summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #1778 from vrothberg/update-seccompOpenShift Merge Robot2018-11-08
|\ | | | | update seccomp.json
| * update seccomp.jsonValentin Rothberg2018-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Merge the following changes from the upstream Moby seccomp profile: * commit b2a907c8cab6 ("Whitelist statx syscall for libseccomp-2.3.3 onward") * commit 47dfff68e436 ("Whitelist syscalls linked to CAP_SYS_NICE in default seccomp profile") * commit ccd22ffcc8b5 ("Move the syslog syscall to be gated by CAP_SYS_ADMIN or CAP_SYSLOG") Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* | Merge pull request #1773 from TomSweeneyRedHat/dev/tsweeney/logoptfix1OpenShift Merge Robot2018-11-07
|\ \ | | | | | | Touch up --log* options and daemons in man pages
| * | Touch up --log* options and daemons in man pagesTomSweeneyRedHat2018-11-07
|/ / | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #1774 from mheon/fix_add_hosts_testOpenShift Merge Robot2018-11-07
|\ \ | | | | | | Fix run --hostname test that started failing post-merge
| * | Fix run --hostname test that started failing post-mergeMatthew Heon2018-11-07
|/ / | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #1764 from rhatdan/nopasswdOpenShift Merge Robot2018-11-07
|\ \ | | | | | | Don't fail if /etc/passwd or /etc/group does not exists
| * | Don't fail if /etc/passwd or /etc/group does not existsDaniel J Walsh2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Container images can be created without passwd or group file, currently if one of these containers gets run with a --user flag the container blows up complaining about t a missing /etc/passwd file. We just need to check if the error on read is ENOEXIST then allow the read to return, not fail. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #1771 from baude/prepareOpenShift Merge Robot2018-11-07
|\ \ \ | | | | | | | | move defer'd function declaration ahead of prepare error return
| * | | move defer'd function declaration ahead of prepare error returnbaude2018-11-07
| |/ / | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #1689 from mheon/add_runc_timeoutOpenShift Merge Robot2018-11-07
|\ \ \ | | | | | | | | Do not call out to runc for sync
| * | | Print error status code if we fail to parse itMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we read the conmon error status file, if Atoi fails to parse the string we read from the file as an int, print the string as part of the error message so we know what might have gone wrong. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Properly set Running state when starting containersMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | Fix misspellingMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | Retrieve container PID from conmonMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of running a full sync after starting a container to pick up its PID, grab it from Conmon instead. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | If a container ceases to exist in runc, set exit statusMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we scan a container in runc and see that it no longer exists, we already set ContainerStatusExited to indicate that it no longer exists in runc. Now, also set an exit code and exit time, so PS output will make some sense. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | EXPERIMENTAL: Do not call out to runc for syncMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When syncing container state, we normally call out to runc to see the container's status. This does have significant performance implications, though, and we've seen issues with large amounts of runc processes being spawned. This patch attempts to use stat calls on the container exit file created by Conmon instead to sync state. This massively decreases the cost of calling updateContainer (it has gone from an almost-unconditional fork/exec of runc to a single stat call that can be avoided in most states). Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | | Actually save changes from post-stop syncMatthew Heon2018-11-07
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | After stopping containers, we run updateContainerStatus to sync our state with runc (pick up exit code, for example). Then we proceed to not save this to the database, requiring us to grab it again on the next sync. This should remove the need to read the exit file more than once. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | Merge pull request #1767 from mheon/remove_conmon_cgroup_firstOpenShift Merge Robot2018-11-07
|\ \ \ | | | | | | | | Remove conmon cgroup before pod cgroup for cgroupfs
| * | | Remove conmon cgroup before pod cgroup for cgroupfsMatthew Heon2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pods using cgroupfs, we were seeing some error messages in CI from an inability to remove the pod CGroup, which was traced down to the conmon cgroup still being present as a child. Try to remove these error messages and ensure successful CGroup deletion by removing the conmon CGroup first, then the pod cgroup. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | | Merge pull request #1761 from giuseppe/rootless-systemdOpenShift Merge Robot2018-11-07
|\ \ \ \ | | | | | | | | | | rootless: don't bind mount /sys/fs/cgroup/systemd in systemd mode
| * | | | rootless: mount /sys/fs/cgroup/systemd from the hostGiuseppe Scrivano2018-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | systemd requires /sys/fs/cgroup/systemd to be writeable. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: don't bind mount /sys/fs/cgroup/systemd in systemd modeGiuseppe Scrivano2018-11-07
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | it is not writeable by non-root users so there is no point in having access to it from a container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #1751 from QiWang19/issue1745OpenShift Merge Robot2018-11-07
|\ \ \ \ | |_|/ / |/| | | Add hostname to /etc/hosts
| * | | Add hostname to /etc/hostsQi Wang2018-11-07
| | |/ | |/| | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #1762 from mheon/fix_python_testsOpenShift Merge Robot2018-11-07
|\ \ \ | | | | | | | | Temporarily fix the Python tests to fix some PRs
