summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #1467 from rhatdan/devMatthew Heon2018-09-14
|\ | | | | Don't mount /dev/* if user mounted /dev
| * Don't mount /dev/* if user mounted /devDaniel J Walsh2018-09-14
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #1461 from rhatdan/runMatthew Heon2018-09-14
|\ \ | | | | | | Remove duplicate code between create.go and run.go
| * | Remove duplicate code between create.go and run.goDaniel J Walsh2018-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create two new createInit for checking if the cotnainer is initialized correctly. createContainer which creates the actual container and containerConfig Also added libpodruntime.GetContainerRuntime to put common runtime code into separate function. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #1464 from mheon/optionally_disable_port_reservationMatthew Heon2018-09-14
|\ \ \ | | | | | | | | Add a way to disable port reservation
| * | | Add a way to disable port reservationMatthew Heon2018-09-13
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We've increased the default rlimits to allow Podman to hold many ports open without hitting limits and crashing, but this doesn't solve the amount of memory that holding open potentially thousands of ports will use. Offer a switch to optionally disable port reservation for performance- and memory-constrained use cases. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | Merge pull request #1474 from baude/varlinkinforegistriesMatthew Heon2018-09-14
|\ \ \ | | | | | | | | add registry information to varlink info
| * | | add registry information to varlink infobaude2018-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the varlink api, we should pass on the registries information as is present in the cli info command. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #1434 from rhatdan/waitMatthew Heon2018-09-14
|\ \ \ \ | | | | | | | | | | Add --interval flag to podman wait
| * | | | Add --interval flag to podman waitDaniel J Walsh2018-09-13
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | Waiting uses a lot of CPU, so drop back to checking once/second and allow user to pass in the interval. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #1478 from baude/fedoraminimalMatthew Heon2018-09-14
|\ \ \ \ | |_|_|/ |/| | | change search test to look for fedora and not fedora-minimal
| * | | change search test to look for fedora and not fedora-minimalbaude2018-09-14
|/ / / | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | / libpod/image/pull: Return image-pulling errors from doPullImageW. Trevor King2018-09-14
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were already writing these to our debug logs. But collecting them and including them in the error message will make it easier for callers who don't have debugging enabled to figure out what's going wrong. Using multierror gives us both pretty formatting (when we print this for the user) and programmatic access (for any callers that need to inspect the constituent errors). With this commit and a config like: $ cat /etc/containers/registries.conf [registries.search] registries = ['registry.access.redhat.com', 'quay.io', 'docker.io'] pulling an unqualified missing image looks like: $ podman pull does-not/exist Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed Trying to pull quay.io/does-not/exist:latest...Failed Trying to pull docker.io/does-not/exist:latest...Failed error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred: * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors: denied: requested access to the resource is denied unauthorized: authentication required A qualified image looks like: $ podman pull quay.io/does-not/exist Trying to pull quay.io/does-not/exist...Failed error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized If one of the searched repositories was offline, you'd get a more useful routing error for that specific registry. For example: $ cat /etc/hosts 127.0.0.1 quay.io $ podman pull does-not/exist Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed Trying to pull quay.io/does-not/exist:latest...Failed Trying to pull docker.io/does-not/exist:latest...Failed error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred: * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors: denied: requested access to the resource is denied unauthorized: authentication required This is our first direct dependency on multierror, but we've been vendoring it for a while now because opencontainers/runtime-tools uses it for config validation. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1456 Approved by: rhatdan
* | Merge pull request #1473 from mheon/update_gitvalidation_epochMatthew Heon2018-09-14
|\ \ | | | | | | Update gitvalidation epoch to avoid a bad commit
| * | Update gitvalidation epoch to avoid a bad commitMatthew Heon2018-09-14
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | Update README to reflect current development effortsMatthew Heon2018-09-14
|/ / | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1468 from TomSweeneyRedHat/dev/tsweeney/readmerelMatthew Heon2018-09-14
|\ \ | | | | | | Add Buildah Podman relationship to README.md
| * | Add Buildah Podman relationship to README.mdTomSweeneyRedHat2018-09-13
|/ / | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Swap default mount propagation from private to rprivateMatthew Heon2018-09-13
| | | | | | | | | | | | | | | | | | | | This matches Docker behavior more closely and should resolve an issue we were seeing with /sys mounts Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1465 Approved by: rhatdan
* | Add notes to check version on problemTomSweeneyRedHat2018-09-13
| | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1462 Approved by: rhatdan
* | Do not set rlimits if we are rootlessMatthew Heon2018-09-13
| | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1437 Approved by: rhatdan
* | Up default Podman rlimits to avoid max open filesMatthew Heon2018-09-13
| | | | | | | | | | | | | | | | | | | | | | Every port we open consumes an open FD. This can easily consume all available FDs for the podman process. Set rlimits to resolve this. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1437 Approved by: rhatdan
* | Search registries with an empty queryUrvashi Mohnani2018-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds functionality to search registries implementing the v2 endpoint with an empty query, that is the results will be all the available images on the registries. If this is tried with a v1 registry an error will occur. To search a whole registry, there needs to be a trailing slash at the end, i.e `podman search registry.fedoraproject.org/`. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #1444 Approved by: rhatdan
* | Vendor in latest containers/imageUrvashi Mohnani2018-09-13
|/ | | | | | | | | Picks up changes made to authentication for registry search. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #1444 Approved by: rhatdan
* Add `podman rm --volumes` flagDaniel J Walsh2018-09-13
| | | | | | | | | | While this is not implemented yet, it is needed for working with existing docker scripts. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1460 Approved by: mheon
* Vendor in latest containers/storage to eliminage deadlockDaniel J Walsh2018-09-12
| | | | | | | | | | When running lots of podman commands simultaneously we were able to get into a deadlock situation. The updated containers/storage should fix this issue. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1454 Approved by: mheon
* do not build with devicemapperbaude2018-09-12
| | | | | | | | | | as of now, we do not want to build with device mapper because it cannot handle parallel requests which would be common-place in podman. Signed-off-by: baude <bbaude@redhat.com> Closes: #1445 Approved by: mheon
* run different cgroup tests depending on conditionsbaude2018-09-12
| | | | | | | | | | | | | | when running podman's integration tests, we need to be able to understand our environment because the podman command will differ as will the results. there is no 100% way to know if we are in a container, but using a combination of container= and checking /proc seemed reasonable for our test suite. non of this code is run in podman proper. Signed-off-by: baude <bbaude@redhat.com> Closes: #1441 Approved by: mheon
* dont make python when running makebaude2018-09-12
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1443 Approved by: mheon
* Explicitly set default CNI network name in libpod.confMatthew Heon2018-09-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1438 Approved by: TomSweeneyRedHat
* Pass on securityOpts from podInfraContainer to container added to pod.Daniel J Walsh2018-09-11
| | | | | | | | | | This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way. Signed-off-by: haircommander <pehunt@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1347 Approved by: mheon
* Merge pull request #1436 from mheon/bump-0.9.1.1Matthew Heon2018-09-10
|\ | | | | Bump to v0.9.1.1
| * Bump gitvalidation epochMatthew Heon2018-09-10
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.2-devMatthew Heon2018-09-10
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.1.1v0.9.1.1Matthew Heon2018-09-10
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1435 from mheon/release_notes_0.9.1.1Matthew Heon2018-09-10
|\ | | | | Update release notes for 0.9.1.1
| * Update release notes for 0.9.1.1Matthew Heon2018-09-10
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Replace existing iptables handler with firewall codeMatthew Heon2018-09-10
| | | | | | | | | | | | Use the new firewall code vendored from CNI to replace the existing iptables rule addition handler we had in place. This adds proper support for firewalld and should be much better at interacting with the firewall. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1431 Approved by: baude
* Vendor CNI plugins firewall codeMatthew Heon2018-09-10
| | | | | | | | | | | | | | The upstream CNI project has a PR open for adding iptables and firewalld support, but this has been stalled for the better part of a year upstream. On advice of several maintainers, we are vendoring this code into libpod, to perform the relevant firewall configuration ourselves. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1431 Approved by: baude
* Fix displaying size on size calculation errorSteve Baker2018-09-07
| | | | | | | | | | | | | | With this change if an error is raised when fetching the size of the image, the error string will be printed as the size (instead of panicing). In this particular case, the error string is "unable to determine size". This fixes bug #1405 Signed-off-by: Steve Baker <sbaker@redhat.com> Closes: #1423 Approved by: mheon
* Merge pull request #1428 from mheon/bump-0.9.1Matthew Heon2018-09-07
|\ | | | | Bump to v0.9.1
| * Bump gitvalidation epochMatthew Heon2018-09-07
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.2-devMatthew Heon2018-09-07
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.1v0.9.1Matthew Heon2018-09-07
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1427 from mheon/release_notes_0.9.1Matthew Heon2018-09-07
|\ | | | | Update RELEASE_NOTES for 0.9.1 release
| * Update RELEASE_NOTES for 0.9.1 releaseMatthew Heon2018-09-07
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Fix pod sharing for utsmodeDaniel J Walsh2018-09-07
| | | | | | | | | | | | | We should be sharing cgroups namespace by default in pods uts namespace sharing was broken in pods. Create a new libpod/pkg/namespaces for handling of namespace fields in containers Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1418 Approved by: mheon
* Respect user-added mounts over default spec mountsMatthew Heon2018-09-07
| | | | | | | | | | | | | | When there was a conflict between a user-added volume and a mount already in the spec, we previously respected the mount already in the spec and discarded the user-added mount. This is counter to expected behavior - if I volume-mount /dev into the container, I epxect it will override the default /dev in the container, and not be ignored. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1419 Approved by: TomSweeneyRedHat
* Ensure we do not overlap mounts in the specMatthew Heon2018-09-07
| | | | | | | | | | | When user-specified volume mounts overlap with mounts already in the spec, remove the mount in the spec to ensure there are no conflicts. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1419 Approved by: TomSweeneyRedHat
* Change references to cri-o to point at new repositoryDaniel J Walsh2018-09-07
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1425 Approved by: mheon