summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Bump version to v1.4.2-stable1v1.4.2-stable1Matthew Heon2019-08-05
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix parsing of the --tmpfs optionMatthew Heon2019-08-05
| | | | | | | | | With StringSlice, we're seeing individual options added and parsed separately, so `tmpfs:nosuid,nodev` turns into three tmpfs mounts passed into pkg/sec (tmpfs:, nosuid, nodev). Swap to StringArray to tell cobra this can't be split on commas. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Update to containers/storage v1.12.11Matthew Heon2019-08-05
| | | | | | Picks up overlay caching fixes we need to resolve a BZ Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add missing vendorMatthew Heon2019-08-05
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Avoid a read-write transaction on DB initMatthew Heon2019-08-05
| | | | | | | | Instead, use a less expensive read-only transaction to see if the DB is ready for use (it probably is), and only fire the expensive RW transaction if absolutely necessary. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Make configuration validation not require a DB commitMatthew Heon2019-08-05
| | | | | | | If there are missing fields, we still require a commit, but that should not happen often. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Remove exec PID files after use to prevent memory leaksMatthew Heon2019-08-05
| | | | | | | | | | | | We have another patch running to do the same for exit files, with a much more in-depth explanation of why it's necessary. Suffice to say that persistent files in tmpfs tied to container CGroups lead to significant memory allocations that last for the lifetime of the file. Based on a patch by Andrea Arcangeli (aarcange@redhat.com). Signed-off-by: Matthew Heon <mheon@redhat.com>
* Use file-based eventer for integration testsMatthew Heon2019-08-05
| | | | | | | | This adds several top-level Podman flags for specifying different events backend types, which are then used in CI. It resolves a number of serious issues with events-based testing. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix Dockerfile - a dependency's name was changedMatthew Heon2019-08-05
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Retrieve exit codes for containers via eventsMatthew Heon2019-08-05
| | | | | | | | | | | As we previously removed our exit code retrieval code to stop a memory leak, we need a new way of doing this. Fortunately, events is able to do the job for us. Signed-off-by: Matthew Heon <matthew.heon@pm.me> <Cherry-pick into 1.4.2> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* get last container eventbaude2019-08-05
| | | | | | | | an internal change in libpod will soon required the ability to lookup the last container event using the continer name or id and the type of event. this pr is in preperation for that need. Signed-off-by: baude <bbaude@redhat.com>
* podman: fix memleak caused by renaming and not deletingMatthew Heon2019-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the exit file If the container exit code needs to be retained, it cannot be retained in tmpfs, because libpod runs in a memcg itself so it can't leave traces with a daemon-less design. This wasn't a memleak detectable by kmemleak for example. The kernel never lost track of the memory and there was no erroneous refcounting either. The reference count dependencies however are not easy to track because when a refcount is increased, there's no way to tell who's still holding the reference. In this case it was a single page of tmpfs pagecache holding a refcount that kept pinned a whole hierarchy of dying memcg, slab kmem, cgropups, unrechable kernfs nodes and the respective dentries and inodes. Such a problem wouldn't happen if the exit file was stored in a regular filesystem because the pagecache could be reclaimed in such case under memory pressure. The tmpfs page can be swapped out, but that's not enough to release the memcg with CONFIG_MEMCG_SWAP_ENABLED=y. No amount of more aggressive kernel slab shrinking could have solved this. Not even assigning slab kmem of dying cgroups to alive cgroup would fully solve this. The only way to free the memory of a dying cgroup when a struct page still references it, would be to loop over all "struct page" in the kernel to find which one is associated with the dying cgroup which is a O(N) operation (where N is the number of pages and can reach