summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add network aliases for containers to DBMatthew Heon2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | This adds the database backend for network aliases. Aliases are additional names for a container that are used with the CNI dnsname plugin - the container will be accessible by these names in addition to its name. Aliases are allowed to change over time as the container connects to and disconnects from networks. Aliases are implemented as another bucket in the database to register all aliases, plus two buckets for each container (one to hold connected CNI networks, a second to hold its aliases). The aliases are only unique per-network, to the global and per-container aliases buckets have a sub-bucket for each CNI network that has aliases, and the aliases are stored within that sub-bucket. Aliases are formatted as alias (key) to container ID (value) in both cases. Three DB functions are defined for aliases: retrieving current aliases for a given network, setting aliases for a given network, and removing all aliases for a given network. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #8109 from matejvasek/inspect-apiv2-rootfsOpenShift Merge Robot2020-10-23
|\ | | | | fix: /image/{name or id}/json returns RootFS layers
| * src: nil checkMatej Vasek2020-10-22
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * src: add nil checksMatej Vasek2020-10-22
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * fix: /image/{name}/json returns RootFS layersMatej Vasek2020-10-22
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #8111 from Luap99/fix-missing-resolv.confOpenShift Merge Robot2020-10-22
|\ \ | | | | | | Don't error if resolv.conf does not exists
| * | Don't error if resolv.conf does not existsPaul Holzinger2020-10-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the resolv.conf file is empty we provide default dns servers. If the file does not exists we error and don't create the container. We should also provide the default entries in this case. This is also what docker does. Fixes #8089 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8053 from rhatdan/detachkeysOpenShift Merge Robot2020-10-22
|\ \ \ | | | | | | | | podman create doesn't support creating detached containers
| * | | podman create doesn't support creating detached containersDaniel J Walsh2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Detached containers and detach keys are only created with the podman run, i exec, and start commands. We do not store the detach key sequence or the detach flags in the database, nor does Docker. The current code was ignoreing these fields but documenting that they can be used. Fix podman create man page and --help output to no longer indicate that --detach and --detach-keys works. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8110 from lsm5/cap-net-rawOpenShift Merge Robot2020-10-22
|\ \ \ \ | | | | | | | | | | replace net_raw with setuid
| * | | | replace net_raw with setuidLokesh Mandvekar2020-10-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman does not allow setting CAP_NET_RAW Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | | Merge pull request #8078 from baude/networkdisconnectOpenShift Merge Robot2020-10-22
|\ \ \ \ \ | |_|_|/ / |/| | | | APIv2 compatibility network connect|disconnect
| * | | | APIv2 compatibility network connect|disconnectbaude2020-10-22
| |/ / / | | | | | | | | | | | | | | | | | | | | Add endpoints for the compat layer for network connect and disconnect. As of now, these two endpoints do nothing to change the network state of a container. They do some basic data verification and return the proper 200 response. This at least allows for scripts to work on the compatibility layer instead of getting 404s. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #8101 from mheon/net_none_hostnameOpenShift Merge Robot2020-10-22
|\ \ \ \ | |_|_|/ |/| | | Add hostname to /etc/hosts for --net=none
| * | | Add hostname to /etc/hosts for --net=noneMatthew Heon2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This does not match Docker, which does not add hostname in this case, but it seems harmless enough. Fixes #8095 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #8098 from vrothberg/fix-8082OpenShift Merge Robot2020-10-22
|\ \ \ \ | | | | | | | | | | container create: record correct image name
| * | | | container create: record correct image nameValentin Rothberg2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Record the correct image name when creating a container by using the resolved image name if present. Otherwise, default to using the first available name or an empty string in which case the image must have been referenced by ID. Fixes: #8082 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #7956 from QiWang19/save-rm-sigOpenShift Merge Robot2020-10-22
|\ \ \ \ \ | | | | | | | | | | | | Allow save image remove-signatures
| * | | | | save image remove signaturesQi Wang2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove signatures to podman save since the image formats do not support signatures Close: #7659 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #8104 from baude/setnetworkdriverdefaultOpenShift Merge Robot2020-10-22
