| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When sharing a network namespace, containers should also share
resolv.conf and /etc/hosts in case a container process made
changes to either (for example, if I set up a VPN client in
container A and join container B to its network namespace, I
expect container B to use the DNS servers from A to ensure it can
see everything on the VPN).
Resolves: #1546
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
Prevent a second lookup of user for image volumes
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of forcing another user lookup when mounting image
volumes, just use the information we looked up when we started
generating the spec.
This may resolve #1817
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
rootless: fix restart when using fuse-overlayfs
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With rootless containers we cannot really restart an existing container
as we would need to join the mount namespace as well to be able to reuse
the storage, so ensure the container is stopped first.
Closes: https://github.com/containers/libpod/issues/1965
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
No need to use `-i` in go build (with go 1.10 and above)
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
> The go build command now maintains a cache of recently built
packages, separate from the installed packages in $GOROOT/pkg or
$GOPATH/pkg. The effect of the cache should be to speed builds that
do not explicitly install packages or when switching between
different copies of source code (for example, when changing back and
forth between different branches in a version control system). The
old advice to add the -i flag for speed, as in go build -i or go
test -i, is no longer necessary: builds run just as fast without -i.
This should also fix podman builds for NixOS, snap-installed go, …
Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
|
|\ \ \
| | | |
| | | | |
Ensure storage options are properly initialized
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If one of storage GraphRoot or RunRoot are specified, but the
other is not, c/storage will not use the default, and will throw
an error instead. Ensure that in cases where this would happen,
we populate the fields with the c/storage defaults ourselves.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add capabilities to generate kube
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Using the default capabilities, we can determine which caps were
added and dropped. Now added them to the security context structure.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Cirrus: Update base-image build docs
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
Mostly minor tweaks and clarifications. Though there was
one missing (required) make value I fixed.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Vendor c/image + Buildah after merging blob-info-caching in both
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
... which adds blob info caching
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
disable F29 tests on PAPR
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
We now test F29 Cloud in cirrus
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
add more example usage to varlink endpoints
|
| |/
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Bump to v0.12.1.1
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\ \
| |/
|/| |
Update release notes for v0.12.1.1
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\
| |
| | |
Fix errors where OCI hooks directory does not exist
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
add timeout to pod stop
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
like podman stop of containers, we should allow the user to specify
a timeout override when stopping pods; otherwise they have to wait
the full timeout time specified during the pod/container creation.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Refactor CLI booleans to be consistent and defined behavior
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Change all store_true or store_false to use store_bool.
New behavior documented in BooleanAction docstring.
* Remove any extraneous code identified by pylint in files from above.
Fixes #1869
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
generate kube
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
add the ability to generate kubernetes pod and service yaml representations
of libpod containers and pods.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Codify and document base-image production + Enable testing with Fedora
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
A number of images required for future testing are not present in GCE.
Importing them is a long proscribed process prone to errors and
complications.
Improve this situation by documenting, and encoding the majority of the
steps required. Due to the required complexity, these are clearly
identified as 'semi-automated'. This means a discerning eye is
sometimes needed to address unforeseen problems (networking issues,
format or packaging changes, etc).
Nevertheless, having these steps in writing, will reduce current and
future maintenance burden while supporting future testing needs of
RHEL, Fedora and Fedora Atomic Host.
Also:
* Add necessary configuration, scripts, and Makefile updates needed to
prepare RHEL, Fedora, & FAH cloud images for use in GCE. This
is a complex, multi-step process where the cloud image is booted
un a local user-mod qemu-kvm instance, where it can be modified.
From there, it's converted into a specific format, and imported into
GCE. Lastly, the imported raw disk data is made available as a GCE
VM image.
Note: As of this commit, the RHEL base-image builds (CentOS has native
image), however neither RHEL or CentOS cache-images build correctly.
* Left testing on FAH disabled, the GCE/Cirrus integration needs needs more
work. Specifically, the python3-based google startup script service
throws a permission-denied (as root) when trying to create a temp.
directory. Did not investigate further, though manually running the
startup script does allow the libpod tests to start running.
* Enabled Fedora 29 image to execute tests and general use.
* Utilize the standardized F28-based container image for gating
of more the intensive unit and integration testing. Update
documentation to reflect this as the standard platform for
these checks. Rename tasks with shorter names and to better
reflect their purpose.
* Cirrus: Trim unnecessary env vars before testing since the vast
majority are only required for orchestration purposes. Since most
are defined within `.cirrus.yml`, it's a good place to store the
list of undesirables. Since each of the cirrus-scripts runs in
it's own shell, unsetting these near the end will have no
consequence. Also trim down the number of calls to show_env_vars()
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The packer tool takes JSON as input for the details of producing VM
images to be used for PR CI-testing. JSON is not a very human-friendly
format, without support for comments and frequently containing lots of
duplicate data.
Fix this by using a Makefile + simple python one-liner to convert
from a human-friendly YAML format into packer-native JSON. This allows
use of anchors/aliases to reduce duplication, and allows inline comments
for easier maintainability. This also allows separating the 'test'
action from the 'build' action, for earlier and better syntax problem
detection.
Lastly, there are some minor ``lib.sh`` and ``integration_test.sh``
updates to support future work, and slightly improve the build and
test environments.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
Update c/image for sysregistriesv2 changes and automatic docker:// insecure configuration
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Instead, just set SystemRegistriesConfPath and let the transport do it.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
i.e. actually reflect the environment variable and/or rootless mode
instead of always using the default path.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Instead, just set SystemRegistriesConfPath and let the transport do it.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool
can now represent that value, so forceSecure is redundant.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Instead, just set SystemRegistriesConfPath and let the transport do it.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The newly introduced SystemRegistriesConfPath somewhat decreases
duplication, but more importantly will allow future callers to
set just a types.SystemContext.SystemRegistriesConfPath and not call
GetRegistries / GetInsecureRegistries at all.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool
can now represent that value, so forceSecure is redundant.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Following SystemContext.DockerInsecureSkipTLSVerify, make the
DockerRegistryOne also an OptionalBool, and update callers.
Explicitly document that --tls-verify=true and --tls-verify unset
have different behavior in those commands where the behavior changed
(or where it hasn't changed but the documentation needed updating).
Also make the --tls-verify man page sections a tiny bit more consistent
throughout.
This is a minimal fix, without changing the existing "--tls-verify=true"
paths nor existing manual insecure registry lookups.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Unrelated to the rest of the PR.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
... instead of unnecessarily adapting it for the DockerInsecureSkipTLSVerify type change.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|