summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Replace all usages of "install -D" with "install -d"Jhon Honce2018-09-18
| | | | | | | | | Fixes #1481 Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1496 Approved by: rhatdan
* Increase pidWaitTimeout to 1000msEmilien Macchi2018-09-18
| | | | | | | | | | | | | | | | | When managing the containers with systemd, it takes a bit more than 250ms to have podman creating the pidfile. Increasing the value to 1 second will avoid timeout issues when running a lot of containers managed by systemd. This patch was tested in a VM with 56 services (OpenStack) deployed by TripleO and managed by systemd. Fixes #1495 Signed-off-by: Emilien Macchi <emilien@redhat.com> Closes: #1497 Approved by: rhatdan
* Small updates to OCI spec generationMatthew Heon2018-09-17
| | | | | | | | | | | | | Firstly, when adding the privileged catch-all resource device, first remove the spec's default catch-all resource device. Second, remove our default rootfs propogation config - Docker does not set this by default, so I don't think we should either. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1491 Approved by: TomSweeneyRedHat
* Add new tests for ipc namespace sharingDaniel J Walsh2018-09-17
| | | | | | | | | | We seem to be having a few flakes on namespace sharing. Adding this test to make sure sharing with the host is working correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1485 Approved by: mheon
* Hooks supports two directories, process default and overrideDaniel J Walsh2018-09-17
| | | | | | | | | | | | | ALso cleanup files section or podman man page Add description of policy.json Sort alphabetically. Add more info on oci hooks Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1487 Approved by: umohnani8
* Merge pull request #1490 from mheon/bump-0.9.2.1Matthew Heon2018-09-17
|\ | | | | Bump to 0.9.2.1
| * Bump gitvalidation epochMatthew Heon2018-09-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.3-devMatthew Heon2018-09-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.2.1v0.9.2.1Matthew Heon2018-09-17
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1489 from mheon/release_notes_0.9.2.1Matthew Heon2018-09-17
|\ | | | | Update release notes for 0.9.2.1
| * Update release notes for 0.9.2.1Matthew Heon2018-09-17
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Vendor in latest projectatomic/buildahDaniel J Walsh2018-09-15
| | | | | | | | | | | | | Buildah Fixes to COPY and ADD to properly follow symbolic links is SRC is a symbolic link Print out a digest message on successful push. We should not drop the Bounding set when running as a non priv user in podman build Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1483 Approved by: rhatdan
* Vndr latest containers/imageDaniel J Walsh2018-09-15
| | | | | | | | | Containers image has a fix docker tarfile: use the cached digest if existing Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1482 Approved by: rhatdan
* Merge pull request #1480 from mheon/bump-0.9.2Matthew Heon2018-09-14
|\ | | | | Bump to 0.9.2
| * Bump gitvalidation epochMatthew Heon2018-09-14
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.3-devMatthew Heon2018-09-14
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.2v0.9.2Matthew Heon2018-09-14
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1479 from mheon/release_notes_0.9.2Matthew Heon2018-09-14
|\ | | | | Update release notes for 0.9.2
| * Update release notes for 0.9.2Matthew Heon2018-09-14
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1472 from giuseppe/rootless-fix-entrypointMatthew Heon2018-09-14
|\ | | | | rootless: do not raise an error if the entrypoint is specified
| * rootless: do not raise an error if the entrypoint is specifiedGiuseppe Scrivano2018-09-14
| | | | | | | | | | | | | | | | | | | | do not error out when the storage is not initialized and the entrypoint command is not available for the specified image. Check it when we re-exec in an user namespace and can access the storage. Closes: https://github.com/containers/libpod/issues/1452 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1467 from rhatdan/devMatthew Heon2018-09-14
|\ \ | | | | | | Don't mount /dev/* if user mounted /dev
| * | Don't mount /dev/* if user mounted /devDaniel J Walsh2018-09-14
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #1461 from rhatdan/runMatthew Heon2018-09-14
|\ \ \ | | | | | | | | Remove duplicate code between create.go and run.go
| * | | Remove duplicate code between create.go and run.goDaniel J Walsh2018-09-13
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Create two new createInit for checking if the cotnainer is initialized correctly. createContainer which creates the actual container and containerConfig Also added libpodruntime.GetContainerRuntime to put common runtime code into separate function. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #1464 from mheon/optionally_disable_port_reservationMatthew Heon2018-09-14
|\ \ \ | | | | | | | | Add a way to disable port reservation
| * | | Add a way to disable port reservationMatthew Heon2018-09-13
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We've increased the default rlimits to allow Podman to hold many ports open without hitting limits and crashing, but this doesn't solve the amount of memory that holding open potentially thousands of ports will use. Offer a switch to optionally disable port reservation for performance- and memory-constrained use cases. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | Merge pull request #1474 from baude/varlinkinforegistriesMatthew Heon2018-09-14
|\ \ \ | | | | | | | | add registry information to varlink info
| * | | add registry information to varlink infobaude2018-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the varlink api, we should pass on the registries information as is present in the cli info command. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #1434 from rhatdan/waitMatthew Heon2018-09-14
|\ \ \ \ | | | | | | | | | | Add --interval flag to podman wait
| * | | | Add --interval flag to podman waitDaniel J Walsh2018-09-13
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | Waiting uses a lot of CPU, so drop back to checking once/second and allow user to pass in the interval. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #1478 from baude/fedoraminimalMatthew Heon2018-09-14