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | set compat network driver default
| * | | | | set compat network driver defaultbaude2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the compatibility endpoint for creating a network, if the driver is not provided, we need to set it to the default network driver ... which is bridge. Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #7772 from TomSweeneyRedHat/dev/tsweeney/splitnOpenShift Merge Robot2020-10-21
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Convert Split() calls with an equal sign to SplitN()
| * | | | | Convert Split() calls with an equal sign to SplitN()TomSweeneyRedHat2020-10-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After seeing #7759, I decided to look at the calls in Podman and Buildah to see if we had issues with strings.Split() calls where an "=" (equals) sign was in play and we expected to split on only the first one. There were only one or two that I found in here that I think might have been troubling, the remainder are just adding some extra safety. I also had another half dozen or so that were checking length expectations appropriately, those I left alone. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | | Merge pull request #8077 from jwhonce/wip/reportOpenShift Merge Robot2020-10-21
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Refactor podman to use c/common/pkg/report
| * | | | | Refactor podman to use c/common/pkg/reportJhon Honce2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All formatting for containers stack moved into one package The does not correct issue with headers when using custom tables Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #8083 from crunchtime-ali/add-eol-to-compat-logOpenShift Merge Robot2020-10-21
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Add EOL to compat container logs
| * | | | | Add EOL to compat container logsAlexander Zigelski2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexander Zigelski <ali@crunchtime.dev>
* | | | | | Merge pull request #8034 from rhatdan/optionsOpenShift Merge Robot2020-10-21
|\ \ \ \ \ \ | | | | | | | | | | | | | | Switch help messages from using [flags] to [options]
| * | | | | | Switch use of Flags to OptionsDaniel J Walsh2020-10-21
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Want to have man pages match commands, since we have lots of printed man pages with using Options, we will change the command line to use Options in --help. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #8093 from rhatdan/waitOpenShift Merge Robot2020-10-21
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Fix handling and documentation of podman wait --interval
| * | | | | Fix handling and documentation of podman wait --intervalDaniel J Walsh2020-10-21
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In older versions of podman, we supported decimal numbers defaulting to microseconds. This PR fixes to allow users to continue to specify only digits. Also cleaned up documentation to fully describe what input for --interval flag. Finally improved testing on podman wait to actually make sure the command succeeded. Fixed tests to work on podman-remote. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8092 from rhatdan/stdinOpenShift Merge Robot2020-10-21
|\ \ \ \ \ | | | | | | | | | | | | Podman build should default to not usins stdin
| * | | | | Podman build should default to not usins stdinDaniel J Walsh2020-10-21
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we leak stdin into podman builds, which can lead to issues like run commands inside of the container waiting for user input. We should not take input from users other then if the user specifies podman build -f - or podman build -, which are taken care of in other code. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8090 from ↵OpenShift Merge Robot2020-10-21
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.19.3 Bump k8s.io/apimachinery from 0.19.2 to 0.19.3
| * | | | | Bump k8s.io/apimachinery from 0.19.2 to 0.19.3dependabot-preview[bot]2020-10-21
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.19.2 to 0.19.3. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.19.2...v0.19.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7948 from saschagrunert/ps-fixOpenShift Merge Robot2020-10-21
|\ \ \ \ \ | |_|/ / / |/| | | | Fix ps port output
| * | | | Fix ps port outputSascha Grunert2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When defining multiple ports (same src/dst) like `-p 80:80 -p 443:443` then podman will not show the complete output on `podman ps` (only `0.0.0.0:80->80/tcp` in the example). This also applies to port ranges. This patch refactors the port loop by pre-checking for ranges and displaying them correctly to the end user. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | | Merge pull request #8065 from edsantiago/flake_tweaksOpenShift Merge Robot2020-10-21
|\ \ \ \ \ | | | | | | | | | | | | Tests: Fix common flakes, and improve apiv2 test log