billions). Linking all the tmpfs pages to the memcg would cost less during memcg offlining, but it would waste lots of memory and CPU globally. So this can't be optimized in the kernel. A cronjob running this command can act as workaround and will allow all slab cache to be released, not just the single tmpfs pages. rm -f /run/libpod/exits/* This patch solved the memleak with a reproducer, booting with cgroup.memory=nokmem and with selinux disabled. The reason memcg kmem and selinux were disabled for testing of this fix, is because kmem greatly decreases the kernel effectiveness in reusing partial slab objects. cgroup.memory=nokmem is strongly recommended at least for workstation usage. selinux needs to be further analyzed because it causes further slab allocations. The upstream podman commit used for testing is 1fe2965e4f672674f7b66648e9973a0ed5434bb4 (v1.4.4). The upstream kernel commit used for testing is f16fea666898dbdd7812ce94068c76da3e3fcf1e (v5.2-rc6). Reported-by: Michele Baldessari <michele@redhat.com> Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> <Applied with small tweaks to comments> Signed-off-by: Matthew Heon <matthew.heon@pm.me> <Further tweaks to cherry pick into 1.4.2> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #3723 from cevich/adjust_ci_142stableOpenShift Merge Robot2019-08-05
|\ | | | | Cirrus: Adjust destination branch name
| * Cirrus: Adjust destination branch nameChris Evich2019-08-05
|/ | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Bump to v1.4.2v1.4.2Matthew Heon2019-06-18
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #3370 from mheon/release_notes_1.4.2OpenShift Merge Robot2019-06-19
|\ | | | | Update release notes for Podman 1.4.2
| * Update release notes for Podman 1.4.2Matthew Heon2019-06-18
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3357 from mairin/masterOpenShift Merge Robot2019-06-18
|\ \ | | | | | | replacing podman logo SVG and PNG files
| * | updating podman logo filesMáirín Duffy2019-06-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | converts text to paths so correct logo display doesn't require Montserrat font to be installed; also updates PNG to accurately reflect logo type design to match other container project logos. addresses #3350 Signed-off-by: Máirín Duffy <duffy@redhat.com>
* | | Merge pull request #3361 from TomSweeneyRedHat/dev/tsweeney/vendorbuildah1.9OpenShift Merge Robot2019-06-18
|\ \ \ | | | | | | | | Bump Buildah to v1.9.0
| * | | Bump Buildah to v1.9.0TomSweeneyRedHat2019-06-18
| | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | Merge pull request #3360 from baude/fixporttesttimingOpenShift Merge Robot2019-06-18
|\ \ \ \ | | | | | | | | | | fix port -l timing with healthchecks
| * | | | fix port -l timing with healthchecksBrent Baude2019-06-18
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | many of the port tests use our nginx container image. in some cases, we have timing issues between when the nginx and the container are running and when the port -l command is run causing test flakes. we now use the container image's built in healthcheck to ensure that nginx is running (and subsequently the container itself) before running the port command. Fixes: #3309 Signed-off-by: Brent Baude <bbaude@redhat.com> Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #3358 from mheon/use_disk_specOpenShift Merge Robot2019-06-18
|\ \ \ \ | |_|_|/ |/| | | Swap to using the on-disk spec for inspect mounts
| * | | Swap to using the on-disk spec for inspect mountsMatthew Heon2019-06-18
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | When available, using the on-disk spec will show full mount options in use when the container is running, which can differ from mount options provided in the original spec - on generating the final spec, for example, we ensure that some form of root propagation is set. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3352 from mheon/inspect_config_to_libpodOpenShift Merge Robot2019-06-18
|\ \ \ | |_|/ |/| | Move the Config portion of Inspect into libpod
| * | Move the Config portion of Inspect into libpodMatthew Heon2019-06-17
| | | | | | | | | | | | | | | | | | | | | | | | While we're at it, rewrite how we populate it. There were several potential segfaults in the optional spec.Process block, and a few fields not being populated correctly versus 'docker inspect'. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #3354 from dankohn/patch-1OpenShift Merge Robot2019-06-18
