summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Rename addFIPSsModeSecret to addFIPSModeSecretJhon Honce2018-05-25
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #833 Approved by: mheon
* Make references to the Process part of Spec conditionalMatthew Heon2018-05-25
| | | | | | | | | | | The OCI runtime spec does not require Process to be passed (IE, it can be nil). Make most of our references to it conditional on it existing. Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #828 Approved by: mheon
* save and load should support multi-tag for docker-archiveumohnani82018-05-25
| | | | | | | | | | | | The docker-archive tar files can have multiple tags for the same image stored in it. Load pulls all the tags found in the archive when loading a tar file. Save can oush multiple tags of the same image to a tar archive. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #819 Approved by: rhatdan
* Implement python podman create and startJhon Honce2018-05-25
| | | | | | | | | | | | | | | - Added alias 'container()' to image model for CreateContainer() - Fixed return in containers_create.go to wrap error in varlink exception - Added a wait time to container.kill(), number of seconds to wait for the container to change state - Refactored cached_property() to use system libraries - Refactored tests to speed up performance Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #821 Approved by: rhatdan
* Spell check strings and commentsJhon Honce2018-05-25
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #831 Approved by: rhatdan
* hooks/1.0.0: Error on empty process.args instead of panickingW. Trevor King2018-05-24
| | | | | | | | | | | | | | | | | | | | | | | The process property is optional [1], which this package already handled appropriately, although I've added a new test here to guard against regressions. The process.args entry is required when process is set [2], and it's also required to contain at least one entry [3]. The previous implementation here assumed that would always be satisfied, and panicked on empty process.args. With this commit, we avoid the panic and instead return an error message explaining why the input was invalid. [1]: https://github.com/opencontainers/runtime-spec/blame/v1.0.1/config.md#L145 [2]: https://github.com/opencontainers/runtime-spec/blame/v1.0.1/config.md#L157 [3]: https://github.com/opencontainers/runtime-spec/blame/v1.0.1/config.md#L158 Reported-by: Brent Baude <bbaude@redhat.com> Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #829 Approved by: mheon
* Set Entrypoint from image only if not already setMatthew Heon2018-05-24
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #827 Approved by: rhatdan
* Update podman build to match buildah bud functionalityDaniel J Walsh2018-05-23
| | | | | | | | | Add --label, --annotations, --idfile, --squash Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #824 Approved by: TomSweeneyRedHat
* Fix test_runner call of podman varlinkJhon Honce2018-05-23
| | | | | | | | | | - Updated some tests due to slippage between tests and code - Skipped tests will be reinstated in a separate PR Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #825 Approved by: rhatdan
* Fix handling of command in imagesDaniel J Walsh2018-05-23
| | | | | | | | | | | Currently we are dropping the command entry from the create line and using the image Cmd. This change will only use the image Cmd if the user did not specify a Cmd. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #823 Approved by: umohnani8
* Add support for Zulu timestamp parsingJhon Honce2018-05-23
| | | | | | | | | - Improve error message when podman varlink service is not running Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #800 Approved by: rhatdan
* Clarify using podman build with a URL, Git repo, or archive.Joe Doss2018-05-23
| | | | | | | Signed-off-by: Joe Doss <joe@solidadmin.com> Closes: #822 Approved by: rhatdan
* Vendor in latest container/storage for devicemapper supportDaniel J Walsh2018-05-22
| | | | | | | | | | container/storage now supports devicemapper options that allow you to configure it. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #808 Approved by: mheon
* set varlink timeout to 1 secondsbaude2018-05-22
| | | | | | | | | Add option to varlink for --timeout. Input for this option is in milliseconds Signed-off-by: baude <bbaude@redhat.com> Closes: #814 Approved by: baude
* podman create, start, getattachsocketbaude2018-05-21
| | | | | | | | | First pass at implement API endpoints for create and start. Signed-off-by: baude <bbaude@redhat.com> Closes: #805 Approved by: baude
* use $GO env-var instead of hard-coded go binaryLokesh Mandvekar2018-05-21
| | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> Closes: #817 Approved by: TomSweeneyRedHat
* tidy up the copr specbaude2018-05-21
| | | | | | | | | | | | on os's (like centos) where python3 might not be installed, do not attempt to build the python3 varlink client. varlink python is only supported on python3. also, change the conditions for f28 to match the fedora official specs. Signed-off-by: baude <bbaude@redhat.com> Closes: #813 Approved by: baude
* honor multiple change valuesbaude2018-05-21
| | | | | | | | | | | | In the case where changes are made to Env, Expose, Volumes, or labels, we should honor that multiple values are valid. Resolves: #795 Signed-off-by: baude <bbaude@redhat.com> Closes: #815 Approved by: mheon
* hooks/README: Fix some Markdown typos (e.g. missing runc target)W. Trevor King2018-05-21
| | | | | | | | | | I'd accidentally introduced these typos in ea415610 (hooks/docs: Add oci-hooks.5 and per-package man page building, 2018-05-15, #772). Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #810 Approved by: mheon
