| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the database backend for network aliases. Aliases are
additional names for a container that are used with the CNI
dnsname plugin - the container will be accessible by these names
in addition to its name. Aliases are allowed to change over time
as the container connects to and disconnects from networks.
Aliases are implemented as another bucket in the database to
register all aliases, plus two buckets for each container (one to
hold connected CNI networks, a second to hold its aliases). The
aliases are only unique per-network, to the global and
per-container aliases buckets have a sub-bucket for each CNI
network that has aliases, and the aliases are stored within that
sub-bucket. Aliases are formatted as alias (key) to container ID
(value) in both cases.
Three DB functions are defined for aliases: retrieving current
aliases for a given network, setting aliases for a given network,
and removing all aliases for a given network.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
fix: /image/{name or id}/json returns RootFS layers
|
| |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \
| | |
| | | |
Don't error if resolv.conf does not exists
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the resolv.conf file is empty we provide default dns servers.
If the file does not exists we error and don't create the
container. We should also provide the default entries in this
case. This is also what docker does.
Fixes #8089
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| | | |
| | | | |
podman create doesn't support creating detached containers
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Detached containers and detach keys are only created with the podman run, i
exec, and start commands. We do not store the detach key sequence or the
detach flags in the database, nor does Docker. The current code was ignoreing
these fields but documenting that they can be used.
Fix podman create man page and --help output to no longer indicate that
--detach and --detach-keys works.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
replace net_raw with setuid
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
podman does not allow setting CAP_NET_RAW
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
APIv2 compatibility network connect|disconnect
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Add endpoints for the compat layer for network connect and disconnect. As of now, these two endpoints do nothing to change the network state of a container. They do some basic data verification and return the proper 200 response. This at least allows for scripts to work on the compatibility layer instead of getting 404s.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Add hostname to /etc/hosts for --net=none
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This does not match Docker, which does not add hostname in this
case, but it seems harmless enough.
Fixes #8095
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
container create: record correct image name
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Record the correct image name when creating a container by using the
resolved image name if present. Otherwise, default to using the first
available name or an empty string in which case the image must have been
referenced by ID.
Fixes: #8082
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Allow save image remove-signatures
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
remove signatures to podman save since the image formats do not support signatures
Close: #7659
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
set compat network driver default
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
when using the compatibility endpoint for creating a network, if the driver is not provided, we need to set it to the default network driver ... which is bridge.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|_|/
|/| | | | | |
Convert Split() calls with an equal sign to SplitN()
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
After seeing #7759, I decided to look at the calls in
Podman and Buildah to see if we had issues with strings.Split()
calls where an "=" (equals) sign was in play and we expected
to split on only the first one.
There were only one or two that I found in here that I think
might have been troubling, the remainder are just adding
some extra safety.
I also had another half dozen or so that were checking length
expectations appropriately, those I left alone.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
Refactor podman to use c/common/pkg/report
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
All formatting for containers stack moved into one package
The does not correct issue with headers when using custom tables
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|_|/
|/| | | | | |
Add EOL to compat container logs
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Alexander Zigelski <ali@crunchtime.dev>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Switch help messages from using [flags] to [options]
|
| | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Want to have man pages match commands, since we have lots of printed
man pages with using Options, we will change the command line to use
Options in --help.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
Fix handling and documentation of podman wait --interval
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In older versions of podman, we supported decimal numbers defaulting
to microseconds. This PR fixes to allow users to continue to specify
only digits.
Also cleaned up documentation to fully describe what input for --interval flag.
Finally improved testing on podman wait to actually make sure the command succeeded.
Fixed tests to work on podman-remote.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Podman build should default to not usins stdin
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently we leak stdin into podman builds, which can lead
to issues like run commands inside of the container waiting for
user input.
We should not take input from users other then if the user specifies
podman build -f - or podman build -, which are taken care of in other code.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
containers/dependabot/go_modules/k8s.io/apimachinery-0.19.3
Bump k8s.io/apimachinery from 0.19.2 to 0.19.3
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.19.2 to 0.19.3.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.19.2...v0.19.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Fix ps port output
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When defining multiple ports (same src/dst) like `-p 80:80 -p 443:443`
then podman will not show the complete output on `podman ps` (only
`0.0.0.0:80->80/tcp` in the example). This also applies to port ranges.
This patch refactors the port loop by pre-checking for ranges and
displaying them correctly to the end user.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Tests: Fix common flakes, and improve apiv2 test log
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
- apiv2 - the 'ten /info requests' test is flaking often,
taking ~8 seconds (our limit is 7, up from 5 a few weeks
ago). Brent suggested that the first /info call might be
expensive, because it needs to access storage. So, let's
prime it by running one /info outside the timing loop.
And, because even that continues to fail, bump it up
to 10 seconds and file #8076 to track the slowdown.
- toolbox test - WaitForReady() has timed out, even on one
occasion causing a run failure because it failed 3 times.
Solution: bump up timeout from 2s to 5s. Not really great,
but CI systems are underpowered, and it's not unreasonable
that 2s might be too low.
- sdnotify test - add a 'podman wait' between stop & rm.
This may prevent a "cannot rm container as it is running"
race condition.
While working on this, Brent and I noticed a few ways that
test-apiv2 logging can be improved:
- test name: when request is POST, display the jsonified
parameters, not the original input ones. This should
make it much easier to reproduce failures.
- use curl's "--write-out" option to capture http code,
content type, and request time. We were getting the
first two via grep from logged headers; this is cleaner.
And there was no other way to get timing. We now include
the timing as X-Response-Time in the log file.
- abort on *any* curl error, not just 7 (cannot connect).
Any error at all from curl is bad news.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
refactor api compatibility container creation to specgen
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
when using the compatibility layer to create containers, it used code paths to the pkg/spec which is the old implementation of containers. it is error prone and no longer being maintained. rather that fixing things in spec, migrating to specgen usage seems to make the most sense. furthermore, any fixes to the compat create will not need to be ported later.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Retrieve network inspect info from dependency container
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When a container either joins a pod that shares the network
namespace or uses `--net=container:` to share the network
namespace of another container, it does not have its own copy of
the CNI results used to generate `podman inspect` output. As
such, to inspect these containers, we should be going to the
container we share the namespace with for network info.
Fixes #8073
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
--tls-verify and --authfile should work for all remote commands
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These options are now fully supported in the remote API and should no
longer be hidden and/or documented as non supported.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Ensure that hostname is added to hosts with net=host
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When a container uses --net=host the default hostname is set to
the host's hostname. However, we were not creating any entries
in `/etc/hosts` despite having a hostname, which is incorrect.
This hostname, for Docker compat, will always be the hostname of
the host system, not the container, and will be assigned to IP
127.0.1.1 (not the standard localhost address).
Also, when `--hostname` and `--net=host` are both passed, still
use the hostname from `--hostname`, not the host's hostname (we
still use the host's hostname by default in this case if the
`--hostname` flag is not passed).
Fixes #8054
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix missing OCI Runtime
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
My patches to fix `--runtime /usr/bin/crun` being allowed to use
a different version of the crun runtime revealed a problem: we
were actually relying on that exact behavior in our E2E tests. We
specified the runtime path as `/usr/bin/runc` for the Ubuntu
tests, but that didn't exist, so Podman was actively looking for
a different, usable runc binary and using that, instead of the
path we explicitly hardcoded. Fixing the bug broke this, and thus
broke the tests.
Instead of hard-coding OCI runtime paths, swap to just using the
runtime name, `runc` or `crun`, and letting Podman figure out
where the runtime lives - it's quite good at that. This should
un-break the tests and make them more durable.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|