summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Store cgroup manager on a per-container basisMatthew Heon2020-10-08
| | | | | | | | | | | | | | | | | | | | | When we create a container, we assign a cgroup parent based on the current cgroup manager in use. This parent is only usable with the cgroup manager the container is created with, so if the default cgroup manager is later changed or overridden, the container will not be able to start. To solve this, store the cgroup manager that created the container in container configuration, so we can guarantee a container with a systemd cgroup parent will always be started with systemd cgroups. Unfortunately, this is very difficult to test in CI, due to the fact that we hard-code cgroup manager on all invocations of Podman in CI. Fixes #7830 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #7932 from jwhonce/jira/run-898OpenShift Merge Robot2020-10-07
|\ | | | | Restore V1 --format "table..." support
| * Port commands to V2 --format 'table...'Jhon Honce2020-10-07
| | | | | | | | | | | | | | | | | | | | * 'containers mount' * 'image history' * 'images mount' * 'images search' * Correct spelling errors Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #7382 from mheon/pod_parallelOpenShift Merge Robot2020-10-07
|\ \ | | | | | | Move pod jobs to parallel execution
| * | Use WaitWithDefaultTimeout in cleanupMatthew Heon2020-10-07
| | | | | | | | | | | | | | | | | | | | | Ensure that we actually print the output of all commands when cleaning up the results of the E2E tests. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Move pod jobs to parallel executionMatthew Heon2020-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make Podman pod operations that do not involve starting containers (which needs to be done in a specific order) use the same parallel operation code we use to make `podman stop` on large numbers of containers fast. We were previously stopping containers in a pod serially, which could take up to the timeout (default 15 seconds) for each container - stopping 100 containers that do not respond to SIGTERM would take 25 minutes. To do this, refactor the parallel operation code a bit to remove its dependency on libpod (damn circular import restrictions...) and use parallel functions that just re-use the standard container API operations - maximizes code reuse (previously each pod handler had a separate implementation of the container function it performed). This is a bit of a palate cleanser after fighting CI for two days - nice to be able to return to a land of sanity. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7943 from baude/issue7807OpenShift Merge Robot2020-10-07
|\ \ \ | |_|/ |/| | prevent unpredictable results with network create|remove
| * | prevent unpredictable results with network create|removebaude2020-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | due to a lack of "locking" on cni operations, we could get ourselves in trouble when doing rapid creation or removal of networks. added a simple file lock to deal with the collision and because it is not considered a performent path, use of the file lock should be ok. if proven otherwise in the future, some generic shared memory lock should be implemented for libpod and also used here. moved pkog/network to libpod/network because libpod is now being pulled into the package and it has therefore lost its generic nature. this will make it easier to absorb into libpod as we try to make the network closer to core operations. Fixes: #7807 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #7937 from rhatdan/sizeOpenShift Merge Robot2020-10-07
|\ \ \ | | | | | | | | Populate /etc/hosts file when run in a user namespace
| * | | Populate /etc/hosts file when run in a user namespaceDaniel J Walsh2020-10-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | We do not populate the hostname field with the IP Address when running within a user namespace. Fixes https://github.com/containers/podman/issues/7490 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7845 from rhatdan/remoteOpenShift Merge Robot2020-10-07
|\ \ \ | |/ / |/| | Attempt to turn on some more remote tests
| * | Attempt to turn on some more remote testsDaniel J Walsh2020-10-07
|/ / | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7940 from edsantiago/runner_refactorOpenShift Merge Robot2020-10-06
|\ \ | |/ |/| Cirrus CI runner: refactor
| * Cirrus CI runner: refactorEd Santiago2020-10-06
|/ | | | | | | | | | | | | | | While reviewing #6784 I found myself having a lot of trouble with this script: it was a complicated mix of case statement and helper functions, requiring a reader to jump back and forth between the two. This PR defines a convention such that a given TEST_FLAVOR=foo must have a corresponding _run_foo() handler function. The goal is to have all TEST_FLAVOR-related code in one place, or at least less scattered (integration and system tests still rely on other helper functions). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7918 from zhangguanzhang/apiv2-wrong-StopSignalOpenShift Merge Robot2020-10-06