* oci-hooks.5: Discuss directory precedence and monitoringW. Trevor King2018-05-21
| | | | | | | | | | | We've had this functionality since 68eb128f (pkg/hooks: Version the hook structure and add 1.0.0 hooks, 2018-04-27, #686), but didn't have any user-facing docs for it. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #811 Approved by: mheon
* Merge pull request #809 from baude/changevarlinkpathBrent Baude2018-05-19
|\ | | | | finish changing the path for varlink
| * finish changing the path for varlinkbaude2018-05-19
|/ | | | | | | cleanup the last references to /run/io.projectatomic... and make sure /run/podman/projectatomic... is used. Signed-off-by: baude <bbaude@redhat.com>
* Tighten the security on the podman varlink socketDaniel J Walsh2018-05-19
| | | | | | | | | | | We only want root to be allowed to access this socket. Also move socket to /run/podman directory. This requires us to drop a podman.conf tmpfiles.d file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #806 Approved by: mheon
* Implement podman.containers.commit()Jhon Honce2018-05-18
| | | | | | | | | | | - Add API support - Update tests - Make changes from reviews Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #798 Approved by: mheon
* Merge pull request #803 from mheon/bump_0_5_3Matthew Heon2018-05-18
|\ | | | | Bump to v0.5.3
| * Update gitvalidation epochMatthew Heon2018-05-18
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.5.4-devMatthew Heon2018-05-18
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.5.3v0.5.3Matthew Heon2018-05-18
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* remove hooks files reference and no varlink-python on f27 or epelbaude2018-05-18
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #802 Approved by: baude
* contrib/spec/podman.spec.in: Drop README-hooksW. Trevor King2018-05-18
| | | | | | | | | | | | | I'd tried to drop it here with ea415610 (hooks/docs: Add oci-hooks.5 and per-package man page building, 2018-05-15, #772), but had missed the reference added in 796d6c89 (Add python3 package to podman, 2018-05-17, #791) when rebasing around that package. With this commit, I'm killing it again ;). Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #801 Approved by: rhatdan
* troubleshooting: Add console syntax highlightingW. Trevor King2018-05-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | These blocks include both shell input and command output. GitHub uses Linuguist for syntax highlighting [1]. Linguist defines a ShellSession language to highlight those [2], although I prefer the shorter 'console' alias. This commit also makes this file more consistent about including the leading prompt and sudo. I'd also be fine using the traditional '#' prompt for privileged users instead of '$ sudo', to be less opinionated about *how* the user acquires the privileges (via sudo or otherwise). Linguist's shell-session grammar is from Atom [3], and that grammar recognizes any of >$#% as the final prompt character [4]. But I've left this facet alone for now. [1]: https://help.github.com/articles/creating-and-highlighting-code-blocks/#syntax-highlighting [2]: https://github.com/github/linguist/blob/v6.1.0/lib/linguist/languages.yml#L4362-L4373 [3]: https://github.com/github/linguist/blame/v6.1.0/vendor/README.md#L335 [4]: https://github.com/atom/language-shellscript/blob/v0.26.3/grammars/shell-session.cson#L22 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #796 Approved by: rhatdan
* Fix typoPeter Oliver2018-05-17
| | | | | | | Signed-off-by: Peter Oliver <git@mavit.org.uk> Closes: #792 Approved by: rhatdan
* Refresh pods when refreshing podman stateMatthew Heon2018-05-17
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Add per-pod CGroupsMatthew Heon2018-05-17
| | | | | | | | | | | | | Pods can now create their own (cgroupfs) cgroups which containers in them can (optionally) use. This presently only works with CGroupFS, systemd cgroups are still WIP Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Add pod stateMatthew Heon2018-05-17
| | | | | | | | | | Add a mutable state to pods, and database backend sutable for modifying and updating said state. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* hooks: Fix monitoring of multiple directoriesW. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | This isn't an issue with podman, which will only ever use one directory. But CRI-O generally uses two directories, and we want to make sure that changes to the fallback directory are not clobbering hooks configured in the override directory. More background in [1]. I've split the handling into a single-directory block and a multiple-directory block so we don't waste time polling the filesystem for single-directory removals. I'm using the single-directory block for the the zero-directory case as well. Managers with zero directories should not be receiving fsnotify events, so I don't think it really matters which block handles them. If we want to handle this case robustly (because we're concerned about something in the hook package adjusted the private .directories property on the fly?), then we'll probably want to add an explicit zero-directory block in future work. [1]: https://github.com/kubernetes-incubator/cri-o/pull/1470 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #757 Approved by: rhatdan
* Merge pull request #797 from baude/coprhooks2Brent Baude2018-05-17
|\ | | | | make sure hooks are renamed for copr spec
| * make sure hooks are renamed for copr specbaude2018-05-17
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* Use container cleanup() functions when removingMatthew Heon2018-05-17
