summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Make rootless-cni setup more robustPaul Holzinger2021-07-06
| | | | | | | | | | | | | | | | | | | The rootless cni namespace needs a valid /etc/resolv.conf file. On some distros is a symlink to somewhere under /run. Because the kernel will follow the symlink before mounting, it is not possible to mount a file at exactly /etc/resolv.conf. We have to ensure that the link target will be available in the rootless cni mount ns. Fixes #10855 Also fixed a bug in the /var/lib/cni directory lookup logic. It used `filepath.Base` instead of `filepath.Dir` and thus looping infinitely. Fixes #10857 [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #10853 from tnk4on/fixed_notation_for_macosOpenShift Merge Robot2021-07-05
|\ | | | | [CI:DOCS] Fixed notation for macOS
| * Fixed notation for macOSShion Tanaka2021-07-03
| | | | | | | | Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
* | Merge pull request #10836 from Luap99/diffOpenShift Merge Robot2021-07-03
|\ \ | | | | | | podman diff accept two images or containers
| * | podman diff accept two images or containersPaul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #10852 from Luap99/cobraOpenShift Merge Robot2021-07-03
|\ \ \ | |_|/ |/| | bump cobra to v1.2.1 and update the shell completion scripts
| * | update shell completion scriptsPaul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new cobra v1.2.0 release brings a number of bug fixes for shell completion scripts. Regenerate the scripts with `make completions` to sync them with the upstream version, currently we have some custom ones to avoid some upstream bugs. Because the new cobra version has all fixes we should use the upstream scripts. Add a check to CI to ensure we always use the up to date scripts. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Bump github.com/spf13/cobra to v1.2.1Paul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | Fixes #9730 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #10851 from Luap99/service-reaperOpenShift Merge Robot2021-07-02
|\ \ \ | | | | | | | | podman service reaper
| * | | podman service reaperPaul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new service reaper package. Podman currently does not reap all child processes. The slirp4netns and rootlesskit processes are not reaped. The is not a problem for local podman since the podman process dies before the other processes and then init will reap them for us. However with podman system service it is possible that the podman process is still alive after slirp died. In this case podman has to reap it or the slirp process will be a zombie until the service is stopped. The service reaper will listen in an extra goroutine on SIGCHLD. Once it receives this signal it will try to reap all pids that were added with `AddPID()`. While I would like to just reap all children this is not possible because many parts of the code use `os/exec` with `cmd.Wait()`. If we reap before `cmd.Wait()` things can break, so reaping everything is not an option. [NO TESTS NEEDED] Fixes #9777 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #10850 from baude/issue10824OpenShift Merge Robot2021-07-02
|\ \ \ \ | | | | | | | | | | Create podman temp dir on machine start
| * | | | Create podman temp dir on machine startbaude2021-07-02
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the tempdir for the OS does not have a podman/, machine start will fail. An example would be after a reboot. We now create the podman dir if it does not exist. Fixes #10824 [NO TESTS NEEDED] Signed-off-by: baude <baude@baudes-Mac-mini.localdomain> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #10842 from vrothberg/search-docsOpenShift Merge Robot2021-07-02
|\ \ \ \ | |/ / / |/| | | [CI:DOCS] podman search: clarify that results depend on implementation
| * | | [CI:DOCS] podman search: clarify that results depend on implementationValentin Rothberg2021-07-02
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clarify in the man page that podman-search is not generally realiable way of determining the presence/existence of an image. The results of the v1 and the v2 endpoints depend on the implementation of each registry; the semantics are not really specified. Some registries may not support search at all as it's not part of the OCI dist spec. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1978556 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10844 from vrothberg/vendor-commonOpenShift Merge Robot2021-07-02
|\ \ \ | |/ / |/| | vendor containers/common@main
| * | force github.com/spf13/cobra@v1.1.3Valentin Rothberg2021-07-02
| | | | | | | | | | | | | | | | | | v1.2.0 is breaking CI (see containers/podman/pull/10844). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | vendor containers/common@mainValentin Rothberg2021-07-02
|/ / | | | | | | | | | | | | Pull in fixes for local image lookups. Fixes: #10835 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10804 from matejvasek/fix-cp-sub-cmdOpenShift Merge Robot2021-07-01
|\ \ | | | | | | Implement --archive flag for podman cp
| * | Implement --archive flag for podman cpMatej Vasek2021-07-01
| |/ | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #10837 from giuseppe/ignore-ESRCHOpenShift Merge Robot2021-07-01
|\ \ | |/ |/| podman: ignore ESRCH from kill
| * podman: ignore ESRCH from killGiuseppe Scrivano2021-07-01
|/ | | | | | | | Closes: https://github.com/containers/podman/issues/10826 [NO TESTS NEEDED] Fixes a race condition Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #10816 from rhatdan/networkOpenShift Merge Robot2021-06-30
|\ | | | | Handle advanced --network options in podman play kube
| * Handle advanced --network options in podman play kubeDaniel J Walsh2021-06-30
|/ | | | | | | | Since Podman create/run can support this, so should play. Fixes: https://github.com/containers/podman/issues/10807 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10827 from cevich/master_to_mainOpenShift Merge Robot2021-06-30
|\ | | | | Cirrus: Fixes due to master->main rename
| * Cirrus: Fixes due to master->main renameChris Evich2021-06-30
|/ | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #10823 from vrothberg/vendor-commonOpenShift Merge Robot2021-06-30
|\ | | | | vendor containers/common@7482cf851dcc
| * vendor containers/common@7482cf851dccValentin Rothberg2021-06-30