|\ | | | | [apiv2] /containers/$name/json return wrong value in `.Config.StopSignal`
| * fix apiv2 /containers/$name/json return wrong value in `.Config.StopSignal`zhangguanzhang2020-10-06
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7929 from kolyshkin/nits-errOpenShift Merge Robot2020-10-06
|\ \ | | | | | | Nits
| * | pkg/cgroups/createCgroupv2Path: nitsKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Check the path validity before trying to read the cgroup.controllers. 2. Do not hardcode "/sys/fs/cgroup". 3. Simplify creating the "+this +that" string. 4. Do not wrap ioutil.WriteFile error. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * | Lowercase some errorsKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit is courtesy of ``` for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Error /\1"error /' $f; done for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Failed to /\1"failed to /' $f; done ``` etc. Self-reviewed using `git diff --word-diff`, found no issues. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * | Remove excessive error wrappingKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like fails, the error message already contains the file name and the operation that fails, so there is no need to wrap the error with something like "open %s failed". While at it - replace a few places with os.Open, ioutil.ReadAll with ioutil.ReadFile. - replace errors.Wrapf with errors.Wrap for cases where there are no %-style arguments. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | | Merge pull request #7931 from rhatdan/sizeOpenShift Merge Robot2020-10-06
|\ \ \ | |_|/ |/| | Support max_size logoptions
| * | Support max_size logoptionsDaniel J Walsh2020-10-05
| |/ | | | | | | | | | | | | | | Docker supports log-opt max_size and so does conmon (ALthough poorly). Adding support for this allows users to at least make sure their containers logs do not become a DOS vector. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7926 from cevich/less_branch_testingOpenShift Merge Robot2020-10-06
|\ \ | | | | | | Cirrus: Skip deep testing on branches
| * | Cirrus: Skip deep testing on branchesChris Evich2020-10-05
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Previous to this commit, the entire suite of CI tasks run in a PR, run again for every merge (a.k.a. branch push). This wastes time and resources with substantively overlapping testing. The primary reason to test on branch-push, is providing coverage for merge-semantics. In other words, problems introduced due to the sequence of PR merging. For this purpose, the vast majority of problems can be caught quickly by a small subset of automated tests. If deeper debugging is necessary, then opening a test-PR is a small price to ask for the enormous amount of time/resource savings with more limited branch-push testing. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #7924 from edsantiago/logformatter_on_sysbindingsOpenShift Merge Robot2020-10-06
|\ \ | | | | | | logformatter: run on system tests & bindings
| * | logformatter: run on system tests & bindingsEd Santiago2020-10-05
| |/ | | | | | | | | | | | | | | | | | | | | | | (that got accidentally dropped in the new Cirrus makeover). Note that 'dotest' does not actually 'do tests', it's only used for a small subset of tests. Also, make logformatter work better in the new Cirrus setup. Remove duplicate test/subtest, remove no-longer-used SPECIALMODE, and make the Cirrus build/task display a little cleaner. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #7919 from rhatdan/subuidOpenShift Merge Robot2020-10-05
|\ \ | | | | | | Fix handling of CheckRootlessUIDRange
| * | Fix handling of CheckRootlessUIDRangeDaniel J Walsh2020-10-05
| | | | | | | | | | | | | | | | | | | | | If I have multiple ranges of UIDs specified in the /etc/subuid, this check blows up and incorrectly blocks the use of --user flag. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7904 from jwhonce/wip/idleOpenShift Merge Robot2020-10-05
|\ \ \ | |_|/ |/| | Fixes remote attach and exec to signal IdleTracker
| * | Fixes remote attach and exec to signal IdleTrackerJhon Honce2020-10-05
|/ / | | | | | | | | | | | | | | | | | | - Fixes issue where remote attach and exec only signaled the IdleTracker on errors. Needs to done anytime after connection has been hijacked - Fixes trying to send multiple http status codes to client - Changes pprof and API server shutdowns to run in parallel - Changes shutdown to run in sync.Once block Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #7920 from cevich/fix_new_ci_smokeOpenShift Merge Robot2020-10-05
|\ \ | |/ |/| Cirrus: Fix branch-validation failure
