Fix missing OCI Runtime #7126
Merged
Fix missing OCI Runtime #7126
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci-robot
added
the
approved
|
This needs tests, but they can't be E2E tests (all of those specify a full |
| // If the path starts with a / and exists, make a new | ||
| // OCI runtime for it using the full path. | ||
| if strings.HasPrefix(runtimeName, "/") { | ||
| if stat, err := os.Stat(runtimeName); err == nil && !stat.IsDir() { |
There was a problem hiding this comment.
do you need to worry about a symlink here?
|
@mheon all kinds of test unhappiness |
openshift-ci-robot
added
the
needs-rebase
mheon
force-pushed
the
fix_missing_ociruntime
branch
2 times, most recently
from
b1465a5 to
fe9461d
Compare
openshift-ci-robot
removed
the
needs-rebase
|
LGTM |
openshift-ci-robot
added
the
needs-rebase
mheon
force-pushed
the
fix_missing_ociruntime
branch
from
fe9461d to
5e5e6f5
Compare
|
Rebased |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
removed
the
needs-rebase
mheon
force-pushed
the
fix_missing_ociruntime
branch
2 times, most recently
from
adf2e7d to
a615b88
Compare
|
Rebased, should go green |
mheon
force-pushed
the
fix_missing_ociruntime
branch
from
a615b88 to
e565396
Compare
|
Restarted what looked like flakes |
|
/lgtm hold |
|
Looks like your tests are failing? |
|
Failures are in podman-remote only, f31 and f32, both: |
|
Remote seems to completely ignore the |
mheon
force-pushed
the
fix_missing_ociruntime
branch
from
e565396 to
e30f9e1
Compare
|
@mheon can you rebase? |
mheon
force-pushed
the
fix_missing_ociruntime
branch
from
e30f9e1 to
1f98838
Compare
|
Added another commit that should (theoretically) properly handle |
mheon
force-pushed
the
fix_missing_ociruntime
branch
from
c65d45b to
c90ab7f
Compare
|
@mheon need a rebase. Would like to get this in, to fix https://bugzilla.redhat.com/show_bug.cgi?id=1860176 |
|
Test failures are legitimate. I know what has to be done, but it'll have to wait until Monday, too busy trying to get 2.1.0-RC1 out the door today. |
mheon
force-pushed
the
fix_missing_ociruntime
branch
from
c90ab7f to
c8e13d8
Compare
|
LGTM |
|
A friendly reminder that this PR had no activity for 30 days. |
|
@mheon Can we get this Rebased and moved forward? |
mheon
force-pushed
the
fix_missing_ociruntime
branch
from
c8e13d8 to
a3373e5
Compare
|
Rebased, let's see what broke |
mheon
force-pushed
the
fix_missing_ociruntime
branch
3 times, most recently
from
72af2f9 to
eaea608
Compare
|
@mheon needs another rebase. |
Say I start a container with the flag `--runtime /usr/local/sbin/crun`. I then stop the container, and restart it without the flag. We previously stored the runtime in use by a container only by basename when given a path, so the container only knows that it's using the `crun` OCI runtime - and on being restarted without the flag, it will use the system crun, not my special crun build. Using the full path as the name in these cases ensures we will still use the correct runtime, even on subsequent runs of Podman. Signed-off-by: Matthew Heon <[email protected]>
When an OCI runtime is given by full path, we need to ensure we use the same runtime on subsequent use. Unfortunately, users are often not considerate enough to use the same `--runtime` flag every time they invoke runtime - and if the runtime was not in containers.conf, that means we don't have it stored inn the libpod Runtime. Fortunately, since we have the full path, we can initialize the OCI runtime for use at the point where we pull the container from the database. Signed-off-by: Matthew Heon <[email protected]>
My patches to fix `--runtime /usr/bin/crun` being allowed to use a different version of the crun runtime revealed a problem: we were actually relying on that exact behavior in our E2E tests. We specified the runtime path as `/usr/bin/runc` for the Ubuntu tests, but that didn't exist, so Podman was actively looking for a different, usable runc binary and using that, instead of the path we explicitly hardcoded. Fixing the bug broke this, and thus broke the tests. Instead of hard-coding OCI runtime paths, swap to just using the runtime name, `runc` or `crun`, and letting Podman figure out where the runtime lives - it's quite good at that. This should un-break the tests and make them more durable. Signed-off-by: Matthew Heon <[email protected]>
mheon
force-pushed
the
fix_missing_ociruntime
branch
from
97305e6 to
07221d9
Compare
Signed-off-by: Matthew Heon <[email protected]>
mheon
force-pushed
the
fix_missing_ociruntime
branch
from
07221d9 to
1b49333
Compare
|
@containers/podman-maintainers This should be ready to merge. |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem: when we create a container with
--runtime=/PATH/TO/RUNTIMEand then call other Podman commands without that flag, Podman may fail because it can't find the OCI runtime.Solution: make containers remember the full path of the OCI runtime they were created with (if and only if they were made with an OCI runtime specified by full path) and re-initialize the OCI runtime on subsequently retrieving the container from the database (if and only if the runtime does not already exist).