summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add labels to secretsAshley Cui2022-09-20
| | | | | | | Add --label/-l label flag to secret create, and show labels when inspecting secrets. Also allow labeling secrets via libpod/compat API. Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #15749 from dfr/freebsd-networkingOpenShift Merge Robot2022-09-12
|\ | | | | Add support for networking on FreeBSD
| * libpod: Move ocicniPortsToNetTypesPorts and compareOCICNIPorts to ↵Doug Rabson2022-09-12
| | | | | | | | | | | | | | | | networking_common.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move NetworkDisconnect and NetworkConnect to networking_common.goDoug Rabson2022-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also moves Runtime methods ConnectContainerToNetwork and DisconnectContainerFromNetwork as well as support functions getFreeInterfaceName and normalizeNetworkName. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org> libpod: Move (Connect|Disconnect)Container(To|From)Network and normalizeNetworkName to networking_common.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move resultToBasicNetworkConfig to networking_common.goDoug Rabson2022-09-12
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Add support for getContainerNetworkInfo on FreeBSDDoug Rabson2022-09-12
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move getContainerNetworkInfo to networking_common.goDoug Rabson2022-09-12
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move isBridgeNetMode and reloadContainerNetwork to networking_common.goDoug Rabson2022-09-12
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move teardownNetwork and teardownCNI to networking_common.goDoug Rabson2022-09-12
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move setUpNetwork and getCNIPodName to networking_common.goDoug Rabson2022-09-12
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move convertPortMappings and getNetworkOptions to networking_common.goDoug Rabson2022-09-12
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Add FreeBSD implementation of container networkingDoug Rabson2022-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This uses a jail to manage the container's network. Container jails for all containers in a pod are nested within this and share the network resources. There is some code in networking_freebsd.go which is common with networking_linux.go. Subsequent commits will move the shared code to networking_common.go to reduce this duplication. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Re-work the container's network state to help code sharingDoug Rabson2022-09-12
| | | | | | | | | | | | | | | | | | | | This replaces the NetworkJail string field with a struct pointer named NetNS. This does not try to emulate the complete NetNS interface but does help to re-use code that just refers to c.state.NetNS. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move platform-specific bind mounts to a per-platform methodDoug Rabson2022-09-12
| | | | | | | | | | | | | | | | | | This adds a new per-platform method makePlatformBindMounts and moves the /etc/hostname mount. This file is only needed on Linux. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Avoid a nil dereference when generating resolv.conf on FreeBSDDoug Rabson2022-09-12
| | | | | | | | | | | | | | | | | | The code which generates resolv.conf dereferenced c.config.Spec.Linux and this field is not set for FreeBSD containers. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | Merge pull request #15717 from Luap99/eventsOpenShift Merge Robot2022-09-12
|\ \ | | | | | | fix several podman events issues
| * | podman events --format: fix duplicated newlinePaul Holzinger2022-09-12
| | | | | | | | | | | | | | | | | | | | | The --format changes caused a duplicated newline. PR #15678 should have a test for this. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix race where podman events exits to earlyPaul Holzinger2022-09-12
| | | | | | | | | | | | | | | | | | | | | In order to display all events we have to read until the event channel is closed. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | set default EventsLogFilePath on first runPaul Holzinger2022-09-12
| | | | | | | | | | | | | | | | | | | | | | | | The current code only sets EventsLogFilePath when the tmp is overwritten from the db. We should always set the default when no path was set in containers.conf. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Improve --tmpdir and --events-backend docsPaul Holzinger2022-09-12
| | | | | | | | | | | | | | | | | | List the default paths to the event log file and the tmpdir option. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | Use new secret store APIAshley Cui2022-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | Refactored secrets API in common for stability purposes. Move podman to said API. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
