summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Enable masking stop signals within container creationMatthew Heon2020-10-12
| | | | | | | | | | | | | | | | | Expand the use of the Shutdown package such that we now use it to handle signals any time we run Libpod. From there, add code to container creation to use the Inhibit function to prevent a shutdown from occuring during the critical parts of container creation. We also need to turn off signal handling when --sig-proxy is invoked - we don't want to catch the signals ourselves then, but instead to forward them into the container via the existing sig-proxy handler. Fixes #7941 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Add a shutdown handler packageMatthew Heon2020-10-12
| | | | | | | | | | | | | We need a unified package for handling signals that shut down Libpod and Podman. We need to be able to do different things on receiving such a signal (`system service` wants to shut down the service gracefully, while most other commands just want to exit) and we need to be able to inhibit this shutdown signal while we are waiting for some critical operations (e.g. creating a container) to finish. This takes the first step by defining the package that will handle this. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #7994 from edsantiago/fix_apiv2_testsOpenShift Merge Robot2020-10-12
|\ | | | | APIv2 tests: get them passing again
| * APIv2 tests: get them passing againEd Santiago2020-10-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the new-Cirrus transition, APIv2 tests were inadvertently disabled. As expected when tests get disabled, they break. This commit fixes some failing tests, and comments out others (with big FIXMEs) because I have neither the expertise nor time to figure out the real problems. The big change to test-apiv2 is due to a recently-added test that looks for an '=' sign in json output. My '=' vs '~' detector completely barfed on that, and there's just no way to make it work in a bash 'case' statement. So, switch to an 'if' with 'expr'. And, unrelated, fix a longstanding (harmless) bug that was issuing spurious "expected" messages to the test log; those should've been going to the full results log. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #7853 from xordspar0/play-kube-limits-#7742OpenShift Merge Robot2020-10-12
|\ \ | | | | | | Add support for resource limits to play kube
| * | Add support for resource limits to play kubeJordan Christiansen2020-10-12
| | | | | | | | | | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | Merge pull request #7588 from HarryMichal/add-toolbox-e2e-testsOpenShift Merge Robot2020-10-12
|\ \ \ | | | | | | | | tests/e2e: Add Toolbox-specific test cases
| * | | tests/e2e: Add Toolbox-specific test casesOndřej Míchal2020-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the past, Toolbox[0] has been affected by several of Podman's bugs/changes of behaviour. This is one of the steps to assure that as Podman progresses, Podman itself and subsequently Toolbox do not regress. One of the other steps is including Toolbox's system tests in Podman's gating systems (which and to what extent is yet to be decided on). The tests are trying to stress parts of Podman that Toolbox needs for its functionality: permission to handle some system files, correct values/permissions/limits in certain parts, management of users and groups, mounting of paths,.. The list is most likely longer and therefore more commits will be needed to control every aspect of the Toolbox/Podman relationship :). Some test cases in test/e2e/toolbox_test.go rely on some tools being present in the base image[1]. That is not the case with the common ALPINE image or the basic Fedora image. Some tests might be duplicates of already existing tests. I'm more in favour of having those duplicates. Thanks to that it will be clear what functionality/behaviour Toolbox requires. [0] https://github.com/containers/toolbox [1] https://github.com/containers/toolbox/#image-requirements Signed-off-by: Ondřej Míchal <harrymichal@seznam.cz>
* | | | Merge pull request #7983 from mheon/inspect_network_not_runningOpenShift Merge Robot2020-10-12
|\ \ \ \ | |_|_|/ |/| | | Include CNI networks in inspect output when not running
| * | | Include CNI networks in inspect output when not runningMatthew Heon2020-10-09
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | We were only including the CNI Network fields in the output of `podman inspect` when the container was not running. It's simple enough to fix (populate with empty structs, since we can't fill anything without a CNI response to get IP address assigned, etc). This is necessary for Docker compatibility. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7836 from QiWang19/search-tagsOpenShift Merge Robot2020-10-12
|\ \ \ | | | | | | | | Search repository tags using --list-tags
| * | | Search repository tags using --list-tagsQi Wang2020-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For fix of BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1684263 Add --list-tags to podman search to return a table the repository tags. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #7980 from 3sky/compatibility-api-timestampOpenShift Merge Robot2020-10-12
|\ \ \ \ | | | | | | | | | | Resolve #7860 - add time.RFC3339 format
| * | | | Resolve #7860 - add time.RFC3339Nano into ContainerJSONBase3sky2020-10-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: 3sky <3sky@protonmail.com>
* | | | | Merge pull request #7984 from nalind/seccomp-error-messageOpenShift Merge Robot2020-10-12
|\ \ \ \ \ | | | | | | | | | | | | pkg/spec: fix a confusing error message
| * | | | | pkg/spec: fix a confusing error messageNalin Dahyabhai2020-10-09
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | When we try, but fail, to load the default seccomp profile, say that, instead of suggesting that we tried to load a profile with no name. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | | Merge pull request #7949 from edsantiago/batsOpenShift Merge Robot2020-10-12
|\ \ \ \ \ | | | | | | | | | | | | system tests: cleanup, and add more tests
| * | | | | system tests: cleanup, and add more testsEd Santiago2020-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - images test: add test for 'table' and '\t' formatting - image mount test: check output from 'umount', test repeat umount (NOP), and test invalid-umount - kill test: remove kludgy workaround for crun signal bug ref: #5004 -- code is no longer needed (fingers crossed), and the workaround involved pulling an expensive image. - selinux test: add new tests for shared context in: * pods , w/ and w/o infra container (ref: #7902) * containers with namespace sharing: --ipc, --pid, --net - selinux test: new test for --pid=host (disabled pending propagation of container-selinux-2.146, ref: #7939) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #7690 from Edward5hen/apiv2_images_moreOpenShift Merge Robot2020-10-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add more APIv2 tests for images.
| * | | | | | Add more APIv2 tests for images: push, tag, untag, rmi and image tree.Edward Shen2020-10-09
| | |/ / / / | |/| | | | | | | | | | | | | | | | Signed-off-by: Edward Shen <weshen@redhat.com>
* | | | | | Merge pull request #7977 from stefanrua/fix-doc-link-and-typoOpenShift Merge Robot2020-10-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Fix documentation link and typo
| * | | | | | Fix documentation link and typostefanrua2020-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Stefan Rua <stefan.rua@iki.fi>
* | | | | | | Merge pull request #7986 from jwhonce/issues/7946OpenShift Merge Robot2020-10-10
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | Monitor for client closing stream
| * | | | | | Monitor for client closing streamJhon Honce2020-10-09
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #7946 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #7968 from xordspar0/oci-runtime-errorOpenShift Merge Robot2020-10-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | Print the correct underlying cause for OCI errors
| * | | | | | Fix the "err: cause" order of OCI runtime errorsJordan Christiansen2020-10-09
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the order of OCI error messages was reversed, so that the type of error was listed as the cause. For example: Error: writing file `cpu.cfs_quota_us`: Invalid argument: OCI runtime error This error message makes it seem like "OCI runtime error" is the argument that was invalid. In fact, "OCI runtime error" is the error and "writing file ..." is the cause. With this change, the above message reads: Error: OCI runtime error: writing file `cpu.cfs_quota_us`: Invalid argument Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | | | | Merge pull request #7975 from jwhonce/jira/run-898-4OpenShift Merge Robot2020-10-09
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Restore --format table...
