summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Send HTTP Hijack headers after successful attachMatthew Heon2020-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | Our previous flow was to perform a hijack before passing a connection into Libpod, and then Libpod would attach to the container's attach socket and begin forwarding traffic. A problem emerges: we write the attach header as soon as the attach complete. As soon as we write the header, the client assumes that all is ready, and sends a Start request. This Start may be processed *before* we successfully finish attaching, causing us to lose output. The solution is to handle hijacking inside Libpod. Unfortunately, this requires a downright extensive refactor of the Attach and HTTP Exec StartAndAttach code. I think the result is an improvement in some places (a lot more errors will be handled with a proper HTTP error code, before the hijack occurs) but other parts, like the relocation of printing container logs, are just *bad*. Still, we need this fixed now to get CI back into good shape... Fixes #7195 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #7379 from lsm5/bindings-tutorialOpenShift Merge Robot2020-08-20
|\ | | | | [CI:DOCS] docs: include Go bindings tutorial
| * [CI:DOCS] Include Go bindings tutorialLokesh Mandvekar2020-08-19
| | | | | | | | | | | | Include the Go bindings blog post as a tutorial Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #7383 from mheon/unmount_storage_ctrsOpenShift Merge Robot2020-08-20
|\ \ | |/ |/| Unmount c/storage containers before removing them
| * Unmount c/storage containers before removing themMatthew Heon2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When `podman rmi --force` is run, it will remove any containers that depend on the image. This includes Podman containers, but also any other c/storage users who may be using it. With Podman containers, we use the standard Podman removal function for containers, which handles all edge cases nicely, shutting down running containers, ensuring they're unmounted, etc. Unfortunately, no such convient function exists (or can exist) for all c/storage containers. Identifying the PID of a Buildah, CRI-O, or Podman container is extremely different, and those are just the implementations under the containers org. We can't reasonably be able to know if a c/storage container is *in use* and safe for removal if it's not a Podman container. At the very least, though, we can attempt to unmount a storage container before removing it. If it is in use, this will fail (probably with a not-particularly-helpful error message), but if it is not in use but not fully cleaned up, this should make our removing it much more robust than it normally is. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #7366 from jwhonce/jira/run-991OpenShift Merge Robot2020-08-19
|\ \ | | | | | | Implement --connection flag
| * | Add support for --connectionDaniel J Walsh2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * override --url and/or --identity fields from containers.conf * --connection flag has higher precedence than ActiveService from containers.conf. Which is set via podman system connection default * Add newline to error message printed on stderr * Added --connection to bash completion and documentation * Updated bindings to query server in case of no path or / Closes #jira-991 Fixes #7276 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Jhon Honce <jhonce@redhat.com> Squashed commits to work around CI issue
* | | Merge pull request #7346 from rhatdan/systemdOpenShift Merge Robot2020-08-19
|\ \ \ | |_|/ |/| | Don't limit the size on /run for systemd based containers
| * | Don't limit the size on /run for systemd based containersDaniel J Walsh2020-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We had a customer incident where they ran out of space on /run. If you don't specify size, it will be still limited to 50% or memory available in the cgroup the container is running in. If the cgroup is unlimited then the /run will be limited to 50% of the total memory on the system. Also /run is mounted on the host as exec, so no reason for us to mount it noexec. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7344 from cevich/increase_timeoutOpenShift Merge Robot2020-08-19
|\ \ \ | | | | | | | | Cirrus: Increase integration-testing timeout
| * | | Cirrus: Increase integration-testing timeoutChris Evich2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Observed timeout problems hitting some integration-testing tasks differently than others. Given the current `Makefile` has a ginkgo timeout of 90-minutes, the task timeout for integration tests should be longer. Increase the timeout of the main integration-test running tasks to the (default) 120min global valie in `.cirrus.yml`. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #7362 from edsantiago/batsOpenShift Merge Robot2020-08-19
|\ \ \ \ | | | | | | | | | | system tests: enable more remote tests; cleanup
| * | | | system tests: enable more remote tests; cleanupEd Santiago2020-08-19
