use conmon for exec by haircommander · Pull Request #3143 · containers/podman

haircommander · 2019-05-16T20:32:43Z

This is a starter PR. Do not merge, it is not complete at all.
depends on: cri-o/cri-o#2377

The point of pushing here is mostly to get feedback on the design. there is still more work to do:

--user and --workdir don't currently work and I'm not sure why
a small tty bug
all the TODO FIXMES

The following items could be added in follow up PRs:

currently, exec sessions create an attach socket similarly to how creates create one, but with sessionID instead of containerID. Right now, there's no global tracking of sessionID, so there exists the opportunity (1/2^128) of there being a duplicate. Are we comfortable with this?
I'd like to query the version of conmon in the runtime to make sure we won't crash in a confusing manner. I need to figure out the best way to require this while also prohibiting the conmon versions built from the CRI-O repo that are tagged as 1.9 - 1.14
add exit codes to the define package
actually implement remote exec

haircommander · 2019-05-16T20:33:04Z

@mheon @baude @jwhonce PTAL

rh-atomic-bot · 2019-05-17T19:50:55Z

☔ The latest upstream changes (presumably #2844) made this pull request unmergeable. Please resolve the merge conflicts.

rh-atomic-bot · 2019-05-20T20:02:15Z

☔ The latest upstream changes (presumably #3162) made this pull request unmergeable. Please resolve the merge conflicts.

rhatdan · 2019-07-17T09:38:06Z

@haircommander Needs a rebase. I think @mheon wants to get this in...

haircommander · 2019-07-17T14:01:53Z

@rhatdan I rebased, but given Cirrus now builds from packages as opposed to github commits, I'm waiting on conmon v1.0.0 to get into fedora and ubuntu. @lsm5 and I are working on this.

mheon · 2019-07-17T14:11:03Z

@haircommander I'm good to merge once you're ready, so just say when.

rh-atomic-bot · 2019-07-18T07:24:40Z

☔ The latest upstream changes (presumably #3522) made this pull request unmergeable. Please resolve the merge conflicts.

rh-atomic-bot · 2019-07-18T13:53:44Z

☔ The latest upstream changes (presumably #3595) made this pull request unmergeable. Please resolve the merge conflicts.

haircommander · 2019-07-18T14:17:01Z

hey @mheon, the conmonPidFile for exec sessions now lives in the exec bundle path, as such, a deferred cleanup of it happens after it's created, and we shouldn't have the problem #3595 solves. can you look at the changes and verify I'm correct in thinking so?

mheon · 2019-07-18T14:20:20Z

I think we're set. We still (potentially) leak if you hit Podman itself with a SIGTERM or similar during the exec, so we don't hit the defer, but otherwise it seems fine.

rh-atomic-bot · 2019-07-19T00:39:19Z

☔ The latest upstream changes (presumably #3443) made this pull request unmergeable. Please resolve the merge conflicts.

rh-atomic-bot · 2019-07-22T11:14:49Z

☔ The latest upstream changes (presumably #3562) made this pull request unmergeable. Please resolve the merge conflicts.

haircommander · 2019-07-22T15:34:37Z

@mheon @TomSweeneyRedHat @QiWang19 @vrothberg @baude @rhatdan Here's an update:
We are passing all the tests this PR will pass. It will need to be force merged, as the in_podman images aren't updated until an hour or so after PRs are merged, and this PR needs to be merged for that to happen. that may mean the tests will be annoyed for a bit after merging this, so be wary of timing (cc: @cevich)

This PR is as ready as it will be, PTAL

haircommander · 2019-07-22T15:37:34Z

update, I actually just thought of a way to get this to pass organically, so hold on the manual merge

haircommander · 2019-07-22T16:17:08Z

update, i think I have a way to make in_podman green naturally. hold the force merge

cevich

All the CI changes LGTM, just one goof but it's my fault and won't affect anything.

cevich · 2019-07-22T17:15:40Z

FYI- this is my bad...these aren't used anywhere. I've got a commit floating on a PR somewhere that just clobbers them all.

TomSweeneyRedHat · 2019-07-22T17:35:08Z

Do we have Jira cards or issues for these?

the entirety of remote exec is a big TODO, I can make a jira card

TomSweeneyRedHat · 2019-07-22T17:37:16Z

Changes LGTM, but what head nods from @mheon and @vrothberg too, especially if you can't get the tests to green.

Personally, I think once merged, this should sit in upstream for a few weeks before we make a new kit with it and that kit should bump the version from 1.4 to 1.5 or 1.5 to 1.6.

