summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #15384 from sstosh/options-cgroupsv1-rootlessOpenShift Merge Robot2022-08-23
|\ | | | | Warning messages are printed and ignored if we use an unsupported option on cgroups V1 rootless systems
| * Warning messages are printed and ignored if we use an unsupported optionToshiki Sonoda2022-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an unsupported limit on cgroups V1 rootless systems is requested, podman prints an warning message and ignores the option/flag. ``` Target options/flags: --cpu-period, --cpu-quota, --cpu-rt-period, --cpu-rt-runtime, --cpus, --cpu-shares, --cpuset-cpus, --cpuset-mems, --memory, --memory-reservation, --memory-swap, --memory-swappiness, --blkio-weight, --device-read-bps, --device-write-bps, --device-read-iops, --device-write-iops, --blkio-weight-device ``` Related to https://github.com/containers/podman/discussions/10152 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | Merge pull request #15424 from flouthoc/inspect-image-healthcheckOpenShift Merge Robot2022-08-23
|\ \ | | | | | | inspect, image: alias `.Config.HealthCheck` to `.HealthCheck` for compatibility
| * | inspect, image: alias .Config.HealthCheck to .HealthCheck for compatibilityAditya R2022-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support inspecting image healthcheck using docker supported `.Config.HealthCheck` by aliasing field to `.HealthCheck` Now supports ```Console podman image inspect -f "{{.Config.Healthcheck}}" imagename ``` Closes: https://github.com/containers/podman/issues/14661 Signed-off-by: Aditya R <arajan@redhat.com>
* | | Merge pull request #15420 from sstosh/fix-troubleOpenShift Merge Robot2022-08-23
|\ \ \ | | | | | | | | [CI:DOCS] Update Troubleshooting.md
| * | | [CI:DOCS] Update Troubleshooting.mdToshiki Sonoda2022-08-23
| | |/ | |/| | | | | | | | | | | | | | | | - Fix the item number - Fix the links Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | Merge pull request #15422 from edsantiago/docs_dedup_podidfileOpenShift Merge Robot2022-08-23
|\ \ \ | |_|/ |/| | Man pages: refactor common options: --pod-id-file
| * | Man pages: refactor common options: --pod-id-fileEd Santiago2022-08-22
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Much like --cidfile (#15414), --pod-id-file has two meanings. One is used in pod-related commands, one in container ones. Both meanings read the file, so the read/write split used in --cidfile is not applicable here. podman-pod-create keeps its --pod-id-file option because that one cannot be refactored: that's the only command (now) that writes a pod-id file. Reviewable using hack/markdown-preprocess-review but I did take some liberties with the #### args because they were wrong. And, since I had to much with the description text anyway (resulting in diffs), I also took the liberty of cleaning up a double space. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #15414 from edsantiago/docs_dedup_cidfileOpenShift Merge Robot2022-08-22
|\ \ | |/ |/| Man pages: refactor common options: --cidfile
| * Man pages: refactor common options: --cidfileEd Santiago2022-08-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are two meanings: one writes a cidfile, the other reads. Split into two .md files. This can be reviewed with hack/markdown-preprocess-review . The main differences you'll see are all in cidfile.read: 1) I use the <<subcommand>> feature. This works nicely for kill, pause/unpause, and stop. It works less nicely for rm, because the man page will show "...and rm the container" (a human might prefer to see "REMOVE the container"). Given the benefit of this cleanup, I think this is a fine tradeoff. 2) I choose to include the "multiple times" text even on man pages where it wasn't present before. I tested to make sure it works. 3) The #### line I choose is IMHO the best one. Minor differences: * I believe the "remove the container" text in podman-kill and podman-stop is a copy/paste error. This PR fixes it. * The only differences between the cidfile.write texts is the #### line (my version is best) and a final period. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #15392 from ashley-cui/quietOpenShift Merge Robot2022-08-22
|\ \ | |/ |/| Add quiet/q flag to podman secret ls
| * Add quiet/q flag to podman secret lsAshley Cui2022-08-22
| | | | | | | | | | | | | | Add quiet/q flag to podman secret ls, which will print only the secret ID. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #15412 from edsantiago/docs_dedup_credsOpenShift Merge Robot2022-08-22
|\ \ | | | | | | Man pages: refactor common options: --creds
| * | Man pages: refactor common options: --credsEd Santiago2022-08-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor the --creds option. I went with the one in podman-pull The main difference between all of them is the '####' line, differences in the param descriptions. podman-pull had the clearest one. This is another one that hack/markdown-preprocess-review is good for reviewing. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #15363 from rhatdan/secretOpenShift Merge Robot2022-08-22
