summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Ensure pod infra containers have an exit commandMatthew Heon2020-08-13
| | | | | | | | | | | | | | | | | | | | | | Most Libpod containers are made via `pkg/specgen/generate` which includes code to generate an appropriate exit command which will handle unmounting the container's storage, cleaning up the container's network, etc. There is one notable exception: pod infra containers, which are made entirely within Libpod and do not touch pkg/specgen. As such, no cleanup process, network never cleaned up, bad things can happen. There is good news, though - it's not that difficult to add this, and it's done in this PR. Generally speaking, we don't allow passing options directly to the infra container at create time, but we do (optionally) proxy a pre-approved set of options into it when we create it. Add ExitCommand to these options, and set it at time of pod creation using the same code we use to generate exit commands for normal containers. Fixes #7103 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #7269 from openSUSE/seccompOpenShift Merge Robot2020-08-11
|\ | | | | Allow specifying seccomp profiles for privileged containers
| * Allow specifying seccomp profiles for privileged containersSascha Grunert2020-08-11
| | | | | | | | | | | | | | To sync the behavior between AppArmor and seccomp it is now possible to also specify seccomp profiles for privileged containers. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7239 from rhatdan/workingOpenShift Merge Robot2020-08-11
|\ \ | | | | | | Fix handling of working dir
| * | Fix handling of working dirDaniel J Walsh2020-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Buildah and podman build can create images without a working dir. FROM fedora WORKDIR /test If you build this image with caching twice, the second time the image will not have a working dir. Similarly if you execute podman run --workdir /foobar fedora It blows up since the workingdir is not created automatically. Finally there was duplicated code for getting the workingdir out of an image, that this PR removes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7261 from zhangguanzhang/ps-format-add-fieldOpenShift Merge Robot2020-08-11
|\ \ \ | | | | | | | | Add the `Status` field in the ps --format=json
| * | | Add the Status field in the ps --format=jsonzhangguanzhang2020-08-11
| | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | Merge pull request #7266 from rhatdan/manOpenShift Merge Robot2020-08-11
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Add missing pages for docs.podman.io
| * | | | Add missing pages for docs.podman.ioDaniel J Walsh2020-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Lots of references to man pages missing from docs.podman.io Also fix sort order in man pages and other documents. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7282 from ParkerVR/tags-digestOpenShift Merge Robot2020-08-11
|\ \ \ \ \ | |_|/ / / |/| | | | Img Pull - Error pass through
| * | | | Error pass through for more accurate error reportingParker Van Roy2020-08-10
| | |_|/ | |/| | | | | | | | | | | | | | | | | | Included old error + wrapped Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | | | Merge pull request #7270 from Fodoj/masterOpenShift Merge Robot2020-08-10
|\ \ \ \ | |_|/ / |/| | | Allign container image storage configuration with Buildah
| * | | Align images with BuildahKirill Shirinkin2020-08-10
| |/ / | | | | | | | | | Signed-off-by: Kirill Shirinkin <kirill@hey.com>
* | | Merge pull request #7256 from mheon/fix_cmd_with_entrypointOpenShift Merge Robot2020-08-10
|\ \ \ | | | | | | | | Do not use image CMD if user gave ENTRYPOINT
| * | | Do not use image CMD if user gave ENTRYPOINTMatthew Heon2020-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches Docker behavior, and seems to make sense - the CMD may have been specific to the original entrypoint and probably does not make sense if it was changed. While we're in here, greatly simplify the logic for populating the SpecGen's Command. We create the full command when making the OCI spec, so the client should not be doing any more than setting it to the Command the user passed in, and completely ignoring ENTRYPOINT. Fixes #7115 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #7244 from rhatdan/testOpenShift Merge Robot2020-08-10
|\ \ \ \ | | | | | | | | | | Remove TEST_ from TEST_REMOTE_*
| * | | | Remove TEST_REMOTE_CLIENT from RCLIDaniel J Walsh2020-08-10
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | We know these are TEST_, hoping this makes the display in cirrus easier for users to see true|false, since this is the valuable information is. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7240 from jwhonce/issues/7123OpenShift Merge Robot2020-08-10