This includes: Implement exec -i and fix some typos in description of -i docs pass failed runtime status to caller Add resize handling for a terminal connection Customize exec systemd-cgroup slice fix healthcheck fix top add --detach-keys Implement podman-remote exec (jhonce) * Cleanup some orphaned code (jhonce) adapt remote exec for conmon exec (pehunt) Fix healthcheck and exec to match docs Introduce two new OCIRuntime errors to more comprehensively describe situations in which the runtime can error Use these different errors in branching for exit code in healthcheck and exec Set conmon to use new api version Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Peter Hunt <pehunt@redhat.com>

Signed-off-by: Peter Hunt <pehunt@redhat.com>

mheon · 2019-07-22T20:39:00Z

/lgtm

mheon · 2019-07-22T20:44:36Z

/approve

openshift-ci-robot · 2019-07-22T20:44:40Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cevich, haircommander, mheon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [mheon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

haircommander · 2019-07-22T20:44:53Z

/hold cancel

mheon · 2019-07-23T03:52:10Z

Thanks for sticking with this one through the endless rebases, @haircommander - it's finally merged.

debarshiray · 2019-09-10T18:43:17Z

This also fixed #3179

openshift-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 16, 2019

openshift-ci-robot requested review from mrunalp and umohnani8 May 16, 2019 20:32

openshift-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label May 16, 2019

haircommander force-pushed the conmon-exec branch 3 times, most recently from b345fa2 to 5b1f1a7 Compare May 17, 2019 14:51

jwhonce reviewed May 17, 2019

View reviewed changes

Comment thread libpod/container_internal.go Outdated

Comment thread libpod/oci_internal_linux.go Outdated

Comment thread libpod/oci_internal_linux.go Outdated

haircommander force-pushed the conmon-exec branch 6 times, most recently from a6d124e to 9d5bc14 Compare May 17, 2019 22:41

openshift-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 20, 2019

haircommander force-pushed the conmon-exec branch from 9d5bc14 to 31dad15 Compare May 23, 2019 20:03

openshift-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 23, 2019

haircommander force-pushed the conmon-exec branch 6 times, most recently from ab50020 to 15c83ab Compare May 25, 2019 02:10

mheon added the Release Notes 1.5.0 label May 28, 2019

haircommander force-pushed the conmon-exec branch 3 times, most recently from 9ceab1b to adee9d8 Compare May 28, 2019 14:49

haircommander mentioned this pull request Jul 22, 2019

use conmon v1.0.0-rc2 #3620

Merged

cevich approved these changes Jul 22, 2019

View reviewed changes

TomSweeneyRedHat reviewed Jul 22, 2019

View reviewed changes

haircommander added 2 commits July 22, 2019 15:57

bump cirrus images to get new conmon

53e1ede

Signed-off-by: Peter Hunt <pehunt@redhat.com>

This was referenced Jul 22, 2019

During shutdown, don't let Conmon die with Systemd CGroups #3474

Closed

Implement healthcheck for remote client #3476

Merged

Add ability to evict a container #3549

Merged

rootless: Rearrange setup of rootless containers ***CIRRUS: TEST IMAGES*** #3310

Merged

debarshiray mentioned this pull request Sep 10, 2019

Glitches in an interactive shell spawned via 'podman exec', but not 'podman run', due to the presence of OPOST in the outer PTY and missing ONLCR in the inner PTY #3179

Closed

kolyshkin mentioned this pull request Jan 18, 2021

runc@master with docker 20.10.2 mess up the terminal opencontainers/runc#2747

Closed

Conversation

haircommander commented May 16, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

haircommander commented May 16, 2019

Uh oh!

Uh oh!

Uh oh!

Uh oh!

rh-atomic-bot commented May 17, 2019

Uh oh!

rh-atomic-bot commented May 20, 2019

Uh oh!

rhatdan commented Jul 17, 2019

Uh oh!

haircommander commented Jul 17, 2019

Uh oh!

mheon commented Jul 17, 2019

Uh oh!

rh-atomic-bot commented Jul 18, 2019

Uh oh!

rh-atomic-bot commented Jul 18, 2019

Uh oh!

haircommander commented Jul 18, 2019

Uh oh!

mheon commented Jul 18, 2019

Uh oh!

rh-atomic-bot commented Jul 19, 2019

Uh oh!

rh-atomic-bot commented Jul 22, 2019

Uh oh!

haircommander commented Jul 22, 2019

Uh oh!

haircommander commented Jul 22, 2019

Uh oh!

haircommander commented Jul 22, 2019

Uh oh!

cevich left a comment

Choose a reason for hiding this comment

Uh oh!

cevich Jul 22, 2019

Choose a reason for hiding this comment

Uh oh!

TomSweeneyRedHat Jul 22, 2019

Choose a reason for hiding this comment

Uh oh!

haircommander Jul 22, 2019

Choose a reason for hiding this comment

Uh oh!

TomSweeneyRedHat commented Jul 22, 2019

Uh oh!

mheon commented Jul 22, 2019

Uh oh!

mheon commented Jul 22, 2019

Uh oh!

openshift-ci-robot commented Jul 22, 2019

Uh oh!

haircommander commented Jul 22, 2019

Uh oh!

mheon commented Jul 23, 2019

Uh oh!

debarshiray commented Sep 10, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

13 participants

haircommander commented May 16, 2019 •

edited

Loading