| * Cirrus: Fix branch-validation failureChris Evich2020-10-05
| | | | | | | | | | | | | | | | | | | | | | When validating code on a branch, determining a starting commit to check from isn't as straightforward as it would seem. Default to using the SHA from last time CI was green. If for some reason that isn't available, use an obviously wrong value to cause an intentional failure. Entirely skip this check on tag-push, since determining a starting point is incredibly difficult to do automatically. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #6784 from cevich/new_ci_cdBrent Baude2020-10-05
|\| | | | | Cirrus: Make efficient and performant
| * Cirrus: Implement podman automation 2.0Chris Evich2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reimplement CI-automation to remove accumulated technical-debt and optimize workflow. The task-dependency graph designed goal was to shorten it's depth and increase width (i.e. more parallelism). A reduction in redundant building (and 3rd party module download) was also realized by caching `$GOPATH` and `$GOCACHE` early on. This cache is then reused in favor of a fresh clone of the repository (when possible). Note: The system tests typically execute MUCH faster than the integration tests. However, contrary to a fail-fast/fail-early principal, they are executed last. This was implemented due to debug-ability related concerns/preferences of the primary (golang-centric) project developers. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #7913 from ↵OpenShift Merge Robot2020-10-05
|\ \ | | | | | | | | | | | | andylibrian/kube-generate-support-resource-limits-7855 Add support for resource memory limit to generate kube
| * | Add TODO for adding CPU limit supportAndy Librian2020-10-05
| | | | | | | | | | | | Signed-off-by: Andy Librian <andylibrian@gmail.com>
| * | Add support for resource memory limit to generate kubeAndy Librian2020-10-04
| | | | | | | | | | | | | | | | | | addresses #7855 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | Merge pull request #7909 from zhangguanzhang/remote-ps-ns-brokenOpenShift Merge Robot2020-10-05
|\ \ \ | | | | | | | | Fix podman-remote ps --ns broken
| * | | Fix podman-remote ps --ns brokenzhangguanzhang2020-10-04
| | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | Merge pull request #7902 from rhatdan/selinuxOpenShift Merge Robot2020-10-05
|\ \ \ \ | |/ / / |/| | | Add SELinux support for pods
| * | | Add SELinux support for podsDaniel J Walsh2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All containers within a Pod need to run with the same SELinux label, unless overwritten by the user. Also added a bunch of SELinux tests to make sure selinux labels are correct on namespaces. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7899 from zhangguanzhang/service-panic-client-killOpenShift Merge Robot2020-10-03
|\ \ \ \ | | | | | | | | | | [podman-remote] Fix closed connection on pull causes service panic
| * | | | fix closed the remote connection on pull causes service paniczhangguanzhang2020-10-03
| | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | Merge pull request #7856 from rhatdan/rootOpenShift Merge Robot2020-10-02
|\ \ \ \ \ | |_|/ / / |/| | | | podman-remote does not support most of the global flags
| * | | | podman-remote does not support most of the global flagsDaniel J Walsh2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote --help is showing a bunch of global flags that it does not support Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7901 from vrothberg/fix-compat-images-createOpenShift Merge Robot2020-10-02
|\ \ \ \ \ | | | | | | | | | | | | compat: images/create: fix tag parsing
| * | | | | compat: images/create: fix tag parsingValentin Rothberg2020-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `tag` parameter of the compat `images/create` endpoint can be both, a tag and a digest. Fix parsing of the parameter to detect digests and use the appropriate `@` separator. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #7199 from jwhonce/jira/run-898OpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | Restore "table" --format from V1
| * | | | | | Restore "table" --format from V1Jhon Honce2020-10-02
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * --format "table {{.field..." will print fields out in a table with headings. Table keyword is removed, spaces between fields are converted to tabs * Update parse.MatchesJSONFormat()'s regex to be more inclusive * Add report.Headers(), obtain all the field names to be used as column headers, a map of field name to column headers may be provided to override the field names * Update several commands to use new functions Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #7882 from giuseppe/check-for-gids-before-adding-themOpenShift Merge Robot2020-10-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | libpod: check there are enough gids before adding them