[v4.9-rhel] Fix exposed ports #24333
Merged
+145
−41
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci
bot
added
release-note-none
approved
github-actions
bot
added
the
kind/api-change
|
Ephemeral COPR build failed. @containers/packit-build please check. |
Luap99
reviewed
Oct 22, 2024
|
@Luap99 thank for the review and notes. I thought this had made RHEL 5.2, but I will verify and update there if necessary. I'll most likely bump the go version. |
|
If you bump the go version we likely need to update/replace the CI images, f38/39 images will not have the proper go version in them. We would need to update to our f40 images that we have on main likely, but given we talked about turning of the extra tests and only keeping the build checks for rhel branches this should not be to big of a deal. I do that, but before we do so we should make sure RHEL 8.10 has go 1.22 or newer for the builds. |
when net=host Previously, we didn't bother including exposed ports in the container config when creating a container with --net=host. Per Docker this isn't really correct; host-net containers are still considered to have exposed ports, even though that specific container can be guaranteed to never use them. We could just fix this for host container, but we might as well make it generic. This patch unconditionally adds exposed ports to the container config - it was previously conditional on a network namespace being configured. The behavior of `podman inspect` with exposed ports when using `--net=container:` has also been corrected. Previously, we used exposed ports from the container sharing its network namespace, which was not correct. Now, we use regular port bindings from the namespace container, but exposed ports from our own container. Fixes https://issues.redhat.com/browse/RHEL-60382 Signed-off-by: Matt Heon <[email protected]> (cherry picked from commit a619c03) Signed-off-by: tomsweeneyredhat <[email protected]>
A field we missed versus Docker. Matches the format of our
existing Ports list in the NetworkConfig, but only includes
exposed ports (and maps these to struct{}, as they never go to
real ports on the host).
Fixes https://issues.redhat.com/browse/RHEL-60382
Signed-off-by: Matt Heon <[email protected]>
(cherry picked from commit edc3dc5)
Signed-off-by: tomsweeneyredhat <[email protected]>
Undoing some of my own work here from containers#24090 now that we have the ExposedPorts field implemented in inspect. I considered a revert of that patch, but it's still needed as without it we'd be including exposed ports when --net=container which is not correct. Basically, exposed ports for a container should always go in the new ExposedPorts field we added. They sometimes go in the Ports field in NetworkSettings, but only when the container is not net=host and not net=container. We were always including exposed ports, which was not correct, but is an easy logical fix. Also required is a test change to correct the expected behavior as we were testing for incorrect behavior. Fixes https://issues.redhat.com/browse/RHEL-60382 Signed-off-by: Matt Heon <[email protected]> (cherry picked from commit 8061553) Signed-off-by: tomsweeneyredhat <[email protected]>
Luap99
force-pushed
the
dev/sweeney/accel299-4.9-rhel
branch
2 times, most recently
from
00fa2ec to
3d8ead4
Compare
The range over int syntax was only added in go 1.22, this branch is currently build with go 1.21 in RHEL so we need to convert it back to the old syntax. And add the missing "fmt" import in the test file. Signed-off-by: Paul Holzinger <[email protected]>
Luap99
force-pushed
the
dev/sweeney/accel299-4.9-rhel
branch
from
3d8ead4 to
0889c74
Compare
Luap99
approved these changes
Oct 25, 2024
There was a problem hiding this comment.
/lgtm
/hold
@TomSweeneyRedHat feel free to remove the hold as needed BUT keep in mind these patches are not in 5.2-rhel so by common sense rules it must be backported there too to avoid regressions.
openshift-ci
bot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lsm5, Luap99, TomSweeneyRedHat The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
TomSweeneyRedHat
added a commit
to TomSweeneyRedHat/podman
that referenced
this pull request
Oct 28, 2024
This fixes an exposed ports issue in RHEL 4.9-rhel for RHEL 9.5. This includes the fixes from the following PRs: First PR: containers#24090 Second PR: containers#24110 Third PR: containers#24164 With an additional tweak from @Luap99 in containers#24333 regarding the looping in libpod/container_inspect.go. This changes is needed in the 5.2-rhel branch to assure successful upgrades as the same patches have been used for the following issues in the Podman v4.9-rhel branch Fixes: https://issues.redhat.com/browse/ACCELFIX-299 Fixes: https://issues.redhat.com/browse/ACCELFIX-300 Signed-off-by: tomsweeneyredhat <[email protected]>
TomSweeneyRedHat
added a commit
to TomSweeneyRedHat/podman
that referenced
this pull request
Oct 28, 2024
An additional tweak from @Luap99 in containers#24333 regarding the looping in libpod/container_inspect.go. The range over int syntax was only added in go 1.22, this branch is currently build with go 1.21 in RHEL so we need to convert it back to the old syntax. And add the missing "fmt" import in the test file. Signed-off-by: tomsweeneyredhat <[email protected]>
|
As #24397 has been created for Podman 5.2-rhel, I'm going to merge this now so we can move it along to the customer. |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
openshift-merge-bot
bot
merged commit 1866072
into
containers:v4.9-rhel
12 checks passed
|
Quick folow up: Fixes: https://issues.redhat.com/browse/RHEL-65248, https://issues.redhat.com/browse/RHEL-62549 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes an exposed ports issue in RHEL 4.9-rhel for RHEL 8.10 and 9.4.
This includes the fixes from the following PRs:
First PR: #24090
Second PR: #24110
Third PR: #24164
Fixes: https://issues.redhat.com/browse/ACCELFIX-299
Fixes: https://issues.redhat.com/browse/ACCELFIX-300
Fixes: https://issues.redhat.com/browse/RHEL-65248, https://issues.redhat.com/browse/RHEL-62549
Does this PR introduce a user-facing change?