summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* fix podman sign signature store for rootlessQi Wang2019-09-11
| | | | | | Store the the signature under graphroot when using rootless podman image sign. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #3988 from mheon/fix_lookup_volumeOpenShift Merge Robot2019-09-11
|\ | | | | Volume lookup needs to include state to unmarshal into
| * Volume lookup needs to include state to unmarshal intoMatthew Heon2019-09-11
| | | | | | | | | | | | | | | | | | Lookup was written before volume states merged, but merged after, and CI didn't catch the obvious failure here. Without a valid state, we try to unmarshall into a null pointer, and 'volume rm' is completely broken because of it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3973 from baude/validateupdateOpenShift Merge Robot2019-09-11
|\ \ | |/ |/| add lint and manpage check to make validate
| * add lint and manpage check to make validatebaude2019-09-10
| | | | | | | | | | | | | | make validate now runs golangci-lint and the man-page-checker to ensure a PR is ready for our CI system. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3984 from mheon/prune_no_in_use_errorOpenShift Merge Robot2019-09-11
|\ \ | | | | | | Do not prune images being used by a container
| * | Do not prune images being used by a containerMatthew Heon2019-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman is not the only user of containers/storage, and as such we cannot rely on our database as the sole source of truth when pruning images. If images do not show as in use from Podman's perspective, but subsequently fail to remove because they are being used by a container, they're probably being used by Buildah or another c/storage client. Since the images in question are in use, we shouldn't error on failure to prune them - we weren't supposed to prune them in the first place. Fixes: #3983 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3927 from openSUSE/manager-annotationsOpenShift Merge Robot2019-09-11
|\ \ \ | | | | | | | | Add `ContainerManager` annotation to created containers
| * | | Add `ContainerManager` annotation to created containersSascha Grunert2019-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds the following annotation to every container created by podman: ```json "Annotations": { "io.containers.manager": "libpod" } ``` Target of this annotaions is to indicate which project in the containers ecosystem is the major manager of a container when applications share the same storage paths. This way projects can decide if they want to manipulate the container or not. For example, since CRI-O and podman are not using the same container library (libpod), CRI-O can skip podman containers and provide the end user more useful information. A corresponding end-to-end test has been adapted as well. Relates to: https://github.com/cri-o/cri-o/pull/2761 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | Merge pull request #3581 from mheon/no_cgroupsOpenShift Merge Robot2019-09-11
|\ \ \ \ | | | | | | | | | | Support running containers without CGroups
| * | | | Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #3961 from mheon/copy_volume_contentsOpenShift Merge Robot2019-09-10
|\ \ \ \ \ | |_|_|/ / |/| | | | When first mounting any named volume, copy up
| * | | | When first mounting any named volume, copy upMatthew Heon2019-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we only did this for volumes created at the same time as the container. However, this is not correct behavior - Docker does so for all named volumes, even those made with 'podman volume create' and mounted into a container later. Fixes #3945 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #3817 from xcffl/masterOpenShift Merge Robot2019-09-10
|\ \ \ \ \ | | | | | | | | | | | | Add explanation mounting named volumes for `podman run`
| * | | | | Replace "podman" with "Podman"xcffl2019-09-07
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: xcffl <xcffl@outlook.com>
| * | | | | Add instructions for mounting named volumesxcffl2019-09-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from the host for `podman run` Signed-off-by: xcffl <xcffl@outlook.com>
| * | | | | Add instruction for using fuse-overlayfs as the rootless storage driverxcffl2019-09-07
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: xcffl <xcffl@outlook.com>
* | | | | | Merge pull request #3966 from cfelder/fixup-makefile-bsdOpenShift Merge Robot2019-09-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fixup Makefile for BSD systems, e.g. macOS
| * | | | | | Fixup Makefile for BSD systems, e.g. macOSChristian Felder2019-09-07
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bsd variant of `ln` does not support the ``-T`` option. Testing for existence using wildcard before creating new symlinks should be sufficient here. Furthermore the target directory is managed internally by this Makefile anyway. Signed-off-by: Christian Felder <c.felder@fz-juelich.de>
* | | | | | Merge pull request #3964 from TomSweeneyRedHat/dev/tsweeney/journaldimgfixOpenShift Merge Robot2019-09-10
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Turn off journald in podmanimages on quay.io
| * | | | | Turn off journald in podmanimages on quay.ioTomSweeneyRedHat2019-09-06
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the Dockerfiles that are used to build the podman images on quay.io, we were changing the events_logger from journald to file in libpod.conf, but we weren't enabling it as we didn't remove the comment. This corrects that and addresses: #3464 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #3896 from mheon/volume_lookupOpenShift Merge Robot2019-09-09
|\ \ \ \ \ | |_|_|_|/ |/| | | | Add ability to look up volumes by unambiguous partial name
| * | | | Add function for looking up volumes by partial nameMatthew Heon2019-09-09
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This isn't included in Docker, but seems handy enough. Use the new API for 'volume rm' and 'volume inspect'. Fixes #3891 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3862 from baude/networkcreateOpenShift Merge Robot2019-09-09
|\ \ \ \ | | | | | | | | | | podman network create
| * | | | podman network createbaude2019-09-09
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | initial implementation of network create. we only support bridging networks with this first pass. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #3975 from edsantiago/man_page_checker_better_diagnosticsOpenShift Merge Robot2019-09-09
|\ \ \ \ | |_|/ / |/| | | hack/man_page_checker - improve diagnostics
| * | | hack/man_page_checker - improve diagnosticsEd Santiago2019-09-09
