Switch podman stop/kill/wait handlers to use abi #9051
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
@edsantiago more missing podman-remote options and missing tests. |
|
|
|
Get the same locally after podman (rm) $ git diff
diff --git a/pkg/bindings/containers/types_stop_options.go b/pkg/bindings/containers/types_stop_options.go
index c86cc2f9ffa9..d4e2eda8383c 100644
--- a/pkg/bindings/containers/types_stop_options.go
+++ b/pkg/bindings/containers/types_stop_options.go
@@ -119,7 +119,7 @@ func (o *StopOptions) GetIgnore() bool {
return *o.Ignore
}
-// WithToimeout
+// WithTimeout
func (o *StopOptions) WithTimeout(value uint) *StopOptions {
v := &value |
|
|
||
| // If the Container is stopped already, send a 409 | ||
| if state == define.ContainerStateStopped || state == define.ContainerStateExited { | ||
| utils.Error(w, fmt.Sprintf("Container %s is not running", name), http.StatusConflict, errors.New(fmt.Sprintf("Cannot kill Container %s, it is not running", name))) |
There was a problem hiding this comment.
We need to retain some form of this check so we can return StatusConflict
There was a problem hiding this comment.
I think you can check if ContainerKill returned either ErrCtrStateInvalid or ErrCtrStopped though
| return | ||
| } | ||
|
|
||
| // Docker waits for the container to stop if the signal is 0 or | ||
| // SIGKILL. | ||
| if !utils.IsLibpodRequest(r) && (signal == 0 || syscall.Signal(signal) == syscall.SIGKILL) { |
| } | ||
| // If the Container is stopped already, send a 304 | ||
| if state == define.ContainerStateStopped || state == define.ContainerStateExited { |
There was a problem hiding this comment.
Need to retain this check so we can return StatusNotModified
rhatdan
force-pushed
the
rm
branch
10 times, most recently
from
575343f to
67c366d
Compare
- stop: test --all and --ignore (containers#9051) - build: test /run/secrets (containers#8679, but see below) - sensitive mount points: deal with 'stat' failures - selinux: confirm useful diagnostics on unknown labels (containers#8946) The 'build' test is intended as a fix for containers#8679, in which 'podman build' does not mount secrets from mounts.conf. Unfortunately, as of this writing, 'podman build' does not pass the --default-mounts-file option to buildah, so there's no reasonable way to test this path. Still, we can at least confirm /run/secrets on 'podman run'. The /sys thing is related to containers#8949: RHEL8, rootless, cgroups v1. It's just a workaround to get gating tests to pass on RHEL. Signed-off-by: Ed Santiago <[email protected]>
| err = con.Kill(signal) | ||
| if err != nil { | ||
| utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrapf(err, "unable to kill Container %s", name)) | ||
| if report[0].Err != nil { |
There was a problem hiding this comment.
We can't do this in cases where more than one result can be returned (e.g. All is specified). You are going to lose errors on everything except the first container, which is HORRIBLE user experience - we've had to deal with this in Pod commands and play kube and it makes debugging user issues impossible.
This is going to require a change in return type to return a struct containing all the errors, which will make it incompatible with Docker. I suppose we could use the magic check that determines if this is a Libpod or Compat request to handle it?
There was a problem hiding this comment.
(As an aside, this is why we decided to handle All client side, not server side, initially - it makes things so much simpler because we can re-use handlers and not worry about this).
There was a problem hiding this comment.
Removed all, although I think in the long run this should be changed.
rhatdan
force-pushed
the
rm
branch
3 times, most recently
from
2ff8ace to
f3be54a
Compare
rhatdan
changed the title
rhatdan
force-pushed
the
rm
branch
2 times, most recently
from
85ccccb to
3bf7658
Compare
rhatdan
force-pushed
the
rm
branch
5 times, most recently
from
3f6e657 to
5574a89
Compare
- stop: test --all and --ignore (containers#9051) - build: test /run/secrets (containers#8679, but see below) - sensitive mount points: deal with 'stat' failures - selinux: confirm useful diagnostics on unknown labels (containers#8946) The 'build' test is intended as a fix for containers#8679, in which 'podman build' does not mount secrets from mounts.conf. Unfortunately, as of this writing, 'podman build' does not pass the --default-mounts-file option to buildah, so there's no reasonable way to test this path. Still, we can at least confirm /run/secrets on 'podman run'. The /sys thing is related to containers#8949: RHEL8, rootless, cgroups v1. It's just a workaround to get gating tests to pass on RHEL. Signed-off-by: Ed Santiago <[email protected]>
rhatdan
force-pushed
the
rm
branch
3 times, most recently
from
f19a008 to
4bd24c0
Compare
| @@ -242,6 +248,10 @@ func WaitContainer(w http.ResponseWriter, r *http.Request) { | |||
| // /{version}/containers/(name)/wait | |||
| exitCode, err := utils.WaitContainer(w, r) | |||
| if err != nil { | |||
| if errors.Cause(err) == define.ErrNoSuchCtr { | |||
There was a problem hiding this comment.
Is this necessary? Waiting on a container that has been removed by --rm will error now
There was a problem hiding this comment.
Do you think we should at least log it. Or just ignore it.
| if _, found := r.URL.Query()["t"]; found { | ||
| timeout = uint(query.Timeout) | ||
| options := entities.RestartOptions{ | ||
| All: query.All, |
There was a problem hiding this comment.
All is still hazardous to use, we're going to lose every error except the first one.
There was a problem hiding this comment.
I hope to fix this in the future. But it will be a breaking change in the API.
| @@ -148,6 +148,11 @@ func GetContainer(w http.ResponseWriter, r *http.Request) { | |||
| func WaitContainer(w http.ResponseWriter, r *http.Request) { | |||
| exitCode, err := utils.WaitContainer(w, r) | |||
| if err != nil { | |||
| if errors.Cause(err) == define.ErrNoSuchCtr { | |||
| utils.ContainerNotFound(w, utils.GetName(r), err) | |||
There was a problem hiding this comment.
Hm. Should we error here? My concern is --rm - we could race against cleanup and error on a container being removed.
There was a problem hiding this comment.
Yeah, logging seems right. Maybe someone will complain in the future and we'll have to do better, but for now this seems safest
| return 0, err | ||
| } | ||
| return con.WaitForConditionWithInterval(interval, condition) | ||
| return report[0].ExitCode, report[0].Error |
There was a problem hiding this comment.
Should double-check len(report) > 0 - better safe than segfaulting
Change API Handlers to use the same functions that the local podman uses. At the same time: implement remote API for --all and --ignore flags for podman stop implement remote API for --all flags for podman stop Signed-off-by: Daniel J Walsh <[email protected]>
|
@containers/podman-maintainers PTAL |
github-actions
bot
added
the
locked - please file new issue/PR
Change API Handlers to use the same functions that the
local podman uses.
At the same time:
implement remote API for --all and --ignore flags for podman stop
implement remote API for --all flags for podman stop
Signed-off-by: Daniel J Walsh [email protected]