Make inspect compatible with docker v1.44 API #21601
Conversation
|
Cockpit tests failed for commit aa3b6c4dd519f8cbd7e7aff0d80df3781e7d9847. @martinpitt, @jelly, @mvollmer please check. |
|
@flobz Thanks Could you add a test to make sure the new format sticks. |
|
Even though through my uninitiated eye the patch here shouldn't directly affect At least the recent landed and other open PRs were all green, so it's plausible that this change is the cause. Of course that needs adjustment on our side. |
containers/podman#21601 changes the output for "bind port to all addresses" from "" to "0.0.0.0". Adjust the test to accept either format.
|
Hang on, the difference is exactly the "0.0.0.0" for "all addresses", so it indeed exactly matches the change here. I sent cockpit-project/cockpit-podman#1565 to fix this. This PR needs at least one more force push anyway to fix the "Validate" test, by then the c-podman fix is hopefully merged. Thanks! |
containers/podman#21601 changes the output for "bind port to all addresses" from "" to "0.0.0.0". Adjust the test to accept either format.
|
The cockpit-podman test adjustment landed, so please either force-push or retry the "cockpit-revdeps" tests. Thanks! |
flobz
force-pushed
the
feature/docker_v1.44_compat
branch
from
87d798d to
6e0e9e9
Compare
|
@rhatdan what do you think of 6e0e9e9c956035361c6fb4cf339c8c151ec7d2d7 ? |
There was a problem hiding this comment.
Can you link to any docker v1.44 changes that this addresses? These changes here directly touch the podman inspect output and AFAICT these differences are not new in v1.44.
The entrypoint and signal change seem simple enough but it will break compatibility between v4 and v5 which is fine given v5 contains breaking changes but it will make the API much less compatible.
Also the hostip change breaks a lot of tests and I am not sure if it is really needed?
| @@ -302,3 +309,33 @@ def wait_and_start(): | |||
| finally: | |||
| ctr.stop() | |||
| ctr.remove(force=True) | |||
|
|
|||
| def test_container_inspect_compatibility(self): | |||
There was a problem hiding this comment.
This is not really an API test as you check podman inspect output against the docker schema which is not a bad idea at all but the API test is checking the output/behavior of our API but I am also not sure if there is a better place right now.
Do you need to do this in python? I think if we want to validate this it would be better in a go unit test.
There was a problem hiding this comment.
Apparently there is a module for go: https://github.com/go-openapi/validate.
But it's not compatible with openapi v3, so if docker change the format from v2 to v3 it wont work anymore.
If you think it's mandatory to do this test in go can you tell me where I should add it ?
| ctr = self.docker.containers.create(image="alpine", detach=True) | ||
| try: | ||
| spec = yaml.load( | ||
| requests.get(f"https://docs.docker.com/reference/engine/v{DOCKER_API_COMPATIBILITY_VERSION}.yaml").text, |
There was a problem hiding this comment.
loading this every time via network is flaky, you can get this from vendor/github.com/docker/docker/api/swagger.yaml I think.
There was a problem hiding this comment.
Yes, please use the vendored copy. You may want to add a comment (and perhaps even an assertion) on spec['info']['version'] being 1.44, to help maintainers track down possible future failures
libpod/util.go
Outdated
| @@ -235,8 +235,12 @@ func makeInspectPorts(bindings []types.PortMapping, expose map[uint16][]string) | |||
| for i := uint16(0); i < port.Range; i++ { | |||
| key := fmt.Sprintf("%d/%s", port.ContainerPort+i, protocol) | |||
| hostPorts := portBindings[key] | |||
| var host = port.HostIP | |||
There was a problem hiding this comment.
even though the scope here is minuscule and unambiguous, perhaps hostIP would be a clearer variable name
test/e2e/create_test.go
Outdated
| @@ -482,7 +482,7 @@ var _ = Describe("Podman create", func() { | |||
| inspect.WaitWithDefaultTimeout() | |||
| data := inspect.InspectContainerToJSON() | |||
| Expect(data).To(HaveLen(1)) | |||
| Expect(data[0].Config).To(HaveField("StopSignal", uint(15))) | |||
| Expect(data[0].Config).To(HaveField("StopSignal", "SIGTTIN")) | |||
There was a problem hiding this comment.
I'm not sure where this came from? SIGTTIN is 21, which is 0x15, but I still don't understand this change?
There was a problem hiding this comment.
I fix that, it was SIGTERM not SIGTTIN. The new api return signal as string not int.
| ctr = self.docker.containers.create(image="alpine", detach=True) | ||
| try: | ||
| spec = yaml.load( | ||
| requests.get(f"https://docs.docker.com/reference/engine/v{DOCKER_API_COMPATIBILITY_VERSION}.yaml").text, |
There was a problem hiding this comment.
