aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* BATS: fix corner case in --userns=keep-id testEd Santiago2020-08-27
| | | | | | | | | | | | | | | | | The test that does 'adduser' in a keep-id container had a really dumb bug: if the user running the test has UID 1000, then podman itself (via keep-id) will add the "1000" passwd entry, and the in-container "adduser" will allocate 1001, making our test fail. This triggered in f31/f32 podman gating tests, but (?!?) never in rawhide gating tests. Solution: explicitly feed a UID to adduser. Make sure that it's not the same as the UID of the current user. Also (unrelated): fix a ridiculous "run mkdir || die". At the time I wrote that I probably had no idea how BATS works. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7458 from Luap99/fix-remote-docsEd Santiago2020-08-27
|\ | | | | [CI:DOCS] Update podman-remote docs
| * [CI:DOCS] Update podman-remote docsPaul Holzinger2020-08-27
| | | | | | | | | | | | | | | | | | Add support for multi level subcommands. e.g. podman system connection. Update the flags and add note for containers.conf. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #7451 from mheon/fix_7195Ed Santiago2020-08-27
|\ \ | |/ |/| Send HTTP Hijack headers after successful attach
| * Send HTTP Hijack headers after successful attachMatthew Heon2020-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our previous flow was to perform a hijack before passing a connection into Libpod, and then Libpod would attach to the container's attach socket and begin forwarding traffic. A problem emerges: we write the attach header as soon as the attach complete. As soon as we write the header, the client assumes that all is ready, and sends a Start request. This Start may be processed *before* we successfully finish attaching, causing us to lose output. The solution is to handle hijacking inside Libpod. Unfortunately, this requires a downright extensive refactor of the Attach and HTTP Exec StartAndAttach code. I think the result is an improvement in some places (a lot more errors will be handled with a proper HTTP error code, before the hijack occurs) but other parts, like the relocation of printing container logs, are just *bad*. Still, we need this fixed now to get CI back into good shape... Fixes #7195 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #7457 from ashley-cui/macdocsDaniel J Walsh2020-08-27
|\ \ | | | | | | [CI:DOCS] Making docs build on mac
| * | [CI:DOCS] Making docs build on macAshley Cui2020-08-26
| | | | | | | | | | | | | | | | | | sed syntax on mac is different Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #7438 from openSUSE/commentDaniel J Walsh2020-08-27
|\ \ \ | | | | | | | | Remove test comment for now-succeeding tests
| * | | Remove test comment for now succeeding testsSascha Grunert2020-08-25
| |/ / | | | | | | | | | | | | | | | | | | The related issue seems fixed so the test execution should work as intended. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | Merge pull request #7409 from ↵OpenShift Merge Robot2020-08-26
|\ \ \ | | | | | | | | | | | | | | | | zhangguanzhang/apiv2-create-ctr-with-invalid-entrypoint fix apiv2 will create containers with incorrect commands
| * | | fix apiv2 will create containers with incorrect commandszhangguanzhang2020-08-24
| | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | Merge pull request #7364 from TomSweeneyRedHat/dev/tsweeney/exposeportOpenShift Merge Robot2020-08-26
|\ \ \ \ | | | | | | | | | | Note port publishing needs in pods for create/run
| * | | | Note port publishing needs in pods for create/runTomSweeneyRedHat2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add notes to the podman-create and podman-run man pages to note that ports do not need to be published and should not be, for containers that will be part of a pod. Addresses: #6769 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #7335 from rhatdan/VENDOROpenShift Merge Robot2020-08-25
|\ \ \ \ \ | |_|_|/ / |/| | | | Update vendor of buildah to latest code
| * | | | Update vendor of buildah to latest codeDaniel J Walsh2020-08-25
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix podman build man pages to match buildah functionality. Also document .dockerignore formatted files. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7372 from giuseppe/add-unified-configurationOpenShift Merge Robot2020-08-24
|\ \ \ \ | | | | | | | | | | podman: add option --cgroup-conf
| * | | | podman: add option --cgroup-confGiuseppe Scrivano2020-08-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it allows to manually tweak the configuration for cgroup v2. we will expose some of the options in future as single options (e.g. the new memory knobs), but for now add the more generic --cgroup-conf mechanism for maximum control on the cgroup configuration. OCI specs change: https://github.com/opencontainers/runtime-spec/pull/1040 Requires: https://github.com/containers/crun/pull/459 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | vendor: update opencontainers/runtime-specGiuseppe Scrivano2020-08-21
| | |/ / | |/| | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #7408 from alvistack/master-linux-amd64OpenShift Merge Robot2020-08-24
|\ \ \ \ | | | | | | | | | | Update nix pin with `make nixpkgs`