|\ \ \ | |_|/ |/| | Replace podman.svg
| * | Replace podman.svg; closes #3350Dan Kohn2019-06-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | On a computer that doesn't have the font Montserrat installed, the old SVG won't render correctly. We converted the font text to be objects so that it renders correctly on all computers. See https://github.com/cncf/landscape#proper-svgs. Delete returns Signed-off-by: Dan Kohn <dan@dankohn.com>
* | | Merge pull request #3355 from giuseppe/fix-typosOpenShift Merge Robot2019-06-18
|\ \ \ | |/ / |/| | cmd, docs, test: fix some typos
| * | cmd, docs, test: fix some typosGiuseppe Scrivano2019-06-18
|/ / | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3338 from jwhonce/issue/3299OpenShift Merge Robot2019-06-18
|\ \ | | | | | | Add remote client log to file
| * | Add remote client logging to a fileJhon Honce2019-06-17
| |/ | | | | | | | | | | | | | | | | | | Logging messages from the dependency libraries should not log onto the screen when using the remote client. This patch writes logging to ~/.config/containers/podman-remote.log Fixes #3299 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #2947 from edsantiago/bats_in_cirrusOpenShift Merge Robot2019-06-17
|\ \ | | | | | | run BATS tests in Cirrus
| * | run BATS tests in CirrusEd Santiago2019-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I'm running the BATS tests manually once in a while, and catching several problems each week that make it past the rest of CI. Since the BATS tests run at RPM gating time, we need to catch problems earlier. Try running the tests from Cirrus. Tests will be skipped on Ubuntu due to a too-ancient version of coreutils (8.28; the 'timeout -v' we use requires 8.29). Tests are run *after* integration tests, even though these take three minutes and would be nice to have fail quickly, because running before causes bizarre CI failures. Shrug. UPDATE: also fix run test, broken by #3311. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #3257 from weirdwiz/loadOpenShift Merge Robot2019-06-17
|\ \ \ | |/ / |/| | Add warning while untagging an image podman-load
| * | Add warning while untagging an image podman-loadDivyansh Kamboj2019-06-04
| | | | | | | | | | | | Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
* | | Merge pull request #3308 from cevich/always_collect_logsOpenShift Merge Robot2019-06-17
|\ \ \ | | | | | | | | Cirrus: Simplify log collection commands
| * | | Cirrus: Simplify log collection commandsChris Evich2019-06-14
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #3297 from rhatdan/systemdOpenShift Merge Robot2019-06-17
|\ \ \ \ | | | | | | | | | | Accidently removed /run/lock from systemd mounts
| * | | | Accidently removed /run/lock from systemd mountsDaniel J Walsh2019-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is blowing up systemd containers on Ubuntu. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #3296 from arkamar/typosOpenShift Merge Robot2019-06-17
|\ \ \ \ \ | |_|_|_|/ |/| | | | Fix some typos in few *.md files
| * | | | API.md: fix few typosPetr Vaněk2019-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Appropriate changes were applied to the file cmd/podman/varlink/io.podman.varlink, in order to make changes in API.md persistent. Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
| * | | | docs/podamn.1.md: fix typo: remove double thePetr Vaněk2019-06-15
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
| * | | | CONTRIBUTING.md: fix typoPetr Vaněk2019-06-15
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
* | | | | Merge pull request #3349 from sshnaidm/masterOpenShift Merge Robot2019-06-17
|\ \ \ \ \ | | | | | | | | | | | | Fix subgidname option in docs for podman run
| * | | | | Fix subgidname option in docs for podman runSagi Shnaidman2019-06-17
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* | | | | Merge pull request #3347 from giuseppe/add-test-for-logs-fOpenShift Merge Robot2019-06-17
|\ \ \ \ \ | | | | | | | | | | | | test: add test for logs -f
| * | | | | test: add test for logs -fGiuseppe Scrivano2019-06-17
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | discussion here: https://github.com/containers/libpod/issues/3325#issuecomment-502214492 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #3348 from vrothberg/kill-errorOpenShift Merge Robot2019-06-17
|\ \ \ \ \ | |/ / / / |/| | | | kill: print ID and state for non-running containers