Yes, please use the vendored copy. You may want to add a comment (and perhaps even an assertion) on spec['info']['version'] being 1.44, to help maintainers track down possible future failures
flobz
force-pushed
the
feature/docker_v1.44_compat
branch
from
93ec6a5 to
f50f520
Compare
|
Ephemeral COPR build failed. @containers/packit-build please check. |
Luap99
added
breaking-change
|
I could use some help to fix last tests. |
The issue is that you hard break a stable API type (which is fine as it is 5.0), however this breaks new clients that talk to a v4 server (which is the case here). We tried to avoid breaking the API this time around so breaking this is really undesirable. |
|
Sorry, but I think this is going to miss our internal 5.0 breaking change deadline (tomorrow AM). This wasn't communicated publicly; in the future, we'll try to get this posted on Github. We can still consider this but it will likely have to wait until 6.0 (early 2025) |
That's what docker-py does for docker, it's a good idea.
That's a pity in podman should be as much as possible compatible with docker to be able to replace it, so incompatibility with new docker API is worst than incompatibility with podman v4 in my opinion. |
|
Can you add the unmarshal call @Luap99 asked for? |
flobz
force-pushed
the
feature/docker_v1.44_compat
branch
from
b5d80ae to
5fc08db
Compare
flobz
force-pushed
the
feature/docker_v1.44_compat
branch
2 times, most recently
from
77f12e8 to
718fe56
Compare
For test container it's, because the lib need to know if the container listen on ipv4 or v6 |
flobz
force-pushed
the
feature/docker_v1.44_compat
branch
3 times, most recently
from
b75f487 to
eabf932
Compare
There was a problem hiding this comment.
The issue is that it still break compatibility with v4 clients talking to a v5 server, i.e.. the inspect API will return the wrong type even if the /v4 endpoint is called by the client.
I think like the unmarshal hack we would need the same hack for marshal and then actually do a version check in the API endpoint to return the correct thing.
However this change is very late in the cycle a we sort of committed to no more breaking changes as @mheon mentioned so I am not sure if we actually want to go through with this for 5.0.
libpod/define/container_inspect.go
Outdated
|
|
||
| switch entrypoint := aux.Entrypoint.(type) { | ||
| case string: | ||
| insp.Entrypoint = []string{entrypoint} |
There was a problem hiding this comment.
this would need to at least split the string by spaces, just dumping everything into argv0 is wrong. Not that splitting by spaces would be 100% correct either but it should be better.
pkg/signal/signal_common.go
Outdated
| if err != nil { | ||
| signalStr = strconv.FormatUint(uint64(s), 10) | ||
| } | ||
| return fmt.Sprintf("SIG%s", signalStr) |
There was a problem hiding this comment.
this looks odd, in case of an error it would return SIG2 for example. Is this really what docker does? To me it the more logical thing would be to return just the number without the prefix.
There was a problem hiding this comment.
I don't know how docker handle unknown signal. I change this to return only the number as you ask.
flobz
force-pushed
the
feature/docker_v1.44_compat
branch
from
042fe2c to
2b2207e
Compare
Signed-off-by: Florian Bezannier <[email protected]>
Signed-off-by: Florian Bezannier <[email protected]>
Signed-off-by: Florian Bezannier <[email protected]>
…r API v1.44 Signed-off-by: Florian Bezannier <[email protected]>
Signed-off-by: Florian Bezannier <[email protected]>
Signed-off-by: Florian Bezannier <[email protected]>
Signed-off-by: Florian Bezannier <[email protected]>
Signed-off-by: Florian Bezannier <[email protected]>
flobz
force-pushed
the
feature/docker_v1.44_compat
branch
from
2b2207e to
77bcf23
Compare
Yes I agree, on computer with Ipv6 only it won't work but it's a marginal scenario and it's better to support one scenario than none ? You can see this as a default value but the ip shouldn't be empty in the first place don't you think ? I can create an issue for that if you want ?
There is no test for that right now right ? It seems to be a too big task for me. Furthermore as I said earlier incompatibility with new docker API is worst than incompatibility with podman v4 in my opinion. |
|
Cockpit tests failed for commit 2b2207e39e3473d495cbfbce80f3d11921410dda. @martinpitt, @jelly, @mvollmer please check. |
|
The failure above was once again the |
|
LGTM |
|
@Luap99 are you still around to take another peak at this? |
|
@mheon OK to hit the "Approve and Run" button here at this point? |
|
After discussion with the team, we're going to merge this. This will be the last breaking change for 5.0. |
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flobz, mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
stale-locking-app
bot
added
the
locked - please file new issue/PR
Hello,
Small changes to make podman compatible with last change in docker API.
Does this PR introduce a user-facing change?