Bug 2180104

Summary: --health-on-failure=restart doesn't restart container
Product: Red Hat Enterprise Linux 8 Reporter: Tom Sweeney <tsweeney>
Component: podmanAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Alex Jia <ajia>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 8.9CC: acui, bbaude, container-sig, debarshir, dwalsh, extras-qa, gary.revell, go-sig, jligon, jnovy, lsm5, mboddu, mheon, patrick, pehunt, pthomas, rh.container.bot, santiago, tsweeney, umohnani, vrothber, ypu
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: podman-4.4.1-10.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2179369
: 2180125 (view as bug list) Environment:
Last Closed: 2023-11-14 15:29:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2179369    
Bug Blocks: 2180125    

Comment 1 Tom Sweeney 2023-03-20 18:03:47 UTC 
Assigning to Valentin
Comment 2 Tom Sweeney 2023-03-20 18:35:19 UTC 
Creating a ZeroDay for this BZ
Comment 4 Valentin Rothberg 2023-03-21 08:32:33 UTC 
Opened PR: https://github.com/containers/podman/pull/17864
Comment 5 Valentin Rothberg 2023-03-21 11:54:42 UTC 
PR has merged, assigning to Jindrich.
Comment 8 Alex Jia 2023-04-02 05:12:11 UTC 
This bug has been verified on podman-4.4.1-9.module+el8.8.0+18526+1b4372bd.x86_64.

root@kvm-02-guest08 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.8 (Ootpa)

[root@kvm-02-guest08 ~]# rpm -q podman runc criu systemd kernel
podman-4.4.1-9.module+el8.8.0+18526+1b4372bd.x86_64
runc-1.1.4-1.module+el8.8.0+18060+3f21f2cc.x86_64
criu-3.15-3.module+el8.8.0+18060+3f21f2cc.x86_64
systemd-239-74.el8_8.x86_64
kernel-4.18.0-477.7.1.el8_8.x86_64