| | | | | | | | | | | | | | Make sure that image events are written *after* execution. Fixes: #10812 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10749 from TomSweeneyRedHat/dev/tsweeney/cni2.2.1_docOpenShift Merge Robot2021-06-30
|\ \ | | | | | | Add CNI rootless networking troubleshooting for v2.2.1
| * | Add CNI rootless networking troubleshooting for v2.2.1TomSweeneyRedHat2021-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | A CNI container image is required for rootless networking in V2.2.1 (RHEL 8.3.1) and through v3.0.1. Add a note in the troubleshooting guide with a pointer to the documenation for that. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #10789 from flouthoc/system-reset-prune-externalOpenShift Merge Robot2021-06-30
|\ \ \ | |_|/ |/| | reset: remove external containers on podman system reset
| * | reset: remove external containers on podman system resetflouthoc2021-06-30
| | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | Merge pull request #10761 from ↵OpenShift Merge Robot2021-06-30
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.32.4 Bump github.com/containers/storage from 1.32.3 to 1.32.4
| * | | Bump github.com/containers/storage from 1.32.3 to 1.32.5Daniel J Walsh2021-06-29
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.3 to 1.32.5. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.32.3...v1.32.5) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10821 from jwhonce/wip/connectionOpenShift Merge Robot2021-06-30
|\ \ \ | | | | | | | | Enhance system connection add URL input
| * | | Enhance system connection add URL inputJhon Honce2021-06-29
|/ / / | | | | | | | | | | | | | | | * Add support for the tcp and unix schemes in connection URLs. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #10819 from ashley-cui/connlsOpenShift Merge Robot2021-06-29
|\ \ \ | |/ / |/| | [NO TESTS NEEDED] Make system connection ls deterministic
| * | Make system connection ls deterministicAshley Cui2021-06-29
| | | | | | | | | | | | | | | | | | Sort system connection ls by name, making the output deterministic. Previously, we were just iterating through a map, which caused CI flakes. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #10811 from ↵OpenShift Merge Robot2021-06-29
|\ \ \ | |/ / |/| | | | | | | | containers/dependabot/go_modules/github.com/containers/ocicrypt-1.1.2 Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
| * | Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2dependabot[bot]2021-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.1 to 1.1.2. - [Release notes](https://github.com/containers/ocicrypt/releases) - [Commits](https://github.com/containers/ocicrypt/compare/v1.1.1...v1.1.2) --- updated-dependencies: - dependency-name: github.com/containers/ocicrypt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #10803 from lsm5/remove-cni-conflistOpenShift Merge Robot2021-06-29
|\ \ \ | |/ / |/| | Makefile: remove install.cni
| * | Makefile: remove install.cniLokesh Mandvekar2021-06-28
| |/ | | | | | | | | | | | | We no longer need to install /etc/cni/net.d/87-podman-bridge.conflist so install.cni isn't needed either. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #10786 from tobwen/tobwen-ETCDIROpenShift Merge Robot2021-06-28
|\ \ | |/ |/| [NO TEST NEEDED] prefix `ETCDIR` with `${PREFIX}/`
| * prefix `ETCDIR` with `${PREFIX}/`tobwen2021-06-26
|/ | | | | | `ETCDIR` isn't prefixed and led to dangling files in `DESTDIR/etc` Signed-off-by: Tobias Wendorff <1864057+tobwen@users.noreply.github.com>
* Merge pull request #10736 from trusch/feature-use-secret-configOpenShift Merge Robot2021-06-25
|\ | | | | read secret config from config file if no user data.
| * make DriverOpts name consistent.Tino Rusch2021-06-25
| | | | | | | | Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
| * read secret config from config file if no user data.Tino Rusch2021-06-24
| | | | | | | | | | | | | | | | | | | | | | | | feat: read secret config from config file if the user hasn't entered explicit config values feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret create command to allow overriding the default values fix: show driver options in `podman secret inspect` Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
* | Merge pull request #10774 from vrothberg/registriesOpenShift Merge Robot2021-06-25
|\ \ | | | | | | remove `pkg/registries`
| * | remove `pkg/registries`Valentin Rothberg2021-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull the trigger on the `pkg/registries` package which acted as a proxy for `c/image/pkg/sysregistriesv2`. Callers should be using the packages from c/image directly, if needed at all. Also make use of libimage's SystemContext() method which returns a copy of a system context, further reducing the risk of unintentionally altering global data. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10416 from tych0/activation-drop-FDNAMESOpenShift Merge Robot2021-06-25
|\ \ \ | | | | | | | | pkg/systemd: don't require LISTEN_FDNAMES for socket activation
| * | | pkg/systemd: don't require LISTEN_FDNAMES for socket activationTycho Andersen2021-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LISTEN_FDNAMES is optional, the docs for sd_listen_fds() says: This information is read from the $LISTEN_FDNAMES variable, which **may** contain a colon-separated list of names. emphasis mine (indeed, the cited coreos code also suggests it is optional). This actually results in bug, since the default /contrib/systemd/system/podman.socket file doesn't set a FileDescriptorName=. podman when run with this systemd configuration *always* starts in unix socket mode since SocketActivated() will return false because the name is missing. The bug is a race with a very small window: between when podman does the unlink() and when it re-binds the socket later in the code, requests made during this time will fail since nothing is listening. There's another small race when the service stops and systemd realizes it and starts listening again. However, small this window we managed to hit it :). Let's fix this by ignoring LISTEN_FDNAMES. Since the code in cmd/podman/system/service_abi.go:restService() ignores this value anyway when setting up the socket activated stuff, there's no real loss here. Signed-off-by: Tycho Andersen <tycho@tycho.pizza>