| * | | Temporarily fix the Python tests to fix some PRsMatthew Heon2018-11-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Python podman bindings have issues around kill - specifically attempting to make it act like stop, when it should not. We provide no guarantee of what state a container if in after kill - it should be stopped, but we might have sent something that's not SIGKILL. If you want a container or pod stopped, guaranteed, use Stop(). The Python code attempted to ensure a container was actually stopped after kill was run, which runs counter the above. This was holding up some PRs that caused changes in how libpod obtains its state, so for now, change pod kill to pod stop until the proper changes in the Python code can be made. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | Merge pull request #1616 from cevich/cirrus_add_systemtestOpenShift Merge Robot2018-11-07
|\ \ \ | |/ / |/| | Cirrus-CI: Add option to run system-tests
| * | Cirrus-CI: Add option to run system-testsChris Evich2018-10-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Normally, we would not run system-tests as part of PR-level CI, they're simply too heavy-weight and complex. However, in some instances it may be desirable to provide a quick feedback loop, prior to release packaging and official testing. Enable this by executing the system-tests when a magic string is present in the PR description: ``***CIRRUS: SYSTEM TEST***`` Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #1768 from baude/pausecontainertestsOpenShift Merge Robot2018-11-07
|\ \ \ | |_|/ |/| | Fix cleanup for "Pause a bunch of running containers"
| * | Fix cleanup for "Pause a bunch of running containers"baude2018-11-06
|/ / | | | | | | | | | | | | | | When running integration tests in our CI, we observe a problem where paused containers are not able to be stopped; and therefore cannot be cleaned up. This leaves dangling mounts and sometimes zombied conmon processes. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1743 from jwhonce/issue/1702OpenShift Merge Robot2018-11-05
|\ \ | | | | | | Add ChangeAction to parse sub-options from --change
| * | Add ChangeAction to parse sub-options from --changeJhon Honce2018-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Covers both commit and import commands * Cleaned up export command * Removed unneeded calls to super().__init__() Fixes #1702 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #1754 from isimluk/attach-shall-not-lock-me-outOpenShift Merge Robot2018-11-04
|\ \ \ | | | | | | | | `--interactive` shall keep STDIN attached even when not explicitly set
| * | | --interactive shall keep STDIN attached even when not explicitly called outŠimon Lukašík2018-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Addressing: podman run -it -a STDERR --rm alpine /bin/ash hanging. As we droped stdin as soon as -a was used. Notice this is contrary to what D-tool does and contrary to what podman help implies: podman run --help | grep interact --interactive, -i Keep STDIN open even if not attached Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
* | | | Merge pull request #1753 from isimluk/fix-podmanOpenShift Merge Robot2018-11-03
|\ \ \ \ | |/ / / |/| | | Do never override podman with docker
| * | | Do never override podman with dockerŠimon Lukašík2018-11-03
|/ / / | | | | | | | | | Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
* | | Merge pull request #1748 from jwhonce/issue/1655OpenShift Merge Robot2018-11-01
|\ \ \ | | | | | | | | Fix long image name handling
| * | | Fix long image name handlingJhon Honce2018-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fixed issue where podman printed '<none>' and pypodman skipped the image * Fixed issue where port was printed in place of tags Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #1737 from baude/parakillOpenShift Merge Robot2018-11-01
|\ \ \ \ | | | | | | | | | | Make kill, pause, and unpause parallel.
| * | | | Make kill, pause, and unpause parallel.baude2018-11-01
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Operations like kill, pause, and unpause -- which can operation on one or more containers -- can greatly benefit from parallizing its main job (eq kill). In the case of pauseand unpause, an --all option as was added. pause --all will pause all **running** containers. And unpause --all will unpause all **paused** containers. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #1738 from baude/pararestartOpenShift Merge Robot2018-11-01
|\ \ \ \ | |/ / / |/| | | Make restart parallel and add --all
| * | | Make restart parallel and add --allbaude2018-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When attempting to restart many containers, we can benefit from making the restarts parallel. For convenience, two new options are added: --all attempts to restart all containers --run-only when used with --all will attempt to restart only running containers Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #1746 from baude/renamebaudeOpenShift Merge Robot2018-11-01
|\ \ \ \ | |_|/ / |/| | | replace quay.io/baude to quay.io/libpod
| * | | replace quay.io/baude to quay.io/libpodbaude2018-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | images used for our integration suite have moved from my work account to a group organization called libpod. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #1624 from cevich/update_fedoraOpenShift Merge Robot2018-11-01
|\ \ \ \ | | | | | | | | | | Cirrus: Enable updating F28 image
| * | | | Cirrus: Enable updating F28 imageChris Evich2018-10-31
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously this was disabled as some package was breaking networking on GCE after updating + rebooting. This is fixed now, so we should update packages when building the fedora test VM image. https://pagure.io/cloud-sig/issue/292 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #1603 from cevich/fix_cirrus_image_buildOpenShift Merge Robot2018-11-01
|\ \ \ \ | | | | | | | | | | Fix Cirrus/Packer VM image building
| * | | | Cirrus: Skip rebuilding images unless instructedChris Evich2018-10-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Given frequent merges, it doesn't make sense to rebuild the VM testing images every time. Instead, monitor the PR title and description for a magic string, only triggering builds on a match: ***CIRRUS: REBUILD IMAGES*** Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | Cirrus: Disable image build job abort on pushChris Evich2018-10-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Normally cirrus will abort jobs if another push is made to a branch. However, with image builds, other VMs are created/managed by packer. Therefor if cirrus aborts a task, it's possible some packer managed VMs will be left behind. Disable this behavior for image-building only. Signed-off-by: Chris Evich <cevich@redhat.com>