summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Print errors from individual containers in podsMatthew Heon2020-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | The infra/abi code for pods was written in a flawed way, assuming that the map[string]error containing individual container errors was only set when the global error for the pod function was nil; that is not accurate, and we are actually *guaranteed* to set the global error when any individual container errors. Thus, we'd never actually include individual container errors, because the infra code assumed that err being set meant everything failed and no container operations were attempted. We were originally setting the cause of the error to something nonsensical ("container already exists"), so I made a new error indicating that some containers in the pod failed. We can then ignore that error when building the report on the pod operation and actually return errors from individual containers. Unfortunately, this exposed another weakness of the infra code, which was discarding the container IDs. Errors from individual containers are not guaranteed to identify which container they came from, hence the use of map[string]error in the Pod API functions. Rather than restructuring the structs we return from pkg/infra, I just wrapped the returned errors with a message including the ID of the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6840 from ↵OpenShift Merge Robot2020-07-02
|\ | | | | | | | | containers/dependabot/go_modules/github.com/opentracing/opentracing-go-1.2.0 Bump github.com/opentracing/opentracing-go from 1.1.0 to 1.2.0
| * Bump github.com/opentracing/opentracing-go from 1.1.0 to 1.2.0dependabot-preview[bot]2020-07-02
| | | | | | | | | | | | | | | | | | | | Bumps [github.com/opentracing/opentracing-go](https://github.com/opentracing/opentracing-go) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/opentracing/opentracing-go/releases) - [Changelog](https://github.com/opentracing/opentracing-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/opentracing/opentracing-go/compare/v1.1.0...v1.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6736 from maybe-sybr/maybe/apiv2/volumes-compatOpenShift Merge Robot2020-07-02
|\ \ | |/ |/| APIv2: Add docker compatible volume endpoints
| * APIv2:fix: Handle docker volume force as expectedmaybe-sybr2020-07-02
| | | | | | | | | | | | | | | | | | In response to input regarding the semantic difference for the `force` parameter for volume removal between Docker and us, this change ensures that we emulate the Dockr behaviour correctly when this parameter is specified. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
| * APIv2: Add docker compatible volume endpointsmaybe-sybr2020-07-02
|/ | | | | | | | | | | | | | | | This change implements docker compatibile endpoint for interacting with volumes. The code is mostly lifted from the `libpod` API handlers but decodes and constructs data using types defined in the docker API package. Some notable support caveats with the current implementation: * we don't return the nullable `Status` or `UsageData` keys when returning volume information for inspect and create endpoints * we don't support filters when pruning * we return a fixed `0` for the `SpaceReclaimed` key when pruning since we have no insight into how much space was freed from runtime Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* Merge pull request #6831 from ↵OpenShift Merge Robot2020-07-01
|\ | | | | | | | | containers/dependabot/go_modules/github.com/containers/common-0.15.1 Bump github.com/containers/common from 0.14.3 to 0.15.1
| * Bump github.com/containers/common from 0.14.3 to 0.15.1dependabot-preview[bot]2020-07-01
| | | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.14.3 to 0.15.1. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.14.3...v0.15.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6819 from ↵OpenShift Merge Robot2020-07-01
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.18.5 Bump k8s.io/apimachinery from 0.18.4 to 0.18.5
| * | Bump k8s.io/apimachinery from 0.18.4 to 0.18.5dependabot-preview[bot]2020-06-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.18.4 to 0.18.5. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.18.4...v0.18.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6815 from rhatdan/apiOpenShift Merge Robot2020-07-01
|\ \ \ | |_|/ |/| | Created timesptamp returned by imagelist should be in unix format
| * | Created timestamp returned by imagelist should be in unix formatDaniel J Walsh2020-06-30
| | | | | | | | | | | | | | | | | | | | | | | | In the API, we are currently returning the image time of creation as a string, in time.Time format. The API is for a 64 bit integer representing Unix time. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6826 from edsantiago/test_apiv2OpenShift Merge Robot2020-06-30
|\ \ \ | | | | | | | | APIv2 tests: usability: better test logging
| * | | APIv2 tests: usability: better test loggingEd Santiago2020-06-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | test-apiv2 has two basic comparisons of returned JSON: equality and likeness ('=' and '~'). When logging failures, the test runner shows both actual and expected values. When logging success, for '=' there's no need to show both actual and expected. But for '~', it can be helpful (for verifying test correctness) to show the actual returned value. To be specific: old: ok ... .MemTotal~[0-9]\+ new: ok ... .MemTotal ('33509068800') ~ [0-9]\+ old: ok ... .[0].State~\(exited\|stopped\) new: ok ... .[0].State ('exited') ~ \(exited\|stopped\) The main benefit is that a developer or end user can easily see precisely what was returned; this can help confirm that the test is working as intended, and/or help fine-tune how the test is written. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #6823 from giuseppe/allow-cgroup-with-column-nameOpenShift Merge Robot2020-06-30
|\ \ \ \ | |_|/ / |/| | | utils: fix parsing of cgroup with : in the name
| * | | utils: fix parsing of cgroup with : in the nameGiuseppe Scrivano2020-06-30
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | a cgroup can have ':' in its name. Make sure the parser doesn't split more than 3 fields and leave untouched the ':' in the cgroup name. commit 6ee5f740a4ecb70636b888e78b02065ee984636c introduced the issue. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6773 from markstos/issue-6756-improve-inspect-docsOpenShift Merge Robot2020-06-30
|\ \ \ | | | | | | | | docs: recommend alternatives to podman inspect
| * | | docs: recommend alternatives to podman inspectMark Stosberg2020-06-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect is problematic because there can be naming clashes. Also, it only inspects a couple of types of objects and the docs for it didn't help discover that several more types could be inspected as well. To address both concerns, we deprecate `podman inspect` and update the docs to point to to the recommend alternatives. Issue: #6756 Signed-off-by: Mark Stosberg <mark@rideamigos.com>
* | | | Merge pull request #6747 from giuseppe/fix-user-volumesOpenShift Merge Robot2020-06-30
|\ \ \ \ | |_|_|/ |/| | | container: move volume chown after spec generation
| * | | test: add tests for --user and volumesValentin Rothberg2020-06-29
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | container: move volume chown after spec generationGiuseppe Scrivano2020-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | move the chown for newly created volumes after the spec generation so the correct UID/GID are known. Closes: https://github.com/containers/libpod/issues/5698 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | libpod: volume copyup honors namespace mappingsGiuseppe Scrivano2020-06-29
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #6821 from rhatdan/tmpOpenShift Merge Robot2020-06-30
|\ \ \ \ | | | | | | | | | | Set TMPDIR to /var/tmp by default if not set
| * | | | Set TMPDIR to /var/tmp by default if not setDaniel J Walsh2020-06-30
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Containers/image will use TMPDIR for the location of pulled layer blobs. If TMPDIR is not set, it will use /tmp. Since this is known to be of limited space on most systems, we change the default to /var/tmp if the user has not told the tools where to store temporary files. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6817 from maybe-sybr/maybe/entrypoint-nil-means-inheritOpenShift Merge Robot2020-06-30
|\ \ \ \ | |/ / / |/| | | fix: Don't override entrypoint if it's `nil`
| * | | fix: Don't override entrypoint if it's `nil`maybe-sybr2020-06-30
|/ / / | | | | | | | | | | | | | | | | | | This change ensures that we only override a container's entrypoint if it is set to something other than `nil`. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | | Merge pull request #6813 from mheon/system_service_noteOpenShift Merge Robot2020-06-29
|\ \ \ | |_|/ |/| | Add a note on the APIs supported by `system service`
| * | Add a note on the APIs supported by `system service`Matthew Heon2020-06-29
|/ / | | | | | | | | | | | | | | This makes it clear that we target compatibility with a specific Docker version (v1.40), but do not reject other versions. It also adds a link to documentation on the Podman-specific API. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #6808 from mheon/allow_empty_hostportOpenShift Merge Robot2020-06-29
|\ \ | | | | | | Allow empty host port in --publish flag
| * | Allow empty host port in --publish flagMatthew Heon2020-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I didn't believe that this was actually legal, but it looks like it is. And, unlike our previous understanding (host port being empty means just use container port), empty host port actually carries the same meaning as `--expose` + `--publish-all` (that is, assign a random host port to the given container port). This requires a significant rework of our port handling code to handle this new case. I don't foresee this being commonly used, so I optimized having a fixed port number as fast path, which this random assignment code running after the main port handling code only if necessary. Fixes #6806 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6794 from baude/v2remotewindowsterminalOpenShift Merge Robot2020-06-29
|\ \ \ | | | | | | | | Set console mode for windows
| * | | Set console mode for windowsBrent Baude2020-06-29
| | | | | | | | | | | | | | | | | | | | | | | | Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #6810 from vrothberg/auto-update-testOpenShift Merge Robot2020-06-29
|\ \ \ \ | | | | | | | | | | systemd system test: run auto-update
| * | | | systemd system test: run auto-updateValentin Rothberg2020-06-29
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Run `podman auto-update` in the systemd system tests. Note that this is a first step to at least exercise parts of `auto-update` in the CI. The service won't get updated just yet as we need to set up a local registry, and push a new image. I do not have enough time at the moment to do that but consider this change already as an improvement. We are experiencing some issues in #6793 w.r.t. to auto-updates but couldn't track down the root cause yet. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6716 from jwhonce/issues/6598OpenShift Merge Robot2020-06-29
|\ \ \ \ | | | | | | | | | | Fixes --remote flag issues
| * | | | Fixes --remote flag issuesJhon Honce2020-06-26
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * --remote, --url and --identity are now anchored to podman command. Subcommands should no longer have issues * TraverseChildren now set to V1 expectations * Latest flag now has helper function. Now has consistent usage. * IsRemote() uses cobra parser to determin if --remote is given * Moved validation functions from parser pkg to validate pkg * Fixes #6598 Fixes #6704 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #6666 from giuseppe/conmon-delegateOpenShift Merge Robot2020-06-29
|\ \ \ \ | |_|/ / |/| | | podman: add new cgroup mode split
| * | | podman: add new cgroup mode splitGiuseppe Scrivano2020-06-25
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running under systemd there is no need to create yet another cgroup for the container. With conmon-delegated the current cgroup will be split in two sub cgroups: - supervisor - container The supervisor cgroup will hold conmon and the podman process, while the container cgroup is used by the OCI runtime (using the cgroupfs backend). Closes: https://github.com/containers/libpod/issues/6400 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6783 from edsantiago/batsOpenShift Merge Robot2020-06-29
|\ \ \ | | | | | | | | system tests: add pod, inspect testing
| * | | system tests: add pod, inspect testingEd Santiago2020-06-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #6761: confirm that 'podman ps' shows the ports on a running container in a pod created with -p (not to be confused with the container itself running with -p, tested in 500-networking.bats). While we're at it, test that the port handling itself works, by sending random text to the container and making sure the container receives it. Followup to #6752: 'podman inspect' should show multiple security opts Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #6763 from maxm123/masterOpenShift Merge Robot2020-06-29
|\ \ \ \ | | | | | | | | | | Fix error handling problem in APIv2 network remove
| * | | | Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound ↵Maximilian Müller2020-06-27
| | |_|/ | |/| | | | | | | | | | | | | | | | | | instead of nil Signed-off-by: Maximilian Müller <maxm123@techie.com>
* | | | Merge pull request #6768 from vrothberg/fix-6766OpenShift Merge Robot2020-06-29
|\ \ \ \ | | | | | | | | | | generate systemd: improve pod-flags filter
| * | | | generate systemd: improve pod-flags filterValentin Rothberg2020-06-25
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating systemd unit for pods, we need to remove certain pod-related flags from the containers' create commands. Make sure to account for all the syntax including a single argument with key and value being split by `=`. Fixes: #6766 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6791 from mheon/fix_service_umaskOpenShift Merge Robot2020-06-29
|\ \ \ \ | |_|/ / |/| | | Ensure umask is set appropriately for 'system service'
| * | | Ensure umask is set appropriately for 'system service'Matthew Heon2020-06-26
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need a umask of 0022 to ensure containers are created correctly, but we set a different one prior to starting the server (to ensure the unix socket has the right permissions). Thus, we need to set the umask after the socket has been bound, but before the server begins accepting requests. Fixes #6787 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6767 from vrothberg/sec-opt-testOpenShift Merge Robot2020-06-26
|\ \ \ | | | | | | | | e2e inspect: HostConfig.SecurityOpt
| * | | e2e inspect: HostConfig.SecurityOptValentin Rothberg2020-06-25
| |/ / | | | | | | | | | | | | | | | | | | Make sure that all specified security options are displayed in a container's inspect data. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6786 from rhafer/rootless_rlimitOpenShift Merge Robot2020-06-26
|\ \ \ | | | | | | | | specgen: fix order for setting rlimits
| * | | specgen: fix order for setting rlimitsRalf Haferkamp2020-06-26
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Rootless containers failed to start when the calling user already had ulimit (e.g. on NOFILE) set. This is basically a cherry-pick of 76f8efc0d0d into specgen Signed-off-by: Ralf Haferkamp <rhafer@suse.com>