summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Do not use image CMD if user gave ENTRYPOINTMatthew Heon2020-08-10
| | | | | | | | | | | | | | | | This matches Docker behavior, and seems to make sense - the CMD may have been specific to the original entrypoint and probably does not make sense if it was changed. While we're in here, greatly simplify the logic for populating the SpecGen's Command. We create the full command when making the OCI spec, so the client should not be doing any more than setting it to the Command the user passed in, and completely ignoring ENTRYPOINT. Fixes #7115 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #7238 from edsantiago/batsOpenShift Merge Robot2020-08-10
|\ | | | | system tests: podman-remote, image tree
| * system tests: podman-remote, image treeEd Santiago2020-08-10
|/ | | | | | | | | | | | | | | | | | | | | - new sanity checks for podman-remote: - first, confirm that when PODMAN is "-remote", we actually talk to a server (validated by presence of "Server:" string in "podman version"). - second, add test for #7212, in which we run "podman --remote" (podman with --remote flag, not podman-remote command) and make sure --remote is allowed both as the first option and also with other flag options preceding. - new test for "podman image tree" (piggybacking on top of a "podman build" test, because that gives us lots of layers). - skip "podman exec - basic test" when remote. It is consistently causing CI failures, breaking all of CI, due to #7241. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7216 from 5eraph/masterOpenShift Merge Robot2020-08-09
|\ | | | | support outbound-addr
| * changes to support outbound-addr5eraph2020-08-07
| | | | | | | | | | | | Fixes #6064 Signed-off-by: Bohumil Cervenka <5eraph@protonmail.com>
* | Merge pull request #7215 from vrothberg/flatten-the-curveOpenShift Merge Robot2020-08-08
|\ \ | | | | | | images: speed up lists
| * | image list: speed upValentin Rothberg2020-08-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Listing images has shown increasing performance penalties with an increasing number of images. Unless `--all` is specified, Podman will filter intermediate images. Determining intermediate images has been done by finding (and comparing!) parent images which is expensive. We had to query the storage many times which turned it into a bottleneck. Instead, create a layer tree and assign one or more images to nodes that match the images' top layer. Determining the children of an image is now exponentially faster as we already know the child images from the layer graph and the images using the same top layer, which may also be considered child images based on their history. On my system with 510 images, a rootful image list drops from 6 secs down to 0.3 secs. Also use the tree to compute parent nodes, and to filter intermediate images for pruning. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #7075 from TomSweeneyRedHat/dev/tsweeney/runmanOpenShift Merge Robot2020-08-08
|\ \ \ | | | | | | | | [CI:DOCS] BZ1860126 - Fix userns defaults in run man page
| * | | [CI:DOCS] BZ1860126 - Fix userns defaults in run man pageTomSweeneyRedHat2020-08-07
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Addresses the multiple "default" userns values found in the podman-run(1) man page: http://docs.podman.io/en/latest/markdown/podman-run.1.html. This in response to: https://bugzilla.redhat.com/show_bug.cgi?id=1860126 which this PR wil fix. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #7232 from Luap99/podman-logs-tailOpenShift Merge Robot2020-08-07
|\ \ \ | | | | | | | | fix podman logs --tail when log is bigger than pagesize
| * | | fix podman logs --tail when log is bigger than pagesizePaul Holzinger2020-08-06
| | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #7220 from baude/issue7124OpenShift Merge Robot2020-08-05
|\ \ \ \ | | | | | | | | | | podman-remote send name and tag
| * | | | podman-remote send name and tagBrent Baude2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when loading an image with podman-remote load, we need to send a name and a tag to the endpoint Fixes: #7124 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #7212 from jwhonce/issues/7211OpenShift Merge Robot2020-08-05
|\ \ \ \ \ | | | | | | | | | | | | Refactor parsing to not require --remote to be first flag
| * | | | | Refactor parsing to not require --remote to be firstJhon Honce2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use cobra.Command.FParseErrWhitelist to no longer require --remote to be the first argument in flags when using CLI Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #7236 from mheon/write_error_to_inspectOpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Ensure that exec errors write exit codes to the DB
| * | | | | Ensure that exec errors write exit codes to the DBMatthew Heon2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In local Podman, the frontend interprets the error and exit code given by the Exec API to determine the appropriate exit code to set for Podman itself; special cases like a missing executable receive special exit codes. Exec for the remote API, however, has to do this inside Libpod itself, as Libpod will be directly queried (via the Inspect API for exec sessions) to get the exit code. This was done correctly when the exec session started properly, but we did not properly handle cases where the OCI runtime fails before the exec session can properly start. Making two error returns that would otherwise not set exit code actually do so should resolve the issue. Fixes #6893 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #7176 from mheon/make_entrypointOpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ | | | | | | | | | | | | | | Ensure WORKDIR from images is created
| * | | | | | HACK HACK try debugging buildMatthew Heon2020-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | Ensure WORKDIR from images is createdMatthew Heon2020-08-03
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A recent crun change stopped the creation of the container's working directory if it does not exist. This is arguably correct for user-specified directories, to protect against typos; it is definitely not correct for image WORKDIR, where the image author definitely intended for the directory to be used. This makes Podman create the working directory and chown it to container root, if it does not already exist, and only if it was specified by an image, not the user. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #6905 from QiWang19/retry-pullOpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Retry pulling image
| * | | | | Retry pulling imageQi Wang2020-08-04
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | Wrap the inner helper in the retry function. Functions pullimage failed with retriable error will default maxretry 3 times using exponential backoff. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #7125 from QiWang19/fd-validateOpenShift Merge Robot2020-08-05
|\ \ \ \ \ | | | | | | | | | | | | validate fds --preserve-fds
| * | | | | validate fds --preserve-fdsQi Wang2020-08-04
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | validate file descriptors passed from podman run and podman exec --preserve-fds. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #7224 from rhatdan/removeOpenShift Merge Robot2020-08-05
|\ \ \ \ \ | | | | | | | | | | | | Handle podman-remote run --rm
| * | | | | Handle podman-remote run --rmDaniel J Walsh2020-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to remove the container after it has exited for podman-remote run --rm commands. If we don't remove this container at this step, we open ourselves up to race conditions. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #7081 from QiWang19/sigature-storeOpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ | | | | | | | | | | | | | | fix bug podman sign storage path
| * | | | | | fix bug podman sign storage pathQi Wang2020-08-04
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - fix the bud podman not using specified --directory as signature storage. - use manifest and image referce to set repo@digest. close #6994 close #6993 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #7217 from rhatdan/aliasOpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Remove duplicated code
| * | | | | Remove duplicated codeDaniel J Walsh2020-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have duplicated alias handling, removing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #7222 from baude/issue7128OpenShift Merge Robot2020-08-05
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | correct go-binding key for volumes
| * | | | | correct go-binding key for volumesBrent Baude2020-08-04
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the go binding for remove container was using 'vols' for a key to remove volumes associated to the container. the correct key should be "v" and is documented as such. Fixes: #7128 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #7207 from Luap99/pod/ctr-exists-errorOpenShift Merge Robot2020-08-04
|\ \ \ \ \ | | | | | | | | | | | | Improve error message when creating a pod/ctr with the same name
| * | | | | Improve error message when creating a pod/ctr with the same namePaul Holzinger2020-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Check if there is an pod or container an return the appropriate error message instead of blindly return 'container exists' with `podman create` and 'pod exists' with `podman pod create`. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #7203 from TomSweeneyRedHat/dev/tsweeney/bump_buildahOpenShift Merge Robot2020-08-04
|\ \ \ \ \ \ | | | | | | | | | | | | | | Bump to Buildah 1.16.0-dev in upstream
| * | | | | | Bump to Buildah 1.16.0-dev in upstreamTomSweeneyRedHat2020-08-03
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump Buildah to v1.16.0-dev in the upstream branch of Podman. This will allow us to get a number of new issues into the upstream branch for use. The version of Buildah will need to be bumped to v1.16.0 and then vendored into Podman before we release Podman v2.0 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | | Merge pull request #7111 from edsantiago/reenable_remote_system_testsOpenShift Merge Robot2020-08-04
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Reenable remote system tests
| * | | | | Reenable remote system testsEd Santiago2020-08-03
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote is in better shape now. Let's see what needs to be done to reenable remote system tests. - logs test: skip multilog, it doesn't work remote - diff test: use -l only when local, not with remote - many other tests: skip_if_remote, with 'FIXME: pending #xxxx' where xxxx is a filed issue. Unrelated: added new helper to skip_if_remote and _if_rootless, where we check if the source message includes "remote"/"rootless" and insert it if missing. This is a minor usability enhancement to make it easier to understand at-a-glance why a skip triggers. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #7204 from baude/issue7197OpenShift Merge Robot2020-08-04
|\ \ \ \ \ | | | | | | | | | | | | Missing return after early exit
| * | | | | Missing return after early exitBrent Baude2020-08-03
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the exists code was plagued by a missing return statement meant to trigger an early exit. Fixes: #7197 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #7205 from baude/issue7185OpenShift Merge Robot2020-08-04
|\ \ \ \ \ | | | | | | | | | | | | docker-compose uses application/tar
| * | | | | docker-compose uses application/tarBrent Baude2020-08-03
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | even though the official documentation suggests that application/x-tar should be used for tar files, it seems docker-compose uses application/tar. we now accept them and issue a warning. Fixes: #7185 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #7192 from giuseppe/system-service-join-ns-immediatelyOpenShift Merge Robot2020-08-04
|\ \ \ \ \ | | | | | | | | | | | | rootless: system service joins immediately the namespaces
| * | | | | rootless: system service joins immediately the namespacesGiuseppe Scrivano2020-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when there is a pause process running, let the "system service" podman instance join immediately the existing namespaces. Closes: https://github.com/containers/podman/issues/7180 Closes: https://github.com/containers/podman/issues/6660 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #7209 from giuseppe/support-mount-devptsOpenShift Merge Robot2020-08-04
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | podman: support --mount type=devpts
| * | | | | podman: support --mount type=devptsGiuseppe Scrivano2020-08-03
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow to create a devpts mount. This is useful for containers that bind mount /dev/ from the host but at the same time want to create a terminal. It can be used as: podman run -v /dev:/dev --mount type=devpts,target=/dev/pts ... Closes: https://github.com/containers/podman/issues/6804 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #7201 from mheon/0000_is_emptyOpenShift Merge Robot2020-08-04
|\ \ \ \ \ | |/ / / / |/| | | | Do not set host IP on ports when 0.0.0.0 requested
| * | | | Do not set host IP on ports when 0.0.0.0 requestedMatthew Heon2020-08-03
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker and CNI have very different ideas of what 0.0.0.0 means. Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4 address on the host. CNI (and, thus, root Podman) take it to mean the literal IP 0.0.0.0. Instead, CNI interprets the empty string ("") as "bind to all IPs". We could ask CNI to change, but given this is established behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and turn it into "" when we parse ports. Fixes #7014 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #7182 from zhangguanzhang/fix-exitCode-for-startOpenShift Merge Robot2020-08-03
|\ \ \ \ | |_|/ / |/| | | implement the exitcode when start a container with attach
| * | | implement the exitcode when start a container with attachzhangguanzhang2020-08-03
| | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>