| * | | | Update nix pin with `make nixpkgs`Wong Hoi Sing Edison2020-08-22
| |/ / / | | | | | | | | | | | | Signed-off-by: Wong Hoi Sing Edison <hswong3i@gmail.com>
* | | | Merge pull request #7274 from rhatdan/capsOpenShift Merge Robot2020-08-23
|\ \ \ \ | | | | | | | | | | In podman 1.* regression on --cap-add
| * | | | In podman 1.* regression on --cap-addDaniel J Walsh2020-08-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In podman 1.0 if you executed a command like: podman run --user dwalsh --cap-add net_bind_service alpine nc -l 80 It would work, and the user dwalsh would get the capability, in podman 2.0, only root and the binding set gets the capability. This change restores us back to the way podman 1.0 worked. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7411 from zhangguanzhang/system-completion-in-bashOpenShift Merge Robot2020-08-23
|\ \ \ \ \ | |_|/ / / |/| | | | Add missing autocomplete
| * | | | Add missing autocompletezhangguanzhang2020-08-23
|/ / / / | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | Merge pull request #7390 from baude/podnetOpenShift Merge Robot2020-08-21
|\ \ \ \ | | | | | | | | | | error when adding container to pod with network information
| * | | | error when adding container to pod with network informationBrent Baude2020-08-21
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes: * static IP (v4 and v6) * static mac * ports -p (i.e. -p 8080:80) * exposed ports (i.e. 222-225) * publish ports from image -P Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #7395 from zhangguanzhang/libpod-api-returns-nullOpenShift Merge Robot2020-08-21
|\ \ \ \ | |_|/ / |/| | | fix /libpod/pods/json returns null when there are no pods
| * | | fix /libpod/pods/json returns null when there are no podszhangguanzhang2020-08-21
|/ / / | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Merge pull request #7376 from edsantiago/cirrus_specialcase_only_titleOpenShift Merge Robot2020-08-20
|\ \ \ | | | | | | | | Cirrus: special-case CI colon-IMG and colon-DOCS only in subject
| * | | Cirrus: special-case CI colon-IMG and colon-DOCS only in subjectEd Santiago2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of a few minutes ago (relative to this commit), Cirrus defines the CIRRUS_CHANGE_TITLE envariable as "First line of CIRRUS_CHANGE_MESSAGE"[1]. Replace all conditionals accordingly. [1] https://github.com/cirruslabs/cirrus-ci-docs/commit/f8d2530c602709a24d9113691a43e6a20f7020b9 Reasoning: up until this PR, the presence of CI:IMG or CI:DOCS *in the body* of the commit message would trigger those magic CI code flows. This violates POLA, and actually led to a bad PR (#7317) being merged because CI never ran. Fixes: #7374 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #7388 from Luap99/new-podOpenShift Merge Robot2020-08-20
|\ \ \ \ | |_|/ / |/| | | fix pod creation with "new:" syntax followup + allow hostname
| * | | fix pod creation with "new:" syntax followup + allow hostnamePaul Holzinger2020-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: 4c75fe3f70ed ("fix pod creation with "new:" syntax") Commit 4c75fe3f70ed passes all net options to the pod but forgot to unset the options for the container creation. This leads to erros when using flags like `--ip` since we tried setting the ip on the pod and container which obviously fails. I didn't notice the bug because we don't throw an error when specifing port bindings on a container which joins the pods network namespace. (#7373) Also allow the use of `--hostname` and pass that option to the pod and unset it for the container. The container has to use the pods hostname anyway. This would error otherwise. Added tests to prevent regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #7379 from lsm5/bindings-tutorialOpenShift Merge Robot2020-08-20
|\ \ \ \ | |/ / / |/| | | [CI:DOCS] docs: include Go bindings tutorial
| * | | [CI:DOCS] Include Go bindings tutorialLokesh Mandvekar2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | Include the Go bindings blog post as a tutorial Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | Merge pull request #7383 from mheon/unmount_storage_ctrsOpenShift Merge Robot2020-08-20
|\ \ \ \ | |/ / / |/| | | Unmount c/storage containers before removing them
| * | | Unmount c/storage containers before removing themMatthew Heon2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When `podman rmi --force` is run, it will remove any containers that depend on the image. This includes Podman containers, but also any other c/storage users who may be using it. With Podman containers, we use the standard Podman removal function for containers, which handles all edge cases nicely, shutting down running containers, ensuring they're unmounted, etc. Unfortunately, no such convient function exists (or can exist) for all c/storage containers. Identifying the PID of a Buildah, CRI-O, or Podman container is extremely different, and those are just the implementations under the containers org. We can't reasonably be able to know if a c/storage container is *in use* and safe for removal if it's not a Podman container. At the very least, though, we can attempt to unmount a storage container before removing it. If it is in use, this will fail (probably with a not-particularly-helpful error message), but if it is not in use but not fully cleaned up, this should make our removing it much more robust than it normally is. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #7366 from jwhonce/jira/run-991OpenShift Merge Robot2020-08-19