|\ \ \ \ | | | | | | | | | | Default .Repository and .Tag values to <none>
| * | | | Default .Repository and .Tag values to <none>Jhon Honce2020-08-10
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor the processing of Repository and Tag fields to default to <none> when printing via --format flag. Previously, the default format would print <none> but --format {{.Tag}} would not in some cases. Fixes #7123 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #7221 from baude/issue7127OpenShift Merge Robot2020-08-10
|\ \ \ \ | |_|_|/ |/| | | remove --latest for all remote commands
| * | | remove --latest for all remote commandsBrent Baude2020-08-10
|/ / / | | | | | | | | | | | | | | | | | | | | | instead of hiding the latest options for podman-remote or catching an error if podman --remote <cmd> -l is used, we no longer add the latest option to any remote command. podman will error with a "unknown flag" option. Fixes: #7127 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #7223 from mheon/fix_7214OpenShift Merge Robot2020-08-10
|\ \ \ | | | | | | | | Unconditionally retrieve pod names via API
| * | | Unconditionally retrieve pod names via APIMatthew Heon2020-08-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ListContainers API previously had a Pod parameter, which determined if pod name was returned (but, notably, not Pod ID, which was returned unconditionally). This was fairly confusing, so we decided to deprecate/remove the parameter and return it unconditionally. To do this without serious performance implications, we need to avoid expensive JSON decodes of pod configuration in the DB. The way our Bolt tables are structured, retrieving name given ID is actually quite cheap, but we did not expose this via the Libpod API. Add a new GetName API to do this. Fixes #7214 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7272 from vrothberg/issue-7271OpenShift Merge Robot2020-08-10
|\ \ \ | |_|/ |/| | generate systemd: fix error handling
| * | generate systemd: fix error handlingValentin Rothberg2020-08-10
| |/ | | | | | | | | | | | | | | | | Fix a bug in the error handling which returned nil instead of an error and ultimately lead to nil dereferences in the client. To prevent future regressions, add a test and check for the error message. Fixes: #7271 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7138 from cevich/add_python_packagesOpenShift Merge Robot2020-08-10
|\ \ | |/ |/| Cirrus: Add python packages to images
| * Cirrus: Utilize freshly built imagesChris Evich2020-07-31
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Install golang 1.14 on UbuntuChris Evich2020-07-31
| | | | | | | | | | | | | | This more/less reverts efd142214 + updates to 1.13 on all Ubuntus for all `containers` projects. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add python packages to imagesChris Evich2020-07-31
| | | | | | | | | | | | | | | | | | They are needed in support of future testing additions. Also reduce unnecessary output by not printing the downloaded package list. The set can be examined using other tooling if/when necessary. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #7238 from edsantiago/batsOpenShift Merge Robot2020-08-10
|\ \ | | | | | | system tests: podman-remote, image tree
| * | system tests: podman-remote, image treeEd Santiago2020-08-10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - new sanity checks for podman-remote: - first, confirm that when PODMAN is "-remote", we actually talk to a server (validated by presence of "Server:" string in "podman version"). - second, add test for #7212, in which we run "podman --remote" (podman with --remote flag, not podman-remote command) and make sure --remote is allowed both as the first option and also with other flag options preceding. - new test for "podman image tree" (piggybacking on top of a "podman build" test, because that gives us lots of layers). - skip "podman exec - basic test" when remote. It is consistently causing CI failures, breaking all of CI, due to #7241. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #7216 from 5eraph/masterOpenShift Merge Robot2020-08-09
|\ \ | | | | | | support outbound-addr
| * | changes to support outbound-addr5eraph2020-08-07
| | | | | | | | | | | | | | | | | | Fixes #6064 Signed-off-by: Bohumil Cervenka <5eraph@protonmail.com>
* | | Merge pull request #7215 from vrothberg/flatten-the-curveOpenShift Merge Robot2020-08-08
|\ \ \ | | | | | | | | images: speed up lists
