summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* oci_conmon: do not create a cgroup under systemdGiuseppe Scrivano2020-01-16
| | | | | | | | Detect whether we are running under systemd (if the INVOCATION_ID is set). If Podman is running under a systemd service, we do not need to create a cgroup for conmon. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* systemdgen: specify --cgroups=disabled-conmon for --newGiuseppe Scrivano2020-01-16
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: add new option --cgroups=no-conmonGiuseppe Scrivano2020-01-16
| | | | | | | | it allows to disable cgroups creation only for the conmon process. A new cgroup is created for the container payload. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4884 from vrothberg/systemd-ignoreOpenShift Merge Robot2020-01-16
|\ | | | | systemdgen: add --ignore flag to generic services
| * systemdgen: add --ignore flag to generic servicesValentin Rothberg2020-01-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The --ignore flag lets Podman ignore errors when a specified container does not exist (anymore). That's a nice addition to generic services generated via the --new flag. Those services create new containers and can hence allows user to manually remove a container; may it only be by accident. The important part of using the --ignore flag is that Podman will exit 0 which plays nicer with most restart policies; a non-zero exit may yield systemd to restart the entire service which is arguably wrong if the user manually deletes the container. If desired, users can still alter the generated files. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #4869 from rhatdan/networkOpenShift Merge Robot2020-01-16
|\ \ | |/ |/| Remove c.String(net)
| * Remove c.String(net)Daniel J Walsh2020-01-16
| | | | | | | | | | | | | | We have a lot of cludgy code trying to make --net and --network equivalent. This will allow --net to still exists but will eliminate the help and confusion. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #4881 from vrothberg/terminate-serviceOpenShift Merge Robot2020-01-16
|\ \ | |/ |/| v2: don't block sigterm and add the service to `make binaries`
| * make binaries: include serviceValentin Rothberg2020-01-16
| | | | | | | | | | | | | | Include the service into make binaries such that we're it's being build in the CI. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * service: don't block sigtermValentin Rothberg2020-01-16
|/ | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #4882 from vrothberg/fix-gatingOpenShift Merge Robot2020-01-16
|\ | | | | Cirrus: remove workaround for cleaning /go/bin
| * Cirrus: remove workaround for cleaning /go/binValentin Rothberg2020-01-16
|/ | | | | | | | | | Remove the temporary workaround for cleaning /go/bin in the gating task. The workaround was added to make sure that we're always installing the latest tools in `make install.tools`. The gating image does not ship with these pre-installed tools anymore which is now causing errors in the gating task as the `rm` is missing the `--force` flag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #4807 from ssbarnea/fix/pre-commitOpenShift Merge Robot2020-01-15
|\ | | | | Enable pre-commit linting
| * Enable pre-commit tool lintingSorin Sbarnea2020-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This should help use keep the codebase more consistent, and avoid sevel whitespace related issues, or bad file permissions. pre-commit allows us to easily introduce other linters in follow-ups, like bashate. Note: pre-commit tool does *not* install any git-hooks. Making commits will will call the tool unless you deliverately tell it to install the hooks. Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* | Merge pull request #4860 from vrothberg/v2-topOpenShift Merge Robot2020-01-15
|\ \ | | | | | | v2 api: top improvements
| * | api: stats: fix typoValentin Rothberg2020-01-15
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | api: utils: add an `IsLibpodRequest` handlerValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add a hanlder to figure out if the specified http request came through a libpod endpoint. A first user is the top endpoint which has a different default value for `ps_args` depending if the request came through the docker or libpod endpoint. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | refactor top codeValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | Move the top logic from pkg/adapter into the (*libpod.Container).Top(). This way, we drop the dependency from pkg/api on pkg/adapters and have a clearer separation of concerns. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | top: use a separate pipe for the error streamValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | Let's not mix apples and oranges and give stderr a dedicated pipe. This way, we don't return conmon log messages if run in debug mode. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | v2 api: top improvementsValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | * Use `pkg/adapter` to increase code reuse and reduce code redundancy. * Extend swagger docs to mention AIX descriptors. * Document the libpod endpoint which shares the same handler. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #4824 from edsantiago/batsOpenShift Merge Robot2020-01-15
|\ \ \ | | | | | | | | more BATS tests
| * | | more BATS testsEd Santiago2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - run: --name (includes 'podman container exists' tests) - run: --pull (always, never, missing) - build: new test for ADD URL (#4420) - exec: new test for issue #4785 (pipe getting lost) - diff: new test - selinux (mostly copied from docker-autotest) Plus a bug fix: the wait_for_output() helper would continue checking, eventually timing out, even if the container had already exited (probably because of an error). Fix: as part of the loop, run 'podman inspect' and bail out if container is not running. Include exit code and logs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #4874 from baude/swagcleanupOpenShift Merge Robot2020-01-15
|\ \ \ \ | | | | | | | | | | [CI:DOCS]swagger cleanup and left-hand nav
| * | | | [CI:DOCS]swagger cleanup and left-hand navbaude2020-01-15
