summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Document shortcomings with rootless podmanDaniel J Walsh2019-04-05
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2857 from giuseppe/kube-rootlessOpenShift Merge Robot2019-04-05
|\ | | | | rootless: add support for kube
| * podman: enable kube for rootlessGiuseppe Scrivano2019-04-05
| | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/2852 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * kube: correctly set the default for MemorySwappinessGiuseppe Scrivano2019-04-05
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2853 from mheon/up_resource_for_build_each_commitOpenShift Merge Robot2019-04-04
|\ | | | | Increase resources for build_each_commit task
| * Increase CI resources to help avoid hitting timeoutsMatthew Heon2019-04-04
|/ | | | | | | | | | | | | | | The build_each_commit task builds each commit in a pull request to verify that we have a (at least minimally) functional Podman at every point, to aid in bisecting. This task is, right now, extremely slow, taking around 1m40s to build each commit - which quickly grows unreasonable as PRs grow to 10+ commits. Upping resources available to the task should decrease time spent in CI and reduce the risk of hitting timeouts. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2838 from openSUSE/golang-1.12OpenShift Merge Robot2019-04-04
|\ | | | | Update Dockerfile to use golang:1.12 image
| * Update Dockerfile to use golang:1.12 imageSascha Grunert2019-04-04
| | | | | | | | Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #2831 from baude/remotetreeOpenShift Merge Robot2019-04-04
|\ \ | | | | | | podman-remote image tree
| * | podman-remote image treebaude2019-04-04
| | | | | | | | | | | | | | | | | | | | | add the ability for the podman-remote client to be able to print an image tree. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2774 from mheon/db_rework_named_volumeOpenShift Merge Robot2019-04-04
|\ \ \ | |/ / |/| | Rework named volumes in DB
| * | Fix E2E testsMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Commit test is blatantly wrong and testing buggy behavior. We should be commiting the destination, if anything - and more likely nothing at all. When force-removing volumes, don't remove the volumes of containers we need to remove. This can lead to a chicken and the egg problem where the container removes the volume before we can. When we re-add volume locks this could lead to deadlocks. I don't really want to deal with this, and this doesn't seem a particularly harmful quirk, so we'll let this slide until we get a bug report. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Drop LocalVolumes from our the databaseMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | We were never using it. It's actually a potentially quite sizable field (very expensive to decode an array of structs!). Removing it should do no harm. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Major rework of --volumes-from flagMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The flag should be substantially more durable, and no longer relies on the create artifact. This should allow it to properly handle our new named volume implementation. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Volume force-remove now removed dependent containersMatthew Heon2019-04-04
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add handling for new named volumes code in pkg/specMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | Now that named volumes must be explicitly enumerated rather than passed in with all other volumes, we need to split normal and named volumes up before passing them into libpod. This PR does this. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Create non-existing named volumes at container createMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | Replaces old functionality we used for handling image volumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Switch Libpod over to new explicit named volumesMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This swaps the previous handling (parse all volume mounts on the container and look for ones that might refer to named volumes) for the new, explicit named volume lists stored per-container. It also deprecates force-removing volumes that are in use. I don't know how we want to handle this yet, but leaving containers that depend on a volume that no longer exists is definitely not correct. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add named volumes for each container to databaseMatthew Heon2019-04-04
|/ / | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2706 from giuseppe/rootless-single-usernamespaceOpenShift Merge Robot2019-04-04
|\ \ | | | | | | rootless: single user namespace
| * | rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2840 from openSUSE/dockerfile-depsOpenShift Merge Robot2019-04-04
|\ \ \ | | | | | | | | Fix Dockerfile dependencies for packer tests
| * | | Fix Dockerfile dependencies for packer testsSascha Grunert2019-04-04
| | |/ | |/| | | | | | | | | | | | | | | | | | | This commit adds unzip and python3-yaml to the Dockerfile, which are needed to run the tests in contrib/cirrus/packer within the libpod container image. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | Merge pull request #2819 from openSUSE/cri-o-annotationsOpenShift Merge Robot2019-04-04
|\ \ \ | | | | | | | | Update cri-o annotations
| * | | Update cri-o annotationsSascha Grunert2019-04-01
| | |/ | |/| | | | | | | Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | Merge pull request #2839 from openSUSE/runtest-improvementOpenShift Merge Robot2019-04-03
|\ \ \ | |_|/ |/| | Update run_test to be more robust
| * | Update run tests to be skipped when not supportedSascha Grunert2019-04-04
|/ / | | | | | | Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #2832 from mheon/rootless_size_errorsOpenShift Merge Robot2019-04-03
|\ \ | | | | | | --size does not work with rootless at present
| * | --size does not work with rootless at presentMatthew Heon2019-04-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We'd need to join multiple container's user namespaces, which is not possible for now. The rootless single userns patches under development by Giuseppe will fix this, but won't land in 1.2.x. For now, disable --size as rootless. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2651 from mheon/prevent_null_derefOpenShift Merge Robot2019-04-03
|\ \ \ | | | | | | | | Fix a potential segfault in podman search
| * | | Fix a potential segfault in podman searchMatthew Heon2019-04-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating headers for search, we unconditionally access element 0 of an array, and I saw this segfault in our CI. There's no reason we have to do this, we're just going through it to get field names with reflect, so just make a new copy of the struct in question. Also, move this code, which is only for CLI display, into cmd/podman from libpod/image. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #2825 from baude/remotediffOpenShift Merge Robot2019-04-03
|\ \ \ \ | |/ / / |/| | | add remote-client diff
| * | | add remote-client diffbaude2019-04-03
| |/ / | | | | | | | | | | | | | | | | | | the remote client now can run the diff command to report changes, modifications, and deletions in an image or container. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2843 from cevich/bump_fedora_imageOpenShift Merge Robot2019-04-03
|\ \ \ | | | | | | | | Cirrus: Update F28 -> F29 container image
| * | | Cirrus: Update F28 -> F29 container imageChris Evich2019-04-03
| |/ / | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #2842 from cevich/improve_podman_pod_rmOpenShift Merge Robot2019-04-03
|\ \ \ | |/ / |/| | Improve podman pod rm -a test
| * | Improve podman pod rm -a testChris Evich2019-04-03
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running as a user, the order of removal is database ID dependent. This results in this test randomly failing. This condition was very difficult to debug and the test was missing two critical checks. One to confirm an expected error message was produced, and another to verify the expected running container, remains running. Fix the container and missing error-message checks, and vastly improve the debug-ability of this test. Fixing the random-failures requires intensive fixes in other areas, so that task will be left up to future work. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #2833 from cevich/podman_in_podmanOpenShift Merge Robot2019-04-03
|\ \ | | | | | | Cirrus: Support special-case modes of testing
| * | Cirrus: Support special-case modes of testingChris Evich2019-04-03
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously libpod CI was fairly straight-forward, run unit and integration tests in a standard set of 3 VMs. Off on the side was a single special case of running tests as an ordinary user. There is a desire to stop using the PAPR system to support testing inside of a container. Since having two special cases potentially invites more down the road, make provisions to handle them more gracefully. This commit introduces an environment variable: ``$SPECIALMODE``. It's value has the following meanings within the CI scripts: Mode 'none': Nothing special, business as usual (default) Mode 'rootless': Rootless testing Mode 'in_podman': Build container, run integration tests in it. This will make adding additional special-cases later easier, as well as extending the special cases in a Matrix across multiple OS's. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #2818 from mheon/update_versionOpenShift Merge Robot2019-04-01
|\ \ | |/ |/| Update README with current version
| * Update README with current versionMatthew Heon2019-03-31
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2812 from rpjday/topic/rpjday/missing_option_hyphenOpenShift Merge Robot2019-03-31
|\ \ | | | | | | docs/podman-inspect.1.md: add missing option hyphen for "-t"
| * | docs/podman-inspect.1.md: add missing option hyphen for "-t"Robert P. J. Day2019-03-30
| | | | | | | | | | | | Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
* | | Merge pull request #2816 from rpjday/topic/rpjday/missing_hyphensOpenShift Merge Robot2019-03-31
|\ \ \ | |_|/ |/| | docs/podman*.md: fix numerous option typos and spacing errors
| * | docs/podman*.md: fix numerous option typos and spacing errorsRobert P. J. Day2019-03-31
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Cursory examination of man pages shows a number of typos: - missing hyphens - missing blank line - longer option should precede shorter option This is not an extensive fix, there's still a lot that could be cleaned up. Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
* | Merge pull request #2807 from mheon/bump-1.2.0OpenShift Merge Robot2019-03-31
|\ \ | | | | | | Bump to v1.2.0
| * | Bump gitvalidation epochMatthew Heon2019-03-30
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Bump to v1.3.0-devMatthew Heon2019-03-30
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Bump to v1.2.0v1.2.0Matthew Heon2019-03-30
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>