Add support to sig-proxy for podman-remote

[boaz0]

closes #14707

Does this PR introduce a user-facing change?

None

[TomSweeneyRedHat]

Quick review and the code LGTM, but the tests aren't a bit happy.

[rhatdan]

Doesn't this have to happen on the server side?

[boaz0]

I don't think so. @mheon am I right?

[boaz0]

@edsantiago do you have an idea how should I test this. Should I run podman run -i nginx in the background and run kill -9 <pid>?

I saw there are some tests in https://github.com/containers/podman/blob/main/test/e2e/run_signal_test.go but I am not sure if they are related to the issue. In addition, when I run them on my local environment they fail.

//cc @TomSweeneyRedHat

[edsantiago]

The following works (says BYE) with your PR, does not work (silence) on main:

$ bin/podman-remote run --name foo $IMAGE sh -c 'trap "echo BYE;exit 0" INT;while :;do sleep 0.1;done' &
...
$ kill -INT %1
...
$ podman logs foo
BYE

Making that into a proper test -- capturing the PID (instead of %1), using randomized strings, and cleaning up -- is left as an exercise for the reader. HTH.

[boaz0]

@edsantiago I tried for too long to make this work in the system tests but it keeps failing. When I do it manually it works but running it through bats doesn't show the same results.

[edsantiago]

@boaz0 try this:

@test "podman sigproxy" {
    $PODMAN run -i --name foo $IMAGE sh -c 'trap "echo BYE;exit 0" INT;echo READY;while :;do sleep 0.1;done' &
    local kidpid=$!

    # Wait for container to appear
    local timeout=5
    while :;do
          sleep 0.5
          run_podman '?' container exists foo
          if [[ $status -eq 0 ]]; then
              break
          fi
          timeout=$((timeout - 1))
          if [[ $timeout -eq 0 ]]; then
              die "Timed out waiting for container to start"
          fi
    done

    wait_for_ready foo

    # Signal, and wait for container to exit
    kill -INT $kidpid
    local timeout=5
    while :;do
          sleep 0.5
          run_podman logs foo
          if [[ "$output" =~ BYE ]]; then
              break
          fi
          timeout=$((timeout - 1))
          if [[ $timeout -eq 0 ]]; then
              die "Timed out waiting for BYE from container"
          fi
    done

    run_podman rm -f -t0 foo
}

Quick reminder that SIGKILL cannot be handled by a receiving process. Please never use SIGKILL except as a last resort.

Another note: please squash your commits.

Note to Podman team: the above works fine with podman-remote but, on the rootless server, spits out a red warning:

2022-09-05T13:39:04.000572179Z: open pidfd: No such process

[boaz0]

@edsantiago you're amazing. I have no idea how you figured it out but it works.

[edsantiago]

@boaz0 blush, all it is is familiarity with one obscure little fraction of code. Still, thank you!

@containers/podman-maintainers PTAL; the new imports are triggering bloat checks and Mac/Windows build failures. There might be a reason why those modules aren't imported in podman-remote :-(

[mheon]

Code changes LGTM. Not sure what's causing the bloat... My assumption would be the terminal package, but I don't see what in there could be so big

[vrothberg]

Thanks, @boaz0!
LGTM
@Luap99 @rhatdan PTAL

[Luap99]

LGTM

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: boaz0, Luap99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Luap99]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[edsantiago]

I restarted one flake, but am now seeing an alarming number of other test failures: ubuntu, fedora, both remote, both (mostly) hangs. I'm not going to restart those: there's something real-looking about them.

[edsantiago]

Yeah... the other two tests failed, all in remote, all in different places, and most with timeouts. There's almost certainly something broken in here.

[boaz0]

@edsantiago - yep that doesn't look good. I am first rebasing and will try to reproduce these on my local environment.

[edsantiago]

Still failing in remote:

# podman-remote --url unix:/tmp/podman_tmp_VdZP run --unsetenv-all --rm quay.io/libpod/testimage:20220615 /bin/printenv
timeout: sending signal TERM to command ‘/var/tmp/go/src/github.com/containers/podman/bin/podman-remote’
timeout: sending signal KILL to command ‘/var/tmp/go/src/github.com/containers/podman/bin/podman-remote’

I have a year-and-a-half catalog of podman flakes. This error is not in my catalog. That suggests that the problem is with this PR.

[boaz0]

OK I think I know what's the problem. Let's see if that fixes the problem.
Thanks for the help @edsantiago

[boaz0]

@edsantiago looks like it fixed the problem but now Windows Cross failed. 🤔 I have a better idea.

[rhatdan]

/lgtm

[edsantiago]

@boaz0 thank you for your perseverance on this tricky one!