requires a new --tls-verify flag
to actually test the code.
Also bump c/common since common/pull/1538 is required to correctly check
for updates. Note that I had to use the go-mod-edit-replace trick on
c/common as c/buildah would otherwise be moved back to 1.30.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2218315
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When working on Linux emulation on FreeBSD, I assumed that
SpecGenerator.ImageOS was always populated from the image's OS value but
in fact, this value comes from the CLI --os flag if set, otherwise "".
This broke running FreeBSD native containers unless --os=freebsd was
also set. Fix the problem by getting the value from the image itself.
This is a strong incentive for me to complete a stalled project to enable
podman system tests on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
GetKeepIDMapping never read the gid (as it intended) but reused the uid.
Most likely a typo that never bothered anybody as uid and gid usually
match.
Signed-off-by: Simon Brakhane <simon@brakhane.net>
When debugging #17403, the logs of sshd indicates that Podman tried to
ssh into the machine too soon as the `core` user has not yet been fully
set up:
> error: kex_exchange_identification: Connection closed by remote host
> fatal: Access denied for user core by PAM account configuration [preauth]
@dustymabe found that the we may have to wait for systemd-user sessions
to be up. Doing that reduces the flake rate on my M2 machine but does
not entirely fix the issue.
Since I have seen multiple symptoms of flakiness, I think it does not
hurt to add the systemd-user sessions to the dependencies of the ready
service and continue investigating.
[NO NEW TESTS NEEDED] - once we have a fix out, I want to exercise
frequent stop/start in the machine tests but they won't pass now.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This adds the 'system service' command to the build on FreeBSD and
suppresses the call to servicereaper.Start which is only needed to
support slirp4netns on Linux. A stub for compat.StatsContainer is also
added - stats are still supported via the libpod.StatsContainer API
call.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Make sure we use the config field to know if we should use pasta or
slirp4netns as default.
While at it fix broken code which sets the default at two different
places, also do not set in Validate() as this should not modify the
specgen IMO, so set it directly before that.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This adds define.BindOptions to declare the mount options for bind-like
mounts (nullfs on FreeBSD). Note: this mirrors identical declarations in
buildah and it may be preferable to use buildah's copies throughout
podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
There was a huge cut and paste of mount options which were not constent
in parsing tmpfs, bind and volume mounts. Consolidated into a single
function to guarantee all parse the same.
Fixes: https://github.com/containers/podman/issues/18995
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is limited to images that don't depend on complex cgroup or capability
setups but does cover enough functionality to be useful.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
