Bug 1719626

Summary: podman exec rc-code needs to distinguish between stopped containers and non existing ones
Product: Red Hat Enterprise Linux 8 Reporter: Michele Baldessari <michele>
Component: podmanAssignee: Matthew Heon <mheon>
Status: CLOSED ERRATA QA Contact: atomic-bugs <atomic-bugs>
Severity: high Docs Contact:
Priority: urgent    
Version: 8.0CC: ddarrah, dornelas, dwalsh, jligon, jnovy, lmiccini, lsm5, mheon, pthomas, toneata, wchadwic, ypu
Target Milestone: rcKeywords: ZStream
Target Release: 8.1Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: podman-1.4.2-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1723470 (view as bug list) Environment:
Last Closed: 2019-11-05 21:02:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1723470, 1734574    

Description Michele Baldessari 2019-06-12 08:36:37 UTC 
Description of problem:
Currently podman exec returns 125 in both these cases:
A) Non-existing container
[root@controller-0 ~]# podman exec nonexistingcontainer /bin/true; echo $?
unable to exec into nonexistingcontainer: no container with name or ID nonexistingcontainer found: no such container
125

B) Stopped container
[root@controller-0 ~]# podman exec memcached /bin/true; echo $?
cannot exec into container that is not running
125

So in order to work around the I/O perf issues reported via https://bugzilla.redhat.com/show_bug.cgi?id=1718230, in the pacemaker podman resource agent, we're trying to avoid any "podman inspect" calls.

Currently in order to know if a container exists (running or not) at all we do:
podman inspect --format {{.State.Running}} $CONTAINER | egrep '(true|false)'

Since the above call is problematic when the system is I/O loaded, we are looking for alternatives to answer the question "does a container exist (be it running or stopped)". I tried to see if I could get that info via 'podman ps -a -l --format {{.State}} --filter name=nova_api >/dev/null 2>&1' but it seems that performance wise that is still quite expensive. On an unloaded system I get 7s for 200 podman exec calls and 40s for 200 podman ps -a -l calls.

TLDR; If I could get a separate return code from podman exec when the container does not exist (or a cheap call that tells me if the container exists [stopped or running]) that would somewhat alleviate the perf issues mentioned in bz#1718230 in the pacemaker context
Comment 1 Daniel Walsh 2019-06-12 08:55:35 UTC 
Here are the documented return codes for podman run, we need to document these for podman exec as well


       125 if the error is with podman itself

              $ podman run --foo busybox; echo $?
              # flag provided but not defined: --foo
                See 'podman run --help'.
                125

       126 if the contained command cannot be invoked

              $ podman run busybox /etc; echo $?
              # exec: "/etc": permission denied
                podman: Error response from daemon: Contained command could not be invoked
                126

       127 if the contained command cannot be found

              $ podman run busybox foo; echo $?
              # exec: "foo": executable file not found in $PATH
                podman: Error response from daemon: Contained command not found or does not exist
                127


It would seem that 126 might be the correct code to return for podman exec if the container is stopped.
Comment 2 Michele Baldessari 2019-06-12 09:14:54 UTC 
(In reply to Daniel Walsh from comment #1) 
> It would seem that 126 might be the correct code to return for podman exec
> if the container is stopped.

Ack, that should work to cover this case
Comment 3 Daniel Walsh 2019-06-12 09:18:51 UTC 
https://github.com/containers/libpod/pull/3307
https://github.com/containers/libpod/pull/3306

PTAL
Comment 12 Joy Pu 2019-09-27 15:36:04 UTC 
Test with podman-1.4.2-5.module+el8.1.0+4240+893c1ab8.x86_64 and it works as expect:
Fri Sep 27 15:24:36 UTC 2019
$podman exec nonexistingcontainer /bin/true; echo $?
Error: unable to exec into nonexistingcontainer: no container with name or ID nonexistingcontainer found: no such container
125

$ podman run -it busybox
/ # exit
$ podman ps -a
CONTAINER ID  IMAGE                             COMMAND  CREATED        STATUS                    PORTS  NAMES
67f868be0f97  docker.io/library/busybox:latest  sh       4 seconds ago  Exited (0) 2 seconds ago         mystifying_shaw
$ podman exec 67f868be0f97 /bin/true; echo $?
Error: cannot exec into container that is not running: container state improper
126
Comment 14 errata-xmlrpc 2019-11-05 21:02:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3403