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | add a static tags file so we can dictate the left-hand navigation. in doing so we now override the tag in the swagger:operation. we now have images and images (compat) as a way to differentiate. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #4870 from vrothberg/gating-dockerfileOpenShift Merge Robot2020-01-15
|\ \ \ \ | | | | | | | | | | Gating dockerfile
| * | | | make .install.golangci-lint: force specific versionValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of only performing a presence check of the binary, also do a version check and force installing the specified one if needed. This will prevent users and the CI from using a wrong version in the future. Move the logic into a dedicated shell script as I find built-in bash in Makefiles hard to maintain. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | Makefile: remove gometalinterValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove all references on gometalinter including the target to install it. We are not using it anymore since we have fully migrated to golangci-lint. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | contrib/gate/Dockerfile: bump to F31Valentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use fedora:31 as a base image and rebuild to fetch the latest tools. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #4868 from jwhonce/wip/sshdOpenShift Merge Robot2020-01-15
|\ \ \ \ \ | |_|_|/ / |/| | | | [CI:DOCS] Add APIv2 CLI example POC
| * | | | Add APIv2 CLI example POCJhon Honce2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add ReadMe, CLI and unit files to support socket activation, both for system and rootless Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #4872 from vrothberg/v2-statsOpenShift Merge Robot2020-01-15
|\ \ \ \ \ | | | | | | | | | | | | v2 api: stats improvements
| * | | | | v2: stats: drop redundant sleep when streamingValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also remove the redundant stats handler in libpod. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | v2: stats: libpod: use generic handlerValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The docker and libpod endpoints provide the same functionality, so we can use the same handler. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | v2: stats: rigorous error checksValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also expect the container to be running. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | v2: stats: fix errorsValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also add some comments. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | v2: stats: do not ignore errorsValentin Rothberg2020-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We must check all errors and handle them properly. Otherwise, we can run into nil dereferences ultimately killing the service. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | v2: stats: remove windows-specific fieldsValentin Rothberg2020-01-15
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | `NumProcs` and `StorageStats` are windows specific and are not popoulated on Linux. Hence, we can safely remove them. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #4859 from giuseppe/not-change-permission-for-rundir-tmpdirOpenShift Merge Robot2020-01-15
|\ \ \ \ \ | |/ / / / |/| | | | oci_conmon: not make accessible dirs if not needed
| * | | | oci_conmon: not make accessible dirs if not neededGiuseppe Scrivano2020-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not change the permissions mask for the rundir and the tmpdir when running a container with a user namespace and the current user is mapped inside the user namespace. The change was introduced with 849548ffb8e958e901317eceffdcc2d918cafd8d, that dropped the intermediate mount namespace in favor of allowing root into the user namespace to access these directories. Closes: https://github.com/containers/libpod/issues/4846 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #4866 from TomSweeneyRedHat/dev/tsweeney/buildah1.13.1OpenShift Merge Robot2020-01-15
|\ \ \ \ \ | | | | | | | | | | | | Bump to Buildah v1.13.1
| * | | | | Bump to Buildah v1.13.1TomSweeneyRedHat2020-01-14
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | | Merge pull request #4806 from vrothberg/seccompOpenShift Merge Robot2020-01-15
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | policy for seccomp-profile selection
| * | | | | policy for seccomp-profile selectionValentin Rothberg2020-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a policy for selecting a seccomp profile. In addition to the default behaviour (default profile unless --security-opt seccomp is set) add a second policy doing a lookup in the image annotation. If the image has the "io.containers.seccomp.profile" set its value will be interpreted as a seccomp profile. The policy can be selected via the new --seccomp-policy CLI flag. Once the containers.conf support is merged into libpod, we can add an option there as well. Note that this feature is marked as experimental and may change in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | shared/create.go: s/data/imageData/Valentin Rothberg2020-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename `data` to `imageData` to make it more obvious which kind of data the variable refers to. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #4867 from baude/servicefixOpenShift Merge Robot2020-01-14
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | [CI:DOCS]swagger corrections
| * | | | | [CI:DOCS]swagger correctionsbaude2020-01-14
|/ / / / / | | | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #4858 from vrothberg/enable-lintersOpenShift Merge Robot2020-01-14
|\ \ \ \ \ | | | | | | | | | | | | make lint: extend checks
| * | | | | .gitignore: ingore *.coverprofile from unit testsValentin Rothberg2020-01-14
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | make lint: include unit testsValentin Rothberg2020-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Include the unit tests (i.e., _test.go files) for linting to make the tests more robust and enforce the linters' coding styles etc. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | .golangci.yml: move swagger.go from MakefileValentin Rothberg2020-01-14
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>