|\ \ \ \ | | | | | | | | | | Implement --connection flag
| * | | | Add support for --connectionDaniel J Walsh2020-08-19
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * override --url and/or --identity fields from containers.conf * --connection flag has higher precedence than ActiveService from containers.conf. Which is set via podman system connection default * Add newline to error message printed on stderr * Added --connection to bash completion and documentation * Updated bindings to query server in case of no path or / Closes #jira-991 Fixes #7276 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Jhon Honce <jhonce@redhat.com> Squashed commits to work around CI issue
* | | | Merge pull request #7346 from rhatdan/systemdOpenShift Merge Robot2020-08-19
|\ \ \ \ | |_|/ / |/| | | Don't limit the size on /run for systemd based containers
| * | | Don't limit the size on /run for systemd based containersDaniel J Walsh2020-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We had a customer incident where they ran out of space on /run. If you don't specify size, it will be still limited to 50% or memory available in the cgroup the container is running in. If the cgroup is unlimited then the /run will be limited to 50% of the total memory on the system. Also /run is mounted on the host as exec, so no reason for us to mount it noexec. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7344 from cevich/increase_timeoutOpenShift Merge Robot2020-08-19
|\ \ \ \ | | | | | | | | | | Cirrus: Increase integration-testing timeout
| * | | | Cirrus: Increase integration-testing timeoutChris Evich2020-08-19
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Observed timeout problems hitting some integration-testing tasks differently than others. Given the current `Makefile` has a ginkgo timeout of 90-minutes, the task timeout for integration tests should be longer. Increase the timeout of the main integration-test running tasks to the (default) 120min global valie in `.cirrus.yml`. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #7362 from edsantiago/batsOpenShift Merge Robot2020-08-19
|\ \ \ \ | | | | | | | | | | system tests: enable more remote tests; cleanup
| * | | | system tests: enable more remote tests; cleanupEd Santiago2020-08-19
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | info, images, run, networking tests: remove some skip_if_remote()s that were added in the varlink days. All of these tests now seem to work with APIv2. help test: check that first output line from 'podman --help' is the program description (regression check for #7273). load test: clean up stray images, rewrite test to make it conform to existing convention. In the process, discover and file #7337 exec test (and networking): file #7360, and add FIXME comment to skip()s suggesting evaluating those tests once that is fixed. pod test: now that #6328 is fixed, use 'podman pod inspect --format' instead of relying on jq Various other tests: add an explanation of why test is disabled so we can more easily distinguish "this will never be meaningful under remote" vs "hey, doesn't work for now, but maybe someday". Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #7369 from ↵OpenShift Merge Robot2020-08-19
|\ \ \ \ | |/ / / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/image/v5-5.5.2 Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
| * | | Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2dependabot-preview[bot]2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.5.1 to 5.5.2. - [Release notes](https://github.com/containers/image/releases) - [Commits](https://github.com/containers/image/compare/v5.5.1...v5.5.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7350 from vrothberg/fix-7285OpenShift Merge Robot2020-08-19
|\ \ \ \ | | | | | | | | | | generate systemd: quote arguments with whitespace
| * | | | generate systemd: quote arguments with whitespaceValentin Rothberg2020-08-19
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that arguments with whitespace are properly quoted so they are interpreted as one (and not multiple ones) by systemd. Now `-e tz="america/new york"` will be generated as `-e "tz=america/new york"`. The quotes are moving but the argument is still correct. Fixes: #7285 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7343 from mheon/update_defaultenvOpenShift Merge Robot2020-08-19
|\ \ \ \ | |_|/ / |/| | | Ensure DefaultEnvVariables is used in Specgen
| * | | Ensure DefaultEnvVariables is used in SpecgenMatthew Heon2020-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we rewrote Podman's pkg/spec, one of the things that was lost was our use of a set of default environment variables, that ensure all containers have at least $PATH and $TERM set. While we're in the process of re-adding it, change it from a variable to a function, so we can ensure the Join function does not overwrite it and corrupt the defaults. Signed-off-by: Matthew Heon <matthew.heon@pm.me>