|\ \ \ | | | | | | | | podman secret create -d alias --driver, inspect -f alias --format: Docker compatibity
| * | | Add podman secret inspect -f alias for --format: Docker compatibilityDaniel J Walsh2022-08-17
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Add podman secret create -d as alias for --driver for Docker compatibilityDaniel J Walsh2022-08-17
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #15369 from ht-vo/podman-save-validationOpenShift Merge Robot2022-08-22
|\ \ \ \ | | | | | | | | | | podman save: update --compress validation
| * | | | podman save: update --compress validationHoang Thanh VO2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Hoang Thanh VO <111461555+ht-vo@users.noreply.github.com>
* | | | | Merge pull request #15381 from dfr/freebsd-enableOpenShift Merge Robot2022-08-22
|\ \ \ \ \ | | | | | | | | | | | | Enable event logging, tunnel and ABI mode for FreeBSD
| * | | | | events: Add freebsd support for libpod/eventDoug Rabson2022-08-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | cmd/podman: Enable ABI and Tunnel mode for freebsdDoug Rabson2022-08-22
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | Merge pull request #15403 from sstosh/cgroups-cpusetOpenShift Merge Robot2022-08-22
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Update how to enable resource limit delegation
| * | | | | [CI:DOCS] Update how to enable resource limit delegationToshiki Sonoda2022-08-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a information about `cpu-shares` option and `CPUSET` limits. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | | Merge pull request #15409 from vrothberg/fix-15300OpenShift Merge Robot2022-08-22
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | [CI:DOCS] elaborate on image lookups of foreign platforms
| * | | | | [CI:DOCS] elaborate on image lookups of foreign platformsValentin Rothberg2022-08-22
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After pulling/creating an image of a foreign platform, Podman will happily use it when looking it up in the local storage and will not pull down the image matching the host platform. As discussed in #12682, the reasoning for it is Docker compatibility and the fact that user already rely on the behavior. While Podman is now emitting a warning when an image is in use not matching the local platform, the documentation was lacking that information. Fixes: #15300 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | Merge pull request #15407 from edsantiago/docs_dedup_certdirOpenShift Merge Robot2022-08-22
|\ \ \ \ \ | | | | | | | | | | | | Man pages: refactor common options: cert-dir
| * | | | | Man pages: refactor common options: cert-dirEd Santiago2022-08-22
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...and, tweak markdown-process-review so it can detect and remove identical files, making review easier. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15391 from lsm5/430-dev-bumpOpenShift Merge Robot2022-08-22
|\ \ \ \ \ | | | | | | | | | | | | version bump to 4.3.0-dev
| * | | | | version bump to 4.3.0-devLokesh Mandvekar2022-08-22
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | v4.2 has been branched already. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | | Merge pull request #15394 from daniloglima/feature/update-contrib-fileOpenShift Merge Robot2022-08-22
|\ \ \ \ \ | |/ / / / |/| | | | [CI:DOCS] Update "CONTRIBUTING" file with Debian/Ubuntu dependencies"
| * | | | Update "CONTRIBUTING" file with Debian/Ubuntu dependencies"Danilo Lima2022-08-22
|/ / / / | | | | | | | | | | | | Signed-off-by: Danilo Lima <danilo.glima@outlook.com>
* | | | Merge pull request #15401 from vrothberg/fix-15388OpenShift Merge Robot2022-08-22
|\ \ \ \ | | | | | | | | | | fix CI: remove hardcodeded alpine version
| * | | | fix CI: remove hardcodeded alpine versionValentin Rothberg2022-08-22
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | The apiv2 test hardcoded the tag of the alpine image. Remove it to unblock CI. Fixes: #15388 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #15342 from edsantiago/docs_dedup_authfileOpenShift Merge Robot2022-08-22
|\ \ \ \ | |/ / / |/| | | Man pages: refactor common options: authfile
| * | | Man pages: refactor common options: authfileEd Santiago2022-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor the --authfile option. My suggestion for review: 1) run hack/markdown-preprocess-review and immediately Ctrl-Q to quit out of diffuse, which is completely unusable for this many files; then 2) cd /tmp/markdown-preprocess-review.diffs/authfile - this is the directory created by the review script 3) rm podman-image-sign* podman-log* podman-search.1.md.in - because they're essentially identical to podman-create 4) rm podman-manifest-* podman-push.* - because they're 100% identical to podman-kube-play 5) rm podman-kube-play* - because it's apart-from-whitespace identical to podman-build (use "wdiff" to confirm) 6) rm podman-auto-update* - because that's the one I chose (hence == zzz-chosen.md) (You should obviously run your own diff/cmp before rm, to confirm my assertions about which files are identical). After all that, you have a manageable number of files which you can scan, read, diff against zzz-chosen.md, even run diffuse. This option is IMHO the poster child for why we need this kind of man page refactoring. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15365 from edsantiago/test_kube_generateOpenShift Merge Robot2022-08-18