| * | libpod: runtime newEventer() cleanupPaul Holzinger2022-09-12
| | | | | | | | | | | | | | | | | | | | | There is no reason to create a new eventer every time. The libpod runtime already has one attached which should be used instead. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | event backend journald: fix problem with empty journalPaul Holzinger2022-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman events will just fail with `Error: failed to get journal cursor: failed to get cursor: cannot assign requested address` when the journal contains zero podman events. The problem is that we are using the journal accessors wrong. There is no need to call GetCursor() and compare them manually. The Next() return an integer which tells if it moved to the next or not. This means the we can remove GetCursor() which would fail when there is no entry. This also includes another bug fix. Previously the logic called Next() twice for the first entry which caused us to miss the first entry. To reproduce this issue you can run the following commands: ``` sudo journalctl --rotate sudo journalctl --vacuum-time=1s ``` Note that this will delete the full journal. Now run podman events and it fails but with this patch it works. Now generate a single event, i.e. podman pull alpine, and run podman events --until 1s. I am not sure how to get a reliable test into CI, I really do not want to delete the journal and developer or CI systems. Fixes second part of #15688 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | event backend none: return an error when reading eventsPaul Holzinger2022-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | podman --events-backend none events should return with an error since it will never be able to actually list events. Fixes part three of #15688 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix hang with podman events file loggerPaul Holzinger2022-09-12
| |/ | | | | | | | | | | | | | | | | | | | | | | | | podman --events-backend file events --stream=false should never hang. The problem is that our tail library will wait for the file to be created which makes sense when we do not run with --stream=false. To fix this we can just always create the file when the logger is initialized. This would also help to report errors early on in case the file is not accessible. Fixes part one from #15688 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #15751 from edsantiago/docs_dedup_volumes_fromOpenShift Merge Robot2022-09-12
|\ \ | |/ |/| [CI:DOCS] Man pages: refactor common options: --volumes-from
| * Man pages: refactor common options: --volumes-fromEd Santiago2022-09-12
| | | | | | | | | | | | | | | | | | | | Removed a spurious right-bracket; went with upper-case for options; removed 'you's; added some <<container|pod>>s. Hard to review because none of the existing man pages had it quite right. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #15511 from rhatdan/codespellOpenShift Merge Robot2022-09-12
|\ \ | | | | | | Fix stutters
| * | Fix stuttersDaniel J Walsh2022-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman adds an Error: to every error message. So starting an error message with "error" ends up being reported to the user as Error: error ... This patch removes the stutter. Also ioutil.ReadFile errors report the Path, so wrapping the err message with the path causes a stutter. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #15747 from vrothberg/docs-volumeOpenShift Merge Robot2022-09-12
|\ \ \ | |_|/ |/| | [CI:DOCS] --volume: consistent wording
| * | [CI:DOCS] --volume: consistent wordingValentin Rothberg2022-09-12
| | | | | | | | | | | | | | | | | | | | | Make sure that the wording of mounting something _from_ the source _into_ the destination is consistent. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #15744 from dfr/vendorOpenShift Merge Robot2022-09-12
|\ \ \ | |/ / |/| | update c/storage to latest
| * | update c/storage to latestDoug Rabson2022-09-12
|/ / | | | | | | Signed-off-by: Doug Rabson <dfr@rabson.org>
* | Merge pull request #15737 from Juneezee/refactor/os.ReadDirOpenShift Merge Robot2022-09-12
|\ \ | | | | | | refactor: use `os.ReadDir` for lightweight directory reading
| * | refactor: use `os.ReadDir` for lightweight directory readingEng Zer Jun2022-09-11
| | | | | | | | | | | | | | | | | | | | | | | | `os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil` package. It is a more efficient implementation than `ioutil.ReadDir`. Reference: https://pkg.go.dev/io/ioutil#ReadDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* | | Merge pull request #15734 from KenMacD/add-pathOpenShift Merge Robot2022-09-12
|\ \ \ | |/ / |/| | Include PATH in conmon env.