| | | | | | | | | | | | Instead of manually calling the individual functions that cleanup uses to tear down a container's resources, just call the cleanup function to make sure that cleanup only needs to happen in one place. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #790 Approved by: rhatdan
* docs/podman.1: Link to hook documentationW. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | Collecting the Podman/libpod specifics in one place allows us use the hooks documentation which the previous commit made more generic. The re-ordered SEE ALSO is because [1]: > The list should be ordered by section number and then alphabetically > by name. [1]: http://man7.org/linux/man-pages/man7/man-pages.7.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #772 Approved by: mheon
* hooks/docs: Add oci-hooks.5 and per-package man page buildingW. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows us to reference the hooks docs from podman(1) in a way that will survive system installation. The downside is that the GitHub rendered pages become less usable, now that we can no longer embed links as freely as we could before. I've followed the "Sections within a manual page" suggestions from [1]. locale(7) is [2], which is Linux-specific. Even section numbering is platform-dependent [3], so it's unlikely that these external man references are particularly portable. Platform packagers can adjust our local references to match their target system, but that leaves the GitHub rendering in an awkward place. For now, I think a Linux-centric GitHub rendering without clickable links may be the best we can do without moving away from go-md2man. As far as I can tell, there's not a nice way to get go-md2man to wrap the links in SEE ALSO without sometimes hyphenating a URL (which makes it harder for man-page readers to copy/paste those links into their browser). I've also fixed some "extention" -> "extension" typos. [1]: http://man7.org/linux/man-pages/man7/man-pages.7.html [2]: http://man7.org/linux/man-pages/man7/locale.7.html [3]: https://en.wikipedia.org/wiki/Man_page#Manual_sections Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #772 Approved by: mheon
* Add Troubleshooting guideTomSweeneyRedHat2018-05-17
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #793 Approved by: mheon
* chrootuser: default to GID 0 when given a numeric --userNalin Dahyabhai2018-05-17
| | | | | | | | | | | | | | | When we're given a numeric --user value, default to GID 0 if the numeric ID doesn't correspond to a user entry in /etc/passwd that can provide us with the user's primary group ID. Make sure that GetAdditionalGroupsForUser() returns wrapped errors. Also test various user:group forms. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #728 Approved by: mheon
* Add python3 package to podmanbaude2018-05-17
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #791 Approved by: mheon
* libpod: fix panic when using -t and the process fails to startGiuseppe Scrivano2018-05-17
| | | | | | | | | | | | | | | | | | We were closing resize both on the receiver and the sender side. This was racy as the sender might have written to a closed channel. If the container could not be created, the attach exited immediately causing the channel to be closed before the write from resizeTty. Change the logic to close only from the senderSide and add another channel to notify the resizeTty goroutine when the container exited. Closes: https://github.com/projectatomic/libpod/issues/785 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #787 Approved by: mheon
* Makefile: Use ?= for shell variables (ISODATE, etc.)W. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, Make would execute these shell commands even if we didn't need the resulting variable. With ?='s recursive expansion [1], we only expand the variable when it's consumed. For example, the ISODATE variable is only needed in the recipe for the changelog target, so most Make invocations won't need the value, and the computation is just making whatever Make actually is doing slower. I've shifted the GIT_COMMIT and BUILD_INFO values over to LDFLAGS_PODMAN, because the test/*/* targets don't care about those. I've also moved the Go-specific -ldflags from the variables into the recipes themselves, because callers probably expect C semantics for LDFLAGS and not Go's wrapper. That means that there's no longer a need for the LDFLAGS/BASE_LDFLAGS separation, so I'm just using LDFLAGS (and LDFLAGS_PODMAN) now. That reduces the declared variables to just LDFLAGS_PODMAN, so I've shifted that declaration up to get it closer to its GIT_COMMIT and BUILD_INFO precursors. [1]: https://www.gnu.org/software/make/manual/html_node/Setting.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #777 Approved by: rhatdan
* Skip tests that are flaking, holding up merge queueJhon Honce2018-05-16
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #783 Approved by: baude
* Remove old varlink testsJhon Honce2018-05-16
| | | | | | | | | * Replaced by tests in libpod/contrib/python/test Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #766 Approved by: rhatdan
* Allow push/save without image referenceumohnani82018-05-16
| | | | | | | | | | | | If the user uses the image ID when saving to either docker-archive or oci-archive, then do not save a reference in the manifest/index.json. If the user chooses to push without an image reference, i.e <transport>:<path> it should be valid and succeed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #782 Approved by: rhatdan
* Vendor in latest containers/imageumohnani82018-05-16
| | | | | | | | | | Changes include saving image to docker-archive and oci-archive eithout an image reference. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #782 Approved by: rhatdan