Fix handling of container remove #9014
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
Fixes: #8735 |
|
@edsantiago PTAL |
| @@ -122,6 +122,8 @@ type PruneOptions struct { | |||
| //go:generate go run ../generator/generator.go RemoveOptions | |||
| // RemoveOptions are optional options for removing containers | |||
| type RemoveOptions struct { | |||
| All *bool | |||
| Ignore *bool | |||
| Force *bool | |||
There was a problem hiding this comment.
I'm going to assume that Tom will ask you to sort those
That's quite a hole, I'm trying to figure out how the system tests didn't detect it. Thanks for catching it. |
|
Friendly suggestion for system tests: diff --git a/test/system/040-ps.bats b/test/system/040-ps.bats
index 0447122b1..0ae8b0ce0 100644
--- a/test/system/040-ps.bats
+++ b/test/system/040-ps.bats
@@ -111,8 +111,11 @@ EOF
run_podman ps --storage -a
is "${#lines[@]}" "2" "podman ps -a --storage sees buildah container"
- # This is what deletes the container
- # FIXME: why doesn't "podman rm --storage $cid" do anything?
+ # We can't rm it without -f, but podman should issue a helpful message
+ run_podman 2 rm "$cid"
+ is "$output" "Error: container .* is mounted and cannot be removed without using force: container state improper" "podman rm <buildah container> without -f"
+
+ # With -f, we can remove it.
run_podman rm -f "$cid"
run_podman ps --storage -aIs the exit status (2) intentional? I was surprised that it wasn't 125. |
|
OBTW CI is failing |
| @@ -29,9 +31,11 @@ import ( | |||
| func RemoveContainer(w http.ResponseWriter, r *http.Request) { | |||
There was a problem hiding this comment.
This is the compat endpoint. We shouldn't be modifying its parameters.
There was a problem hiding this comment.
You can make it conditional which is something other endpoints are doing. utils.IsLibpodRequest(r) returns a boolean that indicates if the request was made against a libpod/... endpoint.
pkg/domain/infra/abi/containers.go
Outdated
| reports = append(reports, &report) | ||
| case define.ErrNoSuchCtr: | ||
| // remove container names that does not exist | ||
| reports = append(reports, &report) |
There was a problem hiding this comment.
This seems dubious - podman rm doesnotexist needs to throw an error, and I'm not sure it does after this.
There was a problem hiding this comment.
Also, I think this is actually unsafe - RemoveStorageContainer can potentially return ErrNoSuchCtr in cases where the container does not exist in c/storage but still exists in Libpod
There was a problem hiding this comment.
Ok, I am not sure that is possible, but I can change this to fall though, since it does not change the error.
There was a problem hiding this comment.
We should not be erroring in that case, we should be proceeding to normal RemoveContainer without appending the report.
There was a problem hiding this comment.
Right it does not add the report now.
| // remove container names that does not exist | ||
| reports = append(reports, &report) | ||
| default: | ||
| if _, err := ic.Libpod.LookupContainer(ctr); errors.Cause(err) == define.ErrNoSuchCtr { |
There was a problem hiding this comment.
This bit seems unnecessary - I don't see any way we fail in a fashion that's not ErrNoSuchCtr before RemoveStorageContainer checks Libpod to see if the container exists.
There was a problem hiding this comment.
The use case we are trying to fix #8735, is the case where we created a buildah container that is in use, and fails. This would end up in this block, and now we check to see if it is a libpod container. Since it is not, we return the error.
Thus we end up with an error telling us the container is in use, and the user has to add --force.
In the current code we fail over to trying to remove a libpod container, and we report
container does not exist.
There was a problem hiding this comment.
I'm not sure you're right here - the check for whether a container is a Libpod container in RemoveStorageContainer happens before we try to remove the container, so we should already have gotten an ErrCtrExists
There was a problem hiding this comment.
If you run @edsantiago test you will see this happen.
There was a problem hiding this comment.
Then we need to catch this inside RemoveStorageContainer - why work around broken behavior when we can just fix the broken API
There was a problem hiding this comment.
RemoveStorageContainer is not broken, it is returning a valid error, that we are returning to the user. The problem is we are ignoring the error and then falling through to the libpod remove, which finds that there is no Container libpod container, and reports container does not exists.
rhatdan
force-pushed
the
rm
branch
3 times, most recently
from
7a0597d to
4edbc81
Compare
I found several problems with container remove podman-remote rm --all Was not handled podman-remote rm --ignore Was not handled Return better errors when attempting to remove an --external container. Currently we return the container does not exists, as opposed to container is an external container that is being used. This patch also consolidates the tunnel code to use the same code for removing the container, as the local API, removing duplication of code and potential problems. Signed-off-by: Daniel J Walsh <[email protected]>
|
@containers/podman-maintainers PTAL |
|
LGTM |
| All: query.All, | ||
| Force: query.Force, | ||
| Volumes: query.Volumes, | ||
| Ignore: query.Ignore, |
There was a problem hiding this comment.
nit, alpha order this plz.
|
LGTM |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
I found several problems with container remove
podman-remote rm --all
Was not handled
podman-remote rm --ignore
Was not handled
Return better errors when attempting to remove an --external container.
Currently we return the container does not exists, as opposed to container
is an external container that is being used.
This patch also consolidates the tunnel code to use the same code for
removing the container, as the local API, removing duplication of code
and potential problems.
Signed-off-by: Daniel J Walsh [email protected]