system: add new subcommand "migrate" #2950
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
approved
giuseppe
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
libpod/runtime.go
Outdated
There was a problem hiding this comment.
We want to be holding the alive lock here, to ensure that other Podman instances don't start while we're still migrating containers
There was a problem hiding this comment.
If the BecomeRoot call prevents us from grabbing it here, migrate() itself should take the lock and hold it
There was a problem hiding this comment.
once we re-exec, the rootless instance will run with euid==0 and it will hold the lock. This is to prevent a deadlock with the re-execed process
libpod/runtime_migrate.go
Outdated
There was a problem hiding this comment.
We should at least log errors here
There was a problem hiding this comment.
probably here it is safer to return on error. I'll change it
libpod/runtime_migrate.go
Outdated
There was a problem hiding this comment.
Can we try and match the full path, in case people were actually specifying a non-default path?
libpod/runtime_migrate.go
Outdated
There was a problem hiding this comment.
Again, probably worth logging failures, at least
There was a problem hiding this comment.
Also, maybe we should plumb a context in here through NewRuntime.
giuseppe
force-pushed
the
podman-system-migrate
branch
3 times, most recently
from
a4a45fc to
431994c
Compare
giuseppe
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
libpod/runtime_migrate.go
Outdated
There was a problem hiding this comment.
This looks like it can't be rolled back. Do we want to add a "Are your sure you want to do this?" kind of prompt in here somewhere?
There was a problem hiding this comment.
I expect this to be used in a non interactive way, e.g. as part of the upgrade
TomSweeneyRedHat
left a comment
TomSweeneyRedHat
left a comment
There was a problem hiding this comment.
Need to update command.md with an entry for this command.
Any chance to add a test? Seems hard to pull off, but thought I'd ask.
giuseppe
force-pushed
the
podman-system-migrate
branch
from
1344dc3 to
301b7f8
Compare
do I need to add it? It is a subcommand of system
we would need to have an old version of podman preinstalled |
|
I'll let @mheon make the call on the "should it be on commands.md" or not. I think yes. Currently we have separate listings for "podman container *" and "podman volume *", but we don't do the same for "podman system *". The test sounds like a headache, I'd not worry about it then. Sounds like you were considering the same roadblock that I was. |
|
☔ The latest upstream changes (presumably #2917) made this pull request unmergeable. Please resolve the merge conflicts. |
|
@giuseppe @TomSweeneyRedHat If |
|
Is this something we should run in the postinstall? How are we going to tell individual users that we need to run this. Can we do a check in the podman command? |
libpod/options.go
Outdated
There was a problem hiding this comment.
Isn't this not lock-related so much as pidfile-related? I'd call Migrate a generic way to update container configuration between versions
libpod/options.go
Outdated
There was a problem hiding this comment.
I feel like we ought to pass this through NewRuntime() as an argument instead of with an option
|
Needs a rebase to get the SELinux fixes. |
giuseppe
force-pushed
the
podman-system-migrate
branch
from
e781039 to
1156494
Compare
|
tests are happy! |
|
I'll hit my comments once this merges in a separate PR, let's get this landed. |
|
☔ The latest upstream changes (presumably #2973) made this pull request unmergeable. Please resolve the merge conflicts. |
|
@giuseppe You picked up merge conflicts. |
giuseppe
force-pushed
the
podman-system-migrate
branch
from
1156494 to
fd60dd7
Compare
rebased again |
|
LGTM and happy green test buttons. |
|
☔ The latest upstream changes (presumably #2850) made this pull request unmergeable. Please resolve the merge conflicts. |
giuseppe
force-pushed
the
podman-system-migrate
branch
from
fd60dd7 to
e2c2e6e
Compare
|
☔ The latest upstream changes (presumably #3014) made this pull request unmergeable. Please resolve the merge conflicts. |
giuseppe
force-pushed
the
podman-system-migrate
branch
from
e2c2e6e to
182e761
Compare
it is useful to migrate existing containers to a new version of podman. Currently, it is needed to migrate rootless containers that were created with podman <= 1.2 to a newer version which requires all containers to be running in the same user namespace. Closes: containers#2935 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
force-pushed
the
podman-system-migrate
branch
from
182e761 to
f49e0c1
Compare
|
tests are green again |
|
/lgtm |
We merged containers#2950 with some nits still remaining, as Giuseppe was going on PTO. This addresses those small requested changes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Small fixes for #2950
github-actions
bot
added
the
locked - please file new issue/PR
9 participants
it is useful to migrate existing containers to a new version of
podman. Currently, it is needed to migrate rootless containers that
were created with podman <= 1.2 to a newer version which requires all
containers to be running in the same user namespace.
Closes: #2935
Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com