| * | | | | Tests: Fix common flakes, and improve apiv2 test logEd Santiago2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - apiv2 - the 'ten /info requests' test is flaking often, taking ~8 seconds (our limit is 7, up from 5 a few weeks ago). Brent suggested that the first /info call might be expensive, because it needs to access storage. So, let's prime it by running one /info outside the timing loop. And, because even that continues to fail, bump it up to 10 seconds and file #8076 to track the slowdown. - toolbox test - WaitForReady() has timed out, even on one occasion causing a run failure because it failed 3 times. Solution: bump up timeout from 2s to 5s. Not really great, but CI systems are underpowered, and it's not unreasonable that 2s might be too low. - sdnotify test - add a 'podman wait' between stop & rm. This may prevent a "cannot rm container as it is running" race condition. While working on this, Brent and I noticed a few ways that test-apiv2 logging can be improved: - test name: when request is POST, display the jsonified parameters, not the original input ones. This should make it much easier to reproduce failures. - use curl's "--write-out" option to capture http code, content type, and request time. We were getting the first two via grep from logged headers; this is cleaner. And there was no other way to get timing. We now include the timing as X-Response-Time in the log file. - abort on *any* curl error, not just 7 (cannot connect). Any error at all from curl is bad news. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #8022 from baude/compatapitospecgenOpenShift Merge Robot2020-10-21
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | refactor api compatibility container creation to specgen
| * | | | | refactor api compatibility container creation to specgenbaude2020-10-20
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | when using the compatibility layer to create containers, it used code paths to the pkg/spec which is the old implementation of containers. it is error prone and no longer being maintained. rather that fixing things in spec, migrating to specgen usage seems to make the most sense. furthermore, any fixes to the compat create will not need to be ported later. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #8075 from mheon/fix_8073OpenShift Merge Robot2020-10-20
|\ \ \ \ \ | |_|_|/ / |/| | | | Retrieve network inspect info from dependency container
| * | | | Retrieve network inspect info from dependency containerMatthew Heon2020-10-20
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container either joins a pod that shares the network namespace or uses `--net=container:` to share the network namespace of another container, it does not have its own copy of the CNI results used to generate `podman inspect` output. As such, to inspect these containers, we should be going to the container we share the namespace with for network info. Fixes #8073 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #8042 from rhatdan/tlsverifyOpenShift Merge Robot2020-10-20
|\ \ \ \ | | | | | | | | | | --tls-verify and --authfile should work for all remote commands
| * | | | --tls-verify and --authfile should work for all remote commandsDaniel J Walsh2020-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These options are now fully supported in the remote API and should no longer be hidden and/or documented as non supported. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8067 from mheon/net_host_hostsOpenShift Merge Robot2020-10-20
|\ \ \ \ \ | |_|/ / / |/| | | | Ensure that hostname is added to hosts with net=host
| * | | | Ensure that hostname is added to hosts with net=hostMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container uses --net=host the default hostname is set to the host's hostname. However, we were not creating any entries in `/etc/hosts` despite having a hostname, which is incorrect. This hostname, for Docker compat, will always be the hostname of the host system, not the container, and will be assigned to IP 127.0.1.1 (not the standard localhost address). Also, when `--hostname` and `--net=host` are both passed, still use the hostname from `--hostname`, not the host's hostname (we still use the host's hostname by default in this case if the `--hostname` flag is not passed). Fixes #8054 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #7126 from mheon/fix_missing_ociruntimeOpenShift Merge Robot2020-10-20
|\ \ \ \ \ | | | | | | | | | | | | Fix missing OCI Runtime
| * | | | | Add a system test to verify --runtime is preservedMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | Use runtime names instead of paths in E2E testsMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | My patches to fix `--runtime /usr/bin/crun` being allowed to use a different version of the crun runtime revealed a problem: we were actually relying on that exact behavior in our E2E tests. We specified the runtime path as `/usr/bin/runc` for the Ubuntu tests, but that didn't exist, so Podman was actively looking for a different, usable runc binary and using that, instead of the path we explicitly hardcoded. Fixing the bug broke this, and thus broke the tests. Instead of hard-coding OCI runtime paths, swap to just using the runtime name, `runc` or `crun`, and letting Podman figure out where the runtime lives - it's quite good at that. This should un-break the tests and make them more durable. Signed-off-by: Matthew Heon <matthew.heon@pm.me>