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | info, images, run, networking tests: remove some skip_if_remote()s that were added in the varlink days. All of these tests now seem to work with APIv2. help test: check that first output line from 'podman --help' is the program description (regression check for #7273). load test: clean up stray images, rewrite test to make it conform to existing convention. In the process, discover and file #7337 exec test (and networking): file #7360, and add FIXME comment to skip()s suggesting evaluating those tests once that is fixed. pod test: now that #6328 is fixed, use 'podman pod inspect --format' instead of relying on jq Various other tests: add an explanation of why test is disabled so we can more easily distinguish "this will never be meaningful under remote" vs "hey, doesn't work for now, but maybe someday". Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #7369 from ↵OpenShift Merge Robot2020-08-19
|\ \ \ \ | |/ / / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/image/v5-5.5.2 Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
| * | | Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2dependabot-preview[bot]2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.5.1 to 5.5.2. - [Release notes](https://github.com/containers/image/releases) - [Commits](https://github.com/containers/image/compare/v5.5.1...v5.5.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7350 from vrothberg/fix-7285OpenShift Merge Robot2020-08-19
|\ \ \ \ | | | | | | | | | | generate systemd: quote arguments with whitespace
| * | | | generate systemd: quote arguments with whitespaceValentin Rothberg2020-08-19
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that arguments with whitespace are properly quoted so they are interpreted as one (and not multiple ones) by systemd. Now `-e tz="america/new york"` will be generated as `-e "tz=america/new york"`. The quotes are moving but the argument is still correct. Fixes: #7285 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7343 from mheon/update_defaultenvOpenShift Merge Robot2020-08-19
|\ \ \ \ | |_|/ / |/| | | Ensure DefaultEnvVariables is used in Specgen
| * | | Ensure DefaultEnvVariables is used in SpecgenMatthew Heon2020-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we rewrote Podman's pkg/spec, one of the things that was lost was our use of a set of default environment variables, that ensure all containers have at least $PATH and $TERM set. While we're in the process of re-adding it, change it from a variable to a function, so we can ensure the Join function does not overwrite it and corrupt the defaults. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #7311 from QiWang19/service-reloadOpenShift Merge Robot2020-08-19
|\ \ \ \ | |_|/ / |/| | | Support sighup reload configuration files
| * | | Support sighup reload configuration filesQi Wang2020-08-18
| | | | | | | | | | | | | | | | | | | | | | | | Support podman service sighup reload configuration files(containers.conf, registries.conf, storage.conf). Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #7361 from Luap99/version-builttimeOpenShift Merge Robot2020-08-19
|\ \ \ \ | |_|/ / |/| | | fix podman version output to include git commit and builttime
| * | | fix podman version output to include git commit and builttimePaul Holzinger2020-08-18
| | |/ | |/| | | | | | | | | | | | | Add the go module version v2 to the libpod path. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #7341 from edsantiago/e2e_use_tmpdirsOpenShift Merge Robot2020-08-18
|\ \ \ | | | | | | | | e2e tests: use actual temp dirs, not "/tmp/dir"
| * | | e2e tests: use actual temp dirs, not "/tmp/dir"Ed Santiago2020-08-18
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the --iidfile tests was flaking: Error: failed to write image ID to file "/tmp/dir/idFile": open /tmp/dir/idFile: no such file or directory Root cause: test was actually not mkdir'ing /tmp/dir. Test was mostly passing because _other_ tests in the suite were mkdir'ing it, but once in a while this test ran before the others. Solution: fixed this test to use CreateTempDirInTempDir(). And, since hardcoded tempdirs are bad practice, grepped for '"dir"' and fixed all other instances too. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #7339 from giuseppe/change-systemd-detectionOpenShift Merge Robot2020-08-18
|\ \ \ | | | | | | | | abi: fix detection for systemd
| * | | abi: fix detection for systemdGiuseppe Scrivano2020-08-18
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | create a scope everytime we don't own the current cgroup and we are running on systemd. Closes: https://github.com/containers/podman/issues/6734 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #7338 from edsantiago/image_trust_flake_fixOpenShift Merge Robot2020-08-18
|\ \ \ | | | | | | | | flake fix: podman image trust
| * | | flake fix: podman image trustEd Santiago2020-08-18
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | The output of 'podman image trust' is in random order; but its e2e test was assuming a specific one. This caused flakes. Fixes: #6764 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #7352 from Luap99/uts-podOpenShift Merge Robot2020-08-18
|\ \ \ | |_|/ |/| | fix podman create/run UTS NS docs
| * | fix podman create/run UTS NS docsPaul Holzinger2020-08-18
| |/ | | | | | | | | | | | | | | Add better error message when using `--pod` and `--hostname`. Improve the docs to better explain the uts hostname relation. Add more valid options for the `--uts` flag. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #7358 from jwhonce/issues/7273OpenShift Merge Robot2020-08-18
|\ \ | |/ |/| Remove help/usage from --remote pre-check
| * Remove help/usage from --remote pre-checkJhon Honce2020-08-18
|/ | | | | | | | | --remote pre-check was providing usage context, which was also being provided by the root podman command. Fixes #7273 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #7354 from edsantiago/redisable_sdnotifyOpenShift Merge Robot2020-08-18