|\ \ \ \ | |_|_|/ |/| | | change search test to look for fedora and not fedora-minimal
| * | | change search test to look for fedora and not fedora-minimalbaude2018-09-14
|/ / / | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | / libpod/image/pull: Return image-pulling errors from doPullImageW. Trevor King2018-09-14
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were already writing these to our debug logs. But collecting them and including them in the error message will make it easier for callers who don't have debugging enabled to figure out what's going wrong. Using multierror gives us both pretty formatting (when we print this for the user) and programmatic access (for any callers that need to inspect the constituent errors). With this commit and a config like: $ cat /etc/containers/registries.conf [registries.search] registries = ['registry.access.redhat.com', 'quay.io', 'docker.io'] pulling an unqualified missing image looks like: $ podman pull does-not/exist Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed Trying to pull quay.io/does-not/exist:latest...Failed Trying to pull docker.io/does-not/exist:latest...Failed error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred: * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors: denied: requested access to the resource is denied unauthorized: authentication required A qualified image looks like: $ podman pull quay.io/does-not/exist Trying to pull quay.io/does-not/exist...Failed error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized If one of the searched repositories was offline, you'd get a more useful routing error for that specific registry. For example: $ cat /etc/hosts 127.0.0.1 quay.io $ podman pull does-not/exist Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed Trying to pull quay.io/does-not/exist:latest...Failed Trying to pull docker.io/does-not/exist:latest...Failed error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred: * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors: denied: requested access to the resource is denied unauthorized: authentication required This is our first direct dependency on multierror, but we've been vendoring it for a while now because opencontainers/runtime-tools uses it for config validation. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1456 Approved by: rhatdan
* | Merge pull request #1473 from mheon/update_gitvalidation_epochMatthew Heon2018-09-14
|\ \ | | | | | | Update gitvalidation epoch to avoid a bad commit
| * | Update gitvalidation epoch to avoid a bad commitMatthew Heon2018-09-14
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | Update README to reflect current development effortsMatthew Heon2018-09-14
|/ / | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1468 from TomSweeneyRedHat/dev/tsweeney/readmerelMatthew Heon2018-09-14
|\ \ | | | | | | Add Buildah Podman relationship to README.md
| * | Add Buildah Podman relationship to README.mdTomSweeneyRedHat2018-09-13
|/ / | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Swap default mount propagation from private to rprivateMatthew Heon2018-09-13
| | | | | | | | | | | | | | | | | | | | This matches Docker behavior more closely and should resolve an issue we were seeing with /sys mounts Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1465 Approved by: rhatdan
* | Add notes to check version on problemTomSweeneyRedHat2018-09-13
| | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1462 Approved by: rhatdan
* | Do not set rlimits if we are rootlessMatthew Heon2018-09-13
| | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1437 Approved by: rhatdan
* | Up default Podman rlimits to avoid max open filesMatthew Heon2018-09-13
| | | | | | | | | | | | | | | | | | | | | | Every port we open consumes an open FD. This can easily consume all available FDs for the podman process. Set rlimits to resolve this. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1437 Approved by: rhatdan
* | Search registries with an empty queryUrvashi Mohnani2018-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds functionality to search registries implementing the v2 endpoint with an empty query, that is the results will be all the available images on the registries. If this is tried with a v1 registry an error will occur. To search a whole registry, there needs to be a trailing slash at the end, i.e `podman search registry.fedoraproject.org/`. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #1444 Approved by: rhatdan
* | Vendor in latest containers/imageUrvashi Mohnani2018-09-13
|/ | | | | | | | | Picks up changes made to authentication for registry search. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #1444 Approved by: rhatdan
* Add `podman rm --volumes` flagDaniel J Walsh2018-09-13
| | | | | | | | | | While this is not implemented yet, it is needed for working with existing docker scripts. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1460 Approved by: mheon
* Vendor in latest containers/storage to eliminage deadlockDaniel J Walsh2018-09-12
| | | | | | | | | | When running lots of podman commands simultaneously we were able to get into a deadlock situation. The updated containers/storage should fix this issue. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1454 Approved by: mheon
* do not build with devicemapperbaude2018-09-12
| | | | | | | | | | as of now, we do not want to build with device mapper because it cannot handle parallel requests which would be common-place in podman. Signed-off-by: baude <bbaude@redhat.com> Closes: #1445 Approved by: mheon
* run different cgroup tests depending on conditionsbaude2018-09-12
| | | | | | | | | | | | | | when running podman's integration tests, we need to be able to understand our environment because the podman command will differ as will the results. there is no 100% way to know if we are in a container, but using a combination of container= and checking /proc seemed reasonable for our test suite. non of this code is run in podman proper. Signed-off-by: baude <bbaude@redhat.com> Closes: #1441 Approved by: mheon
* dont make python when running makebaude2018-09-12
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1443 Approved by: mheon