| * | | image list: speed upValentin Rothberg2020-08-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Listing images has shown increasing performance penalties with an increasing number of images. Unless `--all` is specified, Podman will filter intermediate images. Determining intermediate images has been done by finding (and comparing!) parent images which is expensive. We had to query the storage many times which turned it into a bottleneck. Instead, create a layer tree and assign one or more images to nodes that match the images' top layer. Determining the children of an image is now exponentially faster as we already know the child images from the layer graph and the images using the same top layer, which may also be considered child images based on their history. On my system with 510 images, a rootful image list drops from 6 secs down to 0.3 secs. Also use the tree to compute parent nodes, and to filter intermediate images for pruning. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7075 from TomSweeneyRedHat/dev/tsweeney/runmanOpenShift Merge Robot2020-08-08
|\ \ \ \ | | | | | | | | | | [CI:DOCS] BZ1860126 - Fix userns defaults in run man page
| * | | | [CI:DOCS] BZ1860126 - Fix userns defaults in run man pageTomSweeneyRedHat2020-08-07
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Addresses the multiple "default" userns values found in the podman-run(1) man page: http://docs.podman.io/en/latest/markdown/podman-run.1.html. This in response to: https://bugzilla.redhat.com/show_bug.cgi?id=1860126 which this PR wil fix. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | Merge pull request #7232 from Luap99/podman-logs-tailOpenShift Merge Robot2020-08-07
|\ \ \ \ | | | | | | | | | | fix podman logs --tail when log is bigger than pagesize
| * | | | fix podman logs --tail when log is bigger than pagesizePaul Holzinger2020-08-06
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #7220 from baude/issue7124OpenShift Merge Robot2020-08-05
|\ \ \ \ \ | | | | | | | | | | | | podman-remote send name and tag
| * | | | | podman-remote send name and tagBrent Baude2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when loading an image with podman-remote load, we need to send a name and a tag to the endpoint Fixes: #7124 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | | Merge pull request #7212 from jwhonce/issues/7211OpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ | | | | | | | | | | | | | | Refactor parsing to not require --remote to be first flag
| * | | | | | Refactor parsing to not require --remote to be firstJhon Honce2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use cobra.Command.FParseErrWhitelist to no longer require --remote to be the first argument in flags when using CLI Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | Merge pull request #7236 from mheon/write_error_to_inspectOpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | Ensure that exec errors write exit codes to the DB
| * | | | | | Ensure that exec errors write exit codes to the DBMatthew Heon2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In local Podman, the frontend interprets the error and exit code given by the Exec API to determine the appropriate exit code to set for Podman itself; special cases like a missing executable receive special exit codes. Exec for the remote API, however, has to do this inside Libpod itself, as Libpod will be directly queried (via the Inspect API for exec sessions) to get the exit code. This was done correctly when the exec session started properly, but we did not properly handle cases where the OCI runtime fails before the exec session can properly start. Making two error returns that would otherwise not set exit code actually do so should resolve the issue. Fixes #6893 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | Merge pull request #7176 from mheon/make_entrypointOpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Ensure WORKDIR from images is created
| * | | | | | | HACK HACK try debugging buildMatthew Heon2020-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | | Ensure WORKDIR from images is createdMatthew Heon2020-08-03
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A recent crun change stopped the creation of the container's working directory if it does not exist. This is arguably correct for user-specified directories, to protect against typos; it is definitely not correct for image WORKDIR, where the image author definitely intended for the directory to be used. This makes Podman create the working directory and chown it to container root, if it does not already exist, and only if it was specified by an image, not the user. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | Merge pull request #6905 from QiWang19/retry-pullOpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Retry pulling image
| * | | | | | Retry pulling imageQi Wang2020-08-04
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Wrap the inner helper in the retry function. Functions pullimage failed with retriable error will default maxretry 3 times using exponential backoff. Signed-off-by: Qi Wang <qiwan@redhat.com>