|\ | | | | Re-disable sdnotify tests to try to fix CI
| * Re-disable sdnotify tests to try to fix CIEd Santiago2020-08-18
|/ | | | | | | | Some CI tests are hanging, timing out in 60 or 120 minutes. I wonder if it's #7316, the bug where all podman commands hang forever if NOTIFY_SOCKET is set? Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7292 from spearlineltd/cleanupzombieOpenShift Merge Robot2020-08-18
|\ | | | | Wait for reexec to finish when fileOutput is nil
| * Wait for reexec to finish when fileOutput is nilJonathan Dieter2020-08-15
| | | | | | | | | | | | | | Currently, we're not cleanup up after ourselves when fileOutput is nil. This patch fixes that. Signed-off-by: Jonathan Dieter <jonathan.dieter@spearline.com>
* | Merge pull request #7283 from mheon/pod_infra_has_exit_cmdOpenShift Merge Robot2020-08-17
|\ \ | | | | | | Ensure pod infra containers have an exit command
| * | Clean up pods before returning from Pod Stop API callMatthew Heon2020-08-17
| | | | | | | | | | | | | | | | | | | | | This should help alleviate races where the pod is not fully cleaned up before subsequent API calls happen. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Ensure pod infra containers have an exit commandMatthew Heon2020-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most Libpod containers are made via `pkg/specgen/generate` which includes code to generate an appropriate exit command which will handle unmounting the container's storage, cleaning up the container's network, etc. There is one notable exception: pod infra containers, which are made entirely within Libpod and do not touch pkg/specgen. As such, no cleanup process, network never cleaned up, bad things can happen. There is good news, though - it's not that difficult to add this, and it's done in this PR. Generally speaking, we don't allow passing options directly to the infra container at create time, but we do (optionally) proxy a pre-approved set of options into it when we create it. Add ExitCommand to these options, and set it at time of pod creation using the same code we use to generate exit commands for normal containers. Fixes #7103 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #7333 from openSUSE/bashifyOpenShift Merge Robot2020-08-17
|\ \ \ | | | | | | | | Use `bash` binary from env instead of /bin/bash for scripts
| * | | Use `bash` binary from env instead of /bin/bash for scriptsSascha Grunert2020-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's not possible to run any of the scripts on distributions which do have `bash` not in `/bin`. This is being fixed by using `/usr/bin/env bash` instead. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | Merge pull request #7317 from edsantiago/batsOpenShift Merge Robot2020-08-17
|\ \ \ \ | | | | | | | | | | system tests: enable sdnotify tests
| * | | | system tests: enable sdnotify testsEd Santiago2020-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Oops. PR #6693 (sdnotify) added tests, but they were disabled due to broken crun on f31. I tried for three weeks to get a magic CI:IMG PR to update crun on the CI VMs ... but in that time I forgot to actually enable those new tests. This PR removes a 'skip', replacing it with a check that systemd is running plus one more to make sure our runtime is crun. It looks like sdnotify just doesn't work on Ubuntu (it hangs), and my guess is that it's a crun/runc issue. I also changed the test image from fedora:latest to :31, because, sigh, fedora:latest removed the systemd-notify tool. WARNING WARNING WARNING: the symptom of a missing systemd-notify is that podman will hang forever, not even stopped by the timeout command in podman_run! (Filed: #7316). This means that if the sdnotify-in-container test ever fails, the symptom will be that Cirrus itself will time out (2 hours?). This is horrible. I don't know what to do about it other than push for a fix for 7316. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #7326 from ↵OpenShift Merge Robot2020-08-17
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | TomSweeneyRedHat/dev/tsweeney/knownissuetoissuetemp Add pointer to troubleshooting in issue template
| * | | | Add pointer to troubleshooting in issue templateTomSweeneyRedHat2020-08-14
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add pointers to the Troubleshooting guide, including a new question that the reporter referenced it in the issue template that's displayed on GitHub. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | Merge pull request #7314 from aojea/ipv6_default_gwOpenShift Merge Robot2020-08-16
|\ \ \ \ | | | | | | | | | | IPv6 default route
| * | | | podman support for IPv6 networksAntonio Ojea2020-08-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman containers using IPv6 were missing the default route, breaking deployments trying to use them. The problem is that the default route was hardcoded to IPv4, this takes into consideration the podman subnet IP family to generate the corresponding default route. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | | | | Merge pull request #7320 from containers/dependabot/go_modules/k8s.io/api-0.18.8OpenShift Merge Robot2020-08-16
|\ \ \ \ \ | | | | | | | | | | | | Bump k8s.io/api from 0.18.6 to 0.18.8
| * | | | | Bump k8s.io/api from 0.18.6 to 0.18.8Daniel J Walsh2020-08-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.18.6 to 0.18.8. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](kubernetes/api@v0.18.6...v0.18.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>