|\ \ \ \ | | | | | | | | | | podman kube generate - add actual tests
| * | | | podman generate kube - add actual testsEd Santiago2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This exposed a nasty bug in our system-test setup: Ubuntu (runc) was writing a scratch containers.conf file, and setting CONTAINERS_CONF to point to it. This was well-intentionedly introduced in #10199 as part of our long sad history of not testing runc. What I did not understand at that time is that CONTAINERS_CONF is **dangerous**: it does not mean "I will read standard containers.conf and then override", it means "I will **IGNORE** standard containers.conf and use only the settings in this file"! So on Ubuntu we were losing all the default settings: capabilities, sysctls, all. Yes, this is documented in containers.conf(5) but it is such a huge violation of POLA that I need to repeat it. In #14972, as yet another attempt to fix our runc crisis, I introduced a new runc-override mechanism: create a custom /etc/containers/containers.conf when OCI_RUNTIME=runc. Unlike the CONTAINERS_CONF envariable, the /etc file actually means what you think it means: "read the default file first, then override with the /etc file contents". I.e., we get the desired defaults. But I didn't remember this helpers.bash workaround, so our runc testing has actually been flawed: we have not been testing with the system containers.conf. This commit removes the no-longer-needed and never-actually-wanted workaround, and by virtue of testing the cap-drops in kube generate, we add a regression test to make sure this never happens again. It's a little scary that we haven't been testing capabilities. Also scary: this PR requires python, for converting yaml to json. I think that should be safe: python3 'import yaml' and 'json' works fine on a RHEL8.7 VM from 1minutetip. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15371 from dfr/freebsd-conmonOpenShift Merge Robot2022-08-18
|\ \ \ \ \ | | | | | | | | | | | | libpod: Add FreeBSD support for ConmonOCIRuntime
| * | | | | libpod: Build oci_conmon_common.go and oci_conmon_attach_common on FreeBSDDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also adds FreeBSD equivalents to the functions moved to oci_conmon*_linux.go. For openUnixSocket, we create a temporary symlink to shorten the path to something that fits into sockaddr_un. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | libpod: Move openUnixSocket to oci_conmon_attach_linux.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This function depends on linux-specific functionality in /proc/fd to allow connecting to local domain sockets with pathnames too long for sockaddr_un. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | libpod: Move moveConmonToCgroupAndSignal and GetLimits to oci_conmon_linux.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | libpod: Move socket label handling from oci_conmon_common.go to ↵Doug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | oci_conmon_linux.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | libpod: Move rootless handling from oci_conmon_common.go to oci_conmon_linux.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | libpod: Move oci_conmon_exec_linux.go to oci_conmon_exec_common.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | libpod: Move oci_conmon_attach_linux.go to oci_conmon_attach_common.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | libpod: Move oci_conmon_linux.go to oci_conmon_common.goDoug Rabson2022-08-18
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | Merge pull request #15305 from dilyanpalauzov/reword_exit_policyDaniel J Walsh2022-08-18
|\ \ \ \ \ | | | | | | | | | | | | Reword --exit-policy option
| * | | | | Reword --exit-policy optionДилян Палаузов2022-08-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot assume that the submitter has time or will to read texts about symbolism in software contributions. If the system wants to see the text nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae in each commit, people will write this, or any other text, that the system wants to see. All such text, which presence is mandated by the system, has the same value. Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
* | | | | | Merge pull request #15340 from giuseppe/conmon-rs-version-parseOpenShift Merge Robot2022-08-18
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | runtime: parse conmon-rs version