[root@kvm-02-guest08 ~]# export TEMPDIR=$(mktemp -d)
[root@kvm-02-guest08 ~]# cat >${TEMPDIR}/healthcheck <<EOF                                                       
> #!/bin/sh                                                                                   
>                                                                                              
> if test -e /uh-oh; then                                                                      
>  exit 1                                                                                  
> else                                                                                                                                      
>  exit 0                                                                                  
> fi                                                                                          
> EOF
[root@kvm-02-guest08 ~]# cat >${TEMPDIR}/entrypoint <<EOF                                                        
> #!/bin/sh                                                                                   
>                                                                                              
> trap 'echo Received SIGTERM, finishing; exit' SIGTERM; echo WAITING; while :; do sleep 0.1; done
> EOF
[root@kvm-02-guest08 ~]# cat >${TEMPDIR}/Dockerfile <<EOF                                                     
> FROM registry.access.redhat.com/ubi9:latest                                                                                 
>                                                                                              
> COPY healthcheck /healthcheck                                                               
> COPY entrypoint  /entrypoint                                                                
>                                                                                              
> RUN  chmod 755 /healthcheck /entrypoint                                                                                             
> CMD ["/entrypoint"]                                                                         
> EOF
[root@kvm-02-guest08 ~]# podman build -t health-check-actions ${TEMPDIR} 
STEP 1/5: FROM registry.access.redhat.com/ubi9:latest
STEP 2/5: COPY healthcheck /healthcheck                                                               
--> Using cache ded846ca08264efd44c7d26356b387d4eecbdccec97da9fce6ad3d4be2dae033
--> ded846ca082
STEP 3/5: COPY entrypoint  /entrypoint                                                                
--> Using cache 41375e9dcd9e1a8795aec4e498318457a3ad11da351b61c4d5e6483bb777bc47
--> 41375e9dcd9
STEP 4/5: RUN  chmod 755 /healthcheck /entrypoint                                                                                             
--> Using cache 5d413c2fdc50755afbdecf76d775e28a26ca8461e6540aa094e6756d6a9c0817
--> 5d413c2fdc5
STEP 5/5: CMD ["/entrypoint"]                                                                         
--> Using cache 15c5856e81a46d8d6017930f2c0a87b113b7d65a6352c8b52ad367388cbf5679
COMMIT health-check-actions
--> 15c5856e81a
Successfully tagged localhost/health-check-actions:latest
15c5856e81a46d8d6017930f2c0a87b113b7d65a6352c8b52ad367388cbf5679
[root@kvm-02-guest08 ~]# podman run --replace -d --name test-container --health-cmd /healthcheck --health-on-failure=none --health-retries=1 health-check-actions
34128f8bebdafb16d55aa2d7129d3a1c2183471d520385d3fd0395c3285303a2
[root@kvm-02-guest08 ~]# podman ps -a
CONTAINER ID  IMAGE                                  COMMAND      CREATED        STATUS                  PORTS       NAMES
34128f8bebda  localhost/health-check-actions:latest  /entrypoint  7 seconds ago  Up 7 seconds (healthy)              test-container
[root@kvm-02-guest08 ~]# podman healthcheck run test-container
[root@kvm-02-guest08 ~]# podman ps
CONTAINER ID  IMAGE                                  COMMAND      CREATED         STATUS                   PORTS       NAMES
34128f8bebda  localhost/health-check-actions:latest  /entrypoint  16 seconds ago  Up 16 seconds (healthy)              test-container
[root@kvm-02-guest08 ~]# podman exec test-container touch /uh-oh
[root@kvm-02-guest08 ~]# podman healthcheck run test-container
unhealthy
[root@kvm-02-guest08 ~]# podman ps
CONTAINER ID  IMAGE                                  COMMAND      CREATED         STATUS                     PORTS       NAMES
34128f8bebda  localhost/health-check-actions:latest  /entrypoint  36 seconds ago  Up 36 seconds (unhealthy)              test-container
[root@kvm-02-guest08 ~]# podman run --replace -d --name test-container --health-cmd /healthcheck --health-on-failure=kill --health-retries=1 health-check-actions
test-container
bdfc2b181079539c6279a319c2f2dd5dd00a06b1c8b7ed5fd72f427dac352f4d
[root@kvm-02-guest08 ~]# podman ps
CONTAINER ID  IMAGE                                  COMMAND      CREATED        STATUS                  PORTS       NAMES
bdfc2b181079  localhost/health-check-actions:latest  /entrypoint  2 seconds ago  Up 2 seconds (healthy)              test-container
[root@kvm-02-guest08 ~]# podman exec test-container touch /uh-oh
[root@kvm-02-guest08 ~]# podman ps -a
CONTAINER ID  IMAGE                                  COMMAND      CREATED         STATUS                   PORTS       NAMES
bdfc2b181079  localhost/health-check-actions:latest  /entrypoint  17 seconds ago  Up 17 seconds (healthy)              test-container
[root@kvm-02-guest08 ~]# podman ps -a
CONTAINER ID  IMAGE                                  COMMAND      CREATED         STATUS                   PORTS       NAMES
bdfc2b181079  localhost/health-check-actions:latest  /entrypoint  20 seconds ago  Up 20 seconds (healthy)              test-container
[root@kvm-02-guest08 ~]# podman ps -a
CONTAINER ID  IMAGE                                  COMMAND      CREATED         STATUS                   PORTS       NAMES
bdfc2b181079  localhost/health-check-actions:latest  /entrypoint  22 seconds ago  Up 22 seconds (healthy)              test-container
[root@kvm-02-guest08 ~]# podman ps -a
CONTAINER ID  IMAGE                                  COMMAND      CREATED         STATUS                                  PORTS       NAMES
bdfc2b181079  localhost/health-check-actions:latest  /entrypoint  32 seconds ago  Exited (137) 2 seconds ago (unhealthy)              test-container
Comment 11 Alex Jia 2023-05-06 07:12:41 UTC 
There is no podman-4.4.1-* available in brew for rhel-8.9.0 now.
Comment 12 Alex Jia 2023-05-23 05:46:32 UTC 
This bug has been verified on podman-4.4.1-18.module+el8.9.0+18893+0b9f3df9.
Comment 14 errata-xmlrpc 2023-11-14 15:29:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: container-tools:rhel8 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6939