| * | Include more environment variables in conmon env.Kenny MacDermid2022-09-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Include the path and helper binary dir so that the podman environment more closely matches when conmon calls it as an exit command. Also match the CONTAINERS_CONF lookup to the codestyle of other environment lookups. [NO NEW TESTS NEEDED] Resolves #15707 Signed-off-by: Kenny MacDermid <kenny@macdermid.ca>
* | | Merge pull request #15728 from tyler92/fix-cpu-millis-limitOpenShift Merge Robot2022-09-10
|\ \ \ | |_|/ |/| | Fix CPU usage limitation in play kube for non integer values
| * | Fix CPU usage limitation in play kube for non integer valuesMikhail Khachayants2022-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This logic has been broken by commit 9c6c981928c3e020ff6eef9454c7ee86aa8c83d1 (kube: fix conversion from milliCPU to period/quota). [NO NEW TESTS NEEDED] Fixes: #15726 Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
* | | Merge pull request #15725 from cevich/no_multiarch_winOpenShift Merge Robot2022-09-10
|\ \ \ | |/ / |/| | [CI:BUILD] Cirrus: Don't run win_installer in multiarch cron
| * | Cirrus: Don't run win_installer in multiarch cronChris Evich2022-09-09
|/ / | | | | | | | | | | | | | | | | | | The win_installer task fails on the `multiarch` cirrus-cron build. This is because it depends on the `Windows Cross` (alt_build) task which is bypassed in this context. This will cause the `repo.tbz` download to constantly throw 404s. Fix this by skipping the win_installer task for the `multiarch` (container images) build. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #15706 from edsantiago/docs_dedup_volumeOpenShift Merge Robot2022-09-09
|\ \ | | | | | | [CI:DOCS] Man pages: refactor common options: --volume
| * | Man pages: refactor common options: --volumeEd Santiago2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This one is a nightmare, because --volume has been edited in four different files throughout the years (five if you count podman-build, which I am not including in this PR). Those edits have not always been done in sync. The list of options was reordered 2022-06-28 by Giuseppe in #14734, but only in podman-create and -run (not in podman-pod-*). No explanation of why, but I'll assume he knew what he was doing, and have accepted that for the reference copy. There was also a big edit in #8519. The "Propagation property...bind mounted" sentence first appeared in pod-clone, in #14299 by cdoern, with no obvious source of where it came from. I choose to include it in the reference copy. The "**copy**" option seems to work in pod-create, so I'm including it in the reference copy. Someone please yell loudly if this is not the case. The "disables SELinux separation for containers used in the build", no idea, changed that to just "for the container/pod" The "advanced users / overlay / upperdir / workdir" paragraph makes zero sense to me, but hey, I assume it applies to all the commands, so I put it in the reference copy. Finally, there's still a mishmash of backticks, asterisks, underscores, and even quotation marks. Someone is gonna have to perform major cleanup on this one day, but at least it'll be in only one place. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #15719 from ↵OpenShift Merge Robot2022-09-09
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.18incompatible build(deps): bump github.com/docker/docker from 20.10.17+incompatible to 20.10.18+incompatible
| * | | build(deps): bump github.com/docker/dockerdependabot[bot]2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.17+incompatible to 20.10.18+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.17...v20.10.18) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #15716 from vrothberg/fix-15661OpenShift Merge Robot2022-09-09
|\ \ \ \ | |_|/ / |/| | | stop: fix error handling
| * | | stop: fix error handlingValentin Rothberg2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the error handling in the fallback logic of `stop` when Podman resorts to killing a container; the error message wrapped the wrong error. [NO NEW TESTS NEEDED] as it is a rare flake in the tests and I do not know how to reliably reproduce it. Fixes: #15661 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #15687 from vrothberg/RUN-1639OpenShift Merge Robot2022-09-09
|\ \ \ \ | | | | | | | | | | health check: add on-failure actions
| * | | | health check: add on-failure actionsValentin Rothberg2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For systems that have extreme robustness requirements (edge devices, particularly those in difficult to access environments), it is important that applications continue running in all circumstances. When the application fails, Podman must restart it automatically to provide this robustness. Otherwise, these devices may require customer IT to physically gain access to restart, which can be prohibitively difficult. Add a new `--on-failure` flag that supports four actions: - **none**: Take no action. - **kill**: Kill the container. - **restart**: Restart the container. Do not combine the `restart` action with the `--restart` flag. When running inside of a systemd unit, consider using the `kill` or `stop` action instead to make use of systemd's restart policy. - **stop**: Stop the container. To remain backwards compatible, **none** is the default action. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | Merge pull request #15462 from edsantiago/system_tests_for_updateOpenShift Merge Robot2022-09-09
|\ \ \ \ \ | |_|_|/ / |/| | | | system tests for update