|/ / / | | | | | | | | | | | | | | | | | | | | | Make the errors more readable, with clearer instructions on what to look for, and which filename, and what we expect to see, and perhaps even how to approach a fix. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #3971 from cfelder/fixup-getconfighomedirOpenShift Merge Robot2019-09-09
|\ \ \ | | | | | | | | Fixup `util.GetRootlessConfigHomeDir` permission requirements
| * | | Fixup `util.GetRootlessConfigHomeDir` permission requirementsChristian Felder2019-09-09
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not require 0755 permissons for the ~/.config directory but require at least 0700 which should be sufficient. The current implementation internally creates this directory with 0755 if it does not exist, but if the directory already exists with different perissions the current code returns an empty string. Signed-off-by: Christian Felder <c.felder@fz-juelich.de>
* | | Merge pull request #3914 from marcov/units-optsOpenShift Merge Robot2019-09-09
|\ \ \ | | | | | | | | cli-flags: use a consistent format for <size><unit>
| * | | cli-flags: use a consistent format for <size><unit>Marco Vedovati2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a consistent format for description of the <size><unit> flags. Also, avoid backticks for /dev/shm, as that's interpreted as the format by the flag parsing lib. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | | | Merge pull request #3944 from giuseppe/build-cgroup-managerOpenShift Merge Robot2019-09-08
|\ \ \ \ | | | | | | | | | | build: pass down the cgroup manager to buildah
| * | | | build: pass down the cgroup manager to buildahGiuseppe Scrivano2019-09-06
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | Pass down the cgroup manager to use to buildah. Closes: https://github.com/containers/libpod/issues/3938 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3965 from rhatdan/completionsOpenShift Merge Robot2019-09-08
|\ \ \ \ | |/ / / |/| | | Fix podman import bash completions
| * | | Fix podman import bash completionsDaniel J Walsh2019-09-07
|/ / / | | | | | | | | | | | | | | | | | | podman import bash completions are throwing errors. Updated this completion to work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #3950 from ashley-cui/macdocOpenShift Merge Robot2019-09-06
|\ \ \ | |_|/ |/| | mac_client docs
| * | mac_client.mdAshley Cui2019-09-06
| | | | | | | | | | | | | | | | | | add doc explaining setup for podman on mac in current stage of dev Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* | | Merge pull request #3960 from mheon/ignore_umount_enoentOpenShift Merge Robot2019-09-06
|\ \ \ | | | | | | | | Ignore ENOENT on umount of SHM
| * | | Ignore ENOENT on umount of SHMMatthew Heon2019-09-06
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3918 from rhatdan/infoOpenShift Merge Robot2019-09-06
|\ \ \ \ | |/ / / |/| | | Return information about mount_program (fuse-overlayfs)
| * | | Return information about mount_program (fuse-overlayfs)Daniel J Walsh2019-09-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We want to get podman info to tell us about the version of the mount program to help us diagnose issues users are having. Also if in rootless mode and slirp4netns is installed reveal package info on slirp4netns. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #3958 from haircommander/play-kube-secOpenShift Merge Robot2019-09-06
|\ \ \ \ | | | | | | | | | | play kube: fix segfault
| * | | | play kube: fix segfaultPeter Hunt2019-09-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when securityContext wasn't specified in yaml. add a test as well Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | | Merge pull request #3954 from mheon/hardcode_default_storepathsOpenShift Merge Robot2019-09-06
|\ \ \ \ \ | | | | | | | | | | | | Ensure good defaults on blank c/storage configuration
| * | | | | Ensure good defaults on blank c/storage configurationMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If c/storage paths are explicitly set to "" (the empty string) it will use compiled-in defaults. However, it won't tell us this via `storage.GetDefaultStoreOptions()` - we just get the empty string (which can put our defaults, some of which are relative to c/storage, in a bad spot). Hardcode a sane default for cases like this. Furthermore, add some sanity checks to paths, to ensure we don't use relative paths for core parts of libpod. Fixes #3952 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #3931 from mheon/volumes_with_optionsOpenShift Merge Robot2019-09-06
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Add support for mounting volumes with local driver and options
| * | | | | Correctly report errors on unmounting SHMMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we fail to remove a container's SHM, that's an error, and we need to report it as such. This may be part of our lingering storage woes. Also, remove MNT_DETACH. It may be another cause of the storage removal failures. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | Add ability for volumes with options to mount/umountMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When volume options and the local volume driver are specified, the volume is intended to be mounted using the 'mount' command. Supported options will be used to volume the volume before the first container using it starts, and unmount the volume after the last container using it dies. This should work for any local filesystem, though at present I've only tested with tmpfs and btrfs. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | Add volume stateMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to be able to track the number of times a volume has been mounted for tmpfs/nfs/etc volumes. As such, we need a mutable state for volumes. Add one, with the expected update/save methods in both states. There is backwards compat here, in that older volumes without a state will still be accepted. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | Change volume driver and options JSON tagsMatthew Heon2019-09-05
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In upcoming commits, we're going to turn on the backends for these fields. Volumes with these set will act fundamentally differently from other volumes. There will probably be validation required for each field. Until now, though, we've freely allowed creation of volumes with these set - they just did nothing. So we have no idea what could be in the DB with old volumes. Change the struct tags so we don't have to worry about old, unvalidated data. We'll start fresh with new volumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>