| * | | | | Restore --format table...Jhon Honce2020-10-08
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following commands: * systemd generate * networks inspect * pod stats * Fixed test where format was quoted and then quoted again * Fixed bug where output never printed '--' on missed reads * pod ps Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #7973 from jwhonce/jira/run-898-3OpenShift Merge Robot2020-10-09
|\ \ \ \ \ | | | | | | | | | | | | Port V1 --format table to V2 podman
| * | | | | Port V1 --format table to V2 podmanJhon Honce2020-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * volume ls * container ps * updated broken tests when skip removed Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #7891 from rhatdan/rmOpenShift Merge Robot2020-10-09
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | This PR allows users to remove external containers directly
| * | | | | This PR allows users to remove external containers directlyDaniel J Walsh2020-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currenly if a user specifies the name or ID of an external storage container, we report an error to them. buildah from scratch working-container-2 podman rm working-container-2 Error: no container with name or ID working-container-2 found: no such container Since the user specified the correct name and the container is in storage we force them to specify --storage to remove it. This is a bad experience for the user. This change will just remove the container from storage. If the container is known by libpod, it will remove the container from libpod as well. The podman rm --storage option has been deprecated, and removed from docs. Also cleaned documented options that are not available to podman-remote. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #7944 from cevich/new_get_ci_vmOpenShift Merge Robot2020-10-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | Cirrus: Fix obtaining a CI VM
| * | | | | | Cirrus: Fix obtaining a CI VMChris Evich2020-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also removed automatic exection of setup_environment.sh since most people using this script are podman developers (not automation/CI folks). If executing the automation scripts is necessary, manual attendance to required variables like `$TEST_FLAVOR` is mandatory. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | | Cirrus: Fix running shellcheck locallyChris Evich2020-10-06
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, check the contents of hack/get_ci_vm.sh Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #7974 from ↵OpenShift Merge Robot2020-10-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | andylibrian/kube-generate-support-resource-limits-7855 Add support for resource cpu limit to generate kube
| * | | | | | Add support for resource cpu limit to generate kubeAndy Librian2020-10-09
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes #7855 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | | | | Merge pull request #7961 from alvistack/master-linux-amd64OpenShift Merge Robot2020-10-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | Update nix pin with `make nixpkgs`
| * | | | | | Update nix pin with `make nixpkgs`Wong Hoi Sing Edison2020-10-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* | | | | | | Merge pull request #7910 from EduardoVega/7567-podman-configmapsOpenShift Merge Robot2020-10-09
|\ \ \ \ \ \ \ | |_|_|_|_|_|/ |/| | | | | | Enable k8s configmaps as flags for play kube
| * | | | | | Enable k8s configmaps as flags for play kubeEduardo Vega2020-10-07
| | |_|/ / / | |/| | | | | | | | | | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | | | | | Merge pull request #7971 from rhatdan/blobOpenShift Merge Robot2020-10-09
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | BlobInfoCacheDir is set incorrectly when copying images
| * | | | | BlobInfoCacheDir is set incorrectly when copying imagesDaniel J Walsh2020-10-08
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is not set based on the root image directory, and always points at the defaults. This change will get it to follow filepath.Join(ir.store.GraphRoot(), "cache") set from libpod. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7969 from ParkerVR/format-images/diffOpenShift Merge Robot2020-10-08
|\ \ \ \ \ | | | | | | | | | | | | --format updates for images/diff.go
| * | | | | --format updates for images/diff.goParker Van Roy2020-10-08
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | | | | Merge pull request #7966 from baude/issue7950OpenShift Merge Robot2020-10-08
|\ \ \ \ \ | | | | | | | | | | | | add compatibility endpoint for exporting multiple images
| * | | | | add compatibility endpoint for exporting multiple imagesbaude2020-10-08
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with the recent inclusion of dealing with multiple images in a tar archive, we can now add a compatibility endpoint that was missing images/get?names=one,two. Fixes: #7950 Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #7970 from mheon/fix_7830OpenShift Merge Robot2020-10-08
|\ \ \ \ \ | | | | | | | | | | | | Store cgroup manager on a per-container basis
| * | | | | Store cgroup manager on a per-container basisMatthew Heon2020-10-08
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we create a container, we assign a cgroup parent based on the current cgroup manager in use. This parent is only usable with the cgroup manager the container is created with, so if the default cgroup manager is later changed or overridden, the container will not be able to start. To solve this, store the cgroup manager that created the container in container configuration, so we can guarantee a container with a systemd cgroup parent will always be started with systemd cgroups. Unfortunately, this is very difficult to test in CI, due to the fact that we hard-code cgroup manager on all invocations of Podman in CI. Fixes #7830 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #7936 from 3sky/add-prerequisite-to-docOpenShift Merge Robot2020-10-08
|\ \ \ \ \ | | | | | | | | | | | | add prerequisite section before building binaries