Add ability to evict a container

[marcov]

Add ability to evict a container when it becomes unusable. This may
happen when the host setup changes after a container creation, making it
impossible for that container to be used or removed.

---

This may happen when you create a container with a specific runtime in libpod.conf, and later the runtime name is changed in the the conf, with outcome:

$ sudo podman run -d --runtime foo-runtime alpine sleep 12345
add950497c58b4004aee3a6077658615882f8487f9dca4a337fad14c01fb4077

$ sudo sed -i "s/foo-runtime/bar-runtime/" /etc/containers/libpod.conf

$ sudo podman ps -a
ERRO[0000] Error retrieving container add950497c58b4004aee3a6077658615882f8487f9dca4a337fad14c01fb4077 from the database: cannot find OCI runtime "foo-runtime" for container add950497c58b4004aee3a6077658615882f8487f9dca4a337fad14c01fb4077: runtime not available in the current configuration
CONTAINER ID  IMAGE                        COMMAND               CREATED      STATUS                     PORTS                                          NAMES
50c843e037fe  localhost/cups-epson:latest  cupsd -f              2 hours ago  Exited (0) 31 minutes ago  0.0.0.0:6631->631/tcp, 0.0.0.0:3000->3000/tcp  suspicious_germain
c684f0d469f2  k8s.gcr.io/pause:3.1                               9 days ago   Exited (0) 31 minutes ago  0.0.0.0:6631->631/tcp, 0.0.0.0:3000->3000/tcp  e812f6be094a-infra

$ sudo podman rm -ff ad
add950497c58b4004aee3a6077658615882f8487f9dca4a337fad14c01fb4077

[openshift-ci-robot]

Hi @marcov. Thanks for your PR.

I'm waiting for a containers or openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[marcov]

@mheon I'd like your feedback on this, to see if it is going in the right direction.

[rh-atomic-bot]

☔ The latest upstream changes (presumably #3470) made this pull request unmergeable. Please resolve the merge conflicts.

[mheon]

Hmmm. I think we can reuse RemoveContainer() here - it doesn't actually need anything in the container state.

We can make a Container struct with a ContainerConfig we get out of GetContainerConfig, set state to an empty struct to avoid potential dereference segfaults, and pass it into RemoveContainer

[marcov]

That makes sense, I have done some more refactoring and removed a good part of the duplicated code.

[marcov]

@mheon unrelated to this PR: here c is a pointer, and shadowing does not make sense:
https://github.com/containers/libpod/blob/6f3e7f7eccdfed03d3d617a9040d5e0b844ea637/pkg/adapter/containers.go#L212-L213

[rhatdan]

/ok-to-test

[marcov]

@vrothberg, if I do like you said, then how can I call iopodman.EvictContainer here?

https://github.com/containers/libpod/blob/128a1707f7d9e8df648a6ba353bfa16b9bef2431/pkg/adapter/containers_remote.go#L323-L339

[mheon]

Why are we trying to force the Varlink API to follow CLI conventions? These are separate operations and the API should treat them as such, even if we decide to conflate in the command line.

…

On Mon, Aug 19, 2019, 10:03 Marco Vedovati ***@***.***> wrote: @vrothberg <https://github.com/vrothberg>, if I do like you said, then how can I call iopodman.EvictContainer here? https://github.com/containers/libpod/blob/128a1707f7d9e8df648a6ba353bfa16b9bef2431/pkg/adapter/containers_remote.go#L323-L339 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#3549>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AB3AOCG455MHJDMG2GUSW4DQFKR25ANCNFSM4H7RUQJQ> .

[rhatdan]

Any update on this PR?

[marcov]

I am still willing to have this merged, just let me know if there's something to change.

[mheon]

I think we're relatively close - I'll do another review pass on Monday.

[giuseppe]

@marcov could you please rebase this PR?

[marcov]

Rebased

[vrothberg]

Tests aren't happy yet. @marcov, once it's green we can merge it :)

@mheon, can you do another review?

[marcov]

Failures looked unrelated at a first glance. I've rebased and let's see...

[vrothberg]

@marcov, the error seems to be introduced with this PR. Running go test -v github.com/containers/libpod/libpod will report a breaking unit test.

[marcov]

Thank you @vrothberg, a mere glance was not enough 😆

[marcov]

Ok, tests now are better. I don't think the only test failing is related to this PR (hopefully I'm not wrong again)

[rhatdan]

Ok this needs a review by @mheon and then we can merge.

[mheon]

I think we have some unsettled debate about how and when to call this - but that can happen separately.
/lgtm

[haircommander]

(still needs /approve)

[mheon]

Oops
/approve